Authenticating a device based on communication patterns in a group of devices
First Claim
1. A computer-implemented method for authentication, comprising operations for:
- storing accepted communication patterns representing accepted modes of communication between devices in an internet of things network, wherein each of the accepted communication patterns includes one or more features, wherein each of the accepted communication patterns includes one or more features, and wherein each of the one or more features describes which of the devices are communicating, a type of a communication, when the devices are communicating, a duration of the communication, and a frequency of the communication;
in response to receiving a first communication from a requesting device of the devices,determining whether the first communication matches a communication pattern of the accepted communication patterns;
in response to determining that the first communication matches the communication pattern,generating an authentication score for the requesting device based on how closely the first communication matches with the communication pattern; and
responding to the first communication; and
in response to determining that the first communication does not match the communication pattern, flagging the first communication as an anomaly; and
in response to receiving a second communication from the requesting device,determining whether the authentication score of the requesting device exceeds a threshold; and
in response to determining that the requesting device has the authentication score that exceeds the threshold, responding to the second communication.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are techniques for authenticating a device. Accepted communication patterns representing accepted modes of communication between devices in an internet of things network are stored. In response to receiving a new communication from a requesting device of the devices, it is determined whether the new communication matches at least one of the accepted communication patterns. In response to determining that the new communication matches, there is a response to the new communication. In response to determining that the new communication does not match, flagging the new communication as an anomaly and determining how to process the new communication based on the flagging.
-
Citations
20 Claims
-
1. A computer-implemented method for authentication, comprising operations for:
-
storing accepted communication patterns representing accepted modes of communication between devices in an internet of things network, wherein each of the accepted communication patterns includes one or more features, wherein each of the accepted communication patterns includes one or more features, and wherein each of the one or more features describes which of the devices are communicating, a type of a communication, when the devices are communicating, a duration of the communication, and a frequency of the communication; in response to receiving a first communication from a requesting device of the devices, determining whether the first communication matches a communication pattern of the accepted communication patterns; in response to determining that the first communication matches the communication pattern, generating an authentication score for the requesting device based on how closely the first communication matches with the communication pattern; and responding to the first communication; and in response to determining that the first communication does not match the communication pattern, flagging the first communication as an anomaly; and in response to receiving a second communication from the requesting device, determining whether the authentication score of the requesting device exceeds a threshold; and in response to determining that the requesting device has the authentication score that exceeds the threshold, responding to the second communication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product, the computer program product comprising a computer readable storage medium having program code embodied therewith, the program code executable by at least one processor to perform operations for:
-
storing accepted communication patterns representing accepted modes of communication between devices in an internet of things network, wherein each of the accepted communication patterns includes one or more features, wherein each of the accepted communication patterns includes one or more features, and wherein each of the one or more features describes which of the devices are communicating, a type of a communication, when the devices are communicating, a duration of the communication, and a frequency of the communication; in response to receiving a first communication from a requesting device of the devices, determining whether the first communication matches a communication pattern of the accepted communication patterns; in response to determining that the first communication matches the communication pattern, generating an authentication score for the requesting device based on how closely the first communication matches with the communication pattern; and responding to the first communication; and in response to determining that the first communication does not match the communication pattern, flagging the first communication as an anomaly; and in response to receiving a second communication from the requesting device, determining whether the authentication score of the requesting device exceeds a threshold; and in response to determining that the requesting device has the authentication score that exceeds the threshold, responding to the second communication. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer system, comprising:
-
one or more processors, one or more computer-readable memories and one or more computer-readable, tangible storage devices; and program instructions, stored on at least one of the one or more computer-readable, tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to perform operations comprising; storing accepted communication patterns representing accepted modes of communication between devices in an internet of things network, wherein each of the accepted communication patterns includes one or more features, wherein each of the accepted communication patterns includes one or more features, and wherein each of the one or more features describes which of the devices are communicating, a type of a communication, when the devices are communicating, a duration of the communication, and a frequency of the communication; in response to receiving a first communication from a requesting device of the devices, determining whether the first communication matches a communication pattern of the accepted communication patterns; in response to determining that the first communication matches the communication pattern, generating an authentication score for the requesting device based on how closely the first communication matches with the communication pattern; and responding to the first communication; and in response to determining that the first communication does not match the communication pattern, flagging the first communication as an anomaly; and in response to receiving a second communication from the requesting device, determining whether the authentication score of the requesting device exceeds a threshold; and in response to determining that the requesting device has the authentication score that exceeds the threshold, responding to the second communication. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification