Disclosed are a communication scheme and a system thereof for converging an IoT technology and a 5G communication system for supporting a high data transmission rate beyond that of a 4G system. A method and an apparatus for configuring a connection with a second device, which provides access to a network, by a first device in a communication system, is provided. The method includes discovering the second device supporting a neighbor awareness network (NAN) and located within a predetermined range from the first device, exchanging an ephemeral key of the first device for identifying the first device and an ephemeral key of the second device for identifying the second device, and performing a secure connection between the first device and the second device.

PTO Wrapper PDF
Dossier Espace Google
Patent
   RE49969
Priority
Mar 19 2015
Filed
Nov 08 2021
Issued
May 14 2024
Expiry
Mar 21 2036
Inventors
Lee, Joo-Y…
Assg.orig
Samsung El…
Assg.curr
Samsung El…
Entity
Large
Referenced by
0
References
42
Maint.:
currently ok
1. A method of configuring a connection with a second device, which provides access to a network, by a first device supporting a neighbor awareness network (NAN) in a communication system, the method comprising:
discovering, by a processor of the first device, the second device supporting a neighbor awareness network (NAN) the NAN and located within a predetermined range from the first device;
determining an ephemeral key of the first device based on a unique identity value of the first device and a random value;
transmitting, by the processor to the second device, a subscribe first message for subscribing to the second device, which includes the ephemeral key of the first device for identifying the first device and the random value; and
receiving, by the processor from the second device, a publish second message for indicating that the access to the network is can be provided, which includes an ephemeral key of the second device for identifying the second device and information indicating that the access to the network can be provided,
wherein the ephemeral key of the second device is determined, by the second device, based on a unique identity of the second device and the random value being extracted from the subscribe first message.
9. A method of configuring a connection with a first device supporting a neighbor awareness network (NAN) based on NAN sync beacons, by a second device supporting the NAN which provides access to a network in a communication system, the method comprising:
receiving, by a processor of the second device from the first device, a subscribe first message for subscribing to the second device, which includes an ephemeral key of the first device for identifying the first device and a random value;
determining an ephemeral key of the second device based on a unique identity value of the second device and the random value being extracted from the first message; and
transmitting, by the processor to the second first device, a publish second message for indicating that the access to the network is can be provided, which includes an the ephemeral key of the second device for identifying the second device and information indicating that the access to the network can be provided,
wherein the second device supports a neighbor awareness network (NAN) and is located within a predetermined range from the first device, and
wherein the ephemeral key of the first device is determined based on a unique identity value of the first device and the random value, and the ephemeral key of the second device is determined based on a unique identity of the second device and the random value being extracted from the subscribe message.
17. An apparatus for configuring A first device adapted to support a neighbor awareness network (NAN) based on NAN sync beacons and to configure a connection with a second device supporting the NAN, which provides access to a network, by a first device in of a communication system, the apparatus first device comprising:
a transceiver; and
a processor configured tocontrol to:
discover the second device supporting a neighbor awareness network (NAN) and located within a predetermined range from the first device,
determine generate an ephemeral key of the first device based on a unique identity value of the first device and a random value,
control the transceiver to transmit, to the second device, a subscribe first message for subscribing to the second device, which includes the ephemeral key of the first device for identifying the first device and the random value, and
control the transceiver to receive, from the second device, a publish second message for indicating that the access to the network is can be provided, which includes an ephemeral key of the second device for identifying the second device and information indicating that the access to the network can be provided; and
wherein the ephemeral key of the second device is determined, by the second device, based on a unique identity of the second device and the random value being extracted from the subscribe first message.
2. The method of claim 1, wherein the second device provides the access to the network, or is connected or was previously connected to a third device that provides the access to the network.
3. The method of claim 1,
further comprising:
receiving a user confirmation for authorization of a subscription to the second device;
when the user confirmation is received, transmitting, to the second device, a follow-up message indicating that subscription to the second device has been confirmed;
receiving, from the second device, a follow-up response message, which includes encrypted configuration data; and
canceling the subscription to the second device.
4. The method of claim 3, wherein the subscribe first message includes an indication of at least one of a type of the subscribe first message which indicates that the subscription to the second device is requested, or the predetermined range, the ephemeral key of the first device, and the random value.
5. The method of claim 3, wherein the publish second message includes an indication of at least one of a type of the publish second message which indicates that the access to the network can be is provided, the predetermined range, information on wireless location area network (WLAN) connection attributes, information on a role of the second device, a basic service set identifier (ID) of the network, information on a channel of a WLAN, the ephemeral key of the second device, and or the random value, and
wherein the information indicating that the access to the network can be provided includes the type of the second message which indicates that the access to the network can be provided.
6. The method of claim 1, further comprising:
transmitting, to the second device, a follow-up message, which includes the ephemeral key of the first device and indicates that a subscription to the second device has been confirmed;
receiving, from the second device, encrypted configuration data; and
canceling the subscription to the second device.
7. The method of claim 6, wherein the publish second message includes an indication of at least one of a type of the publish second message which indicates that the access to the network can be provided without a request for subscription from the first device, the predetermined range, information on WLAN connection attributes, information on a role of the second device, a basic service set ID of the network, information on a channel of a WLAN, the ephemeral key of the second device, and or the random value, and
wherein the information indicating that the access to the network can be provided includes the type of the second message which indicates that the access to the network can be provided without the request for subscription from the first device.
8. The method of claim 6, wherein the follow-up message includes an indication of at least one of a type of the follow-up message which indicates that the subscription to the second device has been confirmed, the predetermined range, the ephemeral key of the first device, the random value, and or a request for performing a role of a configurator.
10. The method of claim 9, wherein the second device provides the access to the network, or is connected or was previously connected to a third device that provides the access to the network.
11. The method of claim 9,
further comprising:
when a user confirmation for authorization of subscription of the second device is received at the first device, receiving, from the first device, a follow-up message indicating that subscription to the second device has been confirmed;
transmitting, to the first device, a follow-up response message, which includes the encrypted configuration data; and
canceling publication of the second device.
12. The method of claim 11, wherein the subscribe first message includes an indication of at least one of a type of the subscribe first message which indicates that the subscription to the second device is requested, or the predetermined range, the ephemeral key of the first device, and the random value.
13. The method of claim 11, wherein the publish second message includes an indication of at least one of a type of the publish second message which indicates that the access to the network can be is provided, the predetermined range, information on wireless location area network (WLAN) connection attributes, information on a role of the second device, a basic service set identifier (ID) of the network, information on a channel of a WLAN, the ephemeral key of the second device, and or the random value, and
wherein the information indicating that the access to the network can be provided includes the type of the second message which indicates that the access to the network can be provided.
14. The method of claim 9,
further comprising:
receiving, from the first device, a follow-up message, which includes the ephemeral key of the first device and indicates that subscription to the second device has been confirmed;
transmitting the encrypted configuration data, to the first device; and
canceling the publication of the first device.
15. The method of claim 14, wherein the publish second message includes an indication of at least one of a type of the publish second message which indicates that the access to the network can be provided without a request for subscription from the first device, the predetermined range, information on WLAN connection attributes, information on a role of the second device, a basic service set ID of the network, information on a channel of a WLAN, the ephemeral key of the second device, and or the random value, and
wherein the information indicating that the access to the network can be provided includes the type of the second message which indicates that the access to the network can be provided without the request for subscription from the first device.
16. The method of claim 14, wherein the follow-up message includes an indication of at least one of a type of the follow-up message which indicates that the subscription to the second device has been confirmed, the predetermined range, the ephemeral key of the first device, the random value, and or a request for performing a role of a configurator.
0. 18. The apparatus of claim 17, wherein the second device provides the access to the network, or is connected or was previously connected to a third device that provides the access to the network.
19. The apparatus first device of claim 17, wherein the processor controls the transceiver is further configured to:
receive, via the transceiver, a user confirmation for authorization of a subscription to the second device,
when the user confirmation is received, transmit, via the transceiver, to the second device, a follow-up message indicating that subscription to the second device has been confirmed;
receive, from the second device, via the transceiver, a follow-up response message, which includes encrypted configuration data; and
cancel the subscription to the second device.
20. The apparatus first device of claim 19, wherein the subscribe first message includes an indication of at least one of a type of the subscribe first message which indicates that the subscription to the second device is requested, or the predetermined range, the ephemeral key of the first device, and the random value.
0. 21. The first device of claim 19, wherein the second message includes an indication of at least one of a type of the second message which indicates that the access to the network can be provided, the predetermined range, information on wireless location area network (WLAN) connection attributes, information on a role of the second device, a basic service set identifier (ID) of the network, information on a channel of a WLAN, the ephemeral key of the second device, or the random value, and
wherein the information indicating that the access to the network can be provided includes the type of the second message which indicates that the access to the network can be provided.
0. 22. The first device of claim 17, wherein the processor is further configured to:
transmit, to the second device, via the transceiver, a follow-up message, which includes the ephemeral key of the first device and indicates that a subscription to the second device has been confirmed;
receive, from the second device, via the transceiver, encrypted configuration data; and
cancel the subscription to the second device.
0. 23. The first device of claim 22, wherein the second message includes an indication of at least one of a type of the second message which indicates that the access to the network can be provided without a request for subscription from the first device, the predetermined range, information on wireless location area network (WLAN) connection attributes, information on a role of the second device, a basic service set ID of the network, information on a channel of a WLAN, the ephemeral key of the second device, or the random value, and
wherein the information indicating that the access to the network can be provided includes the type of the second message which indicates that the access to the network can be provided without the request for subscription from the first device.
0. 24. The first device of claim 22, wherein the follow-up message includes an indication of at least one of a type of the follow-up message which indicates that the subscription to the second device has been confirmed, the predetermined range, the ephemeral key of the first device, the random value, or a request for performing a role of a configurator.

