The present invention relates generally to methods, systems and apparatus for interacting with computers. In particular the invention relates to a registration protocol for an interactive device on a network
The invention has been developed primarily to allow a large number of distributed users to interact with networked information via printed matter and optical sensors, thereby to obtain interactive printed matter on demand via high-speed networked color printers. Although the invention will largely be described herein with reference to this use, it will be appreciated that the invention is not limited to use in this field.
Cryptography is used to protect sensitive information, both in storage and in transit, and to authenticate parties to a transaction. There are two classes of cryptography in widespread use: secret-key cryptography and public-key cryptography.
Secret-key cryptography, also referred to as symmetric cryptography, uses the same key to encrypt and decrypt a message. Two parties wishing to exchange messages must first arrange to securely exchange the secret key.
An interactive device which is dynamically connected to a network may need to be authenticated and registered before it can be used.
It is an object of the present invention to apply advantages of cryptography to device registration in a network.
The invention is a protocol for registering an interactive device with a registration server in a network connected to the interactive device and the registration server. It includes the steps of: installing a secret key and a public unique identifier in non-volatile memory in the interactive device and in a database of the registration server, before the interactive device is connected to the network; then, when the interactive device is connected to the network, authenticating the interactive device at the server by verifying the interactive device""s encryption, using the secret key, of a challenge message issued by the server; and finally, if the authentication succeeds, registering the interactive device in the database of the registration server. The challenge preferably includes a nonce, a random or serially-allocated one-time-use number.
The protocol may include generating a session key at the server and transmitting the session key to the interactive device, protected by the shared secret key, for use in protecting communications between the interactive device and server.
The interactive device is preferably connected wirelessly to the network via a base station which may include a printer. The base station preferably issues the challenge message in place of the server, and the base station preferably stores the session key for use in protecting communications between the interactive device and base station.
The printer preferably prints documents on demand in response to inputs from the interactive device. The interactive device preferably generates such inputs by sensing coded data printed on documents. The printer is preferably capable of printing such coded data on documents, at the same time as it prints normal graphic document content such as text and pictures.
In a preferred embodiment, the interactive device takes the form of a pen which is capable of marking a document at the same time as sensing the coded data. Preferably, the pen is also capable of sensing its on movement relative to a document.