Adaptive enhanced environment-aware authentication for IoT devices

US 10,225,261 B2
Filed: 08/29/2016
Issued: 03/05/2019
Est. Priority Date: 08/29/2016
Status: Active Grant

First Claim

Patent Images

1. A method, in a data processing system, comprising a processor and a memory, the memory comprising instructions that are executed by the processor to cause the processor to be configured to implement an authentication server for authentication and authorization of an access to a resource by a new device, wherein the new device is a system-on-a-chip resource weak device, the method comprising:

forming, by the authentication server, a federation of a group of devices in a neighborhood, wherein the group of devices in the federation are wireless communication enabled devices;

building, by the authentication server, a representational vector for each device of the federation during an initial authentication procedure for the device, wherein the representational vector comprises characteristic parameters of the device and neighboring devices;

responsive to a request to add the new device to the federation, forcing, by the authentication server, a change to a characteristic parameter value within a representational vector of the new device;

detecting, by the authentication server, that the forced change to the characteristic parameter value has been replicated by the new device to one or more other devices already in the federation into their respective representational vector; and

responsive to detecting the change to the characteristic parameter value in the one or more other devices already in the federation, confirming, by the authentication server, the new device as a new member to the federation, wherein the new device uses an access token based authorization process for allowing access to the resource and wherein the access token is generated during an initial authentication procedure in which the representational vector of the new device is used to confirm that the new device is in the neighborhood of already federated devices.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism is provided for authentication and authorization of an access to a resource by a device may be provided. The device may be a system-on-a-chip resource weak device. The mechanism forms a federation of a group of the devices in a neighborhood. The devices are wireless communication enabled. The mechanism builds a representational vector for each device of the federation of devices during an initial authentication procedure for the device. The representational vector comprises characteristic parameters of the device and neighboring devices. The mechanism uses an access token based authorization process for accessing the resource. The access token is generated during the initial authentication procedure, in which the representational vector of the device is used to confirm that a device that is new to the federation is in the neighborhood of already federated devices.

16 Citations

18 Claims

1. A method, in a data processing system, comprising a processor and a memory, the memory comprising instructions that are executed by the processor to cause the processor to be configured to implement an authentication server for authentication and authorization of an access to a resource by a new device, wherein the new device is a system-on-a-chip resource weak device, the method comprising:
- forming, by the authentication server, a federation of a group of devices in a neighborhood, wherein the group of devices in the federation are wireless communication enabled devices;
  
  building, by the authentication server, a representational vector for each device of the federation during an initial authentication procedure for the device, wherein the representational vector comprises characteristic parameters of the device and neighboring devices;
  
  responsive to a request to add the new device to the federation, forcing, by the authentication server, a change to a characteristic parameter value within a representational vector of the new device;
  
  detecting, by the authentication server, that the forced change to the characteristic parameter value has been replicated by the new device to one or more other devices already in the federation into their respective representational vector; and
  
  responsive to detecting the change to the characteristic parameter value in the one or more other devices already in the federation, confirming, by the authentication server, the new device as a new member to the federation, wherein the new device uses an access token based authorization process for allowing access to the resource and wherein the access token is generated during an initial authentication procedure in which the representational vector of the new device is used to confirm that the new device is in the neighborhood of already federated devices.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, wherein the neighborhood is defined by a reach of a wireless communication mechanism of the wireless communication enabled devices.
  - 3. The method according to claim 1, wherein the representational vector comprises at least one characteristic parameter selected from of the group comprising:
    - a device identifier, a federation identifier, a Service Set Identifier of a wireless local area network of a federated device, a Bluetooth name, a Rich Site Summary feed identifier of a federated device, a Media Access Control number of a federated device, a universal resource locator address of a resource accessed the device, a counter indicating how often a universal resource locator address has been accessed, an access token, a time of last access to a resource, global positioning data, and an epoch for a validity of the access token.
  - 4. The method according to claim 1, wherein the authorization process for accessing the resource further comprises:
    - authorizing, by the authentication server, an access to the resource by a resource manager based on the access token without performing the authentication process prior to each access to the resource.
  - 5. The method according to claim 1, wherein the devices in the neighborhood update their representational vector mutually.
  - 6. The method according to claim 1, wherein the f rx in of the federation further comprises:
    - adding, by the authentication server, at least one characteristic parameter value of a neighboring device to each representational vector of each device in the federation.

