Security for IoT home voice assistants

US 10,887,351 B2
Filed: 05/02/2018
Issued: 01/05/2021
Est. Priority Date: 05/02/2018
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for implementing a security policy with a voice assistant, the method being performed by one or more computing devices, each comprising one or more processors, the method comprising:

obtaining, by the one or more computing devices, encrypted traffic from the voice assistant;

obtaining, by the one or more computing devices, an audio recording of the user voice command with a microphone built into the one or more computing devices;

generating, by the one or more computing devices, a library of one or more identifiable attributes of the user voice command based at least in part on analysis of the encrypted traffic generated by the voice assistant and at least in part on analysis of the audio recording over a period of time;

identifying, by the one or more computing devices, the user voice command in the encrypted traffic obtained by the one or more computing devices based at least in part on the one or more identifiable attributes of the encrypted traffic;

determining, by the one or more computing devices, the user voice command triggers at least one security policy; and

upon determining the user voice command triggers the at least one security policy, performing, by the one or more computing devices, a security action that implements the at least one security policy.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for implementing security of Internet of Things (IoT) home voice assistants is described. In one embodiment, a computer-implemented method for implementing a security policy with a voice assistant includes obtaining, by one or more computing devices, encrypted traffic from a voice assistant; identifying, by the one or more computing devices, a user voice command in the encrypted traffic based at least in part on one or more identifiable attributes of the encrypted traffic; determining, by the one or more computing devices, the user voice command triggers at least one security policy; and upon determining the user voice command triggers the at least one security policy, performing, by the one or more computing devices, a security action that implements the at least one security policy. In some cases, the method may include obtaining an audio recording of the user voice command with a microphone built into the router.

25 Citations

View as Search Results

18 Claims

1. A computer-implemented method for implementing a security policy with a voice assistant, the method being performed by one or more computing devices, each comprising one or more processors, the method comprising:
- obtaining, by the one or more computing devices, encrypted traffic from the voice assistant;
  
  obtaining, by the one or more computing devices, an audio recording of the user voice command with a microphone built into the one or more computing devices;
  
  generating, by the one or more computing devices, a library of one or more identifiable attributes of the user voice command based at least in part on analysis of the encrypted traffic generated by the voice assistant and at least in part on analysis of the audio recording over a period of time;
  
  identifying, by the one or more computing devices, the user voice command in the encrypted traffic obtained by the one or more computing devices based at least in part on the one or more identifiable attributes of the encrypted traffic;
  
  determining, by the one or more computing devices, the user voice command triggers at least one security policy; and
  
  upon determining the user voice command triggers the at least one security policy, performing, by the one or more computing devices, a security action that implements the at least one security policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein a router in communication with a cloud service obtains the encrypted traffic, the router being connected by wire or wirelessly to the voice assistant and being placed between the voice assistant and the cloud service.
  - 3. The method of claim 2, wherein performing the security action comprises:
    - blocking, at the router, the user voice command received by the voice assistant from reaching the cloud service.
  - 4. The method of claim 2, wherein the router comprises a microphone built into the router.
  - 5. The method of claim 1, wherein identifying the user voice command includes matching at least one of the one or more identifiable attributes of the encrypted traffic with one or more attributes of an analyzed user voice command stored in the library.
  - 6. The method of claim 5, wherein the one or more identifiable attributes of the encrypted traffic comprises at least an interactive data communication pattern between the voice assistant and the cloud service in communication with the voice assistant.
  - 7. The method of claim 5, wherein the one or more identifiable attributes of the encrypted traffic comprises at least a user voice command history.
  - 8. The method of claim 5, wherein the one or more identifiable attributes of the encrypted traffic comprises at least a length of the audio recording associated with the encrypted traffic.
  - 9. The method of claim 1, wherein the security policy comprises:
    - generating an alert based at least in part on the user voice command;
      
      and sending the alert to a user.
  - 10. The method of claim 9, wherein the security policy comprises:
    - blocking the user voice command based on a response from the user receiving the alert.
  - 11. The method of claim 1, wherein implementing the policy comprises:
    - blocking the user voice command when the user voice command is given under a predefined context.
  - 12. The method of claim 11, wherein the predefined context is a time context, a user location context, a device location context, a user identity context, a device type context, a device identification context, or combinations thereof.

13. A computing device configured for implementing a security policy with a voice assistant, comprising:
- a processor;
  
  memory in electronic communication with the processor, wherein the memory stores computer executable instructions that when executed by the processor cause the processor to perform the steps of;
  
  obtaining encrypted traffic from a voice assistant;
  
  obtaining an audio recording of the user voice command with a microphone built into the computing device;
  
  generating a library of one or more identifiable attributes of the user voice command based at least in part on analysis of the encrypted traffic generated by the voice assistant and at least in part on analysis of the audio recording over a period of time;
  
  identifying the user voice command in the encrypted traffic obtained by the computing device based at least in part on the one or more identifiable attributes of the encrypted traffic;
  
  determining the user voice command triggers at least one security policy; and
  
  upon determining the user voice command triggers the at least one security policy, performing a security action that implements the at least one security policy.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computing device of claim 13, wherein the computing device is a router in communication with a cloud service.
  - 15. The computing device of claim 14, wherein the instructions executed by the processor cause the processor to perform the steps of:
    - comparing the audio recording to the encrypted traffic.
  - 16. The computing device of claim 13, wherein the instructions executed by the processor cause the processor to perform the steps of:
    - determining a subsequent user voice command by comparing at least one attribute stored in the library.
  - 17. The computing device of claim 13, wherein the at least one security policy comprises blocking the user voice command.

18. A non-transitory computer-readable storage medium storing computer executable instructions that when executed by a processor cause the processor to perform the steps of:
- obtaining encrypted traffic from a voice assistant;
  
  obtain an audio recording of the user voice command with a microphone built into one or more computing devices associated with the processor;
  
  generating a library of one or more identifiable attributes of the user voice command based at least in part on analysis of the encrypted traffic generated by the voice assistant and at least in part on analysis of the audio recording over a period of time;
  
  identifying a user voice command in the encrypted traffic obtained by the one or more computing devices based at least in part on one or more identifiable attributes of the encrypted traffic;
  
  determining the user voice command triggers at least one security policy; and
  
  upon determining the user voice command triggers the at least one security policy, performing a security action that implements the at least one security policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NortonLifeLock Inc.
Original Assignee
NortonLifeLock Inc.
Inventors
Nanda, Susanta K., Sun, Yuqiong, Shintre, Saurabh
Primary Examiner(s)
Jamshidi, Ghodrat

Application Number

US15/969,193
Publication Number

US 20190342339A1
Time in Patent Office

979 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/604   Tools and structures for ma...

G06F 21/606   by securing the transmissio...

G06F 21/62   Protecting access to data v...

G06F 3/167   Audio in a user interface, ...

G10L 2015/223   Execution procedure of a sp...

H04L 12/2803   Home automation networks

H04L 63/02   for separating internal fro...

H04L 63/0428   wherein the data content is...

H04L 63/0861   using biometrical features,...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/107   wherein the security polici...

H04L 63/20   for managing network securi...

H04W 4/70   Services for machine-to-mac...

Security for IoT home voice assistants

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Security for IoT home voice assistants

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others