[go: up one dir, main page]

WO2013012401A1 - Apparatus & method to improve pairing security in bluetoothtm headsets & earbuds - Google Patents

Apparatus & method to improve pairing security in bluetoothtm headsets & earbuds Download PDF

Info

Publication number
WO2013012401A1
WO2013012401A1 PCT/US2011/001278 US2011001278W WO2013012401A1 WO 2013012401 A1 WO2013012401 A1 WO 2013012401A1 US 2011001278 W US2011001278 W US 2011001278W WO 2013012401 A1 WO2013012401 A1 WO 2013012401A1
Authority
WO
WIPO (PCT)
Prior art keywords
pairing
bluetooth
display
user
digit number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2011/001278
Other languages
French (fr)
Inventor
Alan D. KOZLAY
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to PCT/US2011/001278 priority Critical patent/WO2013012401A1/en
Publication of WO2013012401A1 publication Critical patent/WO2013012401A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/72409User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories
    • H04M1/72412User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories using two-way short-range wireless interfaces
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/60Substation equipment, e.g. for use by subscribers including speech amplifiers
    • H04M1/6033Substation equipment, e.g. for use by subscribers including speech amplifiers for providing handsfree use or a loudspeaker mode in telephone sets
    • H04M1/6041Portable telephones adapted for handsfree use
    • H04M1/6058Portable telephones adapted for handsfree use involving the use of a headset accessory device connected to the portable telephone
    • H04M1/6066Portable telephones adapted for handsfree use involving the use of a headset accessory device connected to the portable telephone including a wireless connection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2250/00Details of telephonic subscriber devices
    • H04M2250/02Details of telephonic subscriber devices including a Bluetooth interface
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/14Direct-mode setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Definitions

