Device Communication Environment

US 20170006030A1
Filed: 06/30/2015
Published: 01/05/2017
Est. Priority Date: 06/30/2015
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, at a device security server, a request from a manufacturer to register a device, the request comprising information associated with the device and information for use in authenticating the device;

identifying, at the device security server, a unique device identifier;

associating, at the device security server, the identified unique device identifier with the information associated with the device and with the information for use in authenticating the device;

receiving, at a device security server, a request from an entity responsible for the device to associate information identifying the entity with the device, the request comprising the unique device identifier and the information identifying the entity;

associating, at the device security server, the information identifying the entity with the unique device identifier;

authenticating, at the device security server, a request to perform a function, the authenticating employing the information for use in authenticating the device;

receiving, at the device security server, a request to control the device; and

determining, at the device security server, using the information identifying the entity that the request to control the device is authorized.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing environment is disclosed that receives from devices requests directed toward services accessible in the environment, and that forwards communications from services in the environment to devices registered with the environment. During a registration process at the environment, devices are assigned a device identifier that is used to identify and authenticate each particular device and requests communicated from and to the device via the environment. The computing environment maintains state information for each device that has been registered with the system. As the device interacts with the system, the state information is updated to reflect the changes in the device. When requests to perform functions are received from devices, the computing environment determines for the particular device and the particular function requested what processing needs to be performed by the environment in response to the request.

59 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving, at a device security server, a request from a manufacturer to register a device, the request comprising information associated with the device and information for use in authenticating the device;
  
  identifying, at the device security server, a unique device identifier;
  
  associating, at the device security server, the identified unique device identifier with the information associated with the device and with the information for use in authenticating the device;
  
  receiving, at a device security server, a request from an entity responsible for the device to associate information identifying the entity with the device, the request comprising the unique device identifier and the information identifying the entity;
  
  associating, at the device security server, the information identifying the entity with the unique device identifier;
  
  authenticating, at the device security server, a request to perform a function, the authenticating employing the information for use in authenticating the device;
  
  receiving, at the device security server, a request to control the device; and
  
  determining, at the device security server, using the information identifying the entity that the request to control the device is authorized.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
    - wherein the information for use in authenticating the device comprises a public encryption key, andwherein authenticating a request to perform a function comprises decrypting data received in the request using the public encryption key.
  - 3. The method of claim 2, further comprising:
    - receiving a request from the manufacturer for a certificate for use in authenticating the device;
      
      generating a certificate; and
      
      storing the certificate in association with the unique device identifier,wherein authenticating a request to perform a function further comprises comparing the certificate stored in association with the unique device identifier with a certificate in the request to perform a function.
  - 4. The method of claim 1, further comprising:
    - receiving a request from the device manufacturer to store a device activation code for a device, the request comprising an identifier for the device and the device activation code;
      
      storing the device activation code in association with the identifier for the device;
      
      receiving a request from the entity to activate the device, the request comprising a code and an identifier; and
      
      identifying the device as activated upon determining the received code and identifier correspond to the stored device activation code and the identifier for the device.

5. A computing system, comprising:
- one or more computing processors; and
  
  computing memory communicatively coupled with the one or more computing processors, the computing memory having stored therein computer instructions that, upon execution by the one or more processors, at least cause the computing system to perform operations comprising;
  
  in response to a request from a device provider, storing data indicating a device is registered in a system;
  
  in response to input from a device user, storing data associating the device with the device user in the system; and
  
  in response to periodic requests from the device to access the system, verifying using the stored data that the device is permitted to access the system.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13)
- - 6. The computing system of claim 5, comprising computer instructions that, upon execution by the one or more processors, at least cause the computing system to perform further operations comprising:
    - receiving a request from a device provider to register a device with the system, the request comprising information associated with the device and information for use in authenticating the device; and
      
