Multi-factor device registration for establishing secure communication
First Claim
Patent Images
1. A method of improving security of a computer server system through secure device registration, the method comprising:
- receiving, by the computer server system, a registration request from a first device via a first connection, the first device being a wearable device having network connectivity, the registration request including a digital certificate uniquely associated with the first device;
validating, by the computer server system, the first device on the basis of the registration request by determining whether the digital certificate is issued by a trusted certification authority;
sending, by the computer server system, a passcode and a nonce to the first device via the first connection in response to successfully validating the first device and instructing the first device to display the passcode;
sending, by the computer server system, a validation failure message to the first device via the first connection in response to a validation failure;
in response to sending the passcode to the first device via the first connection, prompting, by the computer server system, for the passcode on a second device via a second connection different from the first connection, the second device being a network-enabled computer;
receiving, by the computer server system, a passcode input from the second device via the second connection;
in response to receiving the passcode input containing the valid passcode on the second device via the second connection, instructing the first device to display a pairing button;
in response to receiving an activation of the pairing button on the first device, receiving a request for an authorization token from the first device via the first connection, the request for the authorization token including the digital certificate and the nonce;
in response to successfully validating the digital certificate and the nonce, sending, by the computer server system, an authorization token to the first device via the first connection;
in response to sending the authorization token to the first device, completing pairing of the first device with the computer server system;
in response to receiving the passcode input containing an invalid passcode, prompting, by the computer server system, for the passcode from the second device via the second connection for a predetermined number of tries;
in response to receiving the passcode input containing an invalid passcode after the predetermined number of tries, denying, by the computer server system, the registration request from the first device to enforce a secure authentication standard for device registration;
in response to completing the pairing of the first device with the computer server system, storing at the computer server system device parameters associated with the first device and identifying, at the computer server system, a manifest to use with the first device based on the device parameters; and
in response to completing the pairing of the first device with the computer server system, establishing a secure data exchange session between the first device and the computer server system to exchange data packets securely, wherein the first device set headers of data packets to be transmitted to the computer server system using the authorization token and wherein the computer server system exchanges data packets with the first device using the device parameters.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of secure device registration is presented. The method comprises: receiving a registration request from a device; validating the device on the basis of the registration request; in response to successfully validating the device, sending a passcode to the device via a first connection; prompting a user for the passcode via a second connection different from the first connection; receiving the passcode via the second connection; and sending an authorization token to the device via the first connection.
27 Citations
6 Claims
-
1. A method of improving security of a computer server system through secure device registration, the method comprising:
-
receiving, by the computer server system, a registration request from a first device via a first connection, the first device being a wearable device having network connectivity, the registration request including a digital certificate uniquely associated with the first device; validating, by the computer server system, the first device on the basis of the registration request by determining whether the digital certificate is issued by a trusted certification authority; sending, by the computer server system, a passcode and a nonce to the first device via the first connection in response to successfully validating the first device and instructing the first device to display the passcode; sending, by the computer server system, a validation failure message to the first device via the first connection in response to a validation failure; in response to sending the passcode to the first device via the first connection, prompting, by the computer server system, for the passcode on a second device via a second connection different from the first connection, the second device being a network-enabled computer; receiving, by the computer server system, a passcode input from the second device via the second connection; in response to receiving the passcode input containing the valid passcode on the second device via the second connection, instructing the first device to display a pairing button; in response to receiving an activation of the pairing button on the first device, receiving a request for an authorization token from the first device via the first connection, the request for the authorization token including the digital certificate and the nonce; in response to successfully validating the digital certificate and the nonce, sending, by the computer server system, an authorization token to the first device via the first connection; in response to sending the authorization token to the first device, completing pairing of the first device with the computer server system; in response to receiving the passcode input containing an invalid passcode, prompting, by the computer server system, for the passcode from the second device via the second connection for a predetermined number of tries; in response to receiving the passcode input containing an invalid passcode after the predetermined number of tries, denying, by the computer server system, the registration request from the first device to enforce a secure authentication standard for device registration; in response to completing the pairing of the first device with the computer server system, storing at the computer server system device parameters associated with the first device and identifying, at the computer server system, a manifest to use with the first device based on the device parameters; and in response to completing the pairing of the first device with the computer server system, establishing a secure data exchange session between the first device and the computer server system to exchange data packets securely, wherein the first device set headers of data packets to be transmitted to the computer server system using the authorization token and wherein the computer server system exchanges data packets with the first device using the device parameters. - View Dependent Claims (2)