  • the field of the invention relates to wireless BluetoothTM communications security. More particularly, the field of the invention relates to increasing wireless communication security during pairing (device association) of "display-less", wireless BluetoothTM equipped earbuds and headsets (and other display-less Bluetooth devices) with
  • Bluetooth devices having a display (“display-bearing”) e.g., cellphones, PDAs, etc. 2. Background Technology of the Invention
  • a variety of electronic devices are enabled for wireless communication between and among each other using one or more standardized wireless communication protocols.
  • One of the most popular wireless communication protocols currently on the market in wide use is the BluetoothTM wireless protocol for device association.
  • the BluetoothTM wireless communication protocol is used for exchanging data and for "device association”— aka, "device pairing”— of two Bluetooth devices, over short distances via radio wave transmission. Both fixed and mobile devices can use Bluetooth. This facilitates creating (close-by) personal area networks (PANs). PANs generally are office, home, car, or mobile networks that are used by one person or a few people operating and communicating in a very near-by working area.
  • BluetoothTM wireless devices can be associated— i.e., connected and paired together— by first exchanging shared, verifiable information wirelessly, to enable the subject wireless devices to "trust" each other, prior to establishing interactive sessions conducted via open BluetoothTM wireless radio communications.
  • MITM Man-ln-The-Middle Attack
  • a rogue device which attempts to insinuate itself into the legitimate BluetoothTM "trust dialogue" during pairing. While the two victim devices are attempting to discover (find) each other and pair (interactively communicate) with each other for the first time, an attacker's rogue device in between the two legitimate devices attempts to respond to both of the victims' devices in order to compel them both to believe they have found each others' (legitimate) device, when, in fact, they're only each communicating with and/or through the attacker's rogue device (which then facilitates indirect communication between the two victim devices through the rogue intermediary).
  • SSP Secure Simple Pairing
  • OOB Out-Of-Bounds
  • Numeric Comparison The choice of which model is used is based on the input and output capabilities of the two devices to be paired.
  • the first three models Pass Key Entry, OOB and Numeric Comparison
  • MITM attack whereas the Just Works model does not. This is because the Just Works model is used when there is no display for output and no keyboard for numerical input on at least one of the two devices and, therefore, it provides no mechanism to verify that the two devices are
  • the Numeric Comparison model is used when both devices have a display for output. It is assumed that a minimal set of buttons is available to the user to be used to convey a confirmation by the user. Both devices calculate a random 6 digit number that only the two devices could know and both devices display the number on the screen and the user must compare the number shown on each screen to ensure they match and press a button on both devices to confirm in order to allow pairing to continue.
  • An attacking MITM device cannot mathematically cause the same 6 digit number to be generated between itself and each of the victim devices: thus, they would not match.
  • Traditional Bluetooth headsets and earbuds do not have a display for output or a keyboard for numeric input or an alternative communications medium to facilitate trust exchange.
  • the Just Works model is the only appropriate model to use.
  • the Just Works model begins just as the Numeric Comparison model does by generating the 6 digit number but, since there is no display for output, Just Works assumes user confirmation and proceeds with pairing without actual user confirmation. Without the user confirmation of the 6 digit number, Just Works model is vulnerable to the MITM attack.
  • BluetoothTM 2.1 (or higher) headsets and earbuds with the capacity to securely and predictably complete device association (pairing) using the more-secure "Numeric Comparison" association model, rather than using the "Just Works” model traditionally employed in BluetoothTM 2.1 pairing with wireless (but display-less) headsets and earbuds. It is a related primary object of the invention to create a method of voice-based Bluetooth security for device association (pairing). This is accomplished by facilitating an allowing the displayless and keyboardless user's comparison of the 6-digit number, e.g., in their headsets and/or earbuds.
  • the technique involves implementing a means for converting the random 6-digit number into audio indicia, e.g., wherein a recorded or synthesized voice stored in memory e.g., "speaks” and/or “beeps” or sounds tones representative of the 6-digit number.
  • a recorded or synthesized voice stored in memory e.g., "speaks” and/or “beeps” or sounds tones representative of the 6-digit number.
  • This allows the display-less user to conduct “numeric comparison", insofar as the user hears recorded speech, and/or a sequence of beeps or tones sounded into his ear by the headset's or earbud's speaker.
  • Yet another primary object of the invention is to decrease or eliminate
  • Each device may obtain a confirmation image based on their respective confirmation values.
  • a confirmation image is uniquely associated with a confirmation value so that no two confirmation values can be associated with the same confirmation image.
  • the images for both the first and second devices are provided to an operator for authentication. If the confirmation images are identical, an association between the first and second devices may be confirmed by the operator. Comparing confirmation images may increase the reliability of operator authentication and is more efficient than comparing values. Linsky claims what BluetoothTM SSP does but with the change that, instead of user looking at the display on each device to compare numbers displayed, the display would show images to be compared. Presumably enough different images would exist to provide sufficient possibilities. But, Linsky is not comparable to the present invention because his images still require a display. Although there are other devices relating to BluetoothTM headsets and earbuds, it does not currently appear that there are any other art that's directly-comparable to that disclosed as the present invention as relates to Bluetooth 2.1 (or higher)
  • COMPARING NUMERIC COMPARISON and JUST WORKS ASSOCIATION MODELS Secure Simple Pairing uses four association models referred to as Numeric Comparison, Just Works, Out Of Band, and Passkey Entry. Two association models are described in more detail in the following sections. The association model used is based on I/O capabilities of the two devices. (From BluetoothTM 2.1 Specification) Numeric Comparison: The Numeric Comparison association model is designed for scenarios where both devices are capable of displaying a six digit number and both are capable of having the user enter "yes" or "no". A good example of this model is the cell phone / PC scenario.
  • the user is shown a six digit number (from “000000” to "999999") on both displays and then asked whether the numbers are the same on both devices. If "yes” is entered on both devices, the pairing is successful.
