System and method for verifying device security

US 10,523,685 B1
Filed: 08/23/2019
Issued: 12/31/2019
Est. Priority Date: 08/22/2018
Status: Active Grant

First Claim

Patent Images

1. A method for verifying a proximity of a user device to a beacon, the method comprising:

at the beacon;

for a time window, generating a time-window key and a temporary identifier (temporary ID) based on a window time of the time window;

generating an encrypted payload by encrypting a payload, comprising a broadcast time, with the time-window key;

generating a frame comprising the temporary ID and the encrypted payload; and

near the broadcast time and during the time window, broadcasting the frame; and

at a remote computing device;

independently from the beacon, for each of a series of time windows, generating a time-window key and a temporary ID based on the respective time window;

wherein the time window is within the series of time windows;

receiving the frame at a receipt time from the user device;

extracting the temporary ID from the frame;

extracting the broadcast time from the encrypted payload based on the time-window key associated with the temporary ID;

determining a time parameter based on the receipt time and the broadcast time, wherein the time parameter comprises a packet stability, wherein the packet stability is determined based on a difference between a broadcast delay and a receipt delay, wherein the broadcast delay is determined between successive broadcasting times and the receipt delay is determined between successive receipt times, wherein the user device proximity is verified in response to the packet stability for the frame falling within a predetermined range of an average packet stability for the beacon;

verifying the proximity of the user device to the beacon based on the time parameter; and

after verifying the proximity, transmitting a beacon identifier to the user device, wherein the user device performs a client-specified action based on the beacon identifier.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for verifying a proximity of a user device to a beacon, including broadcasting a frame comprising an encrypted payload, receiving the frame, extracting information from the frame, and verifying the proximity of the user device to the beacon based on the extracted information.

Citations

17 Claims

1. A method for verifying a proximity of a user device to a beacon, the method comprising:
- at the beacon;
  
  for a time window, generating a time-window key and a temporary identifier (temporary ID) based on a window time of the time window;
  
  generating an encrypted payload by encrypting a payload, comprising a broadcast time, with the time-window key;
  
  generating a frame comprising the temporary ID and the encrypted payload; and
  
  near the broadcast time and during the time window, broadcasting the frame; and
  
  at a remote computing device;
  
  independently from the beacon, for each of a series of time windows, generating a time-window key and a temporary ID based on the respective time window;
  
  wherein the time window is within the series of time windows;
  
  receiving the frame at a receipt time from the user device;
  
  extracting the temporary ID from the frame;
  
  extracting the broadcast time from the encrypted payload based on the time-window key associated with the temporary ID;
  
  determining a time parameter based on the receipt time and the broadcast time, wherein the time parameter comprises a packet stability, wherein the packet stability is determined based on a difference between a broadcast delay and a receipt delay, wherein the broadcast delay is determined between successive broadcasting times and the receipt delay is determined between successive receipt times, wherein the user device proximity is verified in response to the packet stability for the frame falling within a predetermined range of an average packet stability for the beacon;
  
  verifying the proximity of the user device to the beacon based on the time parameter; and
  
  after verifying the proximity, transmitting a beacon identifier to the user device, wherein the user device performs a client-specified action based on the beacon identifier.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the proximity verification is valid during the time window.
  - 3. The method of claim 1, wherein the time parameter comprises a transmission delay between the broadcast time and the receipt time.
  - 4. The method of claim 3, wherein verifying the proximity comprises determining that the transmission delay is within a predetermined range of a normalized time delay for a series of packets received from the beacon.
  - 5. The method of claim 1, wherein the frame is broadcasted within 1 millisecond of the broadcast time.
  - 6. The method of claim 1, further comprising:
    - after the time window expires, independently generating a new time-window key and a new temporary ID at the beacon for a successive time window, wherein the successive time window is within the series of time windows.

