Systems and methods for device authentication

US 10,021,100 B2
Filed: 06/27/2017
Issued: 07/10/2018
Est. Priority Date: 09/12/2016
Status: Active Grant

First Claim

Patent Images

1. A system for authenticating an Internet of Things (IoT) device to a first computing device through interaction with a second computing device, comprising:

the IoT device, comprising;

a first communication interface; and

a first processor coupled to the communication interface and configured with processor-executable instructions to perform operations comprising;

obtaining an ephemeral first transitory identity at the IoT device;

sending the first transitory identity to the first computing device and to the second computing device;

receiving an ephemeral second transitory identity from the first computing device;

sending a first authentication query including the second transitory identity to the second computing device; and

receiving from the second computing device an indication of whether the first computing device is authenticated;

the first computing device, comprising;

a second communication interface; and

a second processor coupled to the communication interface and configured with processor-executable instructions to perform operations comprising;

obtaining the second transitory identity at the first computing device;

sending the second transitory identity to the IoT device and to the second computing device;

receiving the first transitory identity from the IoT device;

sending a second authentication query including the first transitory identity to the second computing device; and

receiving from the second computing device an indication of whether the IoT device is authenticated; and

the second computing device, comprising;

a third communication interface; and

a third processor coupled to the communication interface and configured with processor-executable instructions to perform operations comprising;

receiving the first transitory identity from the IoT device;

receiving the second authentication query;

determining whether the first transitory identity from the IoT device matches the first transitory identity from the first computing device;

sending to the first computing device the indication of whether the IoT device is authenticated based on the determination of whether the first transitory identity from the IoT device matches the first transitory identity from the first computing device;

receiving the second transitory identity from the first computing device;

receiving the first authentication query;

determining whether the second transitory identity from the IoT device matches the second transitory identity from the firs computing device; and

sending to the IoT device an indication of whether the first computing device is authenticated based on the determination of whether the second transitory identity from the IoT device matches the second transitory identity from the first computing device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments include methods, and systems and computing devices configured to implement the methods of authenticating a computing device. A processor of a first computing device may obtain a transitory identity and may send the transitory identity to a second computing device and a third computing device. A processor of the second computing device may send the transitory identity to the third computing device with a request to authenticate the first computing device. The processor of the third computing device may authenticate the identity of the first computing device in response to determining that the transitory identity received from the first computing device matches the transitory identity received from the second computing device.

56 Citations

View as Search Results

39 Claims

1. A system for authenticating an Internet of Things (IoT) device to a first computing device through interaction with a second computing device, comprising:
- the IoT device, comprising;
  
  a first communication interface; and
  
  a first processor coupled to the communication interface and configured with processor-executable instructions to perform operations comprising;
  
  obtaining an ephemeral first transitory identity at the IoT device;
  
  sending the first transitory identity to the first computing device and to the second computing device;
  
  receiving an ephemeral second transitory identity from the first computing device;
  
  sending a first authentication query including the second transitory identity to the second computing device; and
  
  receiving from the second computing device an indication of whether the first computing device is authenticated;
  
  the first computing device, comprising;
  
  a second communication interface; and
  
  a second processor coupled to the communication interface and configured with processor-executable instructions to perform operations comprising;
  
  obtaining the second transitory identity at the first computing device;
  
  sending the second transitory identity to the IoT device and to the second computing device;
  
  receiving the first transitory identity from the IoT device;
  
  sending a second authentication query including the first transitory identity to the second computing device; and
  
  receiving from the second computing device an indication of whether the IoT device is authenticated; and
  
  the second computing device, comprising;
  
  a third communication interface; and
  
  a third processor coupled to the communication interface and configured with processor-executable instructions to perform operations comprising;
  
  receiving the first transitory identity from the IoT device;
  
  receiving the second authentication query;
  
  determining whether the first transitory identity from the IoT device matches the first transitory identity from the first computing device;
  
  sending to the first computing device the indication of whether the IoT device is authenticated based on the determination of whether the first transitory identity from the IoT device matches the first transitory identity from the first computing device;
  
  receiving the second transitory identity from the first computing device;
  
  receiving the first authentication query;
  
  determining whether the second transitory identity from the IoT device matches the second transitory identity from the firs computing device; and
  
