Secure unlock of a device

US 10,387,636 B2
Filed: 10/20/2015
Issued: 08/20/2019
Est. Priority Date: 10/20/2015
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

generating, by a wall-mounted control panel of a security and automation system of a structure at a first location, a first unique identifier for the wall-mounted control panel based at least in part on detecting a first biometric identifier of a user at the wall-mounted control panel, the wall-mounted control panel being positioned in the structure of the security and automation system;

transmitting, by the wall-mounted control panel, the first biometric identifier to a server at a second location remote from the first location of the wall-mounted control panel;

entering a locked state when the wall-mounted control panel is reformatted by altering the software or hardware of the wall-mounted control panel;

locking the wall-mounted control panel according to a first lock mode in response to an unauthorized takeover and based at least in part on entering the locked state, the first lock mode being different from a second lock mode of the wall-mounted control panel, wherein the first lock mode prevents a user from accessing the security and automation system and/or the wall-mounted control panel and the second lock mode allows a user to access at least a portion of the security and automation system and/or the wall-mounted control panel upon entering credentials;

detecting an authentication code on an external storage device;

comparing the detected authentication code with an authentication code stored locally on the wall-mounted control panel;

approving the external storage device when the two authentication codes match;

receiving a second unique identifier associated with the wall-mounted control panel from the external storage device using a universal serial bus (USB) drive of the wall-mounted control panel and based at least in part on a second biometric identifier after locking the wall-mounted control panel according to the first lock mode, the second unique identifier being an authenticated version of the first unique identifier that is authenticated by the server;

transitioning from the first lock mode to the second lock mode based at least in part on the wall-mounted control panel validating the second unique identifier, wherein validating the second unique identifier comprises determining, at the wall-mounted control panel, that the first unique identifier, stored locally on the wall-mounted control panel, and the second unique identifier, received from the external storage device, match;

unlocking the wall-mounted control panel from the first lock mode based at least in part on transitioning from the first lock mode to the second lock mode; and

opening a profile associated with the second biometric identifier after unlocking the wall-mounted control panel, wherein the second lock mode is based at least in part on the profile associated with the second biometric identifier, wherein the profile comprises a user profile and unlocking the wall-mounted control panel enables the user to access a portion of the security and automation system using the wall-mounted control panel.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A control panel may prevent access to one or more aspects of the control panel based at least in part on one or more security parameters. The security parameters may include a default locked status and a takeover locked status. The default locked status may prevent a user or other personnel from accessing the software, code, or other intellectual property on the control panel while still allowing the user to interface with the security and/or automation system. The takeover locked status may prevent any access or use of the control panel. To protect the automation system and the automation system provider, it may be desired to use a unique identifier to unlock at least one or more aspects of the control panel. The unique identifier may be loaded onto an external storage device which the control panel may automatically recognize.

Citations

13 Claims

1. A method, comprising:
- generating, by a wall-mounted control panel of a security and automation system of a structure at a first location, a first unique identifier for the wall-mounted control panel based at least in part on detecting a first biometric identifier of a user at the wall-mounted control panel, the wall-mounted control panel being positioned in the structure of the security and automation system;
  
  transmitting, by the wall-mounted control panel, the first biometric identifier to a server at a second location remote from the first location of the wall-mounted control panel;
  
  entering a locked state when the wall-mounted control panel is reformatted by altering the software or hardware of the wall-mounted control panel;
  
  locking the wall-mounted control panel according to a first lock mode in response to an unauthorized takeover and based at least in part on entering the locked state, the first lock mode being different from a second lock mode of the wall-mounted control panel, wherein the first lock mode prevents a user from accessing the security and automation system and/or the wall-mounted control panel and the second lock mode allows a user to access at least a portion of the security and automation system and/or the wall-mounted control panel upon entering credentials;
  
  detecting an authentication code on an external storage device;
  
  comparing the detected authentication code with an authentication code stored locally on the wall-mounted control panel;
  
  approving the external storage device when the two authentication codes match;
  
