Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04W—WIRELESS COMMUNICATION NETWORKS
  • H04W28/00—Network traffic management; Network resource management
  • H04W28/16—Central resource management; Negotiation of resources or communication parameters, e.g. negotiating bandwidth or QoS [Quality of Service]
  • H04W28/18—Negotiating wireless communication parameters
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04W—WIRELESS COMMUNICATION NETWORKS
  • H04W48/00—Access restriction; Network selection; Access point selection
  • H04W48/02—Access restriction performed under specific conditions

Definitions

• any candidate device is a priori able to implement this secure connection procedure, regardless of the existence or not of other devices connected to the same access point, provided that device candidate has the necessary authorizations.
• any enabled device is able to launch such a procedure on simple transmission of its MAC address.
• the aforementioned process has the disadvantage of an initial identification phase based on a common private key pre-configured in the pairing key distribution device and in each receiving device.
• the management of private keys is, in general, cumbersome and poorly adapted to mass-market devices.
• an additional device, the pairing key distribution device is required to pair two devices.
• US 2003 200434 proposes a method of recognition between two devices. This process consists of starting the two devices, designating one of the devices as master and the other as a slave, and then carrying them close to one another.
• the master apparatus transmits according to a specific radiation pattern, in reduced range, so that the slave device can receive the carrier signal to transmit a key to the latter.
• the master device then returns to its nominal radiation pattern and the slave device uses the key previously received to authenticate with the master device.
• Another object of the present invention is in particular the implementation of a mutual identification phase allowing, on the one hand, recognition of the identified connection requesting device, with the access point, and, on the other hand, on the other hand, an acknowledgment of the access point requested from the device, independently of any assignment of a master or slave quality to one of these.
• Another object of the present invention is also to introduce an increased security of the procedure for connecting a peripheral device to a shared network access point, by introducing into the identification phase, in particular the mutual identification phase, of a rejection criterion of any new foreign connection request to the transaction.
• Another object of the present invention is also to introduce an increased security of the procedure for connecting a peripheral device to a shared network access point, by introducing into the identification phase, in particular the mutual identification phase, of a criterion for continuing the requested connection, conditionally accepted on the absence of any attempt at a foreign connection within a specified period of time from a connection request having satisfied the identification criterion.
• the subject of the invention is a method of controlling the connection of a first device and a second device that is remarkable in that it consists, at least, in executing local initialization control during a certain period of time. duration on the first and the second device. Following a provisional pairing of the first and the second device, it then consists in exchanging the initialization duration values of the respective first and second devices. Yes - AT -
• the initialization times of the first and second devices differ by a value less than a threshold value, the connection is continued. Otherwise, the connection is inhibited.
• the present invention also relates to a method of controlling the connection of a device to a shared network access point, which is remarkable in that it consists at least in pre-initializing the access point by a local command of access point, the pre-initialization step to at least configure this access point to temporarily pair a device. It then consists in simultaneously initializing the access point and the peripheral device by a local command that is substantially concomitant with the duration of the access point respectively of the peripheral device and locally measuring and storing the initialization duration of each local control at the point level. access respectively of the device.
• the invention also relates to a shared network access point comprising at least one link signal interface, a remarkable link signal interface management software interface in that it comprises at least one module of pairing the access point / peripheral connected to this link signal interface management software interface and a database connected to the access / peripheral pairing module comprising, on the one hand, temporary data, and on the other hand, permanent data. It further comprises a device for initializing the access point by a local control of this point access.
• the access / peripheral pairing module makes it possible to locally measure and store the initialization time of the access point by the local control, and, following a temporary pairing of this access point and a device, to receive at least from this device a value of the stored initialization duration of this device, to compare by comparison of equality the value of the initialization duration measured locally with the value of the measured initialization duration received . If the received measured initialization time is substantially equal to the locally measured initialization time, the device is recognized as the identified connection requesting device and the continuation of the device connection is allowed by calling a permanent pairing procedure . Otherwise, the continuation of the connection is inhibited, at least at the access point.
• the invention also relates to a device connectable to a shared network access point comprising at least one link signal interface, a remarkable link signal interface management software interface in that it comprises at least a device / access point pairing module connected to this link signal interface management software interface and a database connected to the peripheral pairing / access point module comprising, on the one hand, temporary data and, on the other hand, permanent data. It further comprises a device initialization device by a local control of this device.
• the device / access point pairing module makes it possible to locally measure and store the initialization time of the device by the local control, and, following a temporary pairing of this device and this access point, to receive at least from this access point a value of the stored initialization duration of this access point, comparing by comparison of equality the value of the initialization duration measured locally to the value of the initialization duration measured received. If the received measured initialization time is substantially equal to the locally measured initialization time, the access point is recognized as the access point initialized for the access-requesting device and the continuation of the device connection is allowed. by calling a permanent pairing procedure. Otherwise, the continuation of the connection is inhibited, at least at the device level.
• the method, the access point and the peripheral object of the invention find application to the management of the connection control of peripherals to a shared network access point implementing technologies as varied as WIFI, Bluetooth, Online Carrier or Other Currents.
• FIG. 1 represents a flow diagram of the essential steps of implementing the method of controlling the connection of a peripheral to a shared network access point according to the subject of the present invention
• FIG. 2 represents, by way of illustration, a specific implementation detail of the steps of simultaneous initialization and temporary pairing, of reciprocal transmission of the local initialization duration values of the access point and the peripheral, to the peripheral device to the access point, and comparing these values to perform a mutual identification of the access-seeking device and the access point, in a nonlimiting preferred embodiment of the method of the invention shown in Figure 1;
• FIG. 3 a represents, by way of illustration, a block diagram of a shared network access point according to the object of the present invention
• FIG. 3b represents, by way of illustration, a block diagram of an access / peripheral pairing module incorporated in the object access point of the invention, as represented in FIG. 3a;
• FIG. 3c represents, in the form of a flowchart, the essential steps of a control protocol for a connection requested by a peripheral as conducted by the access / peripheral pairing module represented in FIG. 3b in the pre-initialization phase of the latter;
• FIG. 3d represents, in the form of a flowchart, the essential steps of a control protocol of a connection requested by a peripheral, as driven by the access point / device pairing module shown in Figure 3b, in the initialization phase of the latter;
• FIG. 4a represents, by way of illustration, a block diagram of a device connectable to a shared network access point according to the subject of the present invention
• FIG. 4b represents, by way of illustration, a block diagram of a peripheral pairing module / access point incorporated in the peripheral device of the invention as represented in FIG. 4a;
• FIG. 4c represents, in the form of a flowchart, the essential steps of a protocol for controlling a connection requested by a device, as carried by the peripheral pairing / access point module represented in FIG. 4b.
• the access point and the device constitute a first and a second device.
• the pre-initialization step executed in step A shown in FIG. 1 allows at least the configuration of the AP access point to temporarily pair a device.
• Step A is followed by a step B of simultaneously initializing the access point AP and the peripheral device T by a local control substantially concomitant in duration of the access point AP respectively of the peripheral device T and to be measured locally and to be memorized.
• the initialization duration T ap for the access point AP respectively the duration TT for the device T of each local command at the access point, respectively of the device T.
• the concept of temporary pairing covers the notion of configuration of the access point AP to allow the latter to exchange with the device T requesting the connection certain information necessary for the execution of identification and continuation of the connection when the identification criteria have been satisfied, as will be described later in the description.
• This notion of temporary pairing therefore corresponds to a specific notion of pairing which consists of an exchange of technical data allowing a limited connection to be executed to execute the provisional pairing.
• the method which is the subject of the invention then consists in carrying out a step of transmitting and receiving, at the step C 0 of FIG. 1, at least from the peripheral to the access point, the value of the initialization duration TY memorized locally at the level of the peripheral T, this operation being noted:
• step Ci of comparing by equality comparison at least at the access point AP the value of the initialization duration measured locally of the access point AP, that is to say the initialization duration T ap , to the initialization duration received TY r corresponding in fact to the initialization duration of the peripheral.
• the equality comparison operation is noted:
• E represents a tolerance in percentage of duration of the initialization duration value of the access point AP, that is to say of the duration T ap .
• the value of E can be taken equal to 5% of this initialization time for example.
