There are various situations where it is necessary to form a binding, also called a pairing, between two wireless devices. One example situation is in a Wireless Personal Area Network (WPAN). A type of WPAN is a wireless remote control system, comprising a remote control handset and devices which can be controlled by the handset, such as consumer electronics devices (e.g. set-top boxes, television, media players), lighting devices, environmental devices. The new generation of remote controls will use radio frequency (RF) connectivity rather than infrared (IR) connectivity and will use little or no power. RF connectivity allows a reliable connection to be formed throughout a premises. A candidate technology is ZigBee RF4CE (ZigBee Radio Frequency for Consumer Electronics).
Based upon the 2.4 GHz, IEEE 802.15.4 standard, the ZigBee Alliance has expanded the ZigBee RF4CE standard into several end user application areas. These three profiles, all using RF4CE, encompass ZigBee Interface Devices, ZigBee 3D Sync and ZigBee Remote Control. Next to these standardised profiles, ZigBee RF4CE fully supports the development of proprietary profiles.
The fact that RF wireless technologies do not require a line-of-sight path between two devices also poses a new challenge. An IR transmitter and receiver are implicitly paired by pointing the transmitter (e.g. remote control handset) towards the receiver device. Two RF-based devices require an explicit pairing, called a binding, using a binding procedure. The binding procedure ensures that the “controller” (Remote Control) is controlling the correct “target” (e.g. television, set-top box). It is typically only required once during the lifetime of the product.
A pairing can be performed using an out-of-band mechanism. One example is described in the whitepaper “Bluetooth® User Interface Flow Diagrams for Bluetooth Secure Simple Pairing Devices” available at https://www.bluetooth.org/Technical/Specifications/whitepapers.htm. This requires a secondary, secure, non-Bluetooth channel to pass information when pairing two devices. In this type of pairing mechanism, the controlling RF device is informed about the address of the target RF device and vice versa, potentially complemented with security keys and other relevant information. This kind of pairing can be performed in the factory, by an installer/service technician (using a dedicated binding/commissioning device) or by the user (e.g. setting switches). These are all sub-optimal solutions as they either create logistical issues or inhibit do-it-yourself (DIY) installations.
More advanced binding procedures have been proposed and used, not only in IEEE 802.15.4 based systems, but also in Bluetooth-based and WiFi-based systems. These binding procedures generally comprise two phases. Firstly, in a discovery phase, the initiating device (typically controller) identifies all compatible devices (typically targets) in its neighborhood. This provides the initiating device with a list of candidates to bind with. These “binding candidates” can be ranked using a parameter such as link quality. Throughout the rest of this document, the initiating device will be called the “initiator” or “initiator device” (typically controller), and the devices that respond to the “initiator” will be called the “responders” or “responder devices” (typically target). Secondly, in an authentication phase, the initiator will temporarily set up a link with the responder that was ranked the highest in the discovery phase. The devices will perform an authentication procedure to verify that the initiator has set up a link with the intended responder. When this is successful, the initiator is bound with the responder and vice versa. When it fails, the initiator will set up a link with the next highest ranked responder and repeat the authentication procedure. This is repeated until the initiator is bound with the intended responder (an authentication procedure was successful), or the list of responders became empty (all authentication procedures failed). The authentication procedure comes in many forms, such as a simple button press on both sides, or entering a key code shown on the other device, to procedures that explicitly exploit the knowledge of security credentials like certificates.
In some cases, the binding procedure supposes the discovery phase to discover exactly one responder in which case the identification/authentication phase becomes obsolete. For example, in ZigBee RF4CE ZRC, a target will only respond to the discovery request of the controller if a button on the target is pressed. The controller will bind with this target, if and only if it was the only device that was discovered. If more than one target responds, the ambiguity cannot be resolved and the binding process is stopped by the controller.
The ranking of responders that is performed in the discovery phase ensures a good user experience. Indeed, when a lot of devices are within RF range, the list of responders can be long, and cycling through all of them can become time consuming.
An initiator device may use one or more parameters to determine if a responder device is a device that the initiator device wishes to bind with. Combining these parameters into a good heuristic for the ranking procedure is not always straightforward and is application dependent. This can result in continuous updates to the ranking procedure, based on newly gathered user feedback, even after devices have been deployed in the field. Updating the ranking procedure is cumbersome when the initiator device does not have direct internet access (untethered or partly-tethered device), such as a typical remote control handset. It requires support to update the device, usually by an over-the-air (OTA) update of the program memory, in which the new program image is first transferred to another device (TV or STB) that features internet access and next is transferred over RF from that device to the Remote Control.