  receiving a second unique identifier associated with the wall-mounted control panel from the external storage device using a universal serial bus (USB) drive of the wall-mounted control panel and based at least in part on a second biometric identifier after locking the wall-mounted control panel according to the first lock mode, the second unique identifier being an authenticated version of the first unique identifier that is authenticated by the server;
  
  transitioning from the first lock mode to the second lock mode based at least in part on the wall-mounted control panel validating the second unique identifier, wherein validating the second unique identifier comprises determining, at the wall-mounted control panel, that the first unique identifier, stored locally on the wall-mounted control panel, and the second unique identifier, received from the external storage device, match;
  
  unlocking the wall-mounted control panel from the first lock mode based at least in part on transitioning from the first lock mode to the second lock mode; and
  
  opening a profile associated with the second biometric identifier after unlocking the wall-mounted control panel, wherein the second lock mode is based at least in part on the profile associated with the second biometric identifier, wherein the profile comprises a user profile and unlocking the wall-mounted control panel enables the user to access a portion of the security and automation system using the wall-mounted control panel.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - determining when the external storage device connects to the wall-mounted control panel via a universal serial bus connection;
      
      authenticating the external storage device using one or more authentication codes; and
      
      searching the external storage device for the second unique identifier, wherein receiving the second unique identifier is based at least in part on searching the external storage device.
  - 3. The method of claim 2, wherein the profile comprises a provider profile to troubleshoot a problem with the wall-mounted control panel.
  - 4. The method of claim 1, further comprising:
    - alerting an automation system provider of the locking when the wall-mounted control panel is completely inaccessible.
  - 5. The method of claim 1, further comprising:
    - resetting the first unique identifier at a predetermined time period.
  - 6. The method of claim 1, further comprising:
    - expiring the first unique identifier after a predetermined time period.
  - 7. The method of claim 1, wherein generating the first biometric identifier further comprises:
    - detecting, at the wall-mounted control panel when the wall-mounted control panel is installed, one or more of a voice or fingerprint of the user.

8. A device, comprising:
- a wall-mounted control panel of a security and automation system, the wall-mounted control panel being positioned in a structure at a first location associated with the security and automation system, the wall-mounted control panel including a processor, memory in electronic communication with the processor; and
  
  instructions stored in the memory, the instructions being executable by the processor to;
  
  generate, by the wall-mounted control panel of the security and automation system of the structure at the first location, a first unique identifier for the wall-mounted control panel based at least in part on detecting a first biometric identifier of a user at the wall-mounted control panel;
  
  transmit, by the wall-mounted control panel, the first biometric identifier to a server at a second location remote from the first location of the wall-mounted control panel;
  
  enter a locked state when the wall-mounted control panel is reformatted by altering the software or hardware of the wall-mounted control panel;
  
  lock the wall-mounted control panel according to a first lock mode in response to an unauthorized takeover and based at least in part on entering the locked state, the first lock mode being different from a second lock mode of the wall-mounted control panel, wherein the first lock mode prevents a user from accessing the security and automation system and/or the wall-mounted control panel and the second lock mode allows a user to access at least a portion of the security and automation system and/or the wall-mounted control panel upon entering credentials;
  
  detect an authentication code on an external storage device;
  
  compare the detected authentication code with an authentication code stored locally on the wall-mounted control panel;
  
  approve the external storage device when the two authentication codes match;
  
  receive a second unique identifier associated with the wall-mounted control panel from the external storage device using a universal serial bus (USB) drive of the wall-mounted control panel and based at least in part on a second biometric identifier after locking the wall-mounted control panel according to the first lock mode, the second unique identifier being an authenticated version of the first unique identifier that is authenticated by the server;
  
  transition from the first lock mode to the second lock mode based at least in part on the wall-mounted control panel validating the second unique identifier, wherein validating the second unique identifier comprises determining, at the wall-mounted control panel, that the first unique identifier, stored locally on the wall-mounted control panel, and the second unique identifier, received from the external storage device, match;
  
  unlock the wall-mounted control panel from the first lock mode based at least in part on transitioning from the first lock mode to the second lock mode; and
  
