Challenge-response proximity verification of user devices based on token-to-symbol mapping definitions

US 10,158,684 B2
Filed: 09/26/2016
Issued: 12/18/2018
Est. Priority Date: 09/26/2016
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

at an access server configured to communicate over a network with a video conference device and a user device, the access server and the user device having access to known mappings, including a default mapping, each mapping configured to map between multi-bit tokens and symbols according to a distinct mapping relationship between the multi-bit tokens and the symbols;

first instructing the video conference device to map an initial token to an initial symbol based on the default mapping and to transmit the initial symbol;

receiving from the user device the initial token and an indication of a challenge mapping selected from the mappings by the user device, and responsive to the receiving;

determining among the tokens a challenge token that the challenge mapping maps to a challenge symbol; and

second instructing the video conference device to transmit the challenge symbol; and

waiting to receive the challenge token from the user device and, if the challenge token is received from the user device, granting the user device access to an information carrying channel between the video conference device and the user device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An access server communicates with a video conference device and a user device. The access server and the user device may access known mappings, including a default mapping. Each mapping is configured to map between tokens and symbols according to a distinct mapping relationship between the multi-bit tokens and the symbols. The access server instructs the video conference device to map an initial token to an initial symbol based on the default mapping and to transmit the initial symbol. The access server receives from the user device the initial token and a challenge mapping selected by the user device. The access server determines a challenge token that the challenge mapping maps to a challenge symbol, and instructs the video conference device to transmit the challenge symbol. The access server grants the user device access to an information carrying channel only if the challenge token is received from the user device.

Citations

24 Claims

1. A method, comprising:
- at an access server configured to communicate over a network with a video conference device and a user device, the access server and the user device having access to known mappings, including a default mapping, each mapping configured to map between multi-bit tokens and symbols according to a distinct mapping relationship between the multi-bit tokens and the symbols;
  
  first instructing the video conference device to map an initial token to an initial symbol based on the default mapping and to transmit the initial symbol;
  
  receiving from the user device the initial token and an indication of a challenge mapping selected from the mappings by the user device, and responsive to the receiving;
  
  determining among the tokens a challenge token that the challenge mapping maps to a challenge symbol; and
  
  second instructing the video conference device to transmit the challenge symbol; and
  
  waiting to receive the challenge token from the user device and, if the challenge token is received from the user device, granting the user device access to an information carrying channel between the video conference device and the user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the first instructing includes causing the video conference device to transmit the initial symbol as an acoustic symbol over an acoustic channel and the second instructing includes causing the video conference device to transmit the challenge symbol as an acoustic symbol over an acoustic channel that is either the same as or different from the acoustic symbol over which the initial symbol is transmitted.
  - 3. The method of claim 1, wherein the mappings are each configured to map each token to only one symbol according to the distinct mapping relationship for that mapping and such that a given token maps to different symbols across the mappings.
  - 4. The method of claim 3, further comprising at the access server, responsive to the receiving:
    - prior to the determining the challenge token, selecting from the tokens a dummy token that the default mapping maps to the challenge symbol,wherein the determining includes determining the challenge token such that the challenge token also maps to the challenge symbol, wherein the determining is based on the dummy token and a known relationship between the distinct mapping relationships of the challenge mapping and the default mapping.
  - 5. The method of claim 4, wherein:
    - the first instructing includes sending the initial token to the video conference device in a first message that causes the video conference device to map the initial token to the initial symbol based on the default mapping and to transmit the initial symbol; and
      
      the second instructing includes sending the dummy token to the video conference device in a second message that causes the video conference device to map the dummy token to the challenge symbol based on the default mapping and to transmit the challenge symbol.
  - 6. The method of claim 5, further comprising, at the access server:
    - receiving the challenge token from a second endpoint as an indication that the second endpoint is within acoustic range of the teleconference device.
  - 7. The method of claim 5, wherein:
    - the first message is configured to cause the video conference device to transmit the initial symbol as an acoustic symbol over a first acoustic channel; and
      
      the second message is configured to cause the video conference device to transmit the dummy token symbol as an acoustic symbol over a second acoustic channel.
  - 8. The method of claim 7, wherein the first acoustic channel and the second acoustic channel are the same acoustic channel.
  - 9. The method of claim 7, wherein each distinct mapping relationship is a known permutation of each other distinct mapping relationship.
  - 10. The method of claim 3, wherein:
    - the determining includes selecting the challenge token from the tokens; and
      
      the second instructing the video conference device to transmit the challenge symbol includes sending to the video conference the challenge token and an indication of the challenge mapping in a message that causes the video conference device to map the challenge token to the challenge symbol based on the challenge mapping.
  - 11. The method of claim 10, wherein the first instructing and the second instructing include instructing the video conference device to transmit the initial symbol and the challenge symbol on different ones of one or more acoustic channels, respectively.
  - 12. The method of claim 1, further comprising, at the user device:
    - receiving the initial symbol and recovering the initial token from the received initial symbol based on the default mapping;
      
      selecting the challenge mapping from the mappings;
      
      sending to the access server the initial token and the indication of the challenge mapping;
      
      receiving the challenge symbol and recovering the challenge token from the received challenge symbol based on the challenge mapping; and
      
      sending to the access server the recovered challenge token.