-
-
3. A non-transitory, tangible computer readable storage medium having stored thereon computer executable instructions that, when executed by a computer, cause the computer to perform the following to improve the security of the computer through secure device registration:
-
receiving a registration request from a first device via a first connection, the first device being a wearable device having network connectivity, the registration request including a digital certificate uniquely associated with the first device; validating the first device on the basis of the registration request by determining whether the digital certificate is issued by a trusted certification authority; sending a passcode and a nonce to the first device via the first connection in response to successfully validating the first device and instructing the first device to display the passcode; sending a validation failure message to the first device via the first connection in response to a validation failure; in response to sending the passcode to the first device via the first connection, prompting for the passcode on a second device via a second connection different from the first connection, the second device being a network-enabled computer; receiving a passcode input from the second device via the second connection; in response to receiving the passcode input containing the valid passcode on the second device via the second connection, instructing the first device to display a pairing button; in response to receiving an activation of the pairing button on the first device, receiving a request for an authorization token from the first device via the first connection, the request for the authorization token including the digital certificate and the nonce; in response to successfully validating the digital certificate and the nonce, sending an authorization token to the first device via the first connection; in response to sending the authorization token to the first device, completing pairing of the first device with the computer server system; in response to receiving the passcode input containing an invalid passcode, prompting for the passcode from the second device via the second connection for a predetermined number of tries; in response to receiving the passcode input containing an invalid passcode after the predetermined number of tries, denying the registration request from the first device to enforce a secure authentication standard for device registration; in response to completing the pairing of the first device with the computer server system, storing at the computer server system device parameters associated with the first device and identifying, at the computer server system, a manifest to use with the first device based on the device parameters; and in response to completing the pairing of the first device with the computer server system, establishing a secure data exchange session between the first device and the computer server system to exchange data packets securely, wherein the first device set headers of data packets to be transmitted to the computer server system using the authorization token and wherein the computer server system exchanges data packets with the first device using the device parameters. - View Dependent Claims (4)
-
-
5. A computer-implemented system with improved security through secured device registration, the system comprising:
-
a proxy server implemented using one or more computers; and a data exchange platform server using one or more computers, wherein; the proxy server is configured to; receive a registration request from a first device via a first connection, the first device being a wearable device having network connectivity, the registration request including a digital certificate uniquely associated with the first device, determine whether the digital certificate is issued by a trusted certification authority, and send the registration request to the data exchange platform server in response to a determination that the digital certificate is issued by a trusted certification authority; and
the data exchange platform server is configured to;validate the first device on the basis of the registration request, send a passcode and a nonce to the first device via the first connection in response to successfully validating the first device and instructing the first device to display the passcode, send a validation failure message to the first device via the first connection in response to a validation failure; in response to sending the passcode to the first device via the first connection, prompt for the passcode on a second device via a second connection different from the first connection, the second device being a network-enabled computer, receive a passcode input from the second device via the second connection, in response to receiving the passcode input containing the valid passcode on the second device via the second connection, instruct the first device to display a pairing button; in response to receiving an activation of the pairing button on the first device, receive a request for an authorization token from the first device via the first connection, the request for the authorization token including the digital certificate and the nonce; in response to successfully validating the digital certificate and the nonce, send an authorization token to the first device via the first connection; in response to sending the authorization token to the first device, complete pairing of the first device with the data exchange platform server; in response to receiving the passcode input containing an invalid passcode, prompt for the passcode from the second device via the second connection for a predetermined number of tries; in response to receiving the passcode input containing an invalid passcode after the predetermined number of tries, deny the registration request from the first device to enforce a secure authentication standard for device registration; in response to completing the pairing of the first device with the computer server system, store at the computer server system device parameters associated with the first device and identifying, at the computer server system, a manifest to use with the first device based on the device parameters; and in response to completing the pairing of the first device with the computer server system, establish a secure data exchange session between the first device and the computer server system to exchange data packets securely, wherein the first device set headers of data packets to be transmitted to the computer server system using the authorization token and wherein the computer server system exchanges data packets with the first device using the device parameters. - View Dependent Claims (6)
-
Specification