Multi-factor device registration for establishing secure communication

US 10,250,590 B2
Filed: 12/30/2015
Issued: 04/02/2019
Est. Priority Date: 08/31/2015
Status: Active Grant

First Claim

Patent Images

1. A method of improving security of a computer server system through secure device registration, the method comprising:

receiving, by the computer server system, a registration request from a first device via a first connection, the first device being a wearable device having network connectivity, the registration request including a digital certificate uniquely associated with the first device;

validating, by the computer server system, the first device on the basis of the registration request by determining whether the digital certificate is issued by a trusted certification authority;

sending, by the computer server system, a passcode and a nonce to the first device via the first connection in response to successfully validating the first device and instructing the first device to display the passcode;

sending, by the computer server system, a validation failure message to the first device via the first connection in response to a validation failure;

in response to sending the passcode to the first device via the first connection, prompting, by the computer server system, for the passcode on a second device via a second connection different from the first connection, the second device being a network-enabled computer;

receiving, by the computer server system, a passcode input from the second device via the second connection;

in response to receiving the passcode input containing the valid passcode on the second device via the second connection, instructing the first device to display a pairing button;

in response to receiving an activation of the pairing button on the first device, receiving a request for an authorization token from the first device via the first connection, the request for the authorization token including the digital certificate and the nonce;

in response to successfully validating the digital certificate and the nonce, sending, by the computer server system, an authorization token to the first device via the first connection;

in response to sending the authorization token to the first device, completing pairing of the first device with the computer server system;

in response to receiving the passcode input containing an invalid passcode, prompting, by the computer server system, for the passcode from the second device via the second connection for a predetermined number of tries;

in response to receiving the passcode input containing an invalid passcode after the predetermined number of tries, denying, by the computer server system, the registration request from the first device to enforce a secure authentication standard for device registration;

in response to completing the pairing of the first device with the computer server system, storing at the computer server system device parameters associated with the first device and identifying, at the computer server system, a manifest to use with the first device based on the device parameters; and

in response to completing the pairing of the first device with the computer server system, establishing a secure data exchange session between the first device and the computer server system to exchange data packets securely, wherein the first device set headers of data packets to be transmitted to the computer server system using the authorization token and wherein the computer server system exchanges data packets with the first device using the device parameters.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of secure device registration is presented. The method comprises: receiving a registration request from a device; validating the device on the basis of the registration request; in response to successfully validating the device, sending a passcode to the device via a first connection; prompting a user for the passcode via a second connection different from the first connection; receiving the passcode via the second connection; and sending an authorization token to the device via the first connection.

27 Citations

View as Search Results

6 Claims

1. A method of improving security of a computer server system through secure device registration, the method comprising:
- receiving, by the computer server system, a registration request from a first device via a first connection, the first device being a wearable device having network connectivity, the registration request including a digital certificate uniquely associated with the first device;
  
  validating, by the computer server system, the first device on the basis of the registration request by determining whether the digital certificate is issued by a trusted certification authority;
  
  sending, by the computer server system, a passcode and a nonce to the first device via the first connection in response to successfully validating the first device and instructing the first device to display the passcode;
  
  sending, by the computer server system, a validation failure message to the first device via the first connection in response to a validation failure;
  
  in response to sending the passcode to the first device via the first connection, prompting, by the computer server system, for the passcode on a second device via a second connection different from the first connection, the second device being a network-enabled computer;
  
  receiving, by the computer server system, a passcode input from the second device via the second connection;
  
  in response to receiving the passcode input containing the valid passcode on the second device via the second connection, instructing the first device to display a pairing button;
  
  in response to receiving an activation of the pairing button on the first device, receiving a request for an authorization token from the first device via the first connection, the request for the authorization token including the digital certificate and the nonce;
  
  in response to successfully validating the digital certificate and the nonce, sending, by the computer server system, an authorization token to the first device via the first connection;
  
  in response to sending the authorization token to the first device, completing pairing of the first device with the computer server system;
  
  in response to receiving the passcode input containing an invalid passcode, prompting, by the computer server system, for the passcode from the second device via the second connection for a predetermined number of tries;
  
  in response to receiving the passcode input containing an invalid passcode after the predetermined number of tries, denying, by the computer server system, the registration request from the first device to enforce a secure authentication standard for device registration;
  
  in response to completing the pairing of the first device with the computer server system, storing at the computer server system device parameters associated with the first device and identifying, at the computer server system, a manifest to use with the first device based on the device parameters; and
  
  in response to completing the pairing of the first device with the computer server system, establishing a secure data exchange session between the first device and the computer server system to exchange data packets securely, wherein the first device set headers of data packets to be transmitted to the computer server system using the authorization token and wherein the computer server system exchanges data packets with the first device using the device parameters.
- View Dependent Claims (2)
- - 2. The method of claim 1, wherein validating the first device includes retrieving fields from the digital certificate, the fields including one or more of a device ID, a vendor ID, and a firmware revision value, and validating the fields.