  sending to the IoT device an indication of whether the first computing device is authenticated based on the determination of whether the second transitory identity from the IoT device matches the second transitory identity from the first computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1, wherein the first computing device comprises a second IoT device.
  - 3. The system of claim 1, wherein the processor of the second computing device is configured with processor-executable instructions to perform operations further comprising:
    - sending an instruction to each of the IoT device and the first computing device to obtain an ephemeral new transitory identity.
  - 4. The system of claim 3, wherein the processor of the second computing device is configured with processor-executable instructions to perform operations such that sending the instruction to each of the IoT device and the firs computing device to obtain the new transitory identity comprises:
    - sending the instruction to each of the IoT device and the first computing device to obtain the new transitory identity in response to determining that the first transitory identity from the first computing device does not match the first transitory identity from the IoT device.
  - 5. The system of claim 3, wherein the processor of the second computing device is configured with processor-executable instructions to perform operations such that sending the instruction to each of the IoT device and the first computing device to obtain the new transitory identity comprises:
    - sending the instruction to each of the IoT device and the first computing device to obtain the new transitory identity in response to determining that the second transitory identity from the first computing device does not match the second transitory identity from the second computing device.
  - 6. The system of claim 1, wherein each of the processor of the IoT device, the processor of the first computing device, and the processor of the second computing device is configured with processor-executable instructions to repeat their respective operations at a frequency that is less than a determined time interval required for an attacker to obtain and use the first and second transitory identities.
  - 7. The system of claim 1, wherein each of the processor of the IoT device, the processor of the first computing device, and the processor of the second computing device is configured with processor-executable instructions to repeat their respective operations at a frequency that is less than a determined time required by an attacker to obtain and use the first, second, and third transitory identities.
  - 8. The system of claim 1, wherein the processor of the IoT device is configured with processor-executable instructions to perform operations further comprising:
    - generating a text string and generating an encrypted version of the text string;
      
      sending the generated text string to the first computing device;
      
      sending the generated encrypted text string to the second computing device; and
      
      receiving from the first computing device an indication of whether the IoT device is authenticated based on the text string sent to the first computing device and the encrypted text string sent to the second computing device.
  - 9. The system of claim 8, wherein the processor of the IoT device is configured with processor-executable instructions to perform operations further comprising:
    - performing an information transaction with the first computing device in response to receiving from the first computing device an indication that the IoT device is authenticated.
  - 10. The system of claim 8, wherein the processor of the second computing device is configured with processor-executable instructions to perform operations further comprising:
    - decrypting the encrypted text string from the IoT device; and
      
      re-encrypting the decrypted text string and sending the re-encrypted text string to the first computing device to enable the first computing device to compare the re-encrypted text string and the text string sent from the IoT device to the first computing device.
  - 11. The system of claim 8, wherein the processor of the first computing device is configured with processor-executable instructions to perform operations further comprising:
    - receiving the text string from the IoT device;
      
      receiving a re-encrypted text string from the second computing device;
      
      determining whether the text string from the IoT device and the re-encrypted text string from the second computing device match; and
      
      sending to one or more of the IoT device and the second computing device an indication of whether a participation of the IoT device is authenticated in response to the determining whether the text string from the IoT device and the re-encrypted text string from the second computing device match.
  - 12. The system of claim 11, wherein the processor of the second computing device is configured with processor-executable instructions to perform operations further comprising:
    - receiving the indication of whether the participation of the IoT device is authenticated; and
      
      storing the indication of whether the participation of the IoT device is authenticated.
  - 13. The system of claim 1, wherein the processor of the IoT device is configured with processor-executable instructions to perform operations further comprising:
    - sending a unit of static information to the second computing device;
      
      receiving from the first computing device the unit of static information based on the determination that the first transitory identity from the first computing device matches the first transitory identity from the IoT device; and
      
      presenting the unit of static information at the IoT device.
  - 14. The system of claim 13, wherein the processor of the IoT device is configured with processor-executable instructions to perform operations such that the unit of static information includes a human-perceivable indicator.
  - 15. The system of claim 1, wherein the processor of the first computing device is configured with processor-executable instructions to perform operations further comprising:
    - receiving from the second computing device a unit of static information from the IoT device; and
      
      sending to the IoT device the unit of static information based on the determination that the first transitory identity from the first computing device matches the first transitory identity from the IoT device.
  - 16. The system of claim 1, wherein the processor of the third computing device is configured with processor-executable instructions to perform operations further comprising:
    - receiving a unit of static information from the first computing device; and
      
      sending to first computing device the unit of static information based on the determination that the first transitory identity from the first computing device matches the first transitory identity from the IoT device.

17. An Internet of Things (IoT) device, comprising:
- a communication interface; and
  
  a processor coupled to the communication interface and configured with processor-executable instructions to perform operations comprising;
  
  obtaining an ephemeral first transitory identity;
  
  sending the first transitory identity to a first computing device and to a second computing device;
  
  receiving an ephemeral second transitory identity from the first computing device;
  
  sending an authentication query including the second transitory identity to the second computing device;
  
  determining whether an indication of authentication success or an indication of authentication failure is received from the second computing device; and
  
  performing an information transaction with the first computing device in response to determining that an indication of authentication success is received,wherein the processor is further configured with processor-executable instructions to repeat the operations at a frequency that is less than a determined time interval required for an attacker to obtain and use the first and second transitory identities.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The IoT device of claim 17, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - receiving an instruction from the second computing device to obtain a new transitory identity; and
      
      obtaining an ephemeral new first transitory identity based on the instruction.
  - 19. The IoT device of claim 17, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - determining that a duration of the first transitory identity has expired; and
      
      obtaining an ephemeral new first transitory identity based on the determining that the duration of the first transitory identity has expired.
  - 20. The IoT device of claim 17, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - performing a security action in response to determining that an indication of authentication failure is received.
  - 21. The IoT device of claim 17, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - sending to the first computing device a request to perform an information transaction;
      
      receiving from the first computing device an indication of whether the IoT device is authenticated; and
      
      performing the information transaction in response to receiving an indication that the IoT device is authenticated.
  - 22. The IoT device of claim 21, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - receiving a request from the first computing device for the first transitory identity based on the request to perform the information transaction,wherein sending the first transitory identity to the first computing device and to the second computing device is based on the request from the first computing device for the first transitory identity.
  - 23. The IoT device of claim 21, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - generating a text string and generating an encrypted version of the text string;
      
      sending the generated text string to the first computing device;
      
      sending the generated encrypted text string to the second computing device; and
      
      receiving from the first computing device the indication of whether the IoT device is authenticated based on the text string sent to the first computing device and the encrypted text string sent to the second computing device.

24. A computing device, comprising:
- a communication interface; and
  
  a processor coupled to the communication interface and configured with processor-executable instructions to perform operations comprising;
  
  receiving from an Internet of Things (IoT) device a request to perform an information transaction;
  
  receiving from the IoT device an ephemeral transitory identity of the IoT device;
  
  sending a request comprising the transitory identity to a second computing device to confirm an identity of the IoT device;
  
  receiving from the second computing device an indication of whether the identity of the IoT device is confirmed; and
  
  sending an indication of whether performance of the information transaction is enabled based on the indication of whether the identity of the IoT device is confirmed,wherein the processor is further configured with processor-executable instructions to repeat the operations at a frequency that is less than a determined time interval required for an attacker to obtain and use the transitory identity.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The computing device of claim 24, wherein the computing device comprises a second IoT device.
  - 26. The computing device of claim 24, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - sending a request to the IoT device for a transitory identity of the IoT device based on the request to perform the information transaction.
  - 27. The computing device of claim 24, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - receiving a text string from the IoT device;
      
      receiving a re-encrypted text string from the second computing device;
      
      determining whether the text string from the IoT device and the re-encrypted text string from the second computing device match; and
      
      sending to one or more of the IoT device and the second computing device an indication of whether a participation of the IoT device is authenticated in response to the determining whether the text string from the IoT device and the re-encrypted text string from the second computing device match.
  - 28. The computing device of claim 27, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - enabling performance of the information transaction based on the determination that the text string from the IoT device and the re-encrypted text string from the second computing device match.

29. A computing device configured to communicate with an Internet of Things (IoT) device and a second computing device, comprising:
- a communication interface; and
  
  a processor coupled to the communication interface and configured with processor-executable instructions to perform operations comprising;
  
  receiving an ephemeral first transitory identity from the IoT device;
  
  receiving an authentication query comprising the first transitory identity from the second computing device;
  
  determining whether the first transitory identity from the IoT device matches the first transitory identity from the second computing device; and
  
  sending to the second computing device an indication of whether the IoT device is authenticated based on the determination of whether the first transitory identity from the IoT device matches the first transitory identity from the second computing device,wherein the processor is further configured with processor-executable instructions to repeat the operations at a frequency that is less than a determined time interval required for an attacker to obtain and use the first transitory identity.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 30. The computing device of claim 29, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - receiving an ephemeral second transitory identity from the second computing device;
      
      receiving an authentication query comprising the second transitory identity from the IoT device;
      
      determining whether the second transitory identity from the second computing device matches the second transitory identity from the IoT device; and
      