  • the numeric comparison serves two purposes. First, since many devices do not have unique names, it provides confirmation to the user that the correct devices are connected with each other. Second, the numeric comparison provides protection against MITM attacks. Note that there is a significant difference from a cryptographic point of view between Numeric Comparison and the PIN entry model used by Bluetooth Core Specification and earlier versions. In the Numeric Comparison association model, the six digit number is an artifact of the security algorithm and not an input to it, as is the case in the Bluetooth security model.
  • Just Works The Just Works association model is primarily designed for scenarios where at least one of the devices does not have a display capable of displaying a six digit number nor does it have a keyboard capable of entering six decimal digits. A good example of this model is the cell phone/mono headset scenario where most headsets do not have a display.
  • the Just Works association model uses the Numeric Comparison protocol but the user is never shown a number and the application may simply ask the user to accept the connection (exact implementation is up to the end product
  • the Just Works association model provides the same protection as the Numeric Comparison association model against passive eavesdropping but offers no protection against the MITM attack. (From BluetoothTM 2.1 Specification) NB: The above comparisons are quotations from the Bluetooth 2.1 Specification. SUMMARY OF THE INVENTION: The present invention disclosed herein provides a means of implementing higher security assurance than is now provided by the Just Works model described above. The improvement of the invention comprises an apparatus and a method which employs the BluetoothTM 2.1 Numeric Comparison association model to provide new and additional security.
  • a display- bearing device e.g., a cellphone, Blackberry, or other PDA with display and keyboard
  • a display-less device e.g., to a prospective pairing headset and/or earbud
  • Wireless BluetoothTM 2.1 headsets and/or earbuds did not (and still do not) have a screen display means to allow the user to visually-verify the generated and displayed 6-digit number (so earbuds and headsets currently use Just Works instead of using Numeric Comparison).
  • the present invention's innovation is to functionally provide an output means for the 6-digit number (in lieu of or in addition to a display), on one or both devices, by means of having the 6-digit number "spoken" by recorded or synthesized voice (or represented by other predetermined acoustic indicia, e.g., long and/or short beeps, audio tones, melodic tones, etc.) which comprises audio conducted into the user's ear.
  • acoustic indicia e.g., long and/or short beeps, audio tones, melodic tones, etc.
  • the user's confirmation of the 6-digits matching can either be effectuated visually or vocally to a voice pattern recognition engine for additional security and/or by simple button press or involve usage of a tilt sensor or other acceptance actuation component.
  • the innovation of the invention is to allow better security for BluetoothTM 2.1 (or higher) headsets and earbuds using
  • Numeric Comparison pairing instead of Just Works. Numerical Comparison requires that the user confirm on both devices before pairing will continue. The user can convey confirmation through button push, voice recognition, or tilt/motion sensor. If the user decides to reject the pairing process due to unmatched number or any other reason, the user can convey the rejection directly through button push or voice recognition or tilt/motion sensor or by timeout without confirmation.
  • the headset or earbud that is expecting user confirmation (of a match of the 6 digit number for comparison via audio into the user's ear) can expect confirmation after each digit is sounded or one time after all 6 digits are sounded.
  • the present invention as disclosed herein has been shown to provide an apparatus and a method for a more secure pairing of BluetoothTM 2.1 (or higher) headsets and earbuds with their Bluetooth-connected cell phones, PDAs, and other connectible communications platform devices, through facilitating Numeric Comparison Association model than can be achieved through the Just Works
  • the apparatus is provisioned by implementing into earbuds and headsets of the present invention a circuit with embedded components including a processor having a non-volatile memory, a voice synthesizer, a speaker, and at least one control button, in addition to implementing the standard transceiver components needed for deploying BluetoothTM wireless communications between a platform BluetoothTM 2.1 (or higher) device and a BluetoothTM 2.1 (or higher) headset or earbud.
  • the invention provides means for accepting and verifying that a 6-digit string of numbers output on a remote device exactly matches a 6-digit string of numbers spoken into the user's earpiece.
  • the apparatus of the present invention receives a signal from the remote device to be paired to.
  • the apparatus uses the signal to calculate which digit representations to retrieve from memory and speak these same digits into the user's earpiece, this is implemented in hardware, software, and/or firmware.
  • the apparatus retrieves digit representations from memory and "speaks" into a user's ear, which is taken from the 6-digit sequence of 6 numeric digits from the set ⁇ 0, 1 , 2, 3, 4, 5, 6, 7, 8, 9 ⁇ .
  • a "Middle-C Octave" e. g.
  • different predetermined frequency tones can be used which are easily recognized and/or customized in by user or factory. Other audio combinations are possible limited only by the imagination of the designer and/or user seeking predetermined "signature” tones and/or melodies representative of the 6 digits.
  • 112 Device Displays a 6 Digit User Confirmation Value, User Presses Button if Values Agree
  • This invention addresses the security of pairing devices in which one of the device pair has no display screen and therefore cannot display a User
  • Bluetooth Specification V2.1 are performed and the devices prepare to
  • the Ear Bud 104 will assert that it can display the User Confirmation Value (6 digits) and both devices proceed to Bluetooth Simple Pairing Step 7, Prepare for Numeric Comparison 110.
  • the Bluetooth Cellular Phone 100 will display the User Confirmation Value 102 in accordance with the Bluetooth Standard.
  • the Bluetooth Ear Bud 104 will electronically generate sounds to" speak" the numbers 106 on its earpiece speaker so that the user can hear the number. If the displayed number 102 and the audio spoken number 106 match, then a button (not shown) will be pushed by the user(s) on both devices to continue the simple pairing process.
  • the Ear Bud 104 may be constructed to accept a voice response "yes” or “no” (not shown) in lieu of pressing or not pressing a button.
  • a voice response "yes” or “no” (not shown) in lieu of pressing or not pressing a button.
  • the displayed number 397031 matches the audio numbers 397031 , so the user would press the button on both devices to authenticate their identity.
  • the spoken number 106 is not part of the Bluetooth standard, but, using this invention can be implemented without violating the standard.
  • the Bluetooth Simple Pairing 116 Steps 8-11 of Bluetooth Specification V2.1 are completed to complete pairing and enable the devices to be used.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Computer Interaction (AREA)
  • Telephone Function (AREA)

