1. Field of the Invention
The present invention relates generally to a Bluetooth device and method for providing a service determined according to a Bluetooth personal identification number and, more particularly, to a Bluetooth device and method for providing a service determined according to a Bluetooth personal identification number, in which a first Bluetooth device, which stores one or more Bluetooth PINs matched to services having different security policies, ascertains the Bluetooth personal identification number of a second Bluetooth device, which wants to receive a service from the first Bluetooth device, and provides the service according to a security policy corresponding to the Bluetooth personal identification number.
2. Description of the Related Art
Bluetooth wireless technology provides peer-to-peer communication between Bluetooth devices within a local area. In Bluetooth, security measures are provided in the application layer and the link layer to offer secure communication. The security measures are performed by a security manager.
In the link layer, it is determined whether to grant a peer Bluetooth device access, and in the application layer, it is determined whether to provide a service to a peer Bluetooth device.
The service-providing Bluetooth device creates a link key using the address of the Bluetooth device, a Bluetooth Personal Identification Number (PIN) and a random number (RAND). At this time, the address of a Bluetooth device that wants to receive the service is used as the address of the Bluetooth device, and a random number that is created by the service-providing Bluetooth device is used as the RAND.
The Bluetooth PIN is a value that is input by a user, and this PIN must be input to both Bluetooth devices to create a link key.
The RAND is a variable value that is created whenever a connection is established between Bluetooth devices.
The link key is created in a specific communication session that is called “pairing.” The link key created as described above is used to create a new link key through a link key exchange. The newly created link key that is shared by Bluetooth devices that want to communicate is used in a procedure of authenticating a peer Bluetooth device. During the authentication procedure, an encryption key is created based on the shared link key. Thereafter, all data that is received and transmitted is respectively decrypted and encrypted using the encryption key.
Bluetooth security modes are classified into the following three types according to policy.
A security mode 1 is a non-secure mode where the Bluetooth device does not perform any security procedures.
A security mode 2 is a service-level security mode, which provides different security policies for individual services. In this mode different security policies may be provided for individual services. The Bluetooth device performs security procedures after a link level function is completed.
A security mode 3 is a link-level security mode, which applies the same security policy to all the connections. The Bluetooth device performs the procedures of this mode at a link level.
Furthermore, the Bluetooth device may set different security levels according to the type of service that is provided by the Bluetooth device, or a peer Bluetooth device.
In that case, peer Bluetooth devices are classified into trusted devices that can permanently and freely access all the services, and untrusted devices that are temporarily granted access to services or are not granted access to the services.
Authentication, authorization and encryption are independently applied security services. Security services are classified into the following three classes.
A first class requires authentication and authorization; it grants only trusted devices access at the time of automatic connection and it makes other devices undergo a manual authorization procedure.
A second class requires authentication and does not require authorization.
A third class does not require authentication or authorization; it grants all Bluetooth devices access.
Authentication is a procedure of identifying a Bluetooth device that wants to receive a service, which is performed using a stored link key or a Bluetooth PIN.
Authorization is a procedure of determining whether a specific Bluetooth device, which wants to receive a specific service, has an access right to the specific service, which is only granted to authenticated Bluetooth devices. Authorization may be done manually by a user.
FIG. 1 is a diagram showing the conventional process of constructing a security network between Bluetooth devices.
A user sets service security policies for a first Bluetooth device 110 that provides services, and stores the service security policy in step S110. For example, when the first Bluetooth device 110 supports headset and Personal Area Network (PAN) services, the user applies authentication and encryption policies to a second Bluetooth device 120 that wants to receive a headset service, and applies authentication and Secure Socket Layer (SSL) to another second Bluetooth device 120 that wants to receive a PAN service.
The user may set security policies for individual services, and set the types of services for individual second Bluetooth devices.
The user sets the second Bluetooth device 120 to a pairing mode, and causes the first Bluetooth device 110 to search for the second Bluetooth device 120. Accordingly, the first Bluetooth device 110 inquires about a Bluetooth connection with the second Bluetooth device 120 in step S120, and receives a response from the second Bluetooth device 120 in step S130.
The second Bluetooth device 120 requests authentication from the first Bluetooth device 110. If the preset link key of the second Bluetooth device 120 does not exist in the first Bluetooth device 110, the user is requested to input the Bluetooth PIN of the second Bluetooth device 120 in step S140.
If the Bluetooth PIN is input by the user, a link key is created between the Bluetooth devices in steps S150a and 150b and the newly created link key is shared through a link key exchange S160. The newly created link key is stored in non-volatile memory by the first and second Bluetooth devices 110 and 120 in steps S170a and S170b. 
Using the link key stored in memory, the second Bluetooth device 120 authenticates the first Bluetooth device 110, and the first Bluetooth device 110 authenticates the second Bluetooth device 120 in step S180. The first and second Bluetooth devices 110 and 120 selectively exchange an encryption key according to the security policies. All the data exchanged thereafter is encrypted by the encryption key created through the encryption key exchange (steps S190a and S190b) in step S200.
When a new second Bluetooth device 120 wants to use the services of the first Bluetooth device 110, and a link key associated with the new second Bluetooth device 120 is not stored, the user must input the Bluetooth PIN to the first Bluetooth device 110 and the new second Bluetooth device 120 in the pairing step. When the first Bluetooth device 110 supports a plurality of services, service access permissions must be set.