Adaptive enhanced environment-aware authentication for IoT devices
First Claim
1. A method, in a data processing system, comprising a processor and a memory, the memory comprising instructions that are executed by the processor to cause the processor to be configured to implement an authentication server for authentication and authorization of an access to a resource by a new device, wherein the new device is a system-on-a-chip resource weak device, the method comprising:
- forming, by the authentication server, a federation of a group of devices in a neighborhood, wherein the group of devices in the federation are wireless communication enabled devices;
building, by the authentication server, a representational vector for each device of the federation during an initial authentication procedure for the device, wherein the representational vector comprises characteristic parameters of the device and neighboring devices;
responsive to a request to add the new device to the federation, forcing, by the authentication server, a change to a characteristic parameter value within a representational vector of the new device;
detecting, by the authentication server, that the forced change to the characteristic parameter value has been replicated by the new device to one or more other devices already in the federation into their respective representational vector; and
responsive to detecting the change to the characteristic parameter value in the one or more other devices already in the federation, confirming, by the authentication server, the new device as a new member to the federation, wherein the new device uses an access token based authorization process for allowing access to the resource and wherein the access token is generated during an initial authentication procedure in which the representational vector of the new device is used to confirm that the new device is in the neighborhood of already federated devices.
2 Assignments
0 Petitions
Accused Products
Abstract
A mechanism is provided for authentication and authorization of an access to a resource by a device may be provided. The device may be a system-on-a-chip resource weak device. The mechanism forms a federation of a group of the devices in a neighborhood. The devices are wireless communication enabled. The mechanism builds a representational vector for each device of the federation of devices during an initial authentication procedure for the device. The representational vector comprises characteristic parameters of the device and neighboring devices. The mechanism uses an access token based authorization process for accessing the resource. The access token is generated during the initial authentication procedure, in which the representational vector of the device is used to confirm that a device that is new to the federation is in the neighborhood of already federated devices.
16 Citations
18 Claims
-
1. A method, in a data processing system, comprising a processor and a memory, the memory comprising instructions that are executed by the processor to cause the processor to be configured to implement an authentication server for authentication and authorization of an access to a resource by a new device, wherein the new device is a system-on-a-chip resource weak device, the method comprising:
-
forming, by the authentication server, a federation of a group of devices in a neighborhood, wherein the group of devices in the federation are wireless communication enabled devices; building, by the authentication server, a representational vector for each device of the federation during an initial authentication procedure for the device, wherein the representational vector comprises characteristic parameters of the device and neighboring devices; responsive to a request to add the new device to the federation, forcing, by the authentication server, a change to a characteristic parameter value within a representational vector of the new device; detecting, by the authentication server, that the forced change to the characteristic parameter value has been replicated by the new device to one or more other devices already in the federation into their respective representational vector; and responsive to detecting the change to the characteristic parameter value in the one or more other devices already in the federation, confirming, by the authentication server, the new device as a new member to the federation, wherein the new device uses an access token based authorization process for allowing access to the resource and wherein the access token is generated during an initial authentication procedure in which the representational vector of the new device is used to confirm that the new device is in the neighborhood of already federated devices. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for authentication and authorization of an access to a resource by a new device, wherein the new device is a system-on-a-chip resource weak device, the system comprising:
-
a processor; and a memory coupled to the processor, wherein the memory comprises instructions which, when executed by the processor, cause the processor to implement an authentication server for authentication and authorization of an access to a resource by a new device, wherein the new device is a system-on-a-chip resource weak device, and further cause the processor to; form, by the authentication server, a federation of a group of devices in a neighborhood, wherein the group of devices in the federation are wireless communication enabled devices; build, by the authentication server, a representational vector for each device of the federation during an initial authentication procedure for the device, wherein the representational vector comprises characteristic parameters of the device and neighboring devices; responsive to a request to add the new device to the federation, force, by the authentication server, a change to a characteristic parameter value within a representational vector of the new device; detect, by the authentication server, that the forced change to the characteristic parameter value has been replicated by the new device to one or more other devices already in the federation into their respective representational vector; and responsive to detecting the change to the characteristic parameter value in the one or more other devices already in the federation, confirm, by the authentication server, the new device as a new member to the federation, wherein the new device uses an access token based authorization process for allowing access to the resource and wherein the access token is generated during an initial authentication procedure in which the representational vector of the new device is used to confim that the new device is in the neighborhood of already federated devices. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program product comprising a computer readable storage medium having a computer readable program stored therein for authentication and authorization of an access to a resource by a new device, wherein the new device is a system-on-a-chip resource weak device, wherein the computer readable program, when executed on a computing device, causes the computing device to implement an authentication server for authentication and authorization of an access to a resource by a new device, wherein the new device is a, system-on-a-chip resource weak device, and further causes the computing device to:
-
form, by the authentication server, a federation of a group of devices in a neighborhood, wherein the group of devices in the federation are wireless communication enabled devices; build, by the authentication server, a representational vector for each device of the federation during an initial authentication procedure for the device, wherein the representational vector comprises characteristic parameters of the device and neighboring devices; responsive to a request to add the new device to the federation, force, by the authentication server, a change to a characteristic parameter value within a representational vector of a first the new device; detect, by the authentication server, that the forced change to the characteristic parameter value has been replicated by the new device to one or more, other devices already in the federation into their respective representational vector; and responsive to detecting the change to the characteristic parameter value in the one or more other devices already in the federation, confirm, by the authentication server, the new device as a new member to the federation, wherein the new device uses an access token based authorization process for allowing access to the resource and wherein the access token is generated during an initial authentication procedure in which the representational vector of the new device is used to confirm that the new device is in the neighborhood of already federated devices. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification