Cloud device identification and authentication

US 10,469,495 B2
Filed: 09/08/2017
Issued: 11/05/2019
Est. Priority Date: 03/07/2014
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable storage medium storing instructions that when executed by a computer processor of a handheld device cause the handheld device to:

capture an image of an optical code affixed to a network device, wherein the optical code encodes a unique identifier for the network device and a secret string for locally connecting to the network device;

display a list of selectable device sites to a user based on a geographical location of the network device;

obtain a user-specified device site that is a logical networking environment within which the network device is to operate;

determine whether the unique identifier corresponds to a known device based on a list of known devices; and

responsive to the optical code'"'"'s unique identifier corresponding to the known device, provision the network device to operate in the user-specified device site, wherein provisioning the network device comprises;

communicating the secret string to the network device to establish a trusted session with the network device and establish an authentication key shared between the network device and the handheld device; and

communicating the authentication key to a remote server to allow the remote server to authenticate the network device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatuses for authentication and/or provisioning of wireless network devices, and in particular, methods and apparatuses for authentication and/or provisioning of wireless network devices that are communicating with and may be monitored and/or controlled by a remote (e.g., cloud) server.

Citations

13 Claims

1. A non-transitory computer-readable storage medium storing instructions that when executed by a computer processor of a handheld device cause the handheld device to:
- capture an image of an optical code affixed to a network device, wherein the optical code encodes a unique identifier for the network device and a secret string for locally connecting to the network device;
  
  display a list of selectable device sites to a user based on a geographical location of the network device;
  
  obtain a user-specified device site that is a logical networking environment within which the network device is to operate;
  
  determine whether the unique identifier corresponds to a known device based on a list of known devices; and
  
  responsive to the optical code'"'"'s unique identifier corresponding to the known device, provision the network device to operate in the user-specified device site, wherein provisioning the network device comprises;
  
  communicating the secret string to the network device to establish a trusted session with the network device and establish an authentication key shared between the network device and the handheld device; and
  
  communicating the authentication key to a remote server to allow the remote server to authenticate the network device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The storage medium of claim 1, wherein the unique identifier includes the network device'"'"'s media access control (MAC) address.
  - 3. The storage medium of claim 2, wherein the optical code encodes the network device'"'"'s MAC address in encrypted form.
  - 4. The storage medium of claim 1, wherein the instructions, when executed by the computer processor of the handheld device, wherein communicating the secret string to the handheld device to prove physical possession of the network device.
  - 5. The storage medium of claim 1, wherein when the instructions, when executed by the computer processor of a handheld device to cause the handheld device to determine whether the unique identifier corresponds to a known device, further cause the handheld device to decode the unique identifier from the optical code and to determine whether the unique identifier is a known identifier.
  - 6. The storage medium of claim 1, wherein the network device includes a wireless access point for configuring the network device.
  - 7. The storage medium of claim 6, wherein when the instructions, when executed by the computer processor of a handheld device to cause the handheld device to provision the network device, further cause the handheld device to decode the secret string from the optical code, wherein the secret string is communicated to the network device as an authentication password for accessing the network device'"'"'s access point.
  - 8. The storage medium of claim 6, wherein the wireless access point is configured to have a default service set identifier (SSID) that corresponds to an unprovisioned device.
  - 9. The storage medium of claim 8, wherein the instructions, when executed by the computer processor of a handheld device, further cause the handheld device to search for the unprovisioned device by accessing the default SSID.
  - 10. The storage medium of claim 1, wherein the instructions further cause the handheld device to refrain from provisioning the network device to operate in the user-specified device site when it is determined that the unique identifier does not correspond to a known device.
  - 11. The storage medium of claim 1, wherein the instructions further cause the handheld device to present a plurality of device sites for a user to choose from.
  - 12. The storage medium of claim 1, wherein the storage medium storing instructions are further configured to cause the handheld device to search for unprovisioned devices by accessing a default service set identifier (SSID).

13. A non-transitory computer-readable storage medium storing instructions that when executed by a computer processor of a handheld device cause the handheld device to:
- capture an image of an optical code affixed to a network device, wherein the optical code encodes a unique identifier for the network device and a secret string for locally connecting to the network device;
  
  display a list of selectable device sites to a user based on a geographical location of the network device;
  
  obtain a user-specified device site that is a logical networking environment within which the network device is to operate;
  
  determine whether the unique identifier corresponds to a known device based on a list of known devices; and
  
  responsive to the optical code'"'"'s unique identifier corresponding to the known device, provision the network device to operate in the user-specified device site, wherein provisioning the network device comprises;
  
  communicating the secret string to the network device to establish a trusted session with the network device and establish an authentication key shared between the network device and the handheld device; and
  
  after the network device communicates the authentication key to a remote server to authenticate the network device, receiving confirmation of authentication of the network device from the remote server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ubiquiti Inc.
Original Assignee
Ubiquiti Inc.
Inventors
Hardy, Matthew A., Frei, Randall W., Bauer, Jonathan P., Paolini-Subramanya, Mahesh
Primary Examiner(s)
Wang, Liang Che A

Application Number

US15/699,779
Publication Number

US 20170374069A1
Time in Patent Office

788 Days
Field of Search

709220, 709221, 709222, 709227, 709229
US Class Current
CPC Class Codes

H04L 41/0806   for initial configuration o...

H04L 41/5054   Automatic deployment of ser...

H04L 41/5096   wherein the managed service...

H04L 63/0876   based on the identity of th...

H04L 67/10   in which an application is ...

H04L 67/1097   for distributed storage of ...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/35   Protecting application or s...

H04W 24/02   Arrangements for optimising...

H04W 4/50   Service provisioning or rec...

Cloud device identification and authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Cloud device identification and authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links