• the device is admitted as the connection requesting device identified and the method which is the subject of the invention then consists, in a step D, of authorizing the continuation of the connection of the peripheral device T to the access point AP by calling a permanent pairing procedure.
• the method which is the subject of the invention consists in inhibiting in step E, at least at the access point, the continuation of the connection.
• equality comparison described above may in fact consist of a comparison of the value of the difference of the initialization times of the first and the second device to a threshold value. If this value is lower than this threshold value, the connection is continued. Otherwise the connection is inhibited.
• the method that is the subject of the present invention makes it possible to code the initialization time at the initiative of the single user of the peripheral device T and the access point AP.
• the local concomitant control in duration of the access point and the device T making it possible to initialize simultaneously the access point and the considered device makes it possible to validly match the requesting device of connection T to the access point AP chosen. by the user.
• the initialization time can be any and left to the initiative of the user in a range of values between 5 to 25 seconds for example.
• step B of FIG. FIG. 1 relating to the simultaneous initialization of the access point AP and of a peripheral T may consequently comprise the execution of the local command by the user in step B 0 , local control executed on the point access AP and on the device T to locally store the initialization times T ap respectively T T.
• the simultaneous initialization step B 0 may then be followed by a temporary pairing step B 1 of the access point AP and of the peripheral device T.
• the above-mentioned temporary pairing step can advantageously be implemented by reduction. the range in transmission / reception of the access point AP for example. This technique will be described in more detail later in the description in connection with an access point according to the subject of the present invention.
• Stage C of FIG. 1 consisting of the transmission step Co and of comparison C 1 previously described in connection with the above-mentioned figure may, in a nonlimiting preferred embodiment, be executed in such a way that the transmission between the access point AP and the device T of the value of the duration initialization measured locally and stored is reciprocal between the access point AP and the device T.
• the transmission operation of the device T to the access point AP respectively of the access point AP to the device T of the aforementioned initialization time values can advantageously be executed by transmission of a value message comprising at least the value of the stored initialization duration and for example the identifier at the link level of the issuer of this message and of an acknowledgment message, the acknowledgment message including at least one reference to the value message.
• a value message comprising at least the value of the stored initialization duration and for example the identifier at the link level of the issuer of this message and of an acknowledgment message, the acknowledgment message including at least one reference to the value message.
• - T T ⁇ denotes the value of the initialization duration of the device T transmitted and received at the access point AP;
• - T ap designates the value of initialization time of the access point AP measured locally at the latter;
• the error tolerance values E and D may be different.
• the control method of a connection object of the invention is then continued by step D of Figure 1 under the conditions which will be described below. If, on the contrary, one of the comparison steps Q 1 or Q 2 is not satisfied, that is to say on a negative response to one of these two steps, then an end of connection procedure Cu, respectively C 14 is called, the continuation of the connection being then inhibited.
• a specific mode of implementation of the permanent pairing step B of FIG. 1 will now be described with reference to FIG. 2.
• the above-mentioned step D may consist of a step C of initialization of the permanent pairing.
• the step of allowing the continuation of the connection of the device can be made conditional on the absence, prior to the call of the permanent pairing procedure itself, of a new step of pre-initialization and / or simultaneous initialization step between the AP access point already configured for temporary pairing and at least one other device.
• This operation is represented by the step D1 of FIG. 2, denoted 3 T ⁇ , intended to verify either an attempt to connect another device from any duration other than the initialization duration of the device having initialized the device. access point AP, this operation being represented in FIG. 2 by a connection end step D 2 on the existence of a value T' ⁇ different from Tj.
• the step of allowing the device connection procedure may advantageously include a rejection criterion of any new connection request foreign to an existing connection request for an identified connection requesting device.
• This situation may correspond, for example, to the case where a first device that has performed the pre-initialization operations of the AP access point and then simultaneously initialises this peripheral and this access point to a third-party device having the value of initialization time of this device, tries again to initiate a simultaneous initialization procedure from the same initialization time.
• step D 3 may comprise, before the call step, a permanent pairing configuration procedure D 3 o at the access point, a parameter encryption step D 31.
