Secure and anonymized authentication

US 9,603,019 B1
Filed: 10/22/2015
Issued: 03/21/2017
Est. Priority Date: 03/28/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a computing system, a message from a wireless service provider system, wherein the message contains a service-provider-based identity of a client device, an indication that the service-provider-based identity has been authenticated by the wireless service provider, and a single code that the client device obtained from a portal device proximate to the client device, wherein the portal device is in a locked state, and wherein the code includes a first sub-code that identifies the portal device and a second sub-code that identifies a task of unlocking the portal device;

generating, by the computing system, an anonymized identity of the client device based on the service-provider-based identity, wherein the anonymized identity is generated by applying a one-way function to the service-provider-based identity and the code, wherein the computing system is configured to generate different anonymized identities for the client device based on respective codes that the client device receives from respective remote machines, and wherein the portal device is one of the remote machines;

based on the code and the anonymized identity, verifying, by the computing system, that unlocking the portal device is within the authorized capabilities of the anonymized identity; and

transmitting, by the computing system, an instruction to the portal device, wherein the instruction causes the portal device to change from the locked state to an unlocked state.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment may involve receiving, by a computing system, a message from a wireless service provider system. The computing system may include one or more computing devices located, e.g., in the trusted cloud. The message may contain a service-provider-based identity of a client device, an indication that the service-provider-based identity has been authenticated by the wireless service provider, and a code that the client device obtained from a remote machine proximate to the client device. The computing system may generate an anonymized identity of the client device based on the service-provider-based identity. The computing system may verify that a task associated with the code is within the authorized capabilities of the anonymized identity. Possibly based on the code (and perhaps other information as well), the computing system may transmit an instruction to the remote machine. The instruction may direct the remote machine to perform the task.

97 Citations

View as Search Results

18 Claims

1. A method comprising:
- receiving, by a computing system, a message from a wireless service provider system, wherein the message contains a service-provider-based identity of a client device, an indication that the service-provider-based identity has been authenticated by the wireless service provider, and a single code that the client device obtained from a portal device proximate to the client device, wherein the portal device is in a locked state, and wherein the code includes a first sub-code that identifies the portal device and a second sub-code that identifies a task of unlocking the portal device;
  
  generating, by the computing system, an anonymized identity of the client device based on the service-provider-based identity, wherein the anonymized identity is generated by applying a one-way function to the service-provider-based identity and the code, wherein the computing system is configured to generate different anonymized identities for the client device based on respective codes that the client device receives from respective remote machines, and wherein the portal device is one of the remote machines;
  
  based on the code and the anonymized identity, verifying, by the computing system, that unlocking the portal device is within the authorized capabilities of the anonymized identity; and
  
  transmitting, by the computing system, an instruction to the portal device, wherein the instruction causes the portal device to change from the locked state to an unlocked state.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the wireless service provider system is associated with a cellular wireless service provider serving the client device, and wherein the service-provider-based identity is a cellular phone number of the client device.
  - 3. The method of claim 1, wherein the computing system has access to a database associating anonymized identities with respective capabilities, and wherein verifying that unlocking the portal device is within the authorized capabilities of the anonymized identity comprises:
    - looking up the anonymized identity in the database to determine associated capabilities; and
      
      determining that the associated capabilities indicate that the anonymized identity is permitted to cause the portal device to change from the locked state to the unlocked state.
  - 4. The method of claim 1, wherein the anonymized identity is also based on one or more of an entity, a location, or a type of transaction provided by the portal device.
  - 5. The method of claim 1, wherein transmitting the instruction to the portal device comprises transmitting the instruction to a machine control device that controls the portal device, wherein the machine control device causes the portal to change from the locked state to the unlocked state.
  - 6. The method of claim 1, wherein the instruction is also based on the anonymized identity.
  - 7. The method of claim 1 further comprising:
    - before receiving the message, registering, by the computing system, the client device, wherein the registration involves determining the anonymized identity of the client device, and associating the anonymized identity with other credentials of the client device.

