Securing a wireless mesh network via a chain of trust

US 9,888,384 B2
Filed: 09/29/2016
Issued: 02/06/2018
Est. Priority Date: 05/23/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for securing a wireless mesh network of beacon devices, comprising:

receiving, by a master beacon device and from a plurality of servant beacon devices in a mesh network, survey data comprising, for each of the servant beacon devices, a beacon device identifier and path loss information of proximate servant beacon devices detected by each servant beacon device;

transmitting, by the master beacon device and to each of the plurality of servant beacon devices, enrollment data comprising beacon device identifiers and corresponding path loss values of proximate beacon devices to servant beacon devices determined from the received survey data, wherein the enrollment data may be retransmitted by servant beacon devices within the mesh network to reach other recipient servant beacon devices;

receiving, by the master beacon device, authentication data from a plurality of servant beacon devices, the authentication data comprising beacon device identifiers for servant beacon devices and path loss information detected by servant beacon devices of proximate servant beacon devices;

comparing, by the master beacon device, the received survey data to the received authentication data; and

determining, by the master beacon device, that the mesh network is insecure based on identified differences between the path loss data from the received survey data and the path loss data from the received authentication data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A master beacon device emits a data packet that is received and retransmitted by servant beacon devices in a wireless mesh network that enables the beacon devices to detect the received signal strength indicator (“RSSI”) of beacon devices in proximity. Each servant beacon device transmits survey data packets comprising the RSSIs and hardware identifiers of proximate beacon devices to the master beacon device, which constructs a first virtual map of the mesh network. At a later time, each servant beacon device transmits authentication data packets, which are retransmitted, each retransmitting beacon inserting an RSSI and hardware identifier of the beacon device from which the authentication data packet was received, until they reach the master beacon device, which constructs a second virtual map of the mesh network. The master beacon device compares the first virtual map to the second virtual map to determine if the network is secure.

Citations

20 Claims

1. A computer-implemented method for securing a wireless mesh network of beacon devices, comprising:
- receiving, by a master beacon device and from a plurality of servant beacon devices in a mesh network, survey data comprising, for each of the servant beacon devices, a beacon device identifier and path loss information of proximate servant beacon devices detected by each servant beacon device;
  
  transmitting, by the master beacon device and to each of the plurality of servant beacon devices, enrollment data comprising beacon device identifiers and corresponding path loss values of proximate beacon devices to servant beacon devices determined from the received survey data, wherein the enrollment data may be retransmitted by servant beacon devices within the mesh network to reach other recipient servant beacon devices;
  
  receiving, by the master beacon device, authentication data from a plurality of servant beacon devices, the authentication data comprising beacon device identifiers for servant beacon devices and path loss information detected by servant beacon devices of proximate servant beacon devices;
  
  comparing, by the master beacon device, the received survey data to the received authentication data; and
  
  determining, by the master beacon device, that the mesh network is insecure based on identified differences between the path loss data from the received survey data and the path loss data from the received authentication data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the authentication data comprises beacon device identifiers for servant beacon devices and path loss information detected by servant beacon devices of at least three proximate servant beacon devices.
  - 3. The method of claim 1, further comprising, transmitting, by the master beacon device, availability data, the availability data comprising a master beacon device identifier, wherein one or more servant beacon devices proximate to the master beacon device receive the availability data and retransmit the availability data, wherein one or more servant beacon devices not proximate to the master beacon device receive and retransmit the retransmitted availability data until all servant beacon devices in the mesh network receive and retransmit the availability data, and wherein each servant beacon determines the path loss and beacon device identifier of any beacon device from which availability data is directly received.
  - 4. The method of claim 3, wherein each servant beacon device in the mesh network, at a time after receiving and retransmitting the availability data, transmits survey data comprising the beacon device identifier of the transmitting servant beacon device and the determined path loss and beacon device identifiers of proximate servant beacon devices, the survey data being received and retransmitted by one or more servant beacon devices in the mesh network until the master beacon device receives the survey data.
  - 5. The method of claim 1, further comprising:
    - determining, by the master beacon device, that the mesh network is secure based on not finding any significant differences between the path loss data from the received survey data and the path loss data from the received authentication data; and
      