Abstract

An improved Bluetooth system with increased security for pairing of two Bluetooth devices where one device has no display. Heretofore, only Secure Simple Pairing (SSP) Association Model Just Works is used if one device is displayless. Just Works is vulnerable to exploits known as Man-ln-The-Middle (MITM) attacks. By contrast, my invention implements Numeric Comparison, which is more secure than Just Works, because both agree to a randomly-generated 6-digit number. My innovation allows display-less Bluetooth devices (headsets or earbuds) to pair with display-bearing devices, because the matching 6-digit number on the displaying device is "spoken" or sounded (voice recordings, beeps, tones) into a displayless device user's ear. This allows displayless device users to hear sounds (spoken or beeped) equivalent to displayed 6-digit numbers to facilitate comparison, matching, and secure Bluetooth pairing. This reduces or eliminates risk of MITM exploits.

Description

IN THE UNITED STATES PATENT AND TRADEMARK OFFICE Regular Patent Application to replace Provisional App. Ser. No. 61/282,619
Inventor: Alan Kozlay
9475 Deereco Road, Suite 304; Timonium, MD 21093 Contact Number: (410) 302 6080 * Email: akozlav@baimobile.com Apparatus & Method to Improve Pairing Security in Bluetooth™ Headsets & Earbuds Priority of Provisional Patent Application:
This application is a Regular Patent Application to replace my U. S. Provisional Patent Application Serial Number 61/282,619 filed March 5, 2010. This Regular Patent Application claims priority based upon said Application Serial Number 61/282,619. 1. Field of the Invention
The field of the invention relates to wireless Bluetooth™ communications security. More particularly, the field of the invention relates to increasing wireless communication security during pairing (device association) of "display-less", wireless Bluetooth™ equipped earbuds and headsets (and other display-less Bluetooth devices) with
Bluetooth devices having a display ("display-bearing") e.g., cellphones, PDAs, etc. 2. Background Technology of the Invention
A variety of electronic devices are enabled for wireless communication between and among each other using one or more standardized wireless communication protocols. One of the most popular wireless communication protocols currently on the market in wide use is the Bluetooth™ wireless protocol for device association.
l The Bluetooth™ wireless communication protocol is used for exchanging data and for "device association"— aka, "device pairing"— of two Bluetooth devices, over short distances via radio wave transmission. Both fixed and mobile devices can use Bluetooth. This facilitates creating (close-by) personal area networks (PANs). PANs generally are office, home, car, or mobile networks that are used by one person or a few people operating and communicating in a very near-by working area. Bluetooth™ wireless devices can be associated— i.e., connected and paired together— by first exchanging shared, verifiable information wirelessly, to enable the subject wireless devices to "trust" each other, prior to establishing interactive sessions conducted via open Bluetooth™ wireless radio communications. The "Man-ln-The-Middle Attack" (MITM) is a well-known and understood hacker exploit. MITM is an attack by a rogue device which attempts to insinuate itself into the legitimate Bluetooth™ "trust dialogue" during pairing. While the two victim devices are attempting to discover (find) each other and pair (interactively communicate) with each other for the first time, an attacker's rogue device in between the two legitimate devices attempts to respond to both of the victims' devices in order to compel them both to believe they have found each others' (legitimate) device, when, in fact, they're only each communicating with and/or through the attacker's rogue device (which then facilitates indirect communication between the two victim devices through the rogue intermediary). In this way, the attacker's device gains full trust from both devices. Full trust allows an attacker to do many harmful things including eavesdropping on the communications and taking remote control of the victim devices for nefarious or other unauthorized purposes. Many recently-manufactured Bluetooth™ devices pair using a new mechanism first introduced in Bluetooth™ Revision 2.1 known as Secure Simple Pairing (SSP). SSP introduces four Association Models for pairing and they are: Pass Key Entry, Out-Of-Bounds (OOB), Numeric Comparison and Just Works. The choice of which model is used is based on the input and output capabilities of the two devices to be paired. The first three models (Pass Key Entry, OOB and Numeric Comparison) provide protection against the MITM attack, whereas the Just Works model does not. This is because the Just Works model is used when there is no display for output and no keyboard for numerical input on at least one of the two devices and, therefore, it provides no mechanism to verify that the two devices are
communicating directly with each other instead of through an attacking device. For example, the Numeric Comparison model is used when both devices have a display for output. It is assumed that a minimal set of buttons is available to the user to be used to convey a confirmation by the user. Both devices calculate a random 6 digit number that only the two devices could know and both devices display the number on the screen and the user must compare the number shown on each screen to ensure they match and press a button on both devices to confirm in order to allow pairing to continue. An attacking MITM device cannot mathematically cause the same 6 digit number to be generated between itself and each of the victim devices: thus, they would not match. Traditional Bluetooth headsets and earbuds do not have a display for output or a keyboard for numeric input or an alternative communications medium to facilitate trust exchange. Heretofore, the Just Works model is the only appropriate model to use. The Just Works model begins just as the Numeric Comparison model does by generating the 6 digit number but, since there is no display for output, Just Works assumes user confirmation and proceeds with pairing without actual user confirmation. Without the user confirmation of the 6 digit number, Just Works model is vulnerable to the MITM attack.
Necessity of the Invention:
Therefore, it appears there is a need in the industry for introducing better and more dependable security in Bluetooth™ headsets and earbuds. There is likely a large latent user demand for dependable security in Bluetooth headsets and earbud devices. Accordingly, it is expected that the present invention disclosed herein is unique and useful and non-obvious, given its creation of an innovative solution to facilitate a Numeric Comparison association model implementation for platform devices and headsets and earbuds that do not have a display for output. Additionally, as we today experience and observe exponentially-increasing security concerns in the wake of increasing numbers of hacker exploits, it appears obvious that the present invention is needed in the industry and on the market.
3. Objects of the Invention: Accordingly, it is one primary object of the present invention, to provision
