Trust heuristic model for reducing control load in IoT resource access networks

US 9,621,530 B2
Filed: 06/25/2014
Issued: 04/11/2017
Est. Priority Date: 06/28/2013
Status: Active Grant

First Claim

Patent Images

1. A method for controlled resource access in an Internet of Things (IoT) network, comprising:

requesting, by a requesting node, access to a first controlled resource in the IoT network, wherein access to the first controlled resource includes a requirement to periodically repeat an authentication procedure;

responding to a challenge message received from a first gatekeeper node, wherein the first gatekeeper node is configured to deny access to the first controlled resource when the response to the challenge message is incorrect; and

receiving the requested access to the first controlled resource in response to correctly responding to the challenge message, wherein the first gatekeeper node increases a time before the requesting node is required to repeat the authentication procedure in response to the requesting node correctly responding to two or more successive challenge messages.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosure relates to a trust heuristic model for reducing a control load in an IoT resource access network. For example, an authenticating node may challenge a client node that requests access to a resource and grant the access if the client node correctly responds to the challenge or alternatively deny the access if the client node incorrectly responds to the challenge. Furthermore, based on the response to the challenge, the client node may be assigned a trust level, which may be dynamically updated based on successive challenge-and-response exchanges and/or interactions with other IoT network nodes. For example, to reduce the resource access control load, subsequent challenge-and-response intervals may be increased or eliminated if the client node correctly responds to successive challenges over time, while client nodes that incorrectly respond to successive challenges over time may be blocked from accessing the resource or banned from the IoT network.

19 Citations

View as Search Results

32 Claims

1. A method for controlled resource access in an Internet of Things (IoT) network, comprising:
- requesting, by a requesting node, access to a first controlled resource in the IoT network, wherein access to the first controlled resource includes a requirement to periodically repeat an authentication procedure;
  
  responding to a challenge message received from a first gatekeeper node, wherein the first gatekeeper node is configured to deny access to the first controlled resource when the response to the challenge message is incorrect; and
  
  receiving the requested access to the first controlled resource in response to correctly responding to the challenge message, wherein the first gatekeeper node increases a time before the requesting node is required to repeat the authentication procedure in response to the requesting node correctly responding to two or more successive challenge messages.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method recited in claim 1, wherein the challenge message and the response to the challenge message are exchanged over a control channel associated with the IoT network.
  - 3. The method recited in claim 1, wherein the first gatekeeper node increases a trust level associated with the requesting node in response to the requesting node correctly responding to the challenge message.
  - 4. The method recited in claim 1, wherein the first gatekeeper node increases an interval before transmitting a subsequent challenge message to the requesting node to increase the time before the requesting node is required to repeat the authentication procedure.
  - 5. The method recited in claim 1, wherein the first gatekeeper node decreases a trust level associated with the requesting node in response to receiving an incorrect response to the challenge message from the requesting node.
  - 6. The method recited in claim 1, wherein the first gatekeeper node temporarily blocks the requesting node from communicating over the IoT network in response to the requesting node incorrectly responding to two or more successive challenge messages.
  - 7. The method recited in claim 6, wherein the first gatekeeper node permanently bans the requesting node from communicating over the IoT network in response to the requesting node continuing to incorrectly respond to one or more successive challenge messages over time.
  - 8. The method recited in claim 1, wherein the first gatekeeper node adjusts the requirement to periodically repeat the authentication procedure according to a trust level assigned to the requesting node in response to the IoT network migrating to a new network access layer.
  - 9. The method recited in claim 1, further comprising:
    - requesting access to a second controlled resource from a second gatekeeper node, wherein the second gatekeeper node determines whether to grant the requesting node access to the second controlled resource based solely on a trust level between the requesting node and a trusted node having one or more previous interactions with the requesting node.
  - 10. The method recited in claim 9, wherein a second IoT network includes one or more of the second controlled resource, the second gatekeeper node, or the trusted node having the one or more previous interactions with the requesting node.
  - 11. The method recited in claim 9, wherein the trust level associated with the requesting node comprises one of N trust levels in a trust heuristic logical model that defines one or more resources in the IoT network that nodes having each respective trust level are permitted to access.
  - 12. The method recited in claim 1, wherein the first gatekeeper node comprises a regulating node that regulates access to the first controlled resource.
  - 13. The method recited in claim 1, wherein the first gatekeeper node comprises an intermediate node that relays messages between the requesting node and a regulating node that regulates access to the first controlled resource.
  - 14. The method recited in claim 1, wherein the first controlled resource comprises an infinite resource having a production rate that equals or exceeds a consumption rate.
  - 15. The method recited in claim 1, wherein the first controlled resource comprises a finite resource having a consumption rate that exceeds a production rate.
  - 16. The method recited in claim 15, wherein the first gatekeeper node comprises an intermediate node having allocated access to the finite resource, and wherein the access allocated to the intermediate node comprises a first portion that the intermediate node requires and an extra portion that can be supplied to one or more requesting nodes.
  - 17. The method recited in claim 16, wherein requesting the access to the first controlled resource further comprises:
    - contacting one or more intermediate nodes that have allocated access to the finite resource to determine a total extra portion of the finite resource allocated thereto; and
      