      generating a device identifier,wherein storing data indicating a device is registered in a system comprises storing data associating the device identifier with the information associated with the device and with the information for use in authenticating the device.
  - 7. The computing system of claim 6,wherein the information for use in authenticating the device comprises a public encryption key.
  - 8. The computing system of claim 7,wherein the information associated with the device comprises one or more of serial number, a universally unique identifier, or machine access control address.
  - 9. The computing system of claim 7, comprising computer instructions that, upon execution by the one or more processors, at least cause the computing system to perform further operations comprising:
    - receiving a request from the device to access the system,wherein verifying using the stored data that the device is permitted to access the system comprises comparing the device identifier with an identifier in the request to access the system and decrypting data received in the request to access the system using the public encryption key.
  - 10. The computing system of claim 6, comprising computer instructions that, upon execution by the one or more processors, at least cause the computing system to perform further operations comprising:
    - receiving a request for a certificate for use in authenticating the device;
11. The computing system of claim 10, wherein comparing the certificate stored in association with the device identifier with a certificate in the one or more requests comprises performing a transport layer security handshake operation with the device.
12. The computing system of claim 5, comprising computer instructions that, upon execution by the one or more processors, at least cause the computing system to perform further operations comprising receiving a request to associate information identifying the device user with the device, the request comprising information identifying the device user and a device identifier,wherein storing data associating the device with the device user in the system comprises storing data associating the information identifying the device user and the device identifier.
13. The computing system of claim 12, comprising computer instructions that, upon execution by the one or more processors, at least cause the computing system to perform further operations comprising:
- receiving a request to control the device from the device user, the request to control the device comprising information identifying the device user and the device identifier;
  
  determining using the information identifying the device user that the request to control the device is authorized; and
  
  upon determining the request to control the device is authorized, updating data identifying a state for the device.

14. A non-transitory computer-readable storage medium having stored thereon computer instructions that, upon execution by one or more processors, at least cause a computing system to perform operations comprising:
- in response to a request from a device provider, associating a unique device identifier with information associated with a device and with information for use in authenticating the device;
  
  in response to a request from a device user, associating information identifying the device user with the unique device identifier;
  
  authenticating a request to perform a function, the authenticating employing the information for use in authenticating the device;
  
  receiving a request to control the device; and
  
  determining using the information identifying the device user that the request to control the device is valid.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer-readable medium of claim 14, having stored thereon computer instructions that at least cause a computing system to perform further operations comprising:
    - receiving a request from a device provider for a device identifier for association with a device, the request comprising information associated with the device and information for use in authenticating the device; and
      
      generating a unique device identifier,wherein associating a unique device identifier with information associated with a device and with information for use in authenticating the device comprises associating a unique device identifier in response to the generating the unique device identifier.
  - 16. The non-transitory computer-readable medium of claim 14, having stored thereon computer instructions that at least cause a computing system to perform further operations comprising:
    - receiving a request from the device provider for a certificate for use in authenticating the device;
      
      generating a certificate; and
      
      storing the certificate in association with the unique device identifier.
  - 17. The non-transitory computer-readable medium of claim 16, having stored thereon computer instructions that at least cause a computing system to perform further operations comprising:
    - receiving one or more request from the device to access the system,wherein authenticating a request to perform a function, the authenticating employing the information for use in authenticating the device comprises;
      
      comparing the certificate stored in association with the unique device identifier with a certificate in the one or more requests;
      
      comparing the unique device identifier with an identifier in the one or more requests to access the system and decrypting data received in the one or more requests to access the system using the information for use in authenticating the device.
  - 18. The non-transitory computer-readable medium of claim 17, wherein comparing the certificate stored in association with the unique device identifier with a certificate in the one or more requests comprises performing a handshake operation with the device.
  - 19. The non-transitory computer-readable medium of claim 14, having stored thereon computer instructions that at least cause a computing system to perform further operations comprising:
    - receiving one or more request from the device to access the system,wherein the information for use in authenticating the device comprises a public encryption key, andwherein authenticating a request to perform a function, the authenticating employing the information for use in authenticating the device comprises;
      
      comparing the unique device identifier with an identifier in the one or more requests to access the system and decrypting data received in the one or more requests to access the system using the public encryption key.
  - 20. The non-transitory computer-readable medium of claim 15, having stored thereon computer instructions that at least cause a computing system to perform further operations comprising:
    - receiving a request from the device provider to store a device activation code for a device, the request comprising the unique device identifier and the device activation code;
      
      storing the device activation code in association with the unique device identifier;
      
      receiving a request initiated by the device user to activate the device, the request comprising a code and an identifier;
      
      identifying the device as activated upon determining the received code and identifier correspond to the stored device activation code and the unique device identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Krishnamoorthy, Shyam, Turow, Jonathan I., Rawcliffe, Alan Conrad, Young, Samuel John, Kuo, Calvin Yue-Ren, Sorenson, James Christopher III, Argenti, Marco

Granted Patent

US 10,958,648 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 63/0884   by delegation of authentica...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 9/3263   involving certificates, e.g...

Device Communication Environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

59 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Device Communication Environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links