8. An article of manufacture including a non-transitory computer-readable medium, having stored thereon program instructions that, upon execution by a computing system, cause the computing system to perform operations comprising:
- receiving a message from a wireless service provider system, wherein the message contains a service-provider-based identity of a client device, an indication that the service-provider-based identity has been authenticated by the wireless service provider, and a single code that the client device obtained from a portal device proximate to the client device, wherein the portal device is in a locked state, and wherein the code includes a first sub-code that identifies the portal device and a second sub-code that identifies a task of unlocking the portal device;
  
  generating an anonymized identity of the client device based on the service-provider-based identity, wherein the anonymized identity is generated by applying a one-way function to the service-provider-based identity and the code, wherein the computing system is configured to generate different anonymized identities for the client device based on respective codes that the client device receives from respective remote machines, and wherein the portal device is one of the remote machines;
  
  based on the code and the anonymized identity, verifying that unlocking the portal device is within the authorized capabilities of the anonymized identity; and
  
  transmitting an instruction to the portal device, wherein the instruction directs the portal device to change from the locked state to an unlocked state.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The article of manufacture of claim 8, wherein the wireless service provider system is associated with a cellular wireless service provider serving the client device, and wherein the service-provider-based identity is a cellular phone number of the client device.
  - 10. The article of manufacture of claim 8, wherein the computing system has access to a database associating anonymized identities with respective capabilities, and wherein verifying that unlocking the portal device is within the authorized capabilities of the anonymized identity comprises:
    - looking up the anonymized identity in the database to determine associated capabilities; and
      
      determining that the associated capabilities indicate that the anonymized identity is permitted to cause the portal device to change from the locked state to the unlocked state.
  - 11. The article of manufacture of claim 8, wherein the anonymized identity is also based on one or more of an entity, a location, or a type of transaction provided by the portal device.
  - 12. The article of manufacture of claim 8, wherein transmitting the instruction to the portal device comprises transmitting the instruction to a machine control device that controls the portal device, wherein the machine control device causes the portal to change from the locked state to the unlocked state.
  - 13. The article of manufacture of claim 8, wherein the instruction is also based on the anonymized identity.

14. A computing system comprising:
- at least one processor;
  
  memory; and
  
  program instructions, stored in the memory, that upon execution by the at least one processor cause the computing system to perform operations comprising;
  
  receiving a message from a wireless service provider system, wherein the message contains a service-provider-based identity of a client device, an indication that the service-provider-based identity has been authenticated by the wireless service provider, and a single code that the client device obtained from a portal device proximate to the client device, wherein the portal device is in a locked state, and wherein the code includes a first sub-code that identifies the portal device and a second sub-code that identifies a task of unlocking the portal device;
  
  generating an anonymized identity of the client device based on the service-provider-based identity, wherein the anonymized identity is generated by applying a one-way function to the service-provider-based identity and the code, wherein the computing system is configured to generate different anonymized identities for the client device based on respective codes that the client device receives from respective remote machines, and wherein the portal device is one of the remote machines;
  
  based on the code and the anonymized identity, verifying that unlocking the portal device is within the authorized capabilities of the anonymized identity; and
  
  transmitting an instruction to the portal device, wherein the instruction directs the portal device to change from the locked state to an unlocked state.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The computing system of claim 14, wherein the wireless service provider system is associated with a cellular wireless service provider serving the client device, and wherein the service-provider-based identity is a cellular phone number of the client device.
  - 16. The computing system of claim 14, wherein the anonymized identity is also based on one or more of an entity, a location, or a type of transaction provided by the portal device.
  - 17. The computing system of claim 14, wherein transmitting the instruction to the portal device comprises transmitting the instruction to a machine control device that controls the portal device, wherein the machine control device causes the portal to change from the locked state to the unlocked state.
  - 18. The computing system of claim 14, wherein the instruction is also based on the anonymized identity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Confia Systems, Inc.
Original Assignee
Confia Systems, Inc.
Inventors
Ramatchandirane, Nadaradjane, Upadhyay, Vandana
Primary Examiner(s)
Masud, Rokib

Application Number

US14/920,137
Time in Patent Office

516 Days
Field of Search

455/556, 705/16, 705/18, 705/39
US Class Current

1/1
CPC Class Codes

G06F 21/6254   by anonymising data, e.g. d...

G06Q 20/308   using the Internet of Things

G06Q 20/383   Anonymous user system

G07F 9/001   Interfacing with vending ma...

H04L 63/08   for authentication of entit...

H04W 12/02   Protecting privacy or anony...

H04W 12/03   Protecting confidentiality,...

H04W 12/069   using certificates or pre-s...

H04W 12/75   Temporary identity

H04W 4/70   Services for machine-to-mac...

Secure and anonymized authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

97 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Secure and anonymized authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links