Key exchange through a trusted proxy

US 9,998,437 B2
Filed: 02/04/2016
Issued: 06/12/2018
Est. Priority Date: 02/04/2015
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

one or more data processors; and

a non-transitory computer-readable storage medium containing instructions which when executed on the one or more data processors, cause the one or more processors to perform operations including;

receiving a communication, wherein the communication corresponds to a request to register a network device as a trusted network device, wherein the communication includes a unique identifier for the network device, and wherein an operation of the network device is controllable by an access device;

identifying, at a computing device, a network associated with the network device, wherein identifying includes using the communication;

determining whether the network device is locally connected to the network, wherein the network is connected to a plurality of additional network devices including the network device;

determining that the network device is a trusted network device when the network device is locally connected to the network;

receiving a new communication, wherein the new communication corresponds to a request for the access device to control an operation of one or more network devices connected to the network;

determining whether the new communication is received from the trusted network device, wherein when the new communication is received from the trusted network device, an access device key is generated for the access device; and

transmitting the access device key, wherein transmitting includes using the trusted network device, wherein when the access device key is received at the access device, the access device key facilitates generating a signature for the access device, and wherein the signature enables the access device to control the operation of the one or more network devices without having to provide a login credential.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for exchanging security keys via a trusted proxy are provided. For example, a method may include receiving, at a computing device, a communication including a unique identifier for an access device connected to a network, wherein unique identifiers include an expiration time. The method may further include using the unique identifier to determine a security key for the access device. The method may also include receiving, at the computing device, a new communication, wherein the new communication includes the unique identifier. The method may further include validating the unique identifier for the access device, wherein validating includes determining whether the unique identifier has expired, and then using the validated identifier to retrieve the security key for the access device. The method may also include transmitting the security key, wherein when the security key is received, the security key facilitates generating a signature.

11 Citations

View as Search Results

18 Claims

1. A system, comprising:
- one or more data processors; and
  
  a non-transitory computer-readable storage medium containing instructions which when executed on the one or more data processors, cause the one or more processors to perform operations including;
  
  receiving a communication, wherein the communication corresponds to a request to register a network device as a trusted network device, wherein the communication includes a unique identifier for the network device, and wherein an operation of the network device is controllable by an access device;
  
  identifying, at a computing device, a network associated with the network device, wherein identifying includes using the communication;
  
  determining whether the network device is locally connected to the network, wherein the network is connected to a plurality of additional network devices including the network device;
  
  determining that the network device is a trusted network device when the network device is locally connected to the network;
  
  receiving a new communication, wherein the new communication corresponds to a request for the access device to control an operation of one or more network devices connected to the network;
  
  determining whether the new communication is received from the trusted network device, wherein when the new communication is received from the trusted network device, an access device key is generated for the access device; and
  
  transmitting the access device key, wherein transmitting includes using the trusted network device, wherein when the access device key is received at the access device, the access device key facilitates generating a signature for the access device, and wherein the signature enables the access device to control the operation of the one or more network devices without having to provide a login credential.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, further comprising instructions which when executed on the one or more data processors, cause the one or more processors to perform operations including:
    - receiving the signature; and
      
      using the signature to authenticate the access device.
  - 3. The system of claim 1, wherein transmitting the security key includes using a trusted proxy.
  - 4. The system of claim 1, wherein the new communication includes an expiration time generated by the access device, and wherein the expiration time is used to validate the unique identifier.
  - 5. The system of claim 1, wherein the system is a cloud computing system, and wherein the instructions further comprise instructions which when executed on the one or more data processors, cause the one or more processors to implement a cloud based service configured to:
    - receive unique identifiers corresponding to the plurality of network devices and one or more access devices;
      
      generate security keys corresponding to the plurality of network devices and the one or more access devices;
      
      associate the security keys with the unique identifiers; and
      
      store the security keys and the unique identifiers.
  - 6. The system of claim 1, wherein the network is a home automation network and wherein the new communication is received while the access device is not connected to the home automation network.

