TRUST HEURISTIC MODEL FOR REDUCING CONTROL LOAD IN IOT RESOURCE ACCESS NETWORKS

US 20150007273A1
Filed: 06/25/2014
Published: 01/01/2015
Est. Priority Date: 06/28/2013
Status: Active Grant

First Claim

Patent Images

1. A method for controlled resource access in an Internet of Things (IoT) network, comprising:

requesting, by a requesting node, access to a first controlled resource in the IoT network, wherein access to the first controlled resource includes a requirement to periodically complete an authentication procedure;

responding to a challenge message received from a first gatekeeper node; and

receiving the requested access to the first controlled resource in response to correctly responding to the challenge message, wherein the first gatekeeper node reduces the requirement to periodically complete the authentication procedure in response to the requesting node correctly responding to one or more successive challenge messages.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosure relates to a trust heuristic model for reducing a control load in an IoT resource access network. For example, an authenticating node may challenge a client node that requests access to a resource and grant the access if the client node correctly responds to the challenge or alternatively deny the access if the client node incorrectly responds to the challenge. Furthermore, based on the response to the challenge, the client node may be assigned a trust level, which may be dynamically updated based on successive challenge-and-response exchanges and/or interactions with other IoT network nodes. For example, to reduce the resource access control load, subsequent challenge-and-response intervals may be increased or eliminated if the client node correctly responds to successive challenges over time, while client nodes that incorrectly respond to successive challenges over time may be blocked from accessing the resource or banned from the IoT network.

75 Citations

View as Search Results

30 Claims

1. A method for controlled resource access in an Internet of Things (IoT) network, comprising:
- requesting, by a requesting node, access to a first controlled resource in the IoT network, wherein access to the first controlled resource includes a requirement to periodically complete an authentication procedure;
  
  responding to a challenge message received from a first gatekeeper node; and
  
  receiving the requested access to the first controlled resource in response to correctly responding to the challenge message, wherein the first gatekeeper node reduces the requirement to periodically complete the authentication procedure in response to the requesting node correctly responding to one or more successive challenge messages.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method recited in claim 1, wherein the challenge message and the response to the challenge message are exchanged over a control channel associated with the IoT network.
  - 3. The method recited in claim 1, wherein the first gatekeeper node increases a trust level associated with the requesting node in response to the requesting node correctly responding to the challenge message.
  - 4. The method recited in claim 1, wherein the first gatekeeper node increases an interval before transmitting a subsequent challenge message to the requesting node to reduce the requirement to periodically complete the authentication procedure.
  - 5. The method recited in claim 1, wherein the first gatekeeper node decreases the trust level associated with the requesting node in response to receiving an incorrect response to the challenge message from the requesting node.
  - 6. The method recited in claim 1, wherein the first gatekeeper node temporarily blocks the requesting node from communicating over the IoT network in response to the requesting node incorrectly responding to the challenge message and incorrectly responding to one or more successive challenge messages.
  - 7. The method recited in claim 1, wherein the first gatekeeper node permanently bans the requesting node from communicating over the IoT network in response to the requesting node incorrectly responding to the challenge message and continuing to incorrectly respond to one or more successive challenge messages over time.
  - 8. The method recited in claim 1, wherein the first gatekeeper node adjusts the requirement to periodically complete the authentication procedure according to a trust level assigned to the requesting node in response to the IoT network migrating to a new network access layer.
  - 9. The method recited in claim 1, further comprising:
    - requesting access to a second controlled resource from a second gatekeeper node, wherein the second gatekeeper node determines whether to grant the requesting node access to the second controlled resource based solely on a trust level between the requesting node and a trusted node having one or more previous interactions with the requesting node.
  - 10. The method recited in claim 9, wherein a second IoT network includes one or more of the second controlled resource, the second gatekeeper node, or the trusted node having the one or more previous interactions with the requesting node.
  - 11. The method recited in claim 9, wherein the trust level associated with the requesting node comprises one of N trust levels in a trust heuristic logical model that defines the permitted resource access associated with nodes having each respective trust level.
  - 12. The method recited in claim 1, wherein the first gatekeeper node comprises a regulating node that regulates access to the first controlled resource.
  - 13. The method recited in claim 1, wherein the first gatekeeper node comprises an intermediate node that relays messages between the requesting node and a regulating node that regulates access to the first controlled resource.
  - 14. The method recited in claim 1, wherein the first controlled resource comprises an infinite resource having a production rate that equals or exceeds a consumption rate.
  - 15. The method recited in claim 1, wherein the first controlled resource comprises a finite resource having a consumption rate that exceeds a production rate.
  - 16. The method recited in claim 15, wherein the first gatekeeper node comprises an intermediate node having allocated access to the finite resource, and wherein the access allocated to the intermediate node comprises a first portion that the intermediate node requires and an extra portion that can be supplied to one or more requesting nodes.
  - 17. The method recited in claim 16, wherein requesting the access to the first controlled resource further comprises:
    - contacting one or more intermediate nodes that have allocated access to the finite resource to determine the total extra portion of the finite resource allocated thereto; and
      
      requesting that the one or more intermediate nodes supply an amount of the finite resource that the requesting node requires in response to determining that the total extra portion of the finite resource allocated thereto meets or exceeds the amount of the finite resource that the requesting node requires.
  - 18. The method recited in claim 17, wherein responding to the challenge message further comprises:
    - receiving the challenge message from the one or more intermediate nodes in response to requesting that the one or more intermediate nodes supply the amount of the finite resource that the requesting node requires; and
      
      receiving the required amount of the finite resource from the one or more intermediate nodes in response to transmitting a correct response to the challenge message to each intermediate node.