      sending to the IoT device an indication of whether the second computing device is authenticated based on the determination of whether the second transitory identity from the second computing device matches the second transitory identity from the IoT device.
  - 31. The computing device of claim 30, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - sending to the IoT device an indication of authentication success of the second computing device in response to determining that the second transitory identity from the second computing device matches the second transitory identity from the IoT device.
  - 32. The computing device of claim 30, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - sending to the IoT device an indication of authentication failure of the second computing device in response to determining that the second transitory identity from the second computing device does not match the second transitory identity from the IoT device.
  - 33. The computing device of claim 29, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - sending to the second computing device an indication of authentication success of the IoT device in response to determining that the first transitory identity from the IoT device matches the first transitory identity from the second computing device.
  - 34. The computing device of claim 29, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - sending to the second computing device an indication of authentication failure of the IoT device in response to determining that the first transitory identity from the IoT device does not match the first transitory identity from the second computing device.
  - 35. The computing device of claim 29, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - determining that a duration of the first transitory identity has expired; and
      
      sending an instruction to the IoT device to obtain a new transitory identity in response determining that the duration of the first transitory identity has expired.
  - 36. The computing device of claim 29, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - determining that a duration of the second transitory identity has expired; and
      
      sending an instruction to the second computing device to obtain a new transitory identity in response determining that the duration of the second transitory identity has expired.
  - 37. The computing device of claim 29, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - receiving from an electronic security system an indication of an unauthorized user; and
      
      sending an instruction to one or more of the IoT device and the second computing device to obtain an ephemeral new transitory identity in response to the indication of the unauthorized user.
  - 38. The computing device of claim 29, wherein the processor is configured with processor-executable instructions to perform operations further comprising:
    - receiving from the IoT device an encrypted text string and decrypting the encrypted text string;
      
      re-encrypting the decrypted text string and sending the re-encrypted text string to the second computing device;
      
      receiving an indication from the second computing device of whether a participation of the IoT device is authenticated; and
      
      storing the indication of whether the participation of the IoT device is authenticated.

39. A method of authenticating interactions between an Internet of Things (IoT) device and a first computing device with support of a second computing device, the method comprising:
- obtaining an ephemeral first transitory identity at the IoT device;
  
  sending the first transitory identity to the first computing device and to the second computing device;
  
  receiving in the first computing device the first transitory identity from the IoT device;
  
  obtaining an ephemeral second transitory identity at the first computing device;
  
  sending the second transitory identity from the first computing device to the IoT device and to the second computing device;
  
  receiving in the IoT device the second transitory identity from the first computing device;
  
  sending a first authentication query including the second transitory identity from the IoT device to the second computing device;
  
  sending a second authentication query including the first transitory identity from the first computing to the second computing device;
  
  receiving in the second computing device the first transitory identity from the IoT device;
  
  receiving in the second computing device the second authentication query;
  
  determining in the second computing device whether the first transitory identity from the IoT device matches the first transitory identity from the first computing device;
  
  sending by the second computing device to the first computing device an indication of whether the IoT device is authenticated based on the determination of whether the first transitory identity from the IoT device matches the first transitory identity from the first computing device;
  
  receiving in the second computing device the second transitory identity from the first computing device;
  
  receiving in the second computing device the first authentication query;
  
  determining by the second computing device whether the second transitory identity from the IoT device matches the second transitory identity from the first computing device;
  
  sending by the second computing device to the IoT device an indication of whether the first computing device is authenticated based on the determination of whether the second transitory identity from the IoT device matches the second transitory identity from the first computing device;
  
  receiving in the IoT device from the second computing device an indication of whether the first computing device is authenticated; and
  
  receiving in the first computing device from the second computing device an indication of whether the IoT device is authenticated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
infOsci, LLC
Original Assignee
infOsci, LLC
Inventors
Ellingson, John, Ottoson, Thomas Charles
Primary Examiner(s)
Schwartz, Darren B

Application Number

US15/634,265
Publication Number

US 20180077156A1
Time in Patent Office

378 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/30   Authentication, i.e. establ...

H04L 2209/80   Wireless network architectu...

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/1458   Denial of Service

H04L 9/088   Usage controlling of secret...

H04L 9/0891   Revocation or update of sec...

H04L 9/12   Transmitting and receiving ...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3228   One-time or temporary data,...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/50 : Secure pairing of devices

H04W 12/75 : Temporary identity

View All

Systems and methods for device authentication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

39 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for device authentication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

39 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others