7. A computer-implemented method, comprising:
- receiving, at a computing device, a communication, wherein the communication corresponds to a request to register a network device as a trusted network device, wherein the communication includes a unique identifier for the network device, and wherein an operation of the network device is controllable by an access device;
  
  identifying, at the computing device, a network associated with the network device, wherein identifying includes using the communication;
  
  determining whether the network device is locally connected to the network, wherein the network is connected to a plurality of network devices including the network device;
  
  determining that the network device is a trusted network device when the network device is locally connected to the network;
  
  receiving, at the computing device, a new communication, wherein the new communication corresponds to a request for the access device to control an operation of one or more network devices connected to the network;
  
  determining whether the new communication is received from the trusted network device, wherein when the new communication is received from the trusted network device, an access device key is generated for the access device; and
  
  transmitting the access device key, wherein transmitting includes using the trusted network device, wherein when the access device key is received at the access device, the access device key facilitates generating a signature for the access device, and wherein the signature enables the access device to control the operation of the one or more network devices without having to provide a login credential.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7, further comprising:
    - receiving, at the computing device, the signature; and
      
      using the signature to authenticate the access device.
  - 9. The method of claim 7, wherein transmitting the security key includes using a trusted proxy.
  - 10. The method of claim 7, wherein the new communication includes an expiration time generated by the access device, and wherein the expiration time is used to validate the unique identifier.
  - 11. The method of claim 7, wherein the computing device is a cloud server hosting a cloud based service configured to:
    - receive unique identifiers corresponding to the plurality of network devices and one or more access devices;
      
      generate security keys corresponding to the plurality of network devices and the one or more access devices;
      
      associate the security keys with the unique identifiers; and
      
      store the security keys and the unique identifiers.

12. A computer-program product tangibly embodied in a non-transitory machine-readable storage medium, including instructions configured to cause a data processing apparatus to:
- receive a communication, wherein the communication corresponds to a request to register a network device as a trusted network device, wherein the communication includes a unique identifier for the network device, and wherein an operation of the network device is controllable by an access device;
  
  identify, at a computing device, a network associated with the network device, wherein identifying includes using the communication;
  
  determine whether the network device is locally connected to the network, wherein the network is connected to a plurality of network devices including the network device;
  
  determine that the network device is a trusted network device when the network device is locally connected to the network;
  
  receive a new communication, wherein the new communication corresponds to a request for the access device to control an operation of one or more network devices connected to the network;
  
  determine whether the new communication is received from the trusted network device, wherein when the new communication is received from the trusted network device, an access device key is generated for the access device; and
  
  transmit the access device key, wherein transmitting includes using the trusted network device, wherein when the access device key is received at the access device, the access device key facilitates generating a signature for the access device, and wherein the signature enables the access device to control the operation of the one or more network devices without having to provide a login credential.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The computer-program product of claim 12, wherein when the access device key is received by the access device, the security key facilitates generating a signature for the access device.
  - 14. The computer-program product of claim 12, further comprising instructions configured to cause the data processing apparatus to:
    - receive the signature; and
      
      use the signature to authenticate the access device.
  - 15. The computer-program product of claim 12, wherein transmitting the access device key includes using a trusted proxy, and wherein the trusted proxy is a network device.
  - 16. The computer-program product of claim 12, wherein the new communication includes an expiration time generated by the access device, and wherein the expiration time is used to validate the unique identifier.
  - 17. The computer-program product of claim 12, further comprising instructions configured to cause the data processing apparatus to implement a cloud based service configured to:
    - receive unique identifiers corresponding to the plurality of network devices and one or more access devices;
      
      generate security keys corresponding to the plurality of network devices and the one or more access devices;
      
      associate the security keys with the unique identifiers; and
      
      store the security keys and the unique identifiers.
  - 18. The computer-program product of claim 12, wherein the network is a home automation network and wherein the new communication is received while the access device is not connected to the home automation network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Belkin International Incorporated (Hon Hai Precision Industry Co., Ltd.)
Original Assignee
Belkin International Incorporated (Hon Hai Precision Industry Co., Ltd.)
Inventors
Kim, Ryan Yong, Pathuri, Venkata Subba Rao
Primary Examiner(s)
Parsons, Theodore C

Application Number

US15/015,887
Publication Number

US 20160226845A1
Time in Patent Office

859 Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/2803   Home automation networks

H04L 12/2816   Controlling appliance servi...

H04L 12/2818   from a device located outsi...

H04L 2209/80   Wireless network architectu...

H04L 63/06   for supporting key manageme...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0876   based on the identity of th...

H04L 63/108   when the policy decisions a...

H04L 9/083   involving central third par...

H04L 9/3215   using a plurality of channe...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

Key exchange through a trusted proxy

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Key exchange through a trusted proxy

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others