      transmitting, by the master beacon device and to a user computing device, a notification that the mesh network is secure, wherein the user computing device establishes a network connection with one or more of the beacon devices in the mesh network and wherein the user computing device initiates a transaction with a merchant system associated with the mesh network upon receiving the notification that the mesh network is secure.
  - 6. The method of claim 1, wherein one or more of the servant beacon devices in the mesh network comprise an accelerometer, wherein each of the servant beacon devices comprising an accelerometer, at a time before transmitting authentication data, determine any movement of the servant beacon device, wherein each of the servant beacon devices comprising an accelerometer transmits authentication data that further comprises a movement notification comprising the movement determination, and wherein determining that the network is insecure is further based on receipt of a movement notification indicating that one or more of the servant beacon devices has been moved.
  - 7. The method of claim 1, wherein one or more of the servant beacon devices in the mesh network transmit authentication data that further comprises an encrypted digital signature encrypted by the servant beacon device from which the authentication data originates, wherein determining that the mesh network is insecure is further based on receipt of one or more invalid digital signatures received in the authentication data and further comprising, at a time before determining that the mesh network is insecure, determining, by the master beacon device, the validity of the one or more encrypted digital signatures received in the authentication data.
  - 8. The method of claim 1, wherein, instead of the path loss, the received signal strength indicator, the received channel power indicator, the time of arrival, or the round trip time is detected.
  - 9. The method of claim 4, wherein, instead of the path loss, the received signal strength indicator, the received channel power indicator, the time of arrival, or the round trip time is detected.

10. A computer program product, comprising:
- a non-transitory computer-readable medium having computer-readable program instructions embodied thereon that when executed by a computer cause the computer to secure a wireless mesh network of beacon devices, the computer readable instructions comprising;
  
  computer-readable program instructions to receive, from a plurality of servant beacon devices in a mesh network, survey data comprising, for each of the servant beacon devices, a beacon device identifier and path loss information of proximate servant beacon devices detected by each servant beacon device;
  
  computer-readable program instructions to transmit, to each of a plurality of servant beacon devices, enrollment data comprising beacon device identifiers and corresponding received signal strength indicator values of proximate beacon devices to servant beacon devices, wherein the enrollment data is based on the received survey data, wherein the enrollment data may be retransmitted by servant beacon devices within the mesh network to reach other recipient servant beacon devices, the enrollment data comprising a list of beacon devices in the mesh network identified by the beacon device identifiers and path loss information detected, for each servant beacon device, of beacon devices in proximity to the servant beacon device;
  
  computer-readable program instructions for receiving authentication data from a plurality of servant beacon devices, the authentication data comprising beacon device identifiers for servant beacon devices and received signal strength indicator values detected by servant beacon devices of proximate servant beacon devices;
  
  computer-readable program instructions for comparing the received survey data to the received authentication data to identify differences between the received survey data and the received authentication data;
  
  computer-readable program instructions for determining that the mesh network is insecure based on identified differences between the received survey data and the received authentication data.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The computer program product of claim 10, further comprising:
    - computer-readable program instructions for detecting the received signal strength indicator of servant beacon devices from which survey data was directly received;
      
      computer-readable program instructions for determining beacon device identifiers of the servant beacon devices from which survey data was directly received; and
      
      computer-readable program instructions for constructing a first virtual map of the mesh network based on the received survey data.
  - 12. The computer program product of claim 10, further comprising transmitting availability data, the availability data comprising a master beacon device identifier, wherein one or more servant beacon devices proximate to the master beacon device receive the availability data and retransmit the availability data, wherein one or more servant beacon devices not proximate to the master beacon device receive and retransmit the retransmitted availability data until all servant beacon devices in the mesh network receive and retransmit the availability data, wherein each servant beacon determines the received signal strength indicator and beacon device identifier of any beacon device from which availability data is directly received.
  - 13. The computer program product of claim 12, wherein each servant beacon device in the mesh network, at a time after receiving and retransmitting the availability data, transmits survey data comprising the beacon device identifier of the transmitting servant beacon device and the determined received signal strength indicator and beacon device identifiers of proximate servant beacon devices, the survey data being received and retransmitted by one or more servant beacon devices in the mesh network until the master beacon device receives the survey data.
  - 14. The computer program product of claim 10, further comprising:
    - computer program instructions for determining that the mesh network is secure based on not finding any significant differences between the received survey data and the received authentication data; and
      