In Equation (1), the NonceE is a random nonce, and PI(E) denotes a unique identity key of the enrollee 210. The random nonce is a random value which can be used one time. A local time of the enrollee 210 is generated as a seed, and a new value is generated to prevent a replay attack when a predetermined time passes.

In step 205, the enroller 250 receives the NAN SDF subscribe message and transmits a NAN SDF publish message indicating that access can be provided to the network to the enrollee 210. The NAN SDF publish message includes at least one of the type of the NAN SDF publish message (e.g., Type=Solicited) indicating that access can be provided to the network, Discovery Range Limited:1, information on attributes (e.g., Wireless Local Area Network (WLAN) Infrastructure Attribute) indicating to have WLAN connection attributes, information on a role of the enroller 250 (e.g., Device Role:AP), a Basic Service Set ID (BSSID) of the corresponding network, information on a channel of the corresponding WLAN (i.e., an operation channel), and an ephemeral key value (e.g., PE(AP)) and a random value (e.g., NonceE) of the enroller 250.

Type=Solicited indicates the type of the NAN SDF publish message. When the type is configured as solicited, the enroller 250 may first receive the NSN SDF subscribe message from the enrollee 210 and then transmit the NAN publish message only when service information provided from the enrollee 210 is the same.

Discovery Range Limited:1 indicates that a request for processing the NAN publish message is to be made only when an RSSI value of the NAN publish message is higher than or equal to an RSSI_Close value, and only devices within the range can receive the NAN SDF publish message.

WLAN Infrastructure Attribute denotes a value defined in the NAN standard and indicates that the corresponding device has the WLAN connection attributes.

Device Role:AP indicates that the AP transmits the NAN SDF publish message.

PE(AP) is an ephemeral key value and is determined by the enroller 250 based on Equation (2) below.
PE(AP)=NonceE*PI(AP)   (2)

In Equation (2), NonceE is a random value extracted from the received NAN SDF subscribe message, and PI(AP) denotes a unique identity key of the enrollee 250.

In step 207, the enroller 250 creates a shared secret with the enrollee 210 after transmitting the NAN SDF publish message.

In step 209, the enrollee 210 receives the NAN SDF publish message from the enroller 250, displays a NAN discovery result on the screen, identifies user confirmation required for authorization, and creates the shared secret.

In step 211, the enrollee 210 transmits to the enroller 250, a NAN SDF follow-up message indicating that subscription to the enroller 250 is confirmed. The NAN SDF follow-up message includes information on confirmation indicating that the user confirmation required for authorization and the shared secret key creation have been completed. The NAN SDF follow-up message may further include a registration request. The registration request indicates a request for the role as a configurator by the corresponding enrollee 210, which requests permission to connect with another enrollee instead in the future.

In step 213, the enroller 250 identifies an acceptance status of the subscription of the enrollee 210 and transmits the NAN SDF follow-up-message including configuration data (e.g., ConfigData) to the enrollee 210. The ConfigData is encrypted by the shared secret (for example, a Pairwise Master Key: PMK).

In step 215, the enrollee 210 cancels the subscription, and in step 217, the enroller 250 cancels the publication with the enrollee 210 to allow a subscription with another device.

In step 219, the enrollee 210 and the enroller 250 perform discovery through one channel scan.

In step 221, the enrollee 210 and enroller 250 perform a secure connection by using the configuration data (e.g., ConfigData).

Accordingly, in the method of configuring the connection between devices where an STA directly makes a request for subscribing to an AP, when the AP supports the NAN, the enrollee 210 of the STA directly makes a request for subscribing to the enroller 250 of the AP and configures the connection with the enroller 250 of the AP.

FIG. 3 is a signal flow diagram of a method of configuring a connection between devices in a communication system, according to an embodiment of the present disclosure.

Referring to FIG. 3, a method of configuring a connection between a STA and an AP using another device (i.e., a configurator) when the AP cannot support a NAN and the STA directly makes a request for subscribing to the AP is provided. When the STA supports the NAN but the AP cannot support the NAN, a device of the STA that makes a request for subscribing to the AP corresponds to an enrollee 310, and a device that accepts the subscription to the AP corresponds to a configurator 330 connected to a device of the AP which corresponds to an enroller 350.

In the case when the AP cannot support the NAN the configurator 330, which can allow the AP to support the NAN, is used. In order for the configurator 330 to allow the AP to support the NAN, the configurator 330 and the enroller 350 are devices that are currently connected or have been previously connected to each other. Further, the configurator 330 performs an operation similar to that of the enroller 250 described with respect to FIG. 2.

In step 301, in a state where the configurator 330 and the enroller 350 are connected, the enrollee 310 supports the NAN based on NAN sync beacons.