Bluetooth™ 2.1 (or higher) headsets and earbuds with the capacity to securely and predictably complete device association (pairing) using the more-secure "Numeric Comparison" association model, rather than using the "Just Works" model traditionally employed in Bluetooth™ 2.1 pairing with wireless (but display-less) headsets and earbuds. It is a related primary object of the invention to create a method of voice-based Bluetooth security for device association (pairing). This is accomplished by facilitating an allowing the displayless and keyboardless user's comparison of the 6-digit number, e.g., in their headsets and/or earbuds. Typically, the technique involves implementing a means for converting the random 6-digit number into audio indicia, e.g., wherein a recorded or synthesized voice stored in memory e.g., "speaks" and/or "beeps" or sounds tones representative of the 6-digit number. This allows the display-less user to conduct "numeric comparison", insofar as the user hears recorded speech, and/or a sequence of beeps or tones sounded into his ear by the headset's or earbud's speaker. This allows the user to use such audio indicia, to compare sounded equivalents of the display-bearing device's 6-digit number, merely by listening to equivalent representation of the 6-digit number on his device before allowing the pairing to proceed. Yet another primary object of the invention is to decrease or eliminate
susceptibility and exposure to "Man-ln-The-Middle" attacks. 4. Related Art: The published US Patent Application 20090228707 to Linsky discloses "Image- Based Man-ln-The-Middle Protection in Numeric Comparison Association Models". Although the subject patent application appears useful for image comparison purposes, it is unlike the present invention in that it uses images in attempts to preclude so-called "Man-ln-The-Middle" attacks against Bluetooth™ devices. In the Linsky application, an authentication scheme is provided for securely establishing an association with a second device over a wireless communication link. A cryptographic key exchange is performed between a first device and a second device, wherein cryptographic information for the first and second device is obtained. The first and second devices may independently generate a confirmation value based on the cryptographic information. Each device may obtain a confirmation image based on their respective confirmation values. A confirmation image is uniquely associated with a confirmation value so that no two confirmation values can be associated with the same confirmation image. The images for both the first and second devices are provided to an operator for authentication. If the confirmation images are identical, an association between the first and second devices may be confirmed by the operator. Comparing confirmation images may increase the reliability of operator authentication and is more efficient than comparing values. Linsky claims what Bluetooth™ SSP does but with the change that, instead of user looking at the display on each device to compare numbers displayed, the display would show images to be compared. Presumably enough different images would exist to provide sufficient possibilities. But, Linsky is not comparable to the present invention because his images still require a display. Although there are other devices relating to Bluetooth™ headsets and earbuds, it does not currently appear that there are any other art that's directly-comparable to that disclosed as the present invention as relates to Bluetooth 2.1 (or higher)
headsets/earbuds. COMPARING NUMERIC COMPARISON and JUST WORKS ASSOCIATION MODELS Secure Simple Pairing uses four association models referred to as Numeric Comparison, Just Works, Out Of Band, and Passkey Entry. Two association models are described in more detail in the following sections. The association model used is based on I/O capabilities of the two devices. (From Bluetooth™ 2.1 Specification) Numeric Comparison: The Numeric Comparison association model is designed for scenarios where both devices are capable of displaying a six digit number and both are capable of having the user enter "yes" or "no". A good example of this model is the cell phone / PC scenario. The user is shown a six digit number (from "000000" to "999999") on both displays and then asked whether the numbers are the same on both devices. If "yes" is entered on both devices, the pairing is successful. (From Bluetooth™ 2.1 Specification) The numeric comparison serves two purposes. First, since many devices do not have unique names, it provides confirmation to the user that the correct devices are connected with each other. Second, the numeric comparison provides protection against MITM attacks. Note that there is a significant difference from a cryptographic point of view between Numeric Comparison and the PIN entry model used by Bluetooth Core Specification and earlier versions. In the Numeric Comparison association model, the six digit number is an artifact of the security algorithm and not an input to it, as is the case in the Bluetooth security model. Knowing the displayed number is of no benefit in decrypting the encoded data exchanged between the two devices. (From Bluetooth™ 2.1 Specification) Just Works: The Just Works association model is primarily designed for scenarios where at least one of the devices does not have a display capable of displaying a six digit number nor does it have a keyboard capable of entering six decimal digits. A good example of this model is the cell phone/mono headset scenario where most headsets do not have a display. The Just Works association model uses the Numeric Comparison protocol but the user is never shown a number and the application may simply ask the user to accept the connection (exact implementation is up to the end product
manufacturer). The Just Works association model provides the same protection as the Numeric Comparison association model against passive eavesdropping but offers no protection against the MITM attack. (From Bluetooth™ 2.1 Specification) NB: The above comparisons are quotations from the Bluetooth 2.1 Specification. SUMMARY OF THE INVENTION: The present invention disclosed herein provides a means of implementing higher security assurance than is now provided by the Just Works model described above. The improvement of the invention comprises an apparatus and a method which employs the Bluetooth™ 2.1 Numeric Comparison association model to provide new and additional security. With my invention, additional security can be established between a display- bearing device (e.g., a cellphone, Blackberry, or other PDA with display and keyboard), and a display-less device (e.g., to a prospective pairing headset and/or earbud), instead of using the much-less-secure Just Works pairing method (now common practice). Wireless Bluetooth™ 2.1 headsets and/or earbuds did not (and still do not) have a screen display means to allow the user to visually-verify the generated and displayed 6-digit number (so earbuds and headsets currently use Just Works instead of using Numeric Comparison). By contrast, the present invention's innovation is to functionally provide an output means for the 6-digit number (in lieu of or in addition to a display), on one or both devices, by means of having the 6-digit number "spoken" by recorded or synthesized voice (or represented by other predetermined acoustic indicia, e.g., long and/or short beeps, audio tones, melodic tones, etc.) which comprises audio conducted into the user's ear. Thus, my invention improves security because Numeric Comparison can be implemented in Bluetooth 2.1™ (or higher) headsets and earbuds by audio means. Additionally, the user's confirmation of the 6-digits matching can either be effectuated visually or vocally to a voice pattern recognition engine for additional security and/or by simple button press or involve usage of a tilt sensor or other acceptance actuation component. In summary, the innovation of the invention is to allow better security for Bluetooth™ 2.1 (or higher) headsets and earbuds using
