OUT-OF-BAND KEY FOR RANGING

OUT-OF-BAND KEY FOR RANGING

INVENTIV.ORG

Invented by SCAGNOL; Mauro, BATRA; Mayank, MANDYAM; Giridhar Dhati, ISANI; Tarik

Wireless devices are everywhere now—from phones and fitness trackers to smart locks and cars. As we use these devices more, keeping their communication safe becomes critical. One of the latest ways to improve wireless security is by using “out-of-band” keys during special sessions called ranging sessions. In this article, we’ll explore this new approach, showing how it works, why it’s needed, and what makes it different from what came before.

Background and Market Context

Wireless technology is part of daily life. Phones, watches, earbuds, smart home gadgets, and even cars talk to each other using invisible radio waves. They use standards like Bluetooth, Wi-Fi, and cellular signals to connect. For short distances—say, your phone unlocking your car or sending music to your earbuds—special protocols like Bluetooth Low Energy (BLE) are often used. These protocols are designed to save power and make devices last longer on a charge.

Recently, wireless uses have grown more advanced. Devices now do more than just send files or play music. They can figure out how far apart they are by measuring tiny changes in signals, a process called “ranging.” For example, your smart lock can check if your phone is close enough before unlocking the door. This is helpful, but it also creates new risks. If someone can trick your lock or pretend to be your phone, they could break in.

To keep wireless communication private, devices use keys—kind of like passwords. These keys make sure only the right devices can talk to each other. But in many cases, the way devices share these keys isn’t strong enough. Sometimes, keys are sent “in-band,” meaning over the same wireless connection that’s being protected. If a hacker listens in at the right time, they might catch a key and use it to break in.

This is where “out-of-band” (OOB) keys come in. With OOB keying, the devices get a secret key through a different, safer route—outside the normal data channel. Maybe the key comes from a trusted network, through a secure app, or even from a special chip built into the device. By using this OOB key during the ranging session, it becomes much harder for hackers to listen in or fake their way in.

The market for short-range wireless devices—especially those that control access to things like cars, smart homes, and medical devices—is growing fast. At the same time, attacks on wireless security are becoming more common. Manufacturers, software developers, and network providers all want ways to make these connections safer without making devices too complicated or hard to use. The approach described here fits this need, giving both strong security and flexibility for many types of devices.

Scientific Rationale and Prior Art

Wireless communication has always needed security. Over the years, many methods have been used to keep messages private. Early on, devices might have used simple passwords or fixed codes. As threats grew, stronger encryption and key exchange methods were introduced. For example, Bluetooth uses keys called “Long-Term Keys” (LTKs) to keep connections private. In “classic” Bluetooth, these keys were shared in basic ways, sometimes even over unencrypted channels. This wasn’t enough once attackers started using more powerful tools.

Bluetooth Low Energy (BLE) was designed to use less power and to work better for things like smart locks, trackers, and fitness devices. BLE uses a pairing process to create and exchange keys. Typically, two devices agree on a key (like the LTK) and use it to protect their messages. For ranging sessions—where devices try to measure how far apart they are—extra data, like “initialization vectors” (IVs) and “nonces,” are exchanged. These are like random numbers that make encrypted messages harder to guess. But, in many cases, these numbers and even the LTK itself are sent in ways that are not perfectly secure. For example, if the device’s internal parts—called the host and controller—are on different chips, the key might be sent as plain text between them. Someone who can tap into this connection could steal the key.

To make things worse, attackers can sometimes “spoof” a device. That means they pretend to be your phone or key fob, using stolen keys to talk to your smart lock or car. This has happened in real life, where thieves used cheap electronic tools to unlock cars or houses. The problem is that, if a key is ever sent in a way that can be intercepted, the whole system is at risk.

Some earlier solutions tried to use “out-of-band” pairing for Bluetooth. For example, you might scan a QR code or tap two devices together to share a key. These methods are safer but not always practical for all devices or sessions. Also, they were usually used for the initial pairing, not for ongoing sessions like ranging.

What’s missing in past solutions is a way to combine strong, out-of-band key delivery with the special needs of ranging sessions. Ranging sessions are often short, happen many times, and need to be fast. If the key for these sessions is ever exposed, attackers might get in. The new approach described in the patent fixes this by having the devices get a special OOB key—one that is shared safely, outside the normal wireless band—and then use that key (or combine it with regular session data) to protect every ranging message.

This solves both problems: keys are never sent in the clear, and even if someone listens to the regular wireless traffic, they can’t decode the messages without the OOB key. This approach also lets manufacturers use different ways to send the OOB key, like through a trusted network, a secure chip, or even using a different radio technology (like Wi-Fi instead of Bluetooth).

Invention Description and Key Innovations

Let’s look at how this new invention works in easy terms. Imagine two devices—say, your smartphone and your car’s smart lock. They want to run a ranging session to see if you’re close enough to unlock the car. Here’s how the invention makes this safe:

First, before the ranging session starts, both devices get a special OOB key. This key is not sent over the same wireless channel that the ranging session will use. Instead, it might come from a trusted network, a secure app, or even a chip inside the phone or car. Sometimes, a “network entity” (like a server or cloud service) helps set this up. The key can be given to the devices in different ways, like over Wi-Fi, through an encrypted app, or from a secure chip called a “root of trust.”

Once both devices have the OOB key, they store it somewhere safe—again, often inside a special chip or secure memory area. This means the key is protected even if someone else gets access to other parts of the device.

When the user wants to unlock the car, the two devices start their ranging session. Usually, this means exchanging special messages that help measure the distance between them. In the old way, these messages were scrambled using data and keys that were shared over the same wireless channel, making them easier to attack.

With the new method, each device uses the OOB key (alone or combined with the usual session data like IVs and nonces) to create a “scrambling sequence.” Think of this as a secret code that will be used to mix up the messages. Only devices with the right OOB key can create the same sequence and unscramble the messages.

The process goes like this:

1. The devices exchange some in-band data, like IVs, nonces, or personalization vectors. These are extra pieces that help make each session unique.

2. Each device combines the OOB key and the in-band data to generate inputs for a scrambling sequence. This often means running the data through a special function—like a deterministic random bit generator (DRBG)—to create random-looking bits.

3. The device sending the message scrambles it with this sequence and sends it over the air. Only the other device, which has the same OOB key and session data, can recreate the sequence and unscramble the message.

4. If someone tries to listen in, they’ll see scrambled data. Even if they know the in-band data, they can’t decode anything unless they also have the OOB key, which was sent in a completely separate way.

This process can repeat for each message in the ranging session. For each new step, the devices can create new keys and nonces, making it even harder to break in.

Some key technical points include:

– The OOB key can be given by a network entity, by a peer device, or even generated on the device itself.

– The OOB key can be shared over a different radio technology—say, Wi-Fi instead of Bluetooth—making attacks even harder.

– Special secure storage areas, like a root of trust or a secure element, are used to keep the OOB key safe on the device.

– The scrambling sequence uses both the OOB key and in-band data. This means that every session is unique and safe even if the in-band data is exposed.

– The method can work for many types of devices—phones, wearables, cars, smart home gear—and for many types of short-range protocols.

This method is flexible. It can be used whether the devices talk directly to each other (peer-to-peer) or get help from a network service. It also works for both “central” devices (like your phone) and “peripheral” devices (like locks or earbuds).

To make things even safer, the invention supports “attestation.” This means the network entity can check that a device is in a safe state (no hacked software, secure booting, etc.) before giving it the OOB key. This prevents attackers from using fake or compromised devices.

A big benefit of this invention is that it doesn’t slow down the user. The OOB key can be shared ahead of time, and the actual ranging sessions happen quickly. For the user, the experience is seamless: you just walk up to your car, and it unlocks if you’re close enough. But behind the scenes, the security is much stronger than before.

This approach can stop many common attacks. If someone tries to intercept the wireless signals, they only get scrambled data. If they try to use old keys or replay messages, the new session data and OOB key will stop them. Even if they somehow get into the in-band communication, the real secret is still hidden.

Conclusion

Wireless devices are getting smarter and more connected every year, but that also means they need better security. The invention described here—using out-of-band keys for ranging sessions—gives a practical, strong way to protect important actions like unlocking cars, homes, or other devices. By sharing secret keys in a safe way and using them to scramble every message, this method keeps hackers out while letting users enjoy fast and easy wireless connections.

For companies building wireless gadgets, this approach offers a path to better safety without making things too complex or slow. For users, it means more peace of mind every time you use your phone, car, or smart home device. As wireless tech keeps growing, smart ideas like this will help keep us all safe.

Click here https://ppubs.uspto.gov/pubwebapp/ and search 20250216530.

--- oOo ---

Patent FAQs - Patent Guide

Check out some our latest posts on patent filling and patent news:

Related Blogs

Disclaimer:

The information provided on this blog does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information. This website contains links to other third-party websites. Such links are only for the reader, user or browser; we do not recommend or endorse the contents of the third-party sites.

Readers of this website should contact their attorney to obtain advice for any particular legal matter. No reader, user, or browser of this site should act or refrain from acting based on information on this site without first seeking legal advice from counsel in the relevant jurisdiction. Only your attorney can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of and access to this website or any links or resources within this site do not create an attorney-client relationship between the reader, user, or browser and website authors, contributors, contributing law firms, and their respective employers.

The views expressed at or through this site are those of the authors writing in their individual capacities only – not this site. All liability for actions taken or not taken based on the contents of this site are expressly disclaimed. The content on this posting is provided “as is;” no representations are made that the content is error-free.