Ubiquitous computing refers to a trend in which computing devices are becoming increasingly more prevalent and useful in everyday activities. For example, persons are more frequently carrying computing devices with them as they go about their daily activities. Often, such devices are most useful when they interact with other devices. Thus, an important aspect of ubiquitous computing is spontaneous device association. Examples of possible spontaneous associations include: a person sending a photograph taken using a camera-telephone to a digital picture frame at the home of another person; two teenagers who encounter one another in a shopping mall play a wireless video game together; or two colleagues who meet at a conference and transfer a document from one's PDA (personal digital assistant) to another's laptop computer.
Such interactions preferably occur spontaneously, given the circumstances and current activity of the person or persons involved, and require minimal effort to set up. In addition, because spontaneous interactions are expected to occur in untrustworthy environments, some security as to the interactions is also important. In the example above in which a person transfers a photograph within someone's home, if the transfer is performed wirelessly and in absence of appropriate security measures, a third party in a nearby home may be able to also receive the photograph. And, in the example of two colleagues exchanging a document at a conference, the document may contain sensitive business information while the conference may also be attended by business rivals. Thus, some degree of security is desired to prevent a third party from eavesdropping on a communication.
One type of security attack is known as “man-in-the-middle.” In this attack, two parties attempt to communicate directly with each other. However, messages intended to be exchanged between them are instead intercepted by third party. The third party emulates each party from the perspective of the other so that the two parties are unaware of the presence of the third party or “man-in-the-middle.”
Further, in environments having multiple devices, a pair of devices may attempt to associate with each other near in time that another pair of devices attempts to associate with each other. It may then occur that a member of each pair becomes mistakenly associated with a member of the other pair.
To address these problems, it is known to use a physically constrained channel, such that only devices in a certain physical context may transmit or receive a message via the channel. Examples of physically constrained channels include direct electrical contact, a human body in contact with the devices, infrared beacons, combinations of ultrasound and radio propagation, laser beams, 60 GHz radio and audio. However, none of these physically constrained channels provides guarantees against unauthorized parties sending or receiving messages due to such factors as refraction, reflection and sensitive receivers that can detect faint signals.
Therefore, what is needed is an improved technique that may be used to secure communications between computing devices. What is further needed is such a technique that has an ability to counter a “man-in-the-middle” attack and to avoid unintended associations. It is toward these ends that the present invention is directed.