Numeric Comparison pairing instead of Just Works. Numerical Comparison requires that the user confirm on both devices before pairing will continue. The user can convey confirmation through button push, voice recognition, or tilt/motion sensor. If the user decides to reject the pairing process due to unmatched number or any other reason, the user can convey the rejection directly through button push or voice recognition or tilt/motion sensor or by timeout without confirmation. The headset or earbud that is expecting user confirmation (of a match of the 6 digit number for comparison via audio into the user's ear) can expect confirmation after each digit is sounded or one time after all 6 digits are sounded. Accordingly, the present invention as disclosed herein has been shown to provide an apparatus and a method for a more secure pairing of Bluetooth™ 2.1 (or higher) headsets and earbuds with their Bluetooth-connected cell phones, PDAs, and other connectible communications platform devices, through facilitating Numeric Comparison Association model than can be achieved through the Just Works
Association Model. The apparatus is provisioned by implementing into earbuds and headsets of the present invention a circuit with embedded components including a processor having a non-volatile memory, a voice synthesizer, a speaker, and at least one control button, in addition to implementing the standard transceiver components needed for deploying Bluetooth™ wireless communications between a platform Bluetooth™ 2.1 (or higher) device and a Bluetooth™ 2.1 (or higher) headset or earbud. Effectively, the invention provides means for accepting and verifying that a 6-digit string of numbers output on a remote device exactly matches a 6-digit string of numbers spoken into the user's earpiece. In the process, the apparatus of the present invention receives a signal from the remote device to be paired to. The apparatus uses the signal to calculate which digit representations to retrieve from memory and speak these same digits into the user's earpiece, this is implemented in hardware, software, and/or firmware. To implement security, the apparatus retrieves digit representations from memory and "speaks" into a user's ear, which is taken from the 6-digit sequence of 6 numeric digits from the set {0, 1 , 2, 3, 4, 5, 6, 7, 8, 9}. Alternatively, a "Middle-C Octave" (e. g.) sound scheme can be implemented in whole notes, and/or in half-notes. Also, different predetermined frequency tones can be used which are easily recognized and/or customized in by user or factory. Other audio combinations are possible limited only by the imagination of the designer and/or user seeking predetermined "signature" tones and/or melodies representative of the 6 digits. DETAILED DISCUSSION OF THE INVENTION Description of Figures
Reference Numerals 100 Bluetooth Device with display— Cellular Phone Shown
102 Example of User Confirmation Value 397031 being displayed
104 Bluetooth Device without display— Bluetooth Earbud Shown
106 Sound emanating from Ear Bud— example speaking 397031
108 Bluetooth Simple Pairing Steps 1-6 of the Bluetooth Specification V2.1
110 Bluetooth Simple Pairing Step 7 of the Bluetooth Specification V2.1 (Numeric Comparison)
112 Device Displays a 6 Digit User Confirmation Value, User Presses Button if Values Agree
114 Audio Device Speaks a 6 Digit User Confirmation Value, User Presses Button if Values Agree 116 Bluetooth Simple Pairing Steps 8-11 of the Bluetooth Specification V2.1 to complete pairing Description of one Preferred Embodiment While this invention is described as one of my preferred embodiments, changes can be made without departing from the scope and sprit of the invention, as described in the claims section.
This invention addresses the security of pairing devices in which one of the device pair has no display screen and therefore cannot display a User
Confirmation Value (6-digit number). In Table 1 , Simple Pairing Message Sequence Chart Using Audio as Disclosed, a Bluetooth Phone or other device with a display capability) 100 is shown and a Bluetooth Ear Bud ( or other Bluetooth Device without a display capability ) 104 is to be paired with it. These two Bluetooth devices are placed in the standard Bluetooth mode to discover each other and begin an exchange of information to begin the pairing process. Bluetooth Simple Pairing 108 Steps 1-6 of the
Bluetooth Specification V2.1 are performed and the devices prepare to
authenticate themselves to ensure that they are the devices that the user intended to use and not a third device. The Ear Bud 104 will assert that it can display the User Confirmation Value (6 digits) and both devices proceed to Bluetooth Simple Pairing Step 7, Prepare for Numeric Comparison 110. At this point, the Bluetooth Cellular Phone 100 will display the User Confirmation Value 102 in accordance with the Bluetooth Standard. However, to implement the present invention, the Bluetooth Ear Bud 104 will electronically generate sounds to" speak" the numbers 106 on its earpiece speaker so that the user can hear the number. If the displayed number 102 and the audio spoken number 106 match, then a button (not shown) will be pushed by the user(s) on both devices to continue the simple pairing process. Alternatively, the Ear Bud 104 may be constructed to accept a voice response "yes" or "no" (not shown) in lieu of pressing or not pressing a button. Note that in the example of Table 1 , the displayed number 397031 matches the audio numbers 397031 , so the user would press the button on both devices to authenticate their identity. Note that the spoken number 106 is not part of the Bluetooth standard, but, using this invention can be implemented without violating the standard. When the user(s) push the buttons, then the Bluetooth Simple Pairing 116 Steps 8-11 of Bluetooth Specification V2.1 are completed to complete pairing and enable the devices to be used.
While there are other Bluetooth devices in the marketplace that contemplate additional security, there does not appear to be comparable apparatuses or methods in the art that would precede the present invention disclosed herein. Furthermore, as one skilled in the art reviews this disclosure, it will be obvious how various aspects of the present invention can be combined or rearranged such that new systems integrations thereof will be apparent. The undersigned Inventor is aware of these implications and expressly asserts that all have been considered and that there are many ways the present invention can be implemented according to the spirit of the invention herein. Inventor reserves the right to claim any and all useful implementations or concepts suggested by the present invention.

