The invention relates to systems and methods for securely associating (or pairing) portable electronic devices with one or more computing devices.
Increasingly, users operate many different types of portable electronic devices with their computers (e.g., wireless headphones, digital cameras, personal digital assistants (PDAs), mobile phones, mouses, etc.). Many portable electronic devices are enabled with short-range wireless technologies, such as Bluetooth, ultra-wide band (UWB), wireless Universal Serial Bus (USB), and Near Field Communication (NFC), while others may communicate with the computing device via a physical wired connection.
Short-range wireless technologies and wired connections allow communications only between devices located within close proximity of each other. Due to this limitation of physical proximity, security threats are somewhat mitigated. That is, an attacking device needs to be physically connected to a target computing device, or within its transmission range, to be able to intercept and/or inject communications. Nonetheless, security features typically are employed to ensure that a computing device only associates and communicates with trusted and authorized devices.
Conventionally, a process is performed to ensure that a portable device is trusted before it is associated with a computing device. For example, a computing device enabled with a wireless technology may carry out a discovery protocol to obtain a list of other devices that are enabled with the same technology and are within communication range. The computing device may then initiate, either automatically or at the request of a user, a communication session with one of the discovered devices. To establish trust between the two devices, the user typically is prompted to interact with one or both of the devices. For example, each device may display a numerical value and the user is prompted to enter “yes” on one or both of the devices if the two displayed numerical values match, to verify that the user is in control of both devices so that the portable device is trusted. Such a user-aided authentication process is generally referred to as “manual pairing” as it requires an affirmative manual action by a user.
As part of the conventional manual pairing process, once the user confirms that the connection is between trusted devices, the devices store security information (e.g., cryptographic keying materials) for use in subsequent communications so that future association between the devices can be performed automatically by the devices without user action. Thus, if the same two devices discover each other in the future, the stored security information may be retrieved and exchanged to allow the devices to recognize one another as trusted, without having to perform another manual pairing procedure.