Session management for internet of things devices
First Claim
1. A method performed by a computing system, comprising:
- receiving, from a client computing device, a first request for provisioning a token that enables a specified computing device to communicate with an application executing at a server computing device;
generating the token for the specified computing device, wherein the token is associated with a set of functions that the specified computing device is allowed to execute;
sending the token to the client computing device;
causing the client computing device to send the token to the specified computing device;
receiving, at the server computing device and from the specified computing device, a request for performing a specified function;
determining whether the server computing device has a session data object associated with the specified computing device, the session data object having the token and an installation ID of the specified computing device and generated at the server computing device in response to generating the token;
permitting the specified computing device to perform the specified function in an event the session data object is available at the server computing device;
receiving, at the computing system, a revoke request from the client computing device to revoke access for a specified type of computing devices provisioned by the client computing device;
identifying session objects having tokens generated for the computing devices of the specified type; and
deleting the session objects to revoke the access for the specified type of computing devices.
2 Assignments
0 Petitions
Accused Products
Abstract
The disclosure is directed to security management in communications involving computing devices, e.g. Internet of Things (IoT) devices. An IoT device can perform various activities, e.g., social networking activities, for or on behalf of a user. An IoT device is typically insecure, especially when accessing user data. To control the type of activities that can be performed by various types of devices, a server device (“server”) can issue different types of tokens to different IoT devices. Which token an IoT device has determines the types of activities the IoT device can perform. For example, the server can issue a restricted token, which restricts the type of activities an IoT device can perform, and an unrestricted token to a more secure device, e.g., a smartphone, that can perform a broader range of activities. For example, the restrictive token may not permit the IoT device to change the password of a user.
22 Citations
18 Claims
-
1. A method performed by a computing system, comprising:
-
receiving, from a client computing device, a first request for provisioning a token that enables a specified computing device to communicate with an application executing at a server computing device; generating the token for the specified computing device, wherein the token is associated with a set of functions that the specified computing device is allowed to execute; sending the token to the client computing device; causing the client computing device to send the token to the specified computing device; receiving, at the server computing device and from the specified computing device, a request for performing a specified function; determining whether the server computing device has a session data object associated with the specified computing device, the session data object having the token and an installation ID of the specified computing device and generated at the server computing device in response to generating the token; permitting the specified computing device to perform the specified function in an event the session data object is available at the server computing device; receiving, at the computing system, a revoke request from the client computing device to revoke access for a specified type of computing devices provisioned by the client computing device; identifying session objects having tokens generated for the computing devices of the specified type; and deleting the session objects to revoke the access for the specified type of computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium storing computer-readable instructions, comprising:
-
instructions for receiving, at a server computing device and from a specified computing device, a first request for performing a function associated with an application executing at the server computing device, wherein the specified computing device is provisioned to work with the application by a client computing device; instructions for extracting, by the server computing device, a token from the first request, wherein the token identifies a set of functions the specified computing device is permitted to execute, and wherein the token is provisioned to the specified computing device via the client computing device during a registration process of the specified computing device; instructions for determining, at the server computing device, whether the token is associated with the function; and instructions for permitting the specified computing device to execute the function responsive to a determination that the token is associated with the function, wherein permitting the specified computing device to execute the function includes; determining whether the server computing device has a session data object associated with the specified computing device, the session data object having the token and an installation ID of the specified computing device, performing the function in an event the session data object is available at the server computing device, and notifying the specified computing device regarding a failure of the first request; and instructions for revoking access for a specified type of computing devices provisioned by the client computing device, wherein revoking access for the specified type of computing devices includes; receiving a revoke request from the client computing device to revoke access for the specified type of computing devices provisioned by the client computing device; identifying session objects having tokens generated for the computing devices of the specified type; and deleting the session objects to revoke the access for the specified type of computing devices. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A system, comprising:
-
a processor; a first component including instructions which, when executed by the processor, cause the system to receive, from a client computing device, a first request for provisioning a specified computing device with a token that enables the specified computing device to communicate with an application executing at a server computing device; a second component including instructions which, when executed by the processor, cause the system to generate the token, wherein the token is associated with a set of functions that the specified computing device is allowed to execute, wherein the first component further includes instructions which, when executed by the processor, cause the system to; send the token to the client computing device, cause the client computing device to send the token to the specified computing device, and receive, from the specified computing device, a request for performing a specified function; a third component including instructions which, when executed by the processor, cause the system to determine whether the system has a session data object associated with the specified computing device, the session data object having the token and an installation ID of the specified computing device and generated at the server computing device in response to generating the token; and a fourth component including instructions which, when executed by the processor, cause the system to permit the specified computing device to perform the specified function in an event the session data object is available at the server computing device, wherein; the first component further includes instructions which, when executed by the processor, cause the system to receive a revoke request from the client computing device to revoke access for a specified type of computing devices provisioned by the client computing device; and the third component further includes instructions which, when executed by the processor, cause the system to; identify session objects having tokens generated for the computing devices of the specified type; and delete the session objects to revoke the access for the specified type of computing devices.
-
Specification