• the access point AP is able to collect by the short-range connection signal for example any encryption key sent by the device T, which was of course identified simultaneously for example in steps Cn and Ci 2 .
• step D1 of FIG. 2 it is indicated that this can be carried out advantageously as follows:
• the local control exerted to execute this pre-initialization can make it possible, in addition to the configuration of the latter to be able to temporarily pair a peripheral, to trigger for example a pre-configured time counter of duration P 1 for example.
• This time counter can make it possible to limit in time, at the access point AP, the simultaneous initialization steps of the peripheral device T and the access point AP, then temporary pairing and finally initialization of pairing. permanent.
• the access point AP and the peripheral T are identified mutually for example as represented in the steps Co 1 , C 11 , C 12 of FIG. 2, if, during the period of time counter Pi, the access point AP has received several values of device initialization time T ⁇ r or if during the second period of time counter P 2 the device has received several values of initialization time of access point T apr then the pairing procedure ends with a failure as shown in the test Di of Figure 2 previously described in the description.
• test Di makes it possible to prevent the case of connection of a second malicious user who would try to pair his device on the access point AP considered but that this mode of operation allows also prevent the case of a second user trying to divert the connection of the device to its own access point.
• the access point AP object of the invention will be described for a network access point shared by radio link in a non-limiting manner, the access point object of the invention , which can be implemented also in other technologies, such as line carrier currents on low voltage distribution network or other.
• the access point AP which is the subject of the invention also comprises an access / peripheral pairing module bearing the reference I 2 linked to the software interface. link signal interface management li.
• the aforementioned infrastructure or software interface II also makes it possible to go back to the access point / device I 2 pairing module with determined information or to include in radio frames, for example, information sent by the module. pairing access point / device I 2 .
• the software interface 1 j of course makes it possible to manage the duration value messages previously mentioned in the description, in order to ensure the transmission of these messages to the access point AP, respectively the peripheral T, as well as mentioned earlier in the description.
• the access point AP object of the invention comprises a database I 3 connected to the access point / device pairing module I 2 , this database comprising on the one hand temporary data and on the other hand permanent data.
• the database I 2 is structured so that part of the aforementioned database is volatile and allows the access point / device pairing module I 2 to store and retrieve information whose nature is temporary. , such as device identifiers T candidates for a connection for example, while a second part of the database I 3 is nonvolatile and contains for example configuration files relating to the module of pairing access points / peripheral I 2 .
• These configuration elements are radio configuration elements when the link signal is a radio signal or line carrier configuration elements when the link signal is a line carrier signal.
• the access point AP comprises a pre-initialization circuit of the access point AP via a local control of this access point, this pre-initialization circuit carrying the reference I 4 on the Figure 3a.
• the AP access point further comprises an initialization circuit which advantageously can be constituted by the aforementioned pre-initialization circuit I 4 .
• the pre-initialization and initialization circuit I 4 makes it possible to generate a local pre-initialization or initialization control of the access point AP, this command being directly transmitted to the access / peripheral pairing module. I 2 .
• the module pairing allows driving the decisions related to the aforementioned comparison.
• the device is then recognized as the requesting connection-identified device and the continuation T device connection is allowed, by calling a permanent pairing procedure. Otherwise, the continuation of the connection is inhibited at the access point AP.
• this latter can be constituted by any actuator element making it possible to generate a local initialisation control signal at the level of FIG. AP access point.
• it may be constituted by a receiver circuit of a signal generated by a television control selection apparatus, for example by infrared control or the like.
• the home user is then led to simply exert a release-release for pre-initialization stage of the access point AP then a fixed duration support, left at the sole initiative of the user, and a release of this same push button to execute the initialization step AP access point.
• the latter may advantageously comprise, in addition to the usual radio interface I 0 , this radio interface which may be constituted by a radio interface to long range such as a WIFI interface for example, a second short-range radio interface with the reference I 5 in Figure 3 a.
• the short-range radio interface may advantageously be constituted by an infrared interface, a Bluetooth interface or the like of which the transmission / reception diagram conditions can then be adapted as will be described later in the description.
• the aforesaid operating mode then makes it possible to secure the connection process by an effective control not only of the identification of the calling party of the connection but also by reducing the scope of the transactions, that is to say message exchanges between the user.