      computer program instructions for transmitting, to a user computing device, a notification that the mesh network is secure, wherein the user computing device establishes a network connection with one or more of the beacon devices in the mesh network and wherein the user computing device initiates a transaction with a merchant system associated with the mesh network upon receiving the notification that the mesh network is secure.
  - 15. The computer program product of claim 10, wherein one or more of the servant beacon devices in the mesh network comprise an accelerometer, wherein each of the servant beacon devices comprising an accelerometer, at a time before transmitting authentication data, determine any movement of the servant beacon device, wherein each of the servant beacon devices comprising an accelerometer transmits authentication data that further comprises a movement notification comprising the movement determination, and wherein determining that the network is insecure is further based on receipt of a movement notification indicating that one or more of the servant beacon devices has been moved.
  - 16. The computer program product of claim 10, wherein one or more of the servant beacon devices in the mesh network transmit authentication data that further comprises an encrypted digital signature encrypted by the servant beacon device from which the authentication data originates, wherein determining that the mesh network is insecure is further based on receipt of one or more invalid digital signatures received in the authentication data and further comprising, at a time before determining that the mesh network is insecure, computer program instructions for determining the validity of the one or more encrypted digital signatures received in the authentication data.

17. A system for securing a wireless mesh network of beacon devices, comprising:
- a storage device; and
  
  a processor communicatively coupled to the storage device, wherein the processor executes application code instructions that are stored in the storage device to cause the system to;
  
  receive, from a plurality of servant beacon devices in a mesh network, survey data comprising, for each of the servant beacon devices, a beacon device identifier and received signal strength indicator (“
  
  RSSI”
  
  ) of proximate servant beacon devices detected by each servant beacon device;
  
  transmit, to each of the plurality of servant beacon devices, enrollment data comprising beacon device identifiers and corresponding RSSI values of proximate beacon devices to servant beacon devices, wherein the enrollment data is based on the received survey data and wherein the enrollment data may be retransmitted by servant beacon devices within the mesh network to reach other recipient servant beacon devices;
  
  receive authentication data from a plurality of servant beacon devices in a mesh network, the authentication data comprising beacon device identifiers for servant beacon devices and RSSI values detected by servant beacon devices of proximate servant beacon devices;
  
  compare RSSI data from the received survey data packets to the RSSI data from the received authentication data packets;
  
  determine that the mesh network is insecure based on identified differences between the RSSI data from the received survey data packets and the RSSI data from the received authentication data packets.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the processor is further configured to execute computer-readable program instructions stored in the storage medium to cause the system to:
    - determine that the mesh network is secure based on finding no significant differences between the RSSI data from the received survey data packets and the RSSI from the received authentication data packets; and
      
      transmit, to a user computing device, a notification that the mesh network is secure, wherein the user computing device establishes a network connection with one or more of the beacon devices in the mesh network and wherein the user computing device initiates a transaction with a merchant system associated with the mesh network upon receiving the notification that the mesh network is secure.
  - 19. The system of claim 17, wherein one or more of the servant beacon devices in the mesh network comprise an accelerometer, wherein each of the servant beacon devices comprising an accelerometer, at a time before transmitting authentication data, determine any movement of the servant beacon device, wherein each of the servant beacon devices comprising an accelerometer transmits authentication data that further comprises a movement notification comprising the movement determination, and wherein determining that the network is insecure is further based on receipt of a movement notification indicating that one or more of the servant beacon devices has been moved.
  - 20. The system of claim 17, wherein instead of the RSSI, the path loss, the received channel power indicator, the time of arrival, or the round trip time is detected.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google LLC (Alphabet Inc.)
Inventors
Weksler, Michel, Abousselham, Yassir, Krieger, Ken, De Vries, Brian
Primary Examiner(s)
Lagor, Alexander

Application Number

US15/280,655
Publication Number

US 20170019788A1
Time in Patent Office

495 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04L 67/12   specially adapted for propr...

H04W 12/065   Continuous authentication

H04W 12/122   Counter-measures against at...

H04W 4/80   Services using short range ...

H04W 84/12   WLAN [Wireless Local Area N...

H04W 84/18   Self-organising networks, e...

Securing a wireless mesh network via a chain of trust

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Securing a wireless mesh network via a chain of trust

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links