In step 303, the enrollee 310 discovers a neighboring device, for example, the configurator 330, located within a predetermined range from the enrollee 310, and performs synchronization with the discovered configurator 330. At this time, when a list of service IDs includes a service ID of an initial setup (e.g., easy setup) service (e.g., Service ID=EasySetup (DPP)), the enrollee 310 performs processes for configuring a next initial connection.

In step 305, the enrollee 310 transmits, to the configurator 330, a NAN SDF subscribe message, which makes a request for subscribing to the configurator 330. The NAN SDF subscribe message includes at least one of Type=Active, Discovery Range Limited:1, PE(E), and NonceE.

In step 307, the configurator 330 receives the NAN SDF subscribe message and identifies user confirmation required for authorization. Further, the configurator 330 transfers a NAN SDF publish message to the enrollee 310. The NAN SDF publish message includes at least one of Type=Solicited, Discovery Range Limited:1, WLAN Infrastructure Attribute, Device Role: STA, BSSID, operation channel, PE(C), and NonceC.

In step 309, the enrollee 310 receives the NAN SDF publish message and creates the shared secret with the configurator 330.

In step 315, the enrollee 310 transmits, to the configurator 330, a NAN SDF follow-up message indicating the identification of the subscription to the configurator 330. The NAN SDF follow-up message includes information on confirmation indicating that the user confirmation required for authorization and the shared secret key creation have been completed.

The configurator 330 identifies an acceptance status of the subscription of the enrollee 310 and transmits the NAN SDF follow-up message including configuration data (e.g., ConfigData) to the configurator 330, in step 317. The ConfigData is encrypted by the shared secret (for example, a Pairwise Master Key: PMK).

In step 313, the enrollee 310 cancels the subscription, and in step 321, the enroller 350 cancels the publication with the enrollee 310 to allow another device to subscribe.

In step 323, the enrollee 310 and the enroller 350 perform discovery through one channel scan.

In step 325, the enrollee 310 and the enroller 350 perform a secure connection by using the configuration data (e.g., ConfigData).

Accordingly, in the method of configuring the connection between devices where an STA directly makes a request for subscribing to an AP and the AP cannot support the NAN, the enrollee 310 of the STA makes a request for subscribing to the configurator 330 of the STA connected to the enroller 350 of the AP, thereby making the connection with the enroller 350 of the AP.

FIG. 4 is a signal flow diagram of a method of configuring a connection between devices in a communication system, according to an embodiment of the present disclosure.

Referring to FIG. 4, a method of configuring a connection between a STA and an AP when the AP supports a NAN where the STA receives permission for a subscription from the AP is provided. When both the STA and the AP support the NAN, a device of the STA that makes a request for subscribing to the AP is an enrollee 410 of the STA and a device of the AP that accepts the subscription of the STA is an enroller 450 of the AP.

In step 410, the enrollee 410 discovers a neighboring device, for example, the enroller 450 located within a predetermined range from the enrollee 410, and perform synchronization with the discovered enroller 450 in step 401. At this time, when a list of service IDs includes a service ID of an initial setup (e.g., easy setup) service (e.g., Service ID=EasySetup (DPP)), the enrollee 410 performs next initial set processes.

In step 403, after the discovery and synchronization processes are completed, the enrollee 410 receives, from the enroller 450, a NAN SDF subscribe message indicating that access to the network can be provided. The NAN SDF subscribe message includes at least one of Type=Unsolicited, Discovery Range Limited:1, WLAN Infrastructure Attribute, Device Role:AP, BSSID, operation channel, PE(AP), and NonceE.

Type=Unsolicited indicates the type of the NAN SDF publish message. When the type is configured as unsolicited, the enroller 450 may first transmit the NAN SDF publish message without receiving the NAN SDF subscribe message.

Discovery Range Limited:1 indicates that a request for processing the NAN SDF subscribe message is to be made only when an RSSI value of the NAN SDF subscribe message is higher than or equal to an RSSI_Close value, and only devices within the discovery range can receive the NAN SDF publish message.

WLAN Infrastructure Attribute is a value defined in the NAN standard and indicates that the corresponding device has the WLAN connection attributes.

Device Role:AP indicates that the AP transmits the NAN SDF publish message.

PE(AP) is an ephemeral key value of the enroller 450 and is determined based on Equation (3) below.
PE(AP)=NonceE*PI(AP)   (3)

In Equation (3), NonceE is a random nonce, and the PI(AP) denotes a unique identity key of the enroller 450. The random nonce is a random value which can be used one time. A local time of the enroller 450 is generated as a seed, and a new value is generated to prevent a replay attack when a predetermined time passes.

In step 405, the enrollee 410 having received the NAN SDF subscribe message displays a NAN discovery result and identifies user confirmation required for authorization input by the user.

In step 407, the enrollee 410 transmits, to the enroller 450, a NAN SDF publish message indicating that the identification of the user confirmation required for authorization has been completed. The NAN SDF publish message includes at least one of Type=Passive, Discovery Range Limited:1, PE(E), NonceE, and Registration Request.