      requesting that the one or more intermediate nodes supply an amount of the finite resource that the requesting node requires in response to determining that the total extra portion of the finite resource allocated thereto meets or exceeds the amount of the finite resource that the requesting node requires.
  - 18. The method recited in claim 17, wherein responding to the challenge message further comprises:
    - receiving the challenge message from the one or more intermediate nodes in response to requesting that the one or more intermediate nodes supply the amount of the finite resource that the requesting node requires; and
      
      receiving the required amount of the finite resource from the one or more intermediate nodes in response to transmitting a correct response to the challenge message to each intermediate node.

19. An Internet of Things (IoT) device, comprising:
- a transceiver configured to;
  
  transmit a request to access a controlled resource in an IoT network, wherein access to the controlled resource includes a requirement to periodically repeat an authentication procedure; and
  
  respond to a challenge message received from a gatekeeper node, wherein the gatekeeper node is configured to deny access to the controlled resource when the response to the challenge message is incorrect; and
  
  at least one processor, coupled to the transceiver, and configured to receive the requested access to the controlled resource based on a correct response to the challenge message, wherein the gatekeeper node is configured to increase a time before the requesting node is required to repeat the authentication procedure in response to the IoT device correctly responding to two or more successive challenge messages.
- View Dependent Claims (20)
- - 20. The IoT device recited in claim 19, wherein the controlled resource comprises a finite resource having a consumption rate that exceeds a production rate, wherein the first gatekeeper node comprises an intermediate node having allocated access to the finite resource, wherein the access allocated to the intermediate node comprises a first portion that the intermediate node requires and an extra portion that can be supplied to one or more requesting nodes, and wherein the at least one processor is further configured to:
    - contact one or more intermediate nodes that have allocated access to the finite resource to determine a total extra portion of the finite resource allocated thereto;
      
      request that the one or more intermediate nodes supply an amount of the finite resource that the IoT device requires in response to the total extra portion of the finite resource allocated thereto meeting or exceeding the amount of the finite resource that the IoT device node requires;
      
      receive, via the transceiver, the challenge message from the one or more intermediate nodes in response to requesting that the one or more intermediate nodes supply the amount of the finite resource that the IoT device requires;
      
      transmit, via the transceiver, a response to the challenge message to each intermediate node; and
      
      receive the required amount of the finite resource from the one or more intermediate nodes in response to the transmitted response being a correct response to the challenge message.

21. A “
- non-transitory”
  
  computer-readable storage medium having computer-executable instructions recorded thereon, wherein executing the computer-executable instructions on an Internet of Things (IoT) device causes the IoT device to;
  
  request access to a controlled resource in an IoT network, wherein access to the controlled resource includes a requirement to periodically repeat an authentication procedure;
  
  respond to a challenge message received from a gatekeeper node, wherein the gatekeeper node is configured to deny access to the controlled resource when the response to the challenge message is incorrect; and
  
  receive the requested access to the controlled resource in response to correctly responding to the challenge message, wherein the gatekeeper node is configured to increase a time before the requesting node is required to repeat the authentication procedure in response to the IoT device correctly responding to two or more successive challenge messages.
- View Dependent Claims (22)
- - 22. The “
    - non-transitory”
      
      computer-readable storage medium recited in claim 21, wherein the controlled resource comprises a finite resource having a consumption rate that exceeds a production rate, wherein the first gatekeeper node comprises an intermediate node having allocated access to the finite resource, wherein the access allocated to the intermediate node comprises a first portion that the intermediate node requires and an extra portion that can be supplied to one or more requesting nodes, and wherein executing the computer-executable instructions on the IoT device further causes the IoT device to;
      