7. A system for authentication and authorization of an access to a resource by a new device, wherein the new device is a system-on-a-chip resource weak device, the system comprising:
- a processor; and
  
  a memory coupled to the processor, wherein the memory comprises instructions which, when executed by the processor, cause the processor to implement an authentication server for authentication and authorization of an access to a resource by a new device, wherein the new device is a system-on-a-chip resource weak device, and further cause the processor to;
  
  form, by the authentication server, a federation of a group of devices in a neighborhood, wherein the group of devices in the federation are wireless communication enabled devices;
  
  build, by the authentication server, a representational vector for each device of the federation during an initial authentication procedure for the device, wherein the representational vector comprises characteristic parameters of the device and neighboring devices;
  
  responsive to a request to add the new device to the federation, force, by the authentication server, a change to a characteristic parameter value within a representational vector of the new device;
  
  detect, by the authentication server, that the forced change to the characteristic parameter value has been replicated by the new device to one or more other devices already in the federation into their respective representational vector; and
  
  responsive to detecting the change to the characteristic parameter value in the one or more other devices already in the federation, confirm, by the authentication server, the new device as a new member to the federation, wherein the new device uses an access token based authorization process for allowing access to the resource and wherein the access token is generated during an initial authentication procedure in which the representational vector of the new device is used to confim that the new device is in the neighborhood of already federated devices.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system according to claim 7, wherein the neighborhood is defined by a reach of a wireless communication mechanism of the wireless communication enabled devices.
  - 9. The system according to claim 7, wherein the representational vector comprises at least one characteristic parameter selected from of the group comprising:
    - a device identifier, a federation identifier, a Service Set Identifier of a wireless local area network of a federated device, a Bluetooth name, a Rich Site Summary feed identifier of a federated device, a Media Access Control number of a federated device, a universal resource, locator address of a resource accessed the device, a counter indicating how often a universal resource locator address has been accessed, an access token, a time of last access to a resource, global positioning data, and an epoch for a validity of the access token.
  - 10. The system according to claim 7, wherein the instructions further cause the processor to:
    - authorize, the authentication server, an access to the resource by a resource manager based on the access token, without performing the authentication process prior to each access to the resource.
  - 11. The system according to claim 7, wherein the devices in the neighborhood update their representational vector mutually.
  - 12. The system, according to claim 7, wherein the instructions to form the federation further cause the processor to:
    - add, by the authentication server, at least one characteristic parameter value of a neighboring device to each representational vector of each device in the federation.

13. A computer program product comprising a computer readable storage medium having a computer readable program stored therein for authentication and authorization of an access to a resource by a new device, wherein the new device is a system-on-a-chip resource weak device, wherein the computer readable program, when executed on a computing device, causes the computing device to implement an authentication server for authentication and authorization of an access to a resource by a new device, wherein the new device is a, system-on-a-chip resource weak device, and further causes the computing device to:
- form, by the authentication server, a federation of a group of devices in a neighborhood, wherein the group of devices in the federation are wireless communication enabled devices;
  
  build, by the authentication server, a representational vector for each device of the federation during an initial authentication procedure for the device, wherein the representational vector comprises characteristic parameters of the device and neighboring devices;
  
  responsive to a request to add the new device to the federation, force, by the authentication server, a change to a characteristic parameter value within a representational vector of a first the new device;
  
  detect, by the authentication server, that the forced change to the characteristic parameter value has been replicated by the new device to one or more, other devices already in the federation into their respective representational vector; and
  
  responsive to detecting the change to the characteristic parameter value in the one or more other devices already in the federation, confirm, by the authentication server, the new device as a new member to the federation, wherein the new device uses an access token based authorization process for allowing access to the resource and wherein the access token is generated during an initial authentication procedure in which the representational vector of the new device is used to confirm that the new device is in the neighborhood of already federated devices.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer program product according to claim 13, wherein the computer readable program further causes the computing device to:
    - authorize, by the authentication server, an access to the resource by a resource manager based on the access token without performing the authentication process prior to each, access to the resource.
  - 15. The computer program product according to claim 13, wherein the neighborhood is defined by a reach of a wireless communication mechanism of the wireless communication enabled devices.
  - 16. The computer program product according to claim 13, wherein the representational vector comprises at least one characteristic parameter selected from of the group comprising:
    - a device identifier, a federation identifier, a Service Set Identifier of a wireless local area network of a federated device, a Bluetooth name, a Rich Site Summary feed identifier of a federated device, a Media Access Control number of a federated device, a universal resource locator address of a resource accessed the device, a counter indicating how often a universal resource locator address has been accessed, an access token, a time of last access to a resource, global positioning data, and an epoch for a validity of the access token.
  - 17. The computer program product according to claim 13, wherein the devices in the neighborhood update their representational vector mutually.
  - 18. The computer program product according to claim 13, wherein the computer readable program further causes the computing device to:
    - add, by the authentication server, at least one characteristic parameter value of a neighboring device to each representational vector of each device in the federation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Gargaro, Gianluca, Trinchini, Patrizio
Primary Examiner(s)
Lanier, Benjamin E

Application Number

US15/249,875
Publication Number

US 20180063108A1
Time in Patent Office

918 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 49/109   Integrated on microchip, e....

H04L 63/0846   using time-dependent-passwo...

H04L 63/104   Grouping of entities

H04L 63/108   when the policy decisions a...

H04W 12/06   Authentication

H04W 12/084   using delegated authorisati...

H04W 4/02   Services making use of loca...

Adaptive enhanced environment-aware authentication for IoT devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Adaptive enhanced environment-aware authentication for IoT devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links