Browse Prior Art Database

Apparatus for Securely Transmitting Device Secrets to a Smart Device Using Motion Sensors

IP.com Disclosure Number: IPCOM000214658D
Publication Date: 2012-Feb-01
Document File: 6 page(s) / 193K

Publishing Venue

The IP.com Prior Art Database

Abstract

This invention deals with transferring secret information such as authentication secrets to a motion sensing enabled smart device. The novel feature is the transfer of a secret from an external device to the smart device without utilizing any network-based communication means. The transfer is done by utilizing the smartphone’s movement sensor. The software on the smartphone is used to transfer the movements into meaningful information that functions as the device secret for authentication.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 25% of the total text.

Page 01 of 6

Apparatus for Securely Transmitting Device Secrets to a Smart Device Using Motion Sensors


1. Background

This invention deals with transferring secret information such as authentication secrets (e.g. passwords, WiFi credentials, certificates) to a motion sensing enabled device, e.g., a smartphone (referred to as smart device from now on).

In the past and current practice, if a user needs to enter information or authentication secrets to the smart device, he uses the virtual keyboard of the smart phone, a physical keyboard that is connected to the smart device, or a wireless communication link. Such mechanism is either subjected to shoulder surfing activity or information sniffing by man-in- the-middle attacks.

When using a smart device as part of a critical infrastructure (such as building automation in hotels, offices, factories), the user certainly does not want other people to spy on his secret. This invention proposes a new secure but user-friendly way to transfer a secret to a smart device, while at the same time mitigating attacks such as shoulder surfing or sniffing.


2. Statement of Problem

The application of this invention disclosure is to be used on a smart device that has built-in motion sensors, e.g., recent smartphones, independently of their operating systems. The smart device is envisioned to be used as part of the (critical) infrastructure, e.g. as a channel to transfer authentication secret for the facility access, as a controller to the building automation systems, etc. Thus, before such smart device can become the known legitimate part of the infrastructure, it has to be verified and paired.

An application of this invention disclosure is the use of the smart device as part of a hotel infrastructure. Imagine the following scenario: the hotel is equipped with a building automation system which controls the environment (e.g. brightness, temperature, etc.) in the room, and is to be managed by the smart phone of the temporary owner. When a hotel guest arrives to the hotel for check in, he will provide his smart phone to the receptionist. After verifying his identity, the receptionist will then pair the guest's smart phone to the building automation system so that it temporarily becomes part of the system (bring your own device paradigm)

The major problem for this pairing is that the device requires a secret in order to become authenticated at the hotel's building automation system. This guarantees that only the authenticated user's own smartphone can control the guest's room(s).

One challenge that we have identified so far is on how to provide the best way to transfer the authentication secret (user authenticator, password) to a smart device. The current practice suggests the use of (virtual) keyboard, where entering the authentication password can take time and is error-prone as it involves a manual step, especially for long and complex authentication secrets. In addition, having to type on a small keyboard is not co...