1. Field of the Invention
The present invention generally relates to Bluetooth® (hereinafter “Bluetooth”) communication, and in particular, to a Bluetooth secured communication method and apparatus.
2. Description of the Related Art
Bluetooth is a standard that is designed to support low-cost, short-range wireless communication between mobile devices such as portable PCs and portable telephones. Bluetooth uses radio frequencies in the 2.45 GHz Industrial Scientific Medical (ISM) band, which does not require a wireless license, thereby enabling various digital devices to exchange voice and data with each other completely without any physical connection. For instance, Bluetooth wireless technology may be employed in a portable telephone and a laptop computer so that they can communicate with each other without a cable. Also, a Bluetooth system may be incorporated in all digital devices, such as a Personal Digital Assistant (PDA), a desktop computer, a fax, a keyboard and a joystick.
FIG. 1 is a diagram illustrating general communication between Bluetooth devices. The Bluetooth devices refer to digital devices including Bluetooth modules for Bluetooth communication. A user terminal 100 containing a Bluetooth module establishes a wireless connection with adjacent Bluetooth devices 110 to 150; the terminal supports point-to-point connection and point-to-multipoint connection. When the user terminal 100 performs detection of a Bluetooth device, information about the adjacent Bluetooth devices 110 to 150 is displayed on the user terminal 100. Then, the user terminal 100 starts a connection set-up procedure for connecting the user terminal 100 to a desired device from among the detected Bluetooth devices. In this case, the user terminal 100 requesting the connection to another Bluetooth device is called a “master device”, and the counterpart Bluetooth device receiving the connection request is called a “slave device”. The master-slave relationship may change after the connection set up.
For example, when Bluetooth cellular phones are communicating, a connection between the Bluetooth cellular phones is essential for phone data exchange or a call in a walkie-talkie mode. In order to establish a wireless connection between two Bluetooth devices, an authentication procedure called “pairing” between the devices must be performed. That is, a first device, to allow a connection thereto, must be operating in an inquiry scan mode or a page scan mode. A second device, in order to attempt a connection to the first device, must send an inquiry message including its Bluetooth Device Address (BD_ADDR) through a user interface so as to find a counterpart device located in proximity to the second device. The Bluetooth device receiving the inquiry message sends an inquiry response message including its BD_ADDR to a corresponding Bluetooth device. The Bluetooth device receiving the inquiry response message displays Bluetooth devices corresponding to the inquiry response message and attempts a connection to a device selected by a user.
In the pairing procedure, the master device presents a Personal Identification Number (PIN) code window to a user to request a PIN code corresponding to a device to be connected. If the master device attempts a connection after the PIN code is entered, the slave device also presents a window requesting a PIN code. At this time, if a user of the slave device enters the same PIN code as the PIN code that is entered by one who attempts the connection, the two devices exchange a link key using the input PIN code, BD_ADDR and a random number (RAND) to/from each other.
The link key is provided to the two Bluetooth devices for use in the authentication procedure between the two Bluetooth devices. However, the link key must be used only for a connection between the two Bluetooth devices.
As such, in searching, pairing, authentication, and connection between two Bluetooth devices, BD_ADDR of each of the Bluetooth devices should be used. The two Bluetooth devices store each other's BD_ADDR without elimination even after termination of a Bluetooth communication, and thus a Bluetooth connection between the two Bluetooth devices is possible after completion of the bonding process.
As a result, a serious security problem occurs in a Bluetooth communication. In other words, after completion of the bonding process, a Bluetooth device of a user may be connected to another Bluetooth device without user's recognition and unintentional information leakage may occur. In particular, although one-time transmission/reception of data like image files is executed through Bluetooth communication, bonding data such as BD_ADDR remains without being eliminated constituting a fatal blow to communication security.