Type=Passive indicates the type of the NAN SDF publish message. When the type is configured as passive, the subscription to the enroller 450 of the AP has been identified.

PE(E) is an ephemeral key value and is determined by the enrollee 410 based on Equation (4) below.
PE(E)=NonceE*PI(E)   (4)

In Equation (4), NonceE is a random nonce, and the PI(E) denotes a unique identity key of the enrollee 410.

In steps 409 and 411, the enrollee 410 and the enroller 450, respectively, create a shared secret.

The enroller 450 having received the NAN SDF publish message from the enrollee 410 identifies an acceptance status of the subscription of the enrollee 410 and transmits the NAN SDF follow-up message including configuration data (e.g., ConfigData) to the enrollee 410, in step 413. The ConfigData is encrypted by the shared secret (for example, a Pairwise Master Key: PMK).

In step 415, the enroller 450 cancels the publication with the enrollee 410 to allow another device to subscribe, and in step 417 the enrollee 410 cancels the subscription.

In step 418, the enrollee 410 and the enroller 450 perform discovery through one channel scan.

In step 419, the enrollee 410 and the enroller 450 perform a secure connection by using the configuration data (e.g., ConfigData).

Accordingly, in the method of configuring the connection between devices where the STA receives permission for a subscription from the AP the AP supports the NAN, the connection with the enrollee of the STA can be configured based on the enroller of the AP notifying the enrollee of the STA of the provision of network access.

FIG. 5 is a signal flow diagram of a method of configuring a connection between devices in a communication system, according to an embodiment of the present disclosure.

Referring to FIG. 5, a method of configuring a connection between a STA and an AP by using another device (i.e., configurator) where the STA receives permission for a subscription from the AP and the AP cannot support a NAN is provided. When the STA supports the NAN but the AP cannot support the NAN, a device of the STA that makes a request for subscribing to the AP corresponds to an enrollee 510, and a device that accepts the subscription to the AP corresponds to a configurator 530 connected to a device of the AP which corresponds to an enroller 550.

In the case when the AP cannot support the NAN the configurator 530, which allows the AP to support the NAN, is used. In order for the configurator 530 to allow the AP to support the NAN, the configurator 530 and the enroller 550 are devices that are currently connected or have been previously connected to each other. Further, the configurator 530 performs an operation similar to that of the enroller 450 described with respect to FIG. 4.

In step 501, in a state where the configurator 530 and the enroller 550 are connected, the enrollee 310 supports the NAN based on NAN sync beacons.

In step 503, the enrollee 510 discovers a neighboring device, for example, the configurator 530, located within a predetermined range from the enrollee 510, and perform synchronization with the discovered configurator 530. At this time, when a list of service IDs includes a service ID of an initial setup (e.g., easy setup) service (e.g., Service ID=EasySetup (DPP)), the enrollee 510 performs processes for configuring a next initial connection.

In step 505, after the discovery and synchronization processes are completed, the enrollee 510 receives, from the configurator 530, a NAN SDF publish message indicating that access to the network can be provided. The NAN SDF publish message includes at least one of Type=Unsolicited, Discovery Range Limited:1, WLAN infrastructure Attribute, Device Role:STA, BSSID, operation channel, PE(C), and NonceC.

PE(C) is an ephemeral key value of the configurator 530 and may be determined based on Equation (5) below.
PE(C)=NonceE*PI(C)   (5)

In Equation (5), NonceE is a random nonce, and the PI(C) denotes a unique identity key of the configurator 530.

In step 507, the enrollee 510 having received the NAN SDF publish message transmits, to the configurator 530, a NAN SDF follow-up message indicating that the user confirmation required for authorization has been completed. The NAN SDF follow-up message includes at least one of Type=Passive, Discovery Range Limited:1, PE(E), and NonceE.

In step 509, and the enrollee 510 creates a shared secret.

In step 511, the configurator 530 identifies the user confirmation required for authorization based on the NAN SDF follow-up message received from the enrollee 510, and in step 513, creates the shared secret.

In step 515, the configurator 530 identifies an acceptance status of the subscription of the enrollee 510 and transmits the NAN SDF follow-up message including configuration data (e.g., ConfigData) to the enrollee 510.

In step 517, the configurator 530 cancels the publication with the enrollee 510 to allow another device to subscribe in step 517, and in step 519, the enrollee 510 cancels the subscription in step 519.

In step 521, the enrollee 510 and the enroller 550 perform discovery through one channel scan.

In step 523, the enrollee 510 and the enroller 550 perform a secure connection by using the configuration data (e.g., ConfigData).

Accordingly, in the method of configuring the connection between devices where the STA receives permission for a subscription from the AP and the AP cannot support the NAN, the enrollee 510 of the STA may make a request for subscribing to the configurator 530 of the STA connected to the enroller 550 of the AP, thereby making the connection with the enroller 550 of the AP.

