Multi-tiered authentication methods for facilitating communications amongst smart home devices and cloud-based servers
First Claim
1. A system, comprising:
- a storage device that stores device credentials for client devices; and
a remote server configured to;
receive first device credentials from a client device, the first device credentials including a secret generated by a third party that is unique to the client device;
determine whether the first device credentials are valid;
when it is determined that the first device credentials are valid;
generate second device credentials, the second device credentials operable to authenticate the client device to communicate with one or more components of the remote server; and
communicate the second device credentials to the client device;
receive the second device credentials from the client device;
determine whether the second device credentials are valid, wherein determining whether the second device credentials are valid includes one or more operations including;
comparing the received second device credentials with recently generated second device credentials, andcomparing the received second device credentials with previously generated second device credentials that were generated prior to the recently generated second device credentials; and
when it is determined that the second device credentials are valid, grant the client device access to secured resources at the remote server.
1 Assignment
0 Petitions
Accused Products
Abstract
Apparatus, systems, methods, and related computer program products for synchronizing distributed states amongst a plurality of entities and authenticating devices to access information and/or services provided by a remote server. Synchronization techniques include client devices and remote servers storing buckets of information. The client device sends a subscription request to the remote serve identifying a bucket of information and, when that bucket changes, the remote server sends the change to the client device. Authentication techniques include client devices including unique default credentials that, when presented to a remote server, provide limited access to the server. The client device may obtain assigned credentials that, when presented to the remote server, provide less limited access to the server.
97 Citations
20 Claims
-
1. A system, comprising:
-
a storage device that stores device credentials for client devices; and a remote server configured to; receive first device credentials from a client device, the first device credentials including a secret generated by a third party that is unique to the client device; determine whether the first device credentials are valid; when it is determined that the first device credentials are valid; generate second device credentials, the second device credentials operable to authenticate the client device to communicate with one or more components of the remote server; and communicate the second device credentials to the client device; receive the second device credentials from the client device; determine whether the second device credentials are valid, wherein determining whether the second device credentials are valid includes one or more operations including; comparing the received second device credentials with recently generated second device credentials, and comparing the received second device credentials with previously generated second device credentials that were generated prior to the recently generated second device credentials; and when it is determined that the second device credentials are valid, grant the client device access to secured resources at the remote server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of granting access for a remote server to a client device, the method comprising:
-
receiving, by the remote server, first device credentials from the client device, the first device credentials including a secret generated by a third party that is unique to the client device; determining, by the remote server, whether the first device credentials are valid; when it is determined that the first device credentials are valid; generating, by the remote server, second device credentials, the second device credentials operable to authenticate the client device to communicate with one or more components of the remote server; and communicating, by the remote server, the second device credentials to the client device; receiving, by the remote server, the second device credentials from the client device; determining, by the remote server, whether the second device credentials are valid, wherein determining whether the second device credentials are valid includes one or more operations including; comparing, by the remote server, the received second device credentials with recently generated second device credentials, and comparing, by the remote server, the received second device credentials with previously generated second device credentials that were generated prior to the recently generated second device credentials; and when it is determined that the second device credentials are valid, granting, by the remote server, the client device access to secured resources at the remote server. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory storage medium comprising instructions that, when executed by one or more processors, cause the one or more processors to perform operations comprising:
-
receiving, by a remote server, first device credentials from a client device, the first device credentials including a secret generated by a third party that is unique to the client device; determining, by the remote server, whether the first device credentials are valid; when it is determined that the first device credentials are valid; generating, by the remote server, second device credentials, the second device credentials operable to authenticate the client device to communicate with one or more components of the remote server; and communicating, by the remote server, the second device credentials to the client device; receiving, by the remote server, the second device credentials from the client device; determining, by the remote server, whether the second device credentials are valid, wherein determining whether the second device credentials are valid includes one or more operations including; comparing, by the remote server, the received second device credentials with recently generated second device credentials, and comparing, by the remote server, the received second device credentials with previously generated second device credentials that were generated prior to the recently generated second device credentials; and when it is determined that the second device credentials are valid, granting, by the remote server, the client device access to secured resources at the remote server. - View Dependent Claims (18, 19, 20)
-
Specification