13. An apparatus, comprising:
- a network interface unit configured to communicate over a network with a video conference device and a user device; and
  
  a processor coupled to the network interface unit and having access to known mappings, including a default mapping, that are also accessible to the user device, each mapping configured to map between multi-bit tokens and symbols according to a distinct mapping relationship between the multi-bit tokens and the symbols, the processor configured to;
  
  first instruct the video conference device to map an initial token to an initial symbol based on the default mapping and to transmit the initial symbol;
  
  receive from the user device the initial token and an indication of a challenge mapping selected from the mappings by the user device, wherein the processor is configured to, responsive to the receiving;
  
  determine among the tokens a challenge token that the challenge mapping maps to a challenge symbol; and
  
  second instruct the video conference device to transmit the challenge symbol; and
  
  wait to receive the challenge token from the user device and, if the challenge token is received from the user device, grant the user device access to an information carrying channel between the video conference device and the user device.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The apparatus of claim 13, wherein the processor is configured to first instruct by causing the video conference device to transmit the initial symbol as an acoustic symbol over an acoustic channel and the processor is configure to second instructing by causing the video conference device to transmit the challenge symbol as an acoustic symbol over an acoustic channel that is either the same as or different from the acoustic symbol over which the initial symbol is transmitted.
  - 15. The apparatus of claim 13, wherein the mappings are each configured to map each token to only one symbol according to the distinct mapping relationship for that mapping and such that a given token maps to different symbols across the mappings.
  - 16. The apparatus of claim 15, wherein the processor is further configured to, responsive to the receiving:
    - prior to the determining the challenge token, select from the tokens a dummy token that the default mapping maps to the challenge symbol,wherein the processor is configured to determine by determining the challenge token such that the challenge token also maps to the challenge symbol, wherein the determining is based on the dummy token and a known relationship between the distinct mapping relationships of the challenge mapping and the default mapping.
  - 17. The apparatus of claim 16, wherein:
    - the processor is configured to first instruct by sending the initial token to the video conference device in a first message that causes the video conference device to map the initial token to the initial symbol based on the default mapping and to transmit the initial symbol; and
      
      the processor is configured to second instruct by sending the dummy token to the video conference device in a second message that causes the video conference device to map the dummy token to the challenge symbol based on the default mapping and to transmit the challenge symbol.
  - 18. The apparatus of claim 17, wherein:
    - the first message is configured to cause the video conference device to transmit the initial symbol as an acoustic symbol over a first acoustic channel; and
      
      the second message is configured to cause the video conference device to transmit the dummy token symbol as an acoustic symbol over a second acoustic channel.
  - 19. The apparatus of claim 15, wherein:
    - the processor is configured to determine by selecting the challenge token from the tokens; and
      
      the processor is configured to second instruct the video conference device to transmit the challenge symbol by sending to the video conference the challenge token and an indication of the challenge mapping in a message that causes the video conference device to map the challenge token to the challenge symbol based on the challenge mapping.

20. A non-transitory computer readable storage media encoded with instructions that, when executed by a processor of an access server configured to communicate over a network with a video conference device and a user device, the access server and the user device having access to known mappings, including a default mapping, each mapping configured to map between multi-bit tokens and symbols according to a distinct mapping relationship between the multi-bit tokens and the symbols, cause the processor to:
- first instruct the video conference device to map an initial token to an initial symbol based on the default mapping and to transmit the initial symbol;
  
  receive from the user device the initial token and an indication of a challenge mapping selected from the mappings by the user device, and responsive to the receiving;
  
  determine among the tokens a challenge token that the challenge mapping maps to a challenge symbol; and
  
  second instruct the video conference device to transmit the challenge symbol; and
  
  wait to receive the challenge token from the user device and, if the challenge token is received from the user device, grant the user device access to an information carrying channel between the video conference device and the user device.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The computer readable storage media of claim 20, wherein the instructions to cause the processor to first instruct include instructions to cause the processor to cause the video conference device to transmit the initial symbol as an acoustic symbol over an acoustic channel and the instructions to cause the processor to second instruct include instructions to cause the processor to cause the video conference device to transmit the challenge symbol as an acoustic symbol over an acoustic channel that is either the same as or different from the acoustic symbol over which the initial symbol is transmitted.
  - 22. The computer readable storage media of claim 21, wherein the mappings are each configured to map each token to only one symbol according to the distinct mapping relationship for that mapping and such that a given token maps to different symbols across the mappings.
  - 23. The computer readable storage media of claim 22, further comprising instructions to cause the processor to, responsive to the receiving:
    - prior to the determining the challenge token, select from the tokens a dummy token that the default mapping maps to the challenge symbol,wherein the instructions to cause the processor to determine include instructions to cause the processor to determine the challenge token such that the challenge token also maps to the challenge symbol, wherein the determining is based on the dummy token and a known relationship between the distinct mapping relationships of the challenge mapping and the default mapping.
  - 24. The computer readable storage media of claim 23, wherein:
    - the instructions to cause the processor to first instruct include instructions to cause the processor to send the initial token to the video conference device in a first message that causes the video conference device to map the initial token to the initial symbol based on the default mapping and to transmit the initial symbol; and
      
      the instructions to cause the processor to second instruct include instructions to cause the processor to send the dummy token to the video conference device in a second message that causes the video conference device to map the dummy token to the challenge symbol based on the default mapping and to transmit the challenge symbol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Arsenault, John, Ramalho, Michael A., Zilovic, Mihailo, Rosenberg, Jonathan
Primary Examiner(s)
Book, Phyllis A

Application Number

US15/275,844
Publication Number

US 20180091565A1
Time in Patent Office

813 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 2221/2103   Challenge-response

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 65/403   Arrangements for multi-part...

H04L 67/02   based on web technology, e....

H04L 67/104   Peer-to-peer [P2P] networks

H04L 9/3271   using challenge-response

H04W 12/08   Access security

H04W 88/02   Terminal devices

H04W 88/08   Access point devices

Challenge-response proximity verification of user devices based on token-to-symbol mapping definitions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Challenge-response proximity verification of user devices based on token-to-symbol mapping definitions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links