Claims

AIM:
1. A method of wirelessly pairing two electronic devices, wherein a first device has a display and wherein a second device has no display, comprising the steps of: a user actuating a button on at least one of said devices to initiate pairing— or in the alternate, if at least one of said devices includes means for automatic pairing, said at least one device automatically actuates and initiates pairing; after at least one of button-actuated initiating of pairing and automatic-actuated initiating of pairing occurs, pairing is completed in steps further comprising: the first device to initiate pairing generates a first message defining its' characteristics and transmits said first message to said second device, a second device receives said first message and responds by transmitting a second message defining its' characteristics to said first device, said first device receives said second message, and responds by generating and displaying a random 6-digit number on its display and then transmitting to said second device a message comprising audio indicia equivalent to said displayed random 6-digit number, said second device receives said message comprising audio indicia and conveys said audio indicia into an ear of said user who compares the displayed random 6-digit number with said audio indicia equivalent to said displayed random 6-digit number, and when said user recognizes that said displayed random 6-digit number and said audio indicia equivalent to said displayed random 6-digit number match, said user again actuates a button to complete pairing of said first and said second device. A display-bearing Bluetooth apparatus adapted for device association with a display-less Bluetooth apparatus, wherein:
said display-bearing apparatus includes means to generate and display a random 6-digit number according to SSP Numeric Comparison protocol, and wherein said apparatus is adapted to transmit said 6-digit number (or intelligible signals indicative thereof) to said display-less Bluetooth device; and wherein:
said display-less apparatus includes means to convert said transmitted 6- digit number (or intelligible signals indicative thereof) into audio indicia for sounding into the ear of a user so he can determine that said audio indicia represent and match said transmitted 6-digit number.
A wireless, display-less Bluetooth™ headset and/or earbud apparatus for pairing with a wireless display-bearing Bluetooth™ device, comprising: having a display for
for initiating and negotiating a 6-digit password for wireless Bluetooth™ Numeric Comparison-based SSP communication, comprising:
electronic components having at least one processor and memory and a first transceiver including logic for transmitting and negotiating commencement and initiation of pairing in accordance with Bluetooth™;
said electronic components further including at least one speaker function for conducting, speaking and sounding audio into a user's earpiece, said audio comprising at least one of stored voice data and stored tones and stored melodies and other predetermined acoustic indicia representative of 6 numerical digits;
said electronic components further including at least one from the group of a button actuator for a user to press to accept a proposed sequence of spoken numerical digits, and a voice recognition circuit to recognize a user's verbal acceptance of pairing, and a tilt sensor to recognize a user tilt to accept a pairing; and at least one of hardware, firmware, and software programmed to use the
Numerical Comparison association model of Bluetooth™ Secure Simple Pairing (SSP) in conjunction with pairing negotiation with said platform Bluetooth device.
PCT/US2011/001278 2011-07-19 2011-07-19 Apparatus & method to improve pairing security in bluetoothtm headsets & earbuds Ceased WO2013012401A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2011/001278 WO2013012401A1 (en) 2011-07-19 2011-07-19 Apparatus & method to improve pairing security in bluetoothtm headsets & earbuds

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2011/001278 WO2013012401A1 (en) 2011-07-19 2011-07-19 Apparatus & method to improve pairing security in bluetoothtm headsets & earbuds

Publications (1)

Publication Number Publication Date
WO2013012401A1 true WO2013012401A1 (en) 2013-01-24

Family

ID=47558368

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2011/001278 Ceased WO2013012401A1 (en) 2011-07-19 2011-07-19 Apparatus & method to improve pairing security in bluetoothtm headsets & earbuds

Country Status (1)

Country Link
WO (1) WO2013012401A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015009122A1 (en) * 2013-07-19 2015-01-22 Samsung Electronics Co., Ltd. Method and device for communication
US9661495B2 (en) 2014-09-02 2017-05-23 Apple Inc. Device activation method and system
CN108616851A (en) * 2016-12-28 2018-10-02 中科创达软件股份有限公司 A kind of Bluetooth connecting method and bluetooth equipment
CN112565515A (en) * 2016-09-06 2021-03-26 苹果公司 Device, method and graphical user interface for wirelessly pairing with a peripheral device and displaying status information about the peripheral device
EP3831089B1 (en) * 2018-07-31 2025-09-24 Roku, Inc. More secure device pairing