• AP access point and the device T requesting connection for the duration of the control connection.
• the access / peripheral pairing module I 2 combines a set of functions, which are supervised by a management element that is not shown in FIG. 3b.
• This management organ makes it possible to articulate all of the aforementioned functions, that is to say to launch the various functions at the desired time and in particular within the framework of the pre-initialization and then the initialization phase of the d-point.
• AP access considered.
• the access / device pairing module I 2 comprises the following modules:
• This function enables the various constituent functions of the pairing module I 2 to store or retrieve from the database I 3 data such as device level 2 identifiers or variables relating thereto;
• the Supervision / pushbutton function is furthermore related to a radio data transmission / reception function 1 2 (1 in order to transmit to the device T via the radio channel in short-range mode during the temporary pairing the time support, that is to say the duration of initialization T ap of the access point AP.
• the function Supervision / pushbutton l 2 b is used to trigger the timer Pi aforementioned in the description and used to protect the access point AP against any attempt of an unscrupulous user as mentioned previously in the description;
• This function makes it possible to establish a dialogue with the software infrastructure for managing the interface of the link signal, that is to say with the software interface I j represented in FIG. 3 a, in order to parameterize the interface link signal in short-range mode.
• the above setting varies depending on the radio technology used. For an IEEE 802.11 type of technology, this setting consists in activating an additional network name, such as for example "Pairing", to fix a high radio modulation, for example at 54 Mb / s and, optionally, to reduce the radio power of the radio. transmission and reception of the short-range radio interface;
• This function is responsible for identifying the requesting T device. In particular, it ensures reception of the access point support time, ie the local initialization value T ap of the access point AP, originating from the push button Supervision function. 2 b on the one hand, and the peripheral support time T ⁇ r value of the initialization time of the device T from the function Send / receive radio data ⁇ d , on the other hand.
• the device identification function mentioned above also has the error rate E from the database storage / retrieval function ⁇ % ⁇ . From these data, the peripheral identification function l 2e is able to identify the device and then stores in the database I 3 of Figure 3a, the result of this identification. In addition, if the result of the comparison is positive, an identifier of the device T, such as the identifier or address at the link level of the latter, is also stored.
• the above-mentioned function also makes it possible to store in the database I 3 the value of a variable Ch if the latter has been transmitted by the device T. It is specified that the variable Ch mentioned above indicates to which type the device T will access, once connected, to the access point AP or the type itself of the device;
• This function collects the encryption keys from the send / receive data radio function l 2d and then analyzes them as will be described later in the description. If only one encryption key is received from an identified T-device, this key is stored in the database I 3 via the storage / retrieval function of the database l 2a ;
• This function is used to extract from the database I 3 , the configuration elements and the variable Ch optionally sent by the device T.
• the configuration elements then allow the device T to establish a secure long-range radio connection by permanent pairing .
• the concept of permanent pairing covers, of course, the aforementioned secure link to which it is terminated the sole will of the user.
• the aforementioned function optionally selects the configuration elements to be sent to the device T according to the value of the aforementioned variable Ch;
• Encryption module l 2h This function collects, on the one hand, via the function Storage / retrieval of the database l 2a the key which makes it possible to encrypt the radio message for a given device and, on the other hand, , through the function Choice configuration items l 2g , the configuration elements to be transmitted to the device T.
• the aforementioned encryption function l 2h sends its data to the function Send / receive radio data l 2d for encrypted transmission configuration items at the T device; - long-range connection management module I 2 ;
• the aforementioned function is then responsible for preparing the long-range connection of the peripheral T. For this purpose, it acts in consultation with the radio interface management software infrastructure I 1 of Figure 3a.
• a user presses the push-button I 4 of FIG. 3a. It can of course launch the corresponding local command by any means equivalent to this push button.
• This step is represented in step S apO i of FIG. 3 c.
• a step of configuring the access point AP for temporary pairing is then executed, this step being referenced S ap o 2 in FIG. 3 c.
• the release of the push button I 4 causes the start of the time counter Pi value which aims to limit any attempt to reinitialize as described above in the description.