19. An Internet of Things (IoT) device, comprising:
- means for requesting access to a controlled resource in an IoT network, wherein access to the controlled resource includes a requirement to periodically complete an authentication procedure;
  
  means for responding to a challenge message received from a gatekeeper node; and
  
  means for receiving the requested access to the controlled resource in response to correctly responding to the challenge message, wherein the gatekeeper node reduces the requirement to periodically complete the authentication procedure in response to the IoT device correctly responding to one or more successive challenge messages.

20. A computer-readable storage medium having computer-executable instructions recorded thereon, wherein executing the computer-executable instructions on an Internet of Things (IoT) device causes the IoT device to:
- request access to a controlled resource in an IoT network, wherein access to the controlled resource includes a requirement to periodically complete an authentication procedure;
  
  respond to a challenge message received from a gatekeeper node; and
  
  receive the requested access to the controlled resource in response to correctly responding to the challenge message, wherein the gatekeeper node reduces the requirement to periodically complete the authentication procedure in response to the IoT device correctly responding to one or more successive challenge messages.

21. A method for controlling resource access in an Internet of Things (IoT) network, comprising:
- receiving, at a gatekeeper node, a request to access a controlled resource in the IoT network from a requesting node, wherein access to the controlled resource includes a requirement to periodically complete an authentication procedure;
  
  transmitting a challenge message to the requesting node;
  
  receiving a response to the challenge message from the requesting node; and
  
  determining whether to grant the requesting node access to the controlled resource based on the received response to the challenge message, wherein the gatekeeper node further adjusts the requirement for the requesting node to periodically complete the authentication procedure based on whether the received response to the challenge message was correct.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The method recited in claim 21, further comprising:
    - granting the requesting node access to the controlled resource in response to determining that the received response to the challenge message was correct; and
      
      increasing a trust level assigned to the requesting node and increasing an interval before transmitting a subsequent challenge message to the requesting node in response to determining that the received response to the challenge message was correct.
  - 23. The method recited in claim 21, further comprising:
    - denying the requesting node access to the controlled resource in response to determining that the received response to the challenge message was incorrect; and
      
      decreasing a trust level assigned to the requesting node in response to determining that the received response to the challenge message was incorrect.
  - 24. The method recited in claim 23, further comprising:
    - blocking the requesting node from communicating over the IoT network in response to the requesting node incorrectly responding to one or more successive challenge messages.
  - 25. The method recited in claim 21, further comprising:
    - adjusting the requirement to periodically complete the authentication procedure according to a trust level assigned to the requesting node in response to the IoT network migrating to a new network access layer.
  - 26. The method recited in claim 21, further comprising:
    - assigning a trust level to the requesting node based on the received response to the challenge message, wherein the trust level assigned to the requesting node comprises one of N trust levels in a trust heuristic logical model that defines permitted resource access associated with nodes having each respective trust level; and
      
      communicating the trust level assigned to the requesting node to another node that regulates access to one or more resources in the IoT network, wherein the other node in the IoT network determines whether to grant the requesting node access to the one or more regulated resources based solely on the trust level assigned to the requesting node.
  - 27. The method recited in claim 21, wherein the gatekeeper node has allocated access to the controlled resource, and wherein the access allocated to the gatekeeper node comprises a portion required by the gatekeeper node and an extra portion that can be supplied to the requesting node.
  - 28. The method recited in claim 27, wherein determining whether to grant the requesting node access to the controlled resource comprises:
    - supplying the requesting node with the extra portion of the allocated access to the controlled resource in response to determining that the received response to the challenge message was correct.
  - 29. The method recited in claim 28, wherein the gatekeeper node transmits the challenge message to the requesting node in response to the requesting node requesting that the gatekeeper node supply the extra portion of the allocated access to the controlled resource.
  - 30. The method recited in claim 21, wherein the controlled resource comprises one or more of an infinite resource having a production rate that equals or exceeds a consumption rate or a finite resource having a consumption rate that exceeds a production rate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
LIN, James Minlou

Granted Patent

US 9,621,530 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 47/10   Flow control; Congestion co...

H04L 63/08   for authentication of entit...

H04L 67/12   specially adapted for propr...

TRUST HEURISTIC MODEL FOR REDUCING CONTROL LOAD IN IOT RESOURCE ACCESS NETWORKS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

75 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

TRUST HEURISTIC MODEL FOR REDUCING CONTROL LOAD IN IOT RESOURCE ACCESS NETWORKS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links