      contact one or more intermediate nodes that have allocated access to the finite resource to determine a total extra portion of the finite resource allocated thereto;
      
      request that the one or more intermediate nodes supply an amount of the finite resource that the IoT device requires in response to the total extra portion of the finite resource allocated thereto meeting or exceeding the amount of the finite resource that the IoT device node requires;
      
      receive the challenge message from the one or more intermediate nodes in response to requesting that the one or more intermediate nodes supply the amount of the finite resource that the IoT device requires;
      
      transmit a response to the challenge message to each intermediate node; and
      
      receive the required amount of the finite resource from the one or more intermediate nodes in response to the transmitted response being a correct response to the challenge message.

23. A method for controlling resource access in an Internet of Things (IoT) network, comprising:
- receiving, at a gatekeeper node, a request to access a controlled resource in the IoT network from a requesting node, wherein access to the controlled resource includes a requirement to periodically repeat an authentication procedure;
  
  transmitting a challenge message to the requesting node;
  
  receiving a response to the challenge message from the requesting node;
  
  determining whether to grant the requesting node access to the controlled resource based on the received response to the challenge message, wherein the requesting node is granted access to the controlled resource when the received response is correct or denied access to the controlled resource when the received response is incorrect; and
  
  increasing a time before the requesting node is required to repeat the authentication procedure in response to the requesting node correctly responding to two or more successive challenge messages.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 24. The method recited in claim 23, further comprising:
    - increasing a trust level assigned to the requesting node and increasing an interval before transmitting a subsequent challenge message to the requesting node in response to determining that the received response to the challenge message was correct.
  - 25. The method recited in claim 23, further comprising:
    - decreasing a trust level assigned to the requesting node in response to determining that the received response to the challenge message was incorrect.
  - 26. The method recited in claim 25, further comprising:
    - blocking the requesting node from communicating over the IoT network in response to the requesting node incorrectly responding to two or more successive challenge messages.
  - 27. The method recited in claim 23, further comprising:
    - adjusting the requirement to periodically repeat the authentication procedure according to a trust level assigned to the requesting node in response to the IoT network migrating to a new network access layer.
  - 28. The method recited in claim 23, further comprising:
    - assigning a trust level to the requesting node based on the received response to the challenge message, wherein the trust level assigned to the requesting node comprises one of N trust levels in a trust heuristic logical model that defines one or more resources in the IoT network that nodes having each respective trust level are permitted to access; and
      
      communicating the trust level assigned to the requesting node to another node that regulates access to one or more resources in the IoT network, wherein the other node in the IoT network determines whether to grant the requesting node access to the one or more regulated resources based solely on the trust level assigned to the requesting node.
  - 29. The method recited in claim 23, wherein the gatekeeper node has allocated access to the controlled resource, and wherein the access allocated to the gatekeeper node comprises a portion required by the gatekeeper node and an extra portion that can be supplied to the requesting node.
  - 30. The method recited in claim 29, wherein determining whether to grant the requesting node access to the controlled resource comprises:
    - supplying the requesting node with the extra portion of the allocated access to the controlled resource in response to determining that the received response to the challenge message was correct, wherein the controlled resource comprises a finite resource having a consumption rate that exceeds a production rate.
  - 31. The method recited in claim 30, wherein the gatekeeper node transmits the challenge message to the requesting node in response to the requesting node requesting that the gatekeeper node supply the extra portion of the allocated access to the controlled resource.
  - 32. The method recited in claim 23, wherein the controlled resource comprises one or more of an infinite resource having a production rate that equals or exceeds a consumption rate or a finite resource having a consumption rate that exceeds a production rate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Lin, James Minlou
Primary Examiner(s)
Abyaneh, Ali
Assistant Examiner(s)
WADE, SHAQUEAL D

Application Number

US14/314,999
Publication Number

US 20150007273A1
Time in Patent Office

1,021 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 47/10   Flow control; Congestion co...

H04L 63/08   for authentication of entit...

H04L 67/12   specially adapted for propr...

Trust heuristic model for reducing control load in IoT resource access networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Trust heuristic model for reducing control load in IoT resource access networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links