• the pre-initialization step having been executed by the user the user is then led to execute the initialization step of the access point AP jointly with the peripheral T that he wishes to connect.
• step S ap i triggered by a support and a release of control button, push button I 4 of Figure 3a, located on the AP access point.
• the duration of pressing on the push button of the access point that is to say the initialization time T ap of the AP access point is counted by the Supervision function of the push button l 2b , shown in Figure 3b.
• the value of this duration is stored in step S ap2 by the function
• the access point / device pairing module I 4 then receives the pairing of the peripheral device T on the radio network temporarily open during temporary pairing, during the pre-initialization of the access point AP described in FIG. 3c.
• the aforementioned temporary pairing may advantageously optionally be performed through the short-range link set up following the first user support on the push button I 4 , during the execution of the pre-initialization step.
• the access network in this case, is an IEEE 802.11 type network whose range is then reduced by forcing the access point to communicate with a radio modulation rate chosen the highest. possible depending on the radio capabilities of the device at 54Mb / s.
• the transmission and radio reception power in this situation is chosen for example equal to 1 milliwatt.
• the restricted range of the AP access point in this situation makes it possible to increase the security and all the following radio messages, up to the final step preceding the setting up of the long-range radio link are exchanged thanks to the short-range radio link.
• a step S ap4 the point-of- attachment module access / terminal sends via the function Send / receive radio data hd, on the short-range radio link, the value of the initialization time of the access point, T ap value, and preferably its identifier at link level, that is, its MAC address.
• the sending of this variable can optionally be executed through a secure tunnel.
• the aforementioned duration variable T ap and the link level identifier can then be sent in a message of value as described previously in the description for example.
• step S ap5 the access point / device pairing module then waits for reception of the initialization time value of the connection requesting device, that is to say the duration TT.
• the pairing procedure terminates on a failure. This situation is represented by the NO branch of response to the test S ap5 and back to an end of connection situation.
• the pairing procedure upon receipt of several TT device initialization time values after the time counter duration P 1 as mentioned previously in the description, the pairing procedure also ends with a failure and a return to end of connection.
• the function Send / receive radio data 2d transmits the function to the identification device the second initialization duration variable T ⁇ r supra.
• the Device Identification 1 2nd function will then call the error variable E in the database I 3 and perform the equality check to verify the successful identification. If the equality comparison relation is verified as previously mentioned in the description, the procedure continues in positive response to the test S ap6 . Otherwise, in the absence of a successful comparison and identity verification, the pairing procedure ends with a failure by returning to the end of connection step.
• step S ap s is a preconfigured step in time during which the AP access point collects, by radio, the encryption keys that is to say RSA public keys that will allow to encrypting the configuration data transmitted to the candidate device T for connection.
• the next step S ap9 after the aforementioned preconfigured time has elapsed , consists in transmitting, via the function Send / receive radio data l 2 a to the key analysis function l 2f , the aforementioned public key.
• FIGS. 4a to 4c A more detailed description of a device connectable to a shared network access point, according to the subject of the invention, will now be given in connection with FIGS. 4a to 4c.
• the device object of the invention will be described in the case of the use of a link signal consisting of a radio signal without limitation.
• the secure peripheral device connectable to a shared network access point comprises a link signal interface 20 which is constituted by a long-range radio interface for example. It further comprises a link signal interface management software interface 2j which is constituted by a software management infrastructure of the aforementioned radio interface 2o.
• the device according to the invention further comprises, as shown in FIG. 4a, a peripheral pairing / access point module 2 2 connected to the link signal interface management software interface 2i and a database 2 3 connected to the peripheral pairing module / access point 2 2 .
• the database 23 may advantageously comprise, on the one hand, temporary data and on the other hand, permanent data as will be described hereinafter.
• the notion of local control corresponds to the notion of a command exercised locally on the device at the initiative of the user requesting a connection for this device.
• the device / access point pairing module
• the device / access point pairing module 2 2 then makes it possible to authorize the continuation of the connection of the call connection requesting device T of a permanent pairing procedure as described above. Otherwise, the pairing module device / access point 2 2 makes it possible to inhibit the continuation of the connection at the level of the peripheral device T.