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060116107A1 (en) * 2004-11-24 2006-06-01 Hulvey Robert W System and method for pairing wireless headsets and headphones
US20080268776A1 (en) * 2007-04-25 2008-10-30 General Instrument Corporation Method and Apparatus for Secure Pairing of Bluetooth Devices
US20090228707A1 (en) * 2008-03-06 2009-09-10 Qualcomm Incorporated Image-based man-in-the-middle protection in numeric comparison association models
US20100227549A1 (en) * 2009-03-04 2010-09-09 Alan Kozlay Apparatus and Method for Pairing Bluetooth Devices by Acoustic Pin Transfer

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060116107A1 (en) * 2004-11-24 2006-06-01 Hulvey Robert W System and method for pairing wireless headsets and headphones
US20080268776A1 (en) * 2007-04-25 2008-10-30 General Instrument Corporation Method and Apparatus for Secure Pairing of Bluetooth Devices
US20090228707A1 (en) * 2008-03-06 2009-09-10 Qualcomm Incorporated Image-based man-in-the-middle protection in numeric comparison association models
US20100227549A1 (en) * 2009-03-04 2010-09-09 Alan Kozlay Apparatus and Method for Pairing Bluetooth Devices by Acoustic Pin Transfer

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015009122A1 (en) * 2013-07-19 2015-01-22 Samsung Electronics Co., Ltd. Method and device for communication
KR20150010517A (en) * 2013-07-19 2015-01-28 삼성전자주식회사 Method and divece for communication
US10228903B2 (en) 2013-07-19 2019-03-12 Samsung Electronics Co., Ltd. Method and device for communication
KR102060661B1 (en) 2013-07-19 2020-02-11 삼성전자주식회사 Method and divece for communication
US9661495B2 (en) 2014-09-02 2017-05-23 Apple Inc. Device activation method and system
US9900767B2 (en) 2014-09-02 2018-02-20 Apple Inc. Method of establishing communications
US10015668B2 (en) 2014-09-02 2018-07-03 Apple Inc. Method of establishing communications
US10349270B2 (en) 2014-09-02 2019-07-09 Apple Inc. Method of establishing communications
CN112565515A (en) * 2016-09-06 2021-03-26 苹果公司 Device, method and graphical user interface for wirelessly pairing with a peripheral device and displaying status information about the peripheral device
CN112565515B (en) * 2016-09-06 2023-06-13 苹果公司 Method for pairing peripheral devices, electronic device and computer storage medium
CN108616851A (en) * 2016-12-28 2018-10-02 中科创达软件股份有限公司 A kind of Bluetooth connecting method and bluetooth equipment
EP3831089B1 (en) * 2018-07-31 2025-09-24 Roku, Inc. More secure device pairing

Similar Documents

Publication Publication Date Title
US20110217950A1 (en) Apparatus & method to improve pairing security in Bluetooth™ headsets & earbuds
CN102484592B (en) Method, device and system for securing pairing verification of devices with minimal user interfaces
EP4007321B1 (en) Information sharing method, terminal apparatus, storage medium, and computer program product
US20100227549A1 (en) Apparatus and Method for Pairing Bluetooth Devices by Acoustic Pin Transfer
CN102550061B (en) A method for establishing a wireless link key between a remote device and a group device
JP5384535B2 (en) Image-based man-in-the-middle protection in a numerical comparison association model
CN101809955B (en) Flash pairing between bluetooth devices
US8823494B1 (en) Systems and methods for wireless device connection and pairing
CN104797006B (en) The method of pair wireless devices
CN102342139B (en) Apparatus and method for virtual pairing using existing wireless connection key
CN101099157B (en) Portable Electronic Devices that Receive Accessory Devices
EP1815471B1 (en) Apparatus and method for sharing contents via headphone set
EP3226585B1 (en) Bluetooth voice pairing apparatus and method
EP3032845B1 (en) Hearing device configured to authenticate a mode request and related method
US20060116107A1 (en) System and method for pairing wireless headsets and headphones
JP6733276B2 (en) Intercom system, intercom and mobile communication terminal for this intercom system
EP1792442A1 (en) Secure pairing for wired or wireless communications devices
US20090017755A1 (en) Information communication device
WO2013012401A1 (en) Apparatus & method to improve pairing security in bluetoothtm headsets & earbuds
CN103810017A (en) Method and device for sending and receiving command information
JP6724514B2 (en) Intercom system, intercom and server device for this intercom system
JP6752013B2 (en) Hearing devices with service modes and related methods
US9949122B2 (en) Challenge-response-test image to phone for secure pairing
JP5332928B2 (en) Wireless communication apparatus and wireless communication method
CN114007207A (en) Method and hearing device for establishing a short-range radio connection

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11869683

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11869683

Country of ref document: EP

Kind code of ref document: A1