FIG. 6 is a flowchart of a method by which an enrollee configures a connection between devices in a communication system, according to an embodiment of the present disclosure.

Referring to FIG. 6, in step 601, the enrollee starts a device setup operation by a NAN cluster that performs a master function in step 601. The NAN cluster may be the enrollee of FIG. 2 or 3.

In step 603, the enrollee discovers at least one neighboring device (i.e., the configurator or enroller), which supports the NAN, based on NAN sync beacons.

In step 605, the enrollee determine whether a list of service IDs includes an ID of an initial setup (e.g., easy setup) service and whether the discovered neighbor is located within a predetermined range based on an RSSI value of the discovered neighboring device (RSSI<RSSI_Close).

When all the conditions of step 605 are met, then in step 607, the STA transmits a NAN SDF subscribe message for the subscription to the EasySetup service to the configurator or the enroller.

When all the conditions of step 605 are not met, the process ends.

In step 609, the enrollee determines whether a NAN SDF publish message corresponding to the NAN SDF subscribe message is received from the configurator or the enroller and whether the device is located within a predetermined range from the configurator or the enroller based on the RSSI value of the NAN SDF publish message (RSSI<RSSI_Close).

When all the conditions of step 609 are met, then in step 611, the enrollee transmits a NAN SDF follow-up message for identification to the configurator or the enroller.

When all the conditions of step 609 are not met, the process ends.

In step 613, the enrollee receives the NSN SDF follow-up message including configuration data from the configurator or the enroller in step 613.

Then, in step 615, the enrollee cancels the subscription, and in step 617, performs a secure connection with the enroller using the configuration data based on the WLAN.

FIG. 7 is a flowchart of a method by which an enroller or a configurator configures a connection between devices in a communication system, according to an embodiment of the present disclosure.

Referring to FIG. 7, when the enroller of the AP supports the NAN, the connection between the STA and the AP is configured by the enroller of the AP without any additional device. However, when the enroller of the AP does not support the NAN, the connection between the STA and the AP should be configured through an additional device, i.e., the configurator of the STA. In this case, the configurator of the STA performs the same operation as that of the enroller of the AP. The configurator of the STA is a device which is currently connected or has been previously connected to the enroller of the AP.

In step 701, the enroller or the configurator discovers the enrollee, which performs a NAN cluster operation, as the device supporting the NAN.

In step 703, the enroller or the configurator performs the subscription with the discovered NAN cluster, and in step 705, publishes the EasySetup Service to be acquired.

In step 707, the enroller or the configurator determines whether the NAN SDF subscribe message is received from the enrollee and whether the enroller or the configurator is located within a predetermined range of the enrollee based on an RSSI value of the NAN SDF subscribe message (RSSI<RSSI_Close).

When all the conditions of step 707 are met, then in step 709, the enroller or the configurator transmits the NAN SDF publish message corresponding to the NAN SDF subscribe message to the enrollee. At this time, the enroller or the configurator may identify user confirmation required for authorization.

When all the conditions of step 707 are not met, the process ends.

In step 711, the enroller or the configurator determines whether a NAN SDF follow-up message for the identification is received from the enrollee and whether the enroller or the configurator is located within a predetermined range from the enrollee based on an RSSI value of the NAN SDF follow-up message (RSSI<RSSI_Close).

When all the conditions of step 711 are met, then in step 713, the enroller or the configurator transmits the NAN SDF follow-up message including configuration data to the enrollee.

When all the conditions of step 711 are not met, the process ends.

In step 715, the enroller or the configurator cancels the publication, and in step 717, performs a secure connection with the enrollee based on the WLAN.

FIG. 8 is a flowchart of method by which an enrollee configures a connection between devices in a communication system, according to an embodiment of the present disclosure.

Referring to FIG. 8, in step 801, the enrollee starts a device setup operation by a NAN cluster that performs a master function. The NAN cluster may be the enrollee of FIG. 4 or 5.

In step 803, the enrollee discovers at least one neighboring device (i.e., the configurator or enroller), which supports the NAN, based on NAN sync beacons.

In step 805, the enrollee identifies whether a list of service IDs includes an ID of an initial setup (e.g., easy setup) service.

When the list of the service IDs includes the ID of the initial setup (easy setup) service, the enrollee anticipates that an operation for the initial setup will be performed and performs step 807.

In contrast, when the list of the service IDs does not include the ID of the initial setup (easy setup) service, the enrollee does not anticipate that an operation for the initial setup will be performed and waits for another operation. That is, the enrollee ends the operation for the initial setup.

In step 807, the enrollee determines whether a NAN SDF publish message is received from the configurator or the enroller and whether the enrollee is located within a predetermined range from the configurator or the enroller based on the RSSI value of the NAN SDF publish message (RSSI<RSSI_Close).

