Method for authenticating a networked endpoint using a physical (power) challenge

US 10,235,516 B2
Filed: 05/10/2016
Issued: 03/19/2019
Est. Priority Date: 05/10/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprisingdetermining whether to initiate a power challenge for an endpoint device;

in response to a determination to initiate a power challenge, determining whether the endpoint device is connected to a trusted power interface;

in response to a determination that the endpoint device is connected to the trusted power interface,sending a power challenge to the endpoint device via a power interface, whereinthe endpoint device is connected to the power interface, andthe power challenge requires the endpoint device to modulate power used by endpoint device in a specified pattern, andsending an observation request to one or more of a plurality of sensor devices;

receiving first proof of work information from the power interface, whereinthe power interface determines the first proof of work information by observing a pattern of power that passes through the power interface during a period in which the endpoint device is performing the power challenge;

receiving second proof of work information from one or more of the plurality of sensor devices, whereinthe one or more of the plurality of the sensor devices determines the second proof of work information by observing a pattern emitted by the endpoint device during the period in which the endpoint device is performing the power challenge; and

determining whether the endpoint device adequately performed the power challenge by processing the first proof of work information and the second proof of work information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various systems and methods for using power challenges to authenticate network devices are disclosed herein. For example, one method involves initiating a power challenge to authenticate an endpoint device, which involves, at least in part, requesting the endpoint device to perform a specific power signature; receiving data indicating whether the endpoint device performed the requested power signature within a given time interval, wherein the data can be received from, e.g., a power interface or other device capable of observing the endpoint device; processing the received data to determine if the endpoint device correctly performed the requested power signature; and if the endpoint correctly performed the power signature, authenticating the endpoint.

166 Citations

21 Claims

1. A method comprisingdetermining whether to initiate a power challenge for an endpoint device;
- in response to a determination to initiate a power challenge, determining whether the endpoint device is connected to a trusted power interface;
  
  in response to a determination that the endpoint device is connected to the trusted power interface,sending a power challenge to the endpoint device via a power interface, whereinthe endpoint device is connected to the power interface, andthe power challenge requires the endpoint device to modulate power used by endpoint device in a specified pattern, andsending an observation request to one or more of a plurality of sensor devices;
  
  receiving first proof of work information from the power interface, whereinthe power interface determines the first proof of work information by observing a pattern of power that passes through the power interface during a period in which the endpoint device is performing the power challenge;
  
  receiving second proof of work information from one or more of the plurality of sensor devices, whereinthe one or more of the plurality of the sensor devices determines the second proof of work information by observing a pattern emitted by the endpoint device during the period in which the endpoint device is performing the power challenge; and
  
  determining whether the endpoint device adequately performed the power challenge by processing the first proof of work information and the second proof of work information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the processing further comprisesdetermining whether a trusted sensor device adequately observed a power signature associated with the power challenge.
  - 3. The method of claim 2, wherein the processing further comprisesauthenticating the endpoint device in response to a determination that a trusted sensor device adequately observed the power signature.
  - 4. The method of claim 1, wherein the processing further comprisesdetermining whether a quorum of the plurality of sensor devices observed a power signature associated with the power challenge.
  - 5. The method of claim 1, wherein the processing further comprisesgenerating a weighted average, whereinthe weighted averaged is based on the second proof of work information received from the one or more of the plurality of sensor devices.
  - 6. The method of claim 1, further comprisingauthenticating the endpoint device in response to a determination that the endpoint device adequately performed the power challenge.
  - 7. The method of claim 1, further comprisinginitiating an error protocol in response to a determination that the endpoint device did not adequately perform the power challenge.
  - 8. The method of claim 1, further comprisingdetermining whether to initiate a power challenge for an endpoint device;
    - andthe determining whether the endpoint device is connected to the trusted power interface is performed in response to a determination to initiate the power challenge.