  open a profile associated with the second biometric identifier after unlocking the wall-mounted control panel, wherein the second lock mode is based at least in part on the profile associated with the second biometric identifier, wherein the profile comprises a user profile and unlocking the wall-mounted control panel enables the user to access a portion of the security and automation system using the wall-mounted control panel.
- View Dependent Claims (9, 10)
- - 9. The device of claim 8, wherein the instructions are further executable by the processor to:
    - determine when the external storage device connects to the device via a universal serial bus connection;
      
      authenticate the external storage device using an authentication code;
      
      search the external storage device for the second unique identifier, wherein receiving the second unique identifier is based at least in part on searching the external storage device.
  - 10. The device of claim 8, wherein the instructions are further executable by the processor to:
    - alert an automation system provider of the locking when the device is completely inaccessible.

11. A non-transitory computer-readable medium storing computer-executable code for security and automation systems, the code executable by a processor to:
- generate, by a wall-mounted control panel of a security and automation system of a structure at a first location, a first unique identifier for the wall-mounted control panel based at least in part on detecting a first biometric identifier of a user at the wall-mounted control panel, the wall-mounted control panel being positioned in the structure of the security and automation system;
  
  transmit, by the wall-mounted control panel, the first biometric identifier to a server at a second location remote from the first location of the wall-mounted control panel;
  
  enter a locked state when the wall-mounted control panel is reformatted by altering the software or hardware of the wall-mounted control panel;
  
  lock the wall-mounted control panel according to a first lock mode in response to an unauthorized takeover and based at least in part on entering the locked state, the first lock mode being different from a second lock mode of the wall-mounted control panel, wherein the first lock mode prevents a user from accessing the security and automation system and/or the wall-mounted control panel and the second lock mode allows a user to access at least a portion of the security and automation system and/or the wall-mounted control panel upon entering credentials;
  
  detect an authentication code on an external storage device;
  
  compare the detected authentication code with an authentication code stored locally on the wall-mounted control panel;
  
  approve the external storage device when the two authentication codes match;
  
  receive a second unique identifier associated with the wall-mounted control panel from the external storage device using a universal serial bus (USB) drive of the wall-mounted control panel and based at least in part on a second biometric identifier after locking the wall-mounted control panel according to the first lock mode, the second unique identifier being an authenticated version of the first unique identifier that is authenticated by the server;
  
  transition from the first lock mode to the second lock mode based at least in part on the wall-mounted control panel validating the second unique identifier, wherein validating the second unique identifier comprises determining, at the wall-mounted control panel, that the first unique identifier, stored locally on the wall-mounted control panel, and the second unique identifier, received from the external storage device, match;
  
  unlock the wall-mounted control panel from the first lock mode based at least in part on transitioning from the first lock mode to the second lock mode; and
  
  open a profile associated with the second biometric identifier after unlocking the wall-mounted control panel, wherein the second lock mode is based at least in part on the profile associated with the second biometric identifier, wherein the profile comprises a user profile and unlocking the wall-mounted control panel enables the user to access a portion of the security and automation system using the wall-mounted control panel.
- View Dependent Claims (12, 13)
- - 12. The non-transitory computer-readable medium of claim 11, the code further executable by the processor to:
    - determine when the external storage device connects to the wall-mounted control panel via a universal serial bus connection;
      
      authenticate the external storage device using an authentication code;
      
      search the external storage device for the second unique identifier, wherein receiving the second unique identifier is based at least in part on searching the external storage device.
  - 13. The non-transitory computer-readable medium of claim 11, the code further executable by the processor to:
    - alert an automation system provider of the locking when the wall-mounted control panel is completely inaccessible.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vivint Incorporated (NRG Energy, Inc.)
Original Assignee
Vivint Incorporated (NRG Energy, Inc.)
Inventors
Matsuura, Craig, Carlson, Ryan, Bui, Johny, Rigby, John, Vernon, Bruce
Primary Examiner(s)
Kabir, Jahangir
Assistant Examiner(s)
Baum, Ronald

Application Number

US14/887,768
Publication Number

US 20170109518A1
Time in Patent Office

1,400 Days
Field of Search

726 19
US Class Current
CPC Class Codes

G06F 21/34 involving the use of extern...

Secure unlock of a device

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Secure unlock of a device

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links