Self management of credentials by IoT devices

US 10,594,482 B2
Filed: 03/06/2017
Issued: 03/17/2020
Est. Priority Date: 03/06/2017
Status: Active Grant

First Claim

Patent Images

1. A method of managing credentials of a networked device for access to at least one network service, the method comprising:

determining, by the networked device, an occurrence of any one of a plurality of conditions the plurality of conditions including a given number of system reboot commands for the networked device, the networked device being provided with the access to the at least one network service via a server separate from the networked device;

requesting, by the networked device, information to update a current credential of the networked device for use in accessing the at least one network service in response to the determining of the occurrence of the any one of the plurality of conditions;

updating, by the networked device, the current credential of the networked device with the requested information to maintain security of the networked device; and

accessing, by the networked device, a network service of the at least one network service based on the updated current credential.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, a device and a computer program product are provided. A networked device determines whether a condition occurred. In response to detecting the condition, the networked device requests information to update a current credential of the networked device. The networked device updates the current credential with the requested information to maintain security of the networked device. The networked device accesses at least one networked service based on the updated credential. The current credential includes either a cryptographic key or a password. When the current credential includes the password, the condition includes a usage rate including one or more from a group of a quantity of reboot commands for the networked device and a quantity of software update commands for the networked device.

16 Citations

View as Search Results

20 Claims

1. A method of managing credentials of a networked device for access to at least one network service, the method comprising:
- determining, by the networked device, an occurrence of any one of a plurality of conditions the plurality of conditions including a given number of system reboot commands for the networked device, the networked device being provided with the access to the at least one network service via a server separate from the networked device;
  
  requesting, by the networked device, information to update a current credential of the networked device for use in accessing the at least one network service in response to the determining of the occurrence of the any one of the plurality of conditions;
  
  updating, by the networked device, the current credential of the networked device with the requested information to maintain security of the networked device; and
  
  accessing, by the networked device, a network service of the at least one network service based on the updated current credential.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein:
    - the current credential includes a password, andthe requesting of the information comprises;
      
      requesting a new password from an identity provider.
  - 3. The method of claim 1, wherein:
    - the current credential includes a cryptographic key, andthe plurality of conditions includes a scheduled time and a frequency for updating the current credential.
  - 4. The method of claim 1, wherein:
    - the current credential includes a cryptographic key, andthe plurality of conditions includes one or more from a group of a given number of firmware update commands for the networked device and the given number of software update commands for the networked device.
  - 5. The method of claim 1, wherein:
    - the current credential includes a cryptographic key, andthe plurality of conditions further includes one or more from a group of detection of an unauthorized access of the networked device and connection of the networked device to a new network.
  - 6. The method of claim 1, further comprising:
    - sending, by the networked device, notifications to one or more entities pertaining to the updating of the current credential.
  - 7. The method of claim 1, wherein the networked device includes a device in an Internet of Things environment.
  - 8. The method of claim 1, wherein:
    - the current credential includes a cryptographic key,one of the plurality of conditions includes receiving a notification concerning possible compromised security of the networked device, andthe method further comprises automatically increasing a frequency of performing the determining of an occurrence of any one of a plurality of conditions when the occurrence of the any one of the plurality of conditions is determined.

9. A device comprising:
- at least one processor;
  
  at least one memory;
  
  a communication interface for communicating with one or more other devices via a network; and
  
  a bus for connecting the at least one processor with the at least one memory and the communication interface, wherein the at least one processor is configured to;
  
  determine an occurrence of any one of a plurality of conditions, the plurality of conditions including a given number of system reboot commands for the device, the device being provided with access to at least one network service via a server separate from the device;
  
  request information to update a current credential of the device for use in accessing the at least one network service in response to detection of the any one of the plurality of conditions;
  
  update the current credential of the device with the requested information to maintain security of the device; and
  
  access, by the device, at least one network service based on the updated credential.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The device of claim 9, wherein:
    - the current credential includes a password, andthe requesting of the information comprises;
      
      requesting a new password from an identity provider.
  - 11. The device of claim 9, wherein:
    - the current credential includes a cryptographic key, andthe plurality of conditions include a scheduled time and a frequency for updating the current credential.
  - 12. The device of claim 9, wherein:
    - the current credential includes a cryptographic key, andthe plurality of conditions includes one or more from a group of a given number of firmware update commands for the device and the given number of software update commands for the device.
  - 13. The device of claim 9, wherein:
    - the current credential includes a cryptographic key, andthe plurality of conditions includes one or more from a group of detection of an unauthorized access of the device and connection of the device to a new network.
  - 14. The device of claim 9, wherein the at least one processor is further configured to:
    - send notifications to one or more entities pertaining to updating of the current credential.
  - 15. The device of claim 9, wherein:
    - the current credential includes a cryptographic key,one of the plurality of conditions includes receiving a notification concerning possible compromised security of the networked device, andthe at least one processor is further configured to automatically increase a frequency of performing the determining of an occurrence of any one of a plurality of conditions when the any one of the plurality of conditions is detected.

16. A computer program product comprising:
- at least one non-transitory computer readable storage medium having computer readable program code embodied therewith for execution on at least one processor of a device, the computer readable program code being configured to be executed by the at least one processor to perform;
  
  determining an occurrence of any one of a plurality of conditions, the plurality of conditions including a given number of system reboot commands for the device, the device being provided with access to at east one network service via a server separate from the device;
  
  requesting information to update a cryptographic key for use by the device to access the at least one network service in response to the determining of the occurrence of the any one of the plurality of conditions;
  
  updating the cryptographic key with the requested information to maintain security; and
  
  accessing a network service of the at least one network service based on using the updated cryptographic key, wherein;
  
  in response to the determining the occurrence of the any one of the plurality of conditions, the computer readable program code is further configured to be executed by the at least one processor to automatically increase a frequency of the determining an occurrence of any one of the plurality of conditions.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16, wherein:
    - the plurality of conditions includes a scheduled time and a frequency for updating the current credential.
  - 18. The computer program product of claim 16, wherein:
    - the plurality of conditions includes one or more from a group of a given number of firmware update commands for the device and the given number of software update commands from the device.
  - 19. The computer program product of claim 16, wherein:
    - the plurality of conditions includes one or more from a group of detection of an unauthorized access of the device and connection of the device to a new network.
  - 20. The computer program product of claim 16, wherein:
    - the plurality of conditions include receiving a notification concerning possible compromised security of the device, andthe computer-readable program code is further configured to executed by the at least one processor to perform;
      
      lowering a cryptographic key regeneration threshold when the receiving of the notification concerning possible compromised security of the device is determined.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bender, Michael, Gupta, Rahul, Hahn, Timothy J., Marin Junior, Leucir
Primary Examiner(s)
Kabir, Jahangir

Application Number

US15/450,466
Publication Number

US 20180255037A1
Time in Patent Office

1,107 Days
Field of Search

726 4- 6
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/45   Structures or tools for the...

G06F 2221/2129   Authenticate client device ...

G06F 2221/2137   Time limited access, e.g. t...

H04L 2463/121   Timestamp cryptographic mec...

H04L 63/068   using time-dependent keys, ...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 9/0891   Revocation or update of sec...

H04W 4/70   Services for machine-to-mac...

Self management of credentials by IoT devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Self management of credentials by IoT devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links