7. A method for verifying a proximity of a user device to a beacon, the method comprising:
- at the beacon, near a broadcast time, broadcasting a frame comprising an encrypted payload, the encrypted payload comprising the broadcast time encrypted with an encryption key stored onboard the beacon;
  
  at a remote computing system;
  
  receiving the frame at a receipt time from the user device;
  
  extracting the broadcast time from the encrypted payload based on the encryption key; and
  
  verifying the proximity of the user device to the beacon based on the extracted broadcast time and the receipt time;
  
  providing a beacon identifier for the beacon to the user device, wherein the user device performs a predetermined action based on the beacon identifier; and
  
  determining the beacon identifier for the beacon based on the temporary ID, comprising, at a resolver;
  
  for each time window of a set of time windows, retrieving a lookup table comprising a set of public identifiers, wherein each public identifier is associated with a different temporary identifier hash, wherein the temporary identifier hash for each time window is generated from a temporary identifier for the time window, wherein the temporary identifier for each time window is generated independently from the beacon;
  
  extracting the temporary identifier from the frame; and
  
  determining the public identifier from the set of public identifiers, wherein the public identifier is associated with the temporary identifier hash matching an analysis hash calculated from the temporary identifier extracted from the frame;
  
  wherein the predetermined action is performed based on the public identifier.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 8. The method of claim 7, wherein the frame comprises a temporary identifier (temporary ID), wherein the temporary ID is independently generated by both the beacon and the remote computing system based on a time associated with a time window, the method further comprising, at the remote computing system:
    - extracting the temporary ID from the frame; and
      
      determining a beacon identifier for the beacon based on the temporary ID, wherein the beacon identifier is provided to the user device, wherein the user device performs a predetermined action based on the beacon identifier.
  - 9. The method of claim 8, wherein the temporary ID changes for each of the set of time windows, wherein each temporary ID is associated with a different encryption key, wherein the broadcast time is within a first time window of the set of time windows, the temporary ID is a first temporary ID for the first time window, and the encryption key is an encryption key associated with the first temporary ID.
  - 10. The method of claim 9, wherein the method further comprises, for each of the set of time windows:
    - independently generating the different encryption keys at both the beacon and the remote computing system based on a time associated with the respective time window within the set of time windows.
  - 11. The method of claim 7, wherein the encryption key changes for each of the set of time windows, the method further comprising independently generating the encryption key at both the beacon and the remote computing system based on a time associated with the respective time window within the set of time windows.
  - 12. The method of claim 7, wherein verifying the proximity of the user device comprises:
    - determining a transmission delay between the broadcast time and the receipt time; and
      
      verifying the proximity when the transmission delay is within a predetermined range of a target delay.
  - 13. The method of claim 12, wherein the target delay is a normalized delay over a series of frames for the beacon.
  - 14. The method of claim 7, wherein verifying the proximity of the user device comprises:
    - determining a packet stability based on a difference between a broadcast delay and a receipt delay, wherein the broadcast delay is determined between successive broadcasting times and the receipt delay is determined between successive receipt times; and
      
      verifying the proximity when the packet stability falls within a predetermined range of a target packet stability.
  - 15. The method of claim 14, wherein the target packet stability is a normalized packet stability over a series of frames for the beacon.
  - 16. The method of claim 7, wherein the beacon identifier is provided in response to the proximity verification.
  - 17. The method of claim 7, wherein the user device comprises the resolver, the method further comprising, at the remote computing system:
    - receiving a resolver geolocation from the user device;
      
      sending the user device the lookup table, wherein the lookup table comprises a set of temporary identifier hashes for each beacon of a set of beacons associated with the resolver geolocation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Estimote Polska Sp. z o.o.
Original Assignee
Estimote Polska Sp. z o.o.
Inventors
Kostka, Lukasz, Krzych, Jakub
Primary Examiner(s)
Traore, Fatoumata

Application Number

US16/549,988
Time in Patent Office

130 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 2463/121   Timestamp

H04L 63/0428   wherein the data content is...

H04L 63/101   Access control lists [ACL]

H04L 63/107   wherein the security polici...

H04L 63/108   when the policy decisions a...

H04L 67/53   using third party service p...

H04W 12/03   Protecting confidentiality,...

H04W 12/08   Access security

H04W 12/61   Time-dependent

H04W 12/63   Location-dependent; Proximi...

H04W 12/64   using geofenced areas

H04W 4/023   using mutual or relative lo...

H04W 4/80   Services using short range ...

System and method for verifying device security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for verifying device security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links