9. A system comprising:
- a challenge initiating module, wherein the challenge initiating module is configured todetermine whether to initiate a power challenge for an endpoint device,in response to a determination to initiate a power challenge, determine whether the endpoint device is connected to a trusted power interface, andin response to a determination that the endpoint device is connected to the trusted power interface,send a power challenge to the endpoint device via a power interface, whereinthe endpoint device is connected to the power interface, andthe power challenge requires the endpoint device to modulate power used by endpoint device in a specified pattern;
  
  a server interface module, wherein the server interface module is configured tosend an observation request to one or more of a plurality of sensor devices, whereinthe observation request is sent in response to the determination that the endpoint device is not connected to the trusted power interface, andthe server interface module is further configured toreceive first proof of work information from the power interface, wherein
  
  the power interface determines the first proof of work information by observing a pattern of power that passes through the power interface during a period in which the endpoint device is performing the power challenge, andreceive second proof of work information from one or more of the plurality of sensor devices, wherein
  
  the one or more of the plurality of the sensor devices determines the second proof of work information by observing a pattern emitted by the endpoint device during the period in which the endpoint device is performing the power challenge; and
  
  a challenge processing module, wherein the challenge processing module is configured todetermine whether the endpoint device adequately performed the power challenge by processing the first proof of work information and the second proof of work information.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the challenge processing module is further configured todetermine whether a trusted sensor device adequately observed a power signature associated with the power challenge.
  - 11. The system of claim 10, wherein the challenge processing module is further configured toauthenticate the endpoint device in response to a determination that a trusted sensor device adequately observed the power signature.
  - 12. The system of claim 9, wherein the challenge processing module is further configured todetermine whether a quorum of the plurality of sensor devices observed a power signature associated with the power challenge.
  - 13. The system of claim 9, wherein the challenge processing module is further configured togenerate a weighted average, whereinthe weighted averaged is based on the second proof of work information received from the one or more of the plurality of sensor devices.
  - 14. The system of claim 9, wherein the challenge processing module is further configured toauthenticate the endpoint device in response to a determination that the endpoint device adequately performed the power challenge.
  - 15. The system of claim 9, wherein the challenge processing module is further configured toinitiate an error protocol in response to a determination that the endpoint device did not adequately perform the power challenge.

16. An apparatus comprising:
- a challenge initiating module, wherein the challenge initiating module is configured todetermine whether to initiate a power challenge for an endpoint device,in response to a determination to initiate a power challenge, determine whether the endpoint device is connected to a trusted power interface, andin response to a determination that the endpoint device is connected to the trusted power interface,send a power challenge to the endpoint device via a power interface, whereinthe endpoint device is connected to the power interface, andthe power challenges requires the endpoint device to modulate power used by endpoint device in a specified pattern;
  
  a server interface module, wherein the server interface module is configured tosend an observation request to one or more of a plurality of sensor devices, whereinthe observation request is sent in response to the determination that the endpoint device is not connected to the trusted power interface, andthe server interface module is further configured toreceive first proof of work information from the power interface, wherein
  
  the power interface determines the first proof of work information by observing a pattern of power that passes through the power interface during a period in which the endpoint device is performing the power challenge, andreceive second proof of work information from one or more of the plurality of sensor devices, wherein
  
  the one or more of the plurality of the sensor devices determines the second proof of work information by observing a pattern emitted by the endpoint device during the period in which the endpoint device is performing the power challenge; and
  
  a challenge processing module, wherein the challenge processing module is configured todetermine whether the endpoint device adequately performed the power challenge by processing the first proof of work information and the second proof of work information.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The apparatus of claim 16, wherein the challenge processing module is further configured todetermine whether a trusted sensor device adequately observed a power signature associated with the power challenge.
  - 18. The apparatus of claim 17, wherein the challenge processing module is further configured toauthenticate the endpoint device in response to a determination that a trusted sensor device adequately observed the power signature.
  - 19. The apparatus of claim 16, wherein the challenge processing module is further configured todetermine whether a quorum of the plurality of sensor devices observed a power signature associated with the power challenge.
  - 20. The apparatus of claim 16, wherein the challenge processing module is further configured togenerate a weighted average, whereinthe weighted averaged is based on the second proof of work information received from the one or more of the plurality of sensor devices.
  - 21. The apparatus of claim 16, wherein the challenge processing module is further configured toauthenticate the endpoint device in response to a determination that the endpoint device adequately performed the power challenge.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Parello, John, Ramanujam, Padmanabhan, Pollakattu, Sarat
Primary Examiner(s)
Giddins, Nelson

Application Number

US15/150,851
Publication Number

US 20170331803A1
Time in Patent Office

1,043 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

H04L 25/02   Details ; arrangements for ...

H04L 63/0876   based on the identity of th...

H04L 9/3221   interactive zero-knowledge ...

Method for authenticating a networked endpoint using a physical (power) challenge

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

166 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method for authenticating a networked endpoint using a physical (power) challenge

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

166 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links