When all the conditions of step 807 are met, then in step 809, the enrollee transmits a NAN SDF follow-up message for identification to the configurator or the enroller.

When all the conditions of step 807 are not met, the process ends.

In step 811, the enrollee receives the NSN SDF follow-up message including configuration data from the configurator or the enroller.

In step 813, the enrollee cancels the subscription, and in step 815, performs a secure connection with the enroller by using the configuration data based on the WLAN.

FIG. 9 is a flowchart of a method by which an enroller or a configurator configures a connection between devices in a communication system, according to an embodiment of the present disclosure.

Referring to FIG. 9, when the enroller of the AP supports the NAN, the connection between the STA and the AP is configured by the enroller of the AP without any additional device. However, when the enroller of the AP does not support the NAN, the connection between the STA and the AP should be configured through an additional device, i.e., the configurator of the STA. In this case, the configurator of the STA performs the same operation as that of the enroller of the AP. The configurator of the STA is a device which is currently connected or has been previously connected to the enroller of the AP.

In step 901, the enroller or the configurator discovers the enrollee, which performs a NAN cluster operation, as the device supporting the NAN.

In step 903, the enroller or the configurator performs the subscription with the discovered NAN cluster, and in step 905, publishes the EasySetup Service to be acquired.

In step 907, the enroller or the configurator determines whether the enroller or the configurator is located within a predetermined range of the enrollee based on an RSSI of the enrollee (RSSI<RSSI_Close).

When the enroller or the configurator is located with the predetermined range the enrollee based on the RSSI value of the enrollee, then in step 909, the enroller or the configurator transmits the NAN SDF publish message to the enrollee.

When the enroller or the configurator is not located within the predetermined range of the enrollee, the process ends.

In step 911, the enroller or the configurator receives a NAN SDF follow-up message for the identification from the enrollee of the STA and determines whether the enroller or the configurator is located within the predetermined range of the enrollee based on an RSSI of the NAN SDF follow-up message (RSSI<RSSI_Close) in step 911.

When the enroller or the configurator is located within the predetermined range of the enrollee based on the RSSI of the NAN SDF follow-up message, then in step 913, the enroller or the configurator transmits the NAN SDF follow-up message including configuration data to the enrollee.

When the enroller or the configurator is not located within the predetermined range of the enrollee, the process ends.

In step 915, the enroller or the configurator cancels the publication, and in step 917 performs a secure connection with the enrollee based on the WLAN.

According to various embodiments of the present disclosure, in a method of configuring a connection between an AP and a STA the device can be automatically recognized without the need to perform tagging and QR code scanning between the devices, so that high usability is expected. The method of configuring the connection between devices is the most suitable method for a price sensitive IoT device since the connection between devices can be made through a Wi-Fi chip alone. The method of configuring the connection between devices allows for service discovery frames to be exchanged within a time limit through the NAN cluster and determines a proximity based on a signal strength of the received NAN frame and time synchronization information, so as to enhance security. The method of configuring the connection between devices can reduce a connection process to the same level as that of a password method through the exchange of information in the NAN, thereby reducing signal overhead. FIG. 10 is a block diagram of a configuration of a station (STA), which configures a connection between devices in a communication system, according to an embodiment of the present disclosure.

Referring to FIG. 10, an STA 1000 is provided. The STA 1000 corresponds to an enrollee and a configurator that performs the connection between devices in the communication system according to the scenario in which the STA directly makes a request for subscribing to the AP or the scenario in which the STA receives permission for a subscription from the AP.

As shown in FIG. 10, the STA 1000 includes a controller 1001, a transmitter 1003, a receiver 1005, and a storage unit 1007.

The controller 1001 controls the general operation of the STA 1000 and, in particular, controls an operation for configuring the connection between devices. Since an operation related to the operation for configuring the connection between the devices has been described with referent to FIGS. 2 to 9, a detailed description thereof will be omitted.

The transmitter 1003 receives various signals and various messages from other entities included in the communication system according to a control of the controller 1001. Since the various signals and the various messages received by the transmitter 1003 have been described with reference to FIGS. 2 to 9, a detailed description thereof will be omitted herein.

The receiver 1005 receives various signals and various messages from other entities included in the communication system according to a control of the controller 1001. Since the various signals and the various messages received by the receiver 1005 have been described with reference to FIGS. 2 to 9, a detailed description thereof will be omitted herein.

The storage unit 1007 stores programs and various data related to the operation for configuring the connection between devices, which is performed by the STA 1000 according to a control of the controller 1001. Further, the storage unit 1007 stores various signals and various message received from the other entities by the receiver 1005.

Although FIG. 10 illustrates that the STA 1000 is implemented by separate units such as the controller 1001, the transmitter 1003, the receiver 1005, and the storage unit 1007, the STA 1000 can be implemented in the form in which at least two of the controller 1001, the transmitter 1003, the receiver 1005, and the storage unit 1007 are integrated. Further, the STA 1000 can be implemented by one processor.

