Establishing trust between two devices

US 10,362,031 B2
Filed: 06/21/2017
Issued: 07/23/2019
Est. Priority Date: 09/17/2014
Status: Active Grant

First Claim

Patent Images

1. A device comprising:

a processing system comprising;

one or more processors; and

memory coupled to the one or more processors, the processing system configured to;

maintain a list of devices known to be trusted within a same domain, wherein the domain comprises one or more networks operated by an entity and devices on the list of devices are approved for automatic pairing by the entity;

issue a hash function and a hash seed to a first device included in the list of devices, the hash seed and the hash function usable to generate a hash chain that includes multiple versions;

receive, from a second device included in the list of devices, a request to connect to the first device;

determine a current version of the multiple versions of the hash chain that is being used by the first device to determine a media access control (MAC) address; and

send, to the second device and based on the inclusion of the second device in the list of devices, the hash function, the hash seed and the current version thereby enabling the second device to determine the MAC address and to securely connect to the first device using the MAC address without the MAC address being broadcast.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques described herein leverage a trusted entity within a domain to enable devices to establish trust with one another so they can securely discover each other and connect to one another. In various examples discussed herein, a device is configured to provide trust information to, and/or receive trust information from, the trusted entity. The trust information may include, for example, a public key of an encryption key pair, a certificate signed by the trusted entity proving authenticity, and/or a hash function and a hash seed used to compute a series of results that form a hash chain. The device may use the trust information to discover another device and to connect to the other device securely and automatically (e.g., with no user involvement or limited user involvement). Moreover, the device may use the trust information to dynamically change a MAC address being used to communicate with the other device.

Citations

20 Claims

1. A device comprising:
- a processing system comprising;
  
  one or more processors; and
  
  memory coupled to the one or more processors, the processing system configured to;
  
  maintain a list of devices known to be trusted within a same domain, wherein the domain comprises one or more networks operated by an entity and devices on the list of devices are approved for automatic pairing by the entity;
  
  issue a hash function and a hash seed to a first device included in the list of devices, the hash seed and the hash function usable to generate a hash chain that includes multiple versions;
  
  receive, from a second device included in the list of devices, a request to connect to the first device;
  
  determine a current version of the multiple versions of the hash chain that is being used by the first device to determine a media access control (MAC) address; and
  
  send, to the second device and based on the inclusion of the second device in the list of devices, the hash function, the hash seed and the current version thereby enabling the second device to determine the MAC address and to securely connect to the first device using the MAC address without the MAC address being broadcast.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The device of claim 1, wherein the processing system is further configured to:
    - receive, from the first device, an indication that the first device is changing from using the MAC address to using a new MAC address associated with a new version of the multiple versions of the hash chain; and
      
      provide the indication to the second device.
  - 3. The device of claim 2, wherein the indication is received based at least in part on a timing protocol associated with the hash function and usable to determine a time to change the MAC address.
  - 4. The device of claim 3, wherein the timing protocol is implemented to periodically change the MAC address at a given time interval.
  - 5. The device of claim 2, wherein the indication is received based at least in part on a determination that the MAC address has been compromised.
  - 6. The device of claim 1, wherein the hash function is used to continually change the MAC address.
  - 7. The device of claim 1, wherein:
    - the domain comprises an enterprise domain;
      
      the entity comprises a company; and
      
      the devices on the list of devices are given permissions to receive the hash function, the hash seed, and the current version.

8. A method comprising:
- maintaining a list of devices known to be trusted within a same domain, wherein the domain comprises one or more networks operated by an entity and devices on the list of devices are approved for automatic pairing by the entity;
  
  issuing a hash function and a hash seed to a first device included in the list of devices, the hash seed and the hash function usable to generate a hash chain that includes multiple versions;
  
  receiving, from a second device included in the list of devices, a request to connect to the first device;
  
  determining a current version of the multiple versions of the hash chain that is being used by the first device to determine a media access control (MAC) address; and
  
  sending, to the second device and based on the inclusion of the second device in the list of devices, the hash function, the hash seed and the current version thereby enabling the second device to determine the MAC address and to securely connect to the first device via the MAC address without the MAC address being broadcast.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising:
    - receiving, from the first device, an indication that the first device is changing from using the MAC address to using a new MAC address associated with a new version of the multiple versions of the hash chain; and
      
      providing the indication to the second device.
  - 10. The method of claim 9, wherein the indication is received based at least in part on a timing protocol associated with the hash function and usable to determine a time to change the MAC address.
  - 11. The method of claim 10, wherein the timing protocol is implemented to periodically change the MAC address at a given time interval.
  - 12. The method of claim 9, wherein the indication is received based at least in part on a determination that the MAC address has been compromised.
  - 13. The method of claim 8, wherein the hash function is used to continually change the MAC address.
  - 14. The method of claim 8, whereinthe domain comprises an enterprise domain;
    - andthe devices on the list of devices are given permissions to receive the hash function, the hash seed, and the current version.

15. One or more computer storage media comprising instructions that, when executed by one or more processors, cause a device to perform operations comprising:
- maintaining a list of devices known to be trusted within a same domain, wherein the domain comprises one or more networks operated by an entity and devices on the list of devices are registered for automatic pairing by the entity;
  
  issuing a hash function and a hash seed to a first device included in the list of devices, the hash seed and the hash function usable to generate a hash chain that includes multiple versions;
  
  receiving, from a second device included in the list of devices, a request to connect to the first device;
  
  determining a current version of the multiple versions of the hash chain that is being used by the first device to determine a media access control (MAC) address; and
  
  sending, to the second device and based on the inclusion of the second device in the list of devices, the hash function, the hash seed and the current version thereby enabling the second device to determine the MAC address and to securely connect to the first device via the MAC address without the MAC address being broadcast.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The one or more computer storage media of claim 15, wherein the operations further comprise:
    - receiving, from the first device, an indication that the first device is changing from using the MAC address to using a new MAC address associated with a new version of the multiple versions of the hash chain; and
      
      providing the indication to the second device.
  - 17. The one or more computer storage media of claim 16, wherein the indication is received based at least in part on a timing protocol associated with the hash function and usable to determine a time to change the MAC address.
  - 18. The one or more computer storage media of claim 17, wherein the timing protocol is implemented to periodically change the MAC address at a given time interval.
  - 19. The one or more computer storage media of claim 16, wherein the indication is received based at least in part on a determination that the MAC address has been compromised.
  - 20. The one or more computer storage media of claim 15, wherein:
    - the domain comprises an enterprise domain, andthe devices on the list of devices are given permissions to receive the hash function, the hash seed, and the current version.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Dawoud Shenouda Dawoud, Peter, Saboori, Anoosh, Soni, Himanshu, Ingalls, Dustin Michael, Porter, Nelly L.
Primary Examiner(s)
Perungavoor, Venkat

Application Number

US15/629,508
Publication Number

US 20170289157A1
Time in Patent Office

762 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3265   using certificate chains, t...

H04L 9/50   using hash chains, e.g. blo...

Establishing trust between two devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Establishing trust between two devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links