Bluetooth 1.1 cryptographic services are currently provided on the baseband level. Key exchanges, authentications and encryptions are defined to be carried out in a low rate mode. There is currently in development a high rate mode for use in Bluetooth which will provide significantly different connection protocols and cryptographic services than are available in Bluetooth 1.1. From a communications point of view, the main difference between the existing low rate Bluetooth mode and the new Bluetooth high rate mode is that in high rate mode, any participating device may set up a communications link with any other device. Thus, the typical master/slave piconet utilized within low rate Bluetooth is not used within high rate mode Bluetooth. Thus, there is a need to quickly set up a secure communications link between any two devices.
Current security concepts require that secret keys be exchanged between two devices before security mechanisms may be applied to connections between devices communicating in a low rate mode. This is a rather cumbersome procedure that requires users to provide information such as a pin number. In a high rate mode, it would be necessary to find alternative ways of setting up a secure communication between devices. Additionally, current devices operating in a low rate mode would further benefit from alternative solutions that minimize the amount of user interactions required to initialize a secure link.
One potential solution involves the use of digital certificates by connecting devices in order to establish proper authentication for a link. Normally, a certification authority issues a public key certificate such as X.509. The certification authority is responsible for determining that the public key in an issued certificate corresponds to a private key of a holder with whom the certificate is being issued. This is necessary in order to maintain the security of a global or a large public key infrastructure The drawback with this type of system is that a central certification authority must issue all necessary certificates used by the communication units and all units must share trusted public root keys This is a tedious process that the user of a personal communication unit would like to avoid. Furthermore, it is very costly to maintain a well-controlled highly secure certification process that can handle thousands of users On the other hand, users desiring to operate on their own local environment, such as a personal area network (PAN) have no benefits inside their PAN from having a centralized certification authority like VeriSign. The user may not wish to delegate the certification authority operation to a centralized entity outside of their personal environment for privacy reasons. Thus, there is a need for providing individuals in personal local networks an option outside of the use of a centralized certification authority such as VeriSign.