3. A non-transitory, tangible computer readable storage medium having stored thereon computer executable instructions that, when executed by a computer, cause the computer to perform the following to improve the security of the computer through secure device registration:
- receiving a registration request from a first device via a first connection, the first device being a wearable device having network connectivity, the registration request including a digital certificate uniquely associated with the first device;
  
  validating the first device on the basis of the registration request by determining whether the digital certificate is issued by a trusted certification authority;
  
  sending a passcode and a nonce to the first device via the first connection in response to successfully validating the first device and instructing the first device to display the passcode;
  
  sending a validation failure message to the first device via the first connection in response to a validation failure;
  
  in response to sending the passcode to the first device via the first connection, prompting for the passcode on a second device via a second connection different from the first connection, the second device being a network-enabled computer;
  
  receiving a passcode input from the second device via the second connection;
  
  in response to receiving the passcode input containing the valid passcode on the second device via the second connection, instructing the first device to display a pairing button;
  
  in response to receiving an activation of the pairing button on the first device, receiving a request for an authorization token from the first device via the first connection, the request for the authorization token including the digital certificate and the nonce;
  
  in response to successfully validating the digital certificate and the nonce, sending an authorization token to the first device via the first connection;
  
  in response to sending the authorization token to the first device, completing pairing of the first device with the computer server system;
  
  in response to receiving the passcode input containing an invalid passcode, prompting for the passcode from the second device via the second connection for a predetermined number of tries;
  
  in response to receiving the passcode input containing an invalid passcode after the predetermined number of tries, denying the registration request from the first device to enforce a secure authentication standard for device registration;
  
  in response to completing the pairing of the first device with the computer server system, storing at the computer server system device parameters associated with the first device and identifying, at the computer server system, a manifest to use with the first device based on the device parameters; and
  
  in response to completing the pairing of the first device with the computer server system, establishing a secure data exchange session between the first device and the computer server system to exchange data packets securely, wherein the first device set headers of data packets to be transmitted to the computer server system using the authorization token and wherein the computer server system exchanges data packets with the first device using the device parameters.
- View Dependent Claims (4)
- - 4. The computer readable storage medium of claim 3, wherein validating the first device includes retrieving fields from the digital certificate, the fields including one or more of a device ID, a vendor ID, and a firmware revision value, and validating the fields.

5. A computer-implemented system with improved security through secured device registration, the system comprising:
- a proxy server implemented using one or more computers; and
  
  a data exchange platform server using one or more computers, wherein;
  
  the proxy server is configured to;
  
  receive a registration request from a first device via a first connection, the first device being a wearable device having network connectivity, the registration request including a digital certificate uniquely associated with the first device,determine whether the digital certificate is issued by a trusted certification authority, andsend the registration request to the data exchange platform server in response to a determination that the digital certificate is issued by a trusted certification authority; and
  
  the data exchange platform server is configured to;
  
  validate the first device on the basis of the registration request,send a passcode and a nonce to the first device via the first connection in response to successfully validating the first device and instructing the first device to display the passcode,send a validation failure message to the first device via the first connection in response to a validation failure;
  
  in response to sending the passcode to the first device via the first connection, prompt for the passcode on a second device via a second connection different from the first connection, the second device being a network-enabled computer,receive a passcode input from the second device via the second connection,in response to receiving the passcode input containing the valid passcode on the second device via the second connection, instruct the first device to display a pairing button;
  
  in response to receiving an activation of the pairing button on the first device, receive a request for an authorization token from the first device via the first connection, the request for the authorization token including the digital certificate and the nonce;
  
  in response to successfully validating the digital certificate and the nonce, send an authorization token to the first device via the first connection;
  
  in response to sending the authorization token to the first device, complete pairing of the first device with the data exchange platform server;
  
  in response to receiving the passcode input containing an invalid passcode, prompt for the passcode from the second device via the second connection for a predetermined number of tries;
  
  in response to receiving the passcode input containing an invalid passcode after the predetermined number of tries, deny the registration request from the first device to enforce a secure authentication standard for device registration;
  
  in response to completing the pairing of the first device with the computer server system, store at the computer server system device parameters associated with the first device and identifying, at the computer server system, a manifest to use with the first device based on the device parameters; and
  
  in response to completing the pairing of the first device with the computer server system, establish a secure data exchange session between the first device and the computer server system to exchange data packets securely, wherein the first device set headers of data packets to be transmitted to the computer server system using the authorization token and wherein the computer server system exchanges data packets with the first device using the device parameters.
- View Dependent Claims (6)
- - 6. The system of claim 5, wherein to validating the first device includes retrieving fields from the digital certificate, the fields including one or more of a device ID, a vendor ID, and a firmware revision value, and validating the fields.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Gryb, Oleg, Dubreuil, Jerome Laurent, Julia, Luc
Primary Examiner(s)
Tolentino, Roderick

Application Number

US14/984,248
Publication Number

US 20170063834A1
Time in Patent Office

1,189 Days
Field of Search

726 2- 10
US Class Current
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

H04L 63/18   using different networks or...

H04L 67/12   specially adapted for propr...

H04L 67/56   Provisioning of proxy servi...

H04L 69/14   Multichannel or multilink p...

H04W 60/00   Affiliation to network, e.g...

Multi-factor device registration for establishing secure communication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

27 Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-factor device registration for establishing secure communication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links