• the radio interface management software interface 2 constituting the aforementioned software infrastructure contains the elements of computer program for sending and receiving frames of a radio interface. It also makes it possible to go back to the device / access point pairing module 2 2 with specific information or to include in the radio frames the information sent by the aforementioned peripheral pairing module.
• the software interface or software infrastructure 2 ⁇ ensures the management of radio messages as defined above in the description relative to the implementation of the method object of the present invention.
• the T device, object of the invention besides the first radio interface 2o constituting a long-range link signal interface preferably includes a second link signal interface May 2 at short range.
• the first radio interface 2o and the second radio interface 2. 5 may then, according to an advantageous feature of the device of the present invention, be switched at the initiative of the device pairing module / 2 access point 2 to provide the step of provisional connection by pairing short-range respectively a permanent pairing in long-range connection with the access point, in accordance with the method of the present invention.
• Such a mode of operation of the device T object of the present invention will be described later in the description.
• peripheral pairing / access point module 2 2 All the functions implemented by the peripheral pairing / access point module 2 2 are advantageously supervised by a management unit not shown in FIG. 4b, which makes it possible to articulate all the aforementioned functions, ie that is to say to start the functions according to a defined protocol, which will be described later in connection with Figure 4c.
• the peripheral pairing module / access point 2 2 comprises, as represented in FIG. 4b:
• This function enables the different functions implemented by the peripheral pairing / access point module 2 2 to store or retrieve from the database 2 3 data such as identifiers at level 2 of the access point. PA or variables used by the T device;
• This function makes it possible to measure the support time TT, that is to say the value of the duration of initialization of the peripheral executed by the user on the circuit such as a push button 2 4 .
• This function is related to the function Storage / extraction of the database 2 2a to store the support time T ⁇ above. It is furthermore related to the short-range connection management function 2 2c previously described in order to parameterize the radio interface as soon as the control button 2 4 is released. the user to support a short-range connection with the AP access point.
• the Supervision / pushbutton function 2 2b is also related to a function Collect variables 2 2f in order to send to the access point AP, via the short-range radio channel, for example, the duration of initialization of the device, that is to say the value T T stored locally.
• the supervision function / button 2 2 b allows, advantageously, to trigger the timer P 2 described above in the description for implementing the method to allow the protection against any attempt to access non authorized.
• - short-range connection management module 2 2c This function makes it possible to establish a dialogue with the radio interface management software infrastructure module 2 ⁇ , in order to parameterize the radio interface in short-range mode for example. This setting varies depending on the radio technology used.
• Access point identification module 2 2nd - This function is used to identify the AP access point. It receives, on the one hand, the support time or initialization duration of the peripheral device Tj, originating from the push-button supervision function 2 2b, and, on the other hand, the access point support time. , that is, the initialization time of the access point transmitted T apr from the function Send / receive data radio 2 2d above.
• the access point identification function 2 2e advantageously also has an error rate D which may be different from the error rate E applied to the access point AP and coming from the function Storage / extraction of the database. 2 2a .
• This function is related to the function Supervision / pushbutton 2 2b and the function Storage / retrieval of the database 2 2a in order to collect the initialization time of the device support time device T T and the value of the variable Ch previously mentioned in the description.
• the aforementioned variables are then transmitted to the function Send / receive radio data 2 2d for transmission to the access point AP;
• - Key generator module 2 2g This function is intended to generate an encryption key then transmitted to the function Send / receive radio data 2 2d for transmission to the access point AP.
• This function is also responsible for generating a decryption key which is stored in the database 2 3 . It is recalled that when the encryption key is transmitted to the access point AP, this encryption key is for example a public key while the decryption key is instead a private key, which can be stored in the database 2 3 in a secure manner; - Decryption module configuration information 2 2h - This function is responsible for decrypting the configuration elements transmitted by the AP access point. For this purpose, the aforementioned function is related to the database 2 3 to recover the aforementioned decryption key. After decryption, the aforementioned configuration elements are sent to a long-range connection management function 2 2 ; ;
• This function when the entire identification procedure is complete, is intended to prepare the long-range connection of the device T to the access point AP from the configuration items received. This function operates in conjunction with the interface or software infrastructure for managing radio interfaces. A description of a protocol of the operating mode of a device according to the subject of the present invention, as described with reference to FIGS. 4a and 4b, will now be described with reference to FIG. 4c.
• the identification procedure is triggered by a press and release in step S T1 of the control button 24 located on the device.
• This first step corresponds to the triggering of the initialization of the peripheral T.
• the duration of the push of the control button 24 is counted by the supervision function of the pushbutton 22b of FIG. 4b, the value of this duration being the value Tj.
• the release of the control button further allows the device T to trigger a timer, the time counter P 2 previously described in the description.
• all the steps of the method and the protocol shown in FIG. 4c, up to the step of receiving the initialization time value. of the access point, value T apr must be executed in the duration P2 determined by the aforementioned time counter.
• step ST 2 the initialization duration of the peripheral T T is stored by the storage / retrieval function of the database 2 2a .
• the next step ST 5 is a step in which the peripheral pairing / access point module 2 2 waits for reception of the access point initialization value, the value T apr .
• the pairing procedure ends on a failure by return to an end-of-connection situation.
• the pairing procedure also ends with a return to an end of connection step on a failure.
• step S T6 upon reception of the value message containing the access point initialization value variable, variable T apr , the function Send / receive radio data 2 2 j, transmits to the identification function access point 2 2e , the value of the aforementioned variable.
• the function identification access point 2 2nd bed in the database the error variable D and then checks by comparing the equality relation:
• the error values E and D applied for the mutual recognition applications of the access point AP and the peripheral T may be different and that the aforementioned equality comparison can be performed by taking as a reference the value of local initialization time, that is to say the value T ap of the initialization duration of the access point AP, respectively T T of T device, to perform each comparison at the access point AP, respectively the device T.
• the two comparisons are made completely independent in the absence of any assignment of master or slave device quality to one and / or the other AP access point equipment or terminal T.
• step ST 7 the abovementioned comparison relation is verified and the identification / access point function 2 2e makes it possible to store in the database 2 3 the identifier at the link level of the access point AP.
• the AP AP is now considered recognized and identified as the access point chosen by the user of the T requesting connection device.
• the next step S ⁇ 9 is a waiting step in which the device T waits for reception of the configuration elements relating to the long-range connection to be established.
• the pairing procedure ends on a failure by returning to a termination step.
• the received configuration elements are then decrypted by the function Decryption / configuration information 2 2 h and sent to the Long Range Connection Management function 2 2 ; This situation is represented on a positive response to test S ⁇ 9 of FIG. 4c.
• the next step Sj 11 is a step of setting up the long-range connection from the configuration elements and the long-range connection management function 2 2 ; supra.
• This long-range connection can be implemented based on a new network name provided with a provided encryption key.
• the connection between the device and the access point AP is continued.
• the aforementioned initialization values may be subject to the sending of specific messages, in particular in the form of a value transmission message of an initialization duration, between a shared network access point and a shared network access point. candidate device to connect to this access point.
• the invention finally covers a computer program recorded on a storage medium for execution by a remarkable computer in that during the execution by the computer of an access point, this computer program allows the implementation of the method, at the access point, as described previously in the description in conjunction with Figures 1 and 2.
• the invention also covers a computer program recorded on a storage medium for execution by a remarkable computer in that this computer program, when executed by the computer of a peripheral, allows the implementation of the method, at this device, as described previously in the description in conjunction with Figure 1 and Figure 2.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Computer Hardware Design (AREA)
• Computer Security & Cryptography (AREA)
• Computing Systems (AREA)
• General Engineering & Computer Science (AREA)
• Quality & Reliability (AREA)
• Mobile Radio Communication Systems (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=35149365

Family Applications (1)

Country Status (4)

Families Citing this family (13)

Family Cites Families (3)

• 2006
  • 2006-05-16 EP EP06755489A patent/EP1884100A1/de not_active Withdrawn
  • 2006-05-16 US US11/920,852 patent/US20100024003A1/en not_active Abandoned
  • 2006-05-16 CN CNA2006800183665A patent/CN101185308A/zh active Pending
  • 2006-05-16 WO PCT/FR2006/001101 patent/WO2006125885A1/fr not_active Ceased

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events