FIG. 11 is a block diagram of a configuration of an access point (AP), which configures a connection between devices in a communication system, according to an embodiment of the present disclosure.

Referring to FIG. 11, an AP 1100 is provided. The AP 1100 corresponds to the enroller that performs the connection between devices in the communication system according to the scenario in which the STA directly makes a request for subscribing to the AP or the scenario in which the STA receives permission for a subscription from the AP of the present disclosure.

As shown in FIG. 11, the AP 1100 includes a controller 1101, a transmitter 1103, a receiver 1105, and a storage unit 1107.

The controller 1101 controls the general operation of the AP 1100 and, in particular, controls an operation for configuring the connection between devices. Since an operation related to the operation for configuring the connection between the devices has been described with reference to FIGS. 2 to 9, a detailed description thereof will be omitted.

The transmitter 1103 receives various signals and various messages from other entities included in the communication system according to a control of the controller 1101. Since the various signals and the various messages received by the transmitter 1103 have been described with reference to FIGS. 2 to 9, a detailed description thereof will be omitted herein.

The receiver 1105 receives various signals and various messages from other entities included in the communication system according to a control of the controller 1101. Since the various signals and the various messages received by the receiver 1105 have been described with reference to FIGS. 2 to 9, a detailed description thereof will be omitted herein.

The storage unit 1107 stores programs and various data related to the operation for configuring the connection between devices, which is performed by the AP 1100 according to a control of the controller 1101. Further, the storage unit 1107 stores various signals and various message received from the other entities by the receiver 1105.

Although FIG. 11 illustrates that the AP 1100 is implemented by separate units such as the controller 1101, the transmitter 1103, the receiver 1105, and the storage unit 1107, the AP 1100 can be implemented in the form in which at least two of the controller 1101, the transmitter 1103, the receiver 1105, and the storage unit 1107 are integrated. Further, the AP 1100 can be implemented by one processor.

Although various embodiments have been described in the detailed description of the present disclosure, the present disclosure may be modified in various forms without departing from the scope of the present disclosure. Thus, the scope of the present disclosure is not defined merely based on the described embodiments, but rather by the following claims and their equivalents.

INVENTORS:

Lee, Joo-Yeol, Lee, Soo-Yong, Lee, Byung-Moo, He, Dong

THIS PATENT IS REFERENCED BY THESE PATENTS:
Patent Priority Assignee Title
THIS PATENT REFERENCES THESE PATENTS:
Patent Priority Assignee Title
7734044, Feb 23 2006 Texas Instruments Incorporated Method and apparatus for synchronous stream cipher encryption with reserved codes
8683204, Dec 04 2009 WSOU Investments, LLC Efficient techniques for achieving secure transactions using tamper-resistant tokens
9544376, Jul 11 2013 CAVIUM INTERNATIONAL; MARVELL ASIA PTE, LTD Method and apparatus for securely discovering services in a wireless network
9544754, May 28 2013 CAVIUM INTERNATIONAL; MARVELL ASIA PTE, LTD Systems and methods for scheduling discovery-related communication in a wireless network
20060117181,
20070043946,
20070055880,
20110078025,
20120076301,
20120078548,
20120155640,
20130109323,
20130185400,
20130201957,
20130243194,
20130272134,
20140082205,
20140254569,
20150036540,
20150043377,
20150065044,
20150071121,
20150098388,
20150200811,
20150312381,
20150319149,
20150350866,
20160057237,
20160073398,
20160286395,
20160366578,
20190037619,
CN101420694,
CN103249010,
CN103797830,
CN104349285,
EP2756969,
RE49012, Mar 01 2013 Hewlett Packard Enterprise Development LP Secure configuration of a headless networking device
WO2013040046,
WO2014150977,
WO2014185954,
WO2015021780,
ASSIGNMENT RECORDS    Assignment records on the USPTO
/
Executed onAssignorAssigneeConveyanceFrameReelDoc
Nov 08 2021Samsung Electronics Co., Ltd(assignment on the face of the patent)
MAINTENANCE FEES AND DATES:    Maintenance records on the USPTO
Date Maintenance Fee Events
Nov 08 2021BIG: Entity status set to Undiscounted (note the period is included in the code).


Date Maintenance Schedule
May 14 20274 years fee payment window open
Nov 14 20276 months grace period start (w surcharge)
May 14 2028patent expiry (for year 4)
May 14 20302 years to revive unintentionally abandoned end. (for year 4)
May 14 20318 years fee payment window open
Nov 14 20316 months grace period start (w surcharge)
May 14 2032patent expiry (for year 8)
May 14 20342 years to revive unintentionally abandoned end. (for year 8)
May 14 203512 years fee payment window open
Nov 14 20356 months grace period start (w surcharge)
May 14 2036patent expiry (for year 12)
May 14 20382 years to revive unintentionally abandoned end. (for year 12)