Method and System for Provisioning an Electronic Device

US 20170195313A1
Filed: 03/21/2017
Published: 07/06/2017
Est. Priority Date: 09/30/2014
Status: Active Grant

First Claim

Patent Images

1. A method for provisioning an electronic device with network credentials that enable the electronic device to access a secure wireless network, the method comprising:

on a client device having one or more processors and memory storing one or more programs for execution by the one or more processors;

establishing a short range wireless link between the electronic device and the client device;

obtaining, at the client device, the network credentials for accessing the secure wireless network;

encrypting at least a portion of the network credentials using a password key provided by a remote server, the remote server being remotely located from the client device and the electronic device; and

sending the encrypted network credentials to the electronic device over the short range wireless link.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This application discloses a method of provisioning an electronic device. The electronic device proactively broadcasts an advertising packet that includes a device identifier associated with the electronic device. A server receives the device identifier via a client device, and issues a link approval response when it verifies that the electronic device associated with the device identifier is available for provisioning in association with a user account. In response to the link approval response, the electronic device and the client device establish communication via a short range wireless link. The client device encrypts at least a portion of network credentials of a secure wireless network using a password key generated at the server, and provides the encrypted network credentials to the electronic device. The electronic device decrypts the encrypted network credentials using a key generated at the electronic device, and accesses the secure wireless network using the decrypted network credentials.

37 Citations

View as Search Results

20 Claims

1. A method for provisioning an electronic device with network credentials that enable the electronic device to access a secure wireless network, the method comprising:
- on a client device having one or more processors and memory storing one or more programs for execution by the one or more processors;
  
  establishing a short range wireless link between the electronic device and the client device;
  
  obtaining, at the client device, the network credentials for accessing the secure wireless network;
  
  encrypting at least a portion of the network credentials using a password key provided by a remote server, the remote server being remotely located from the client device and the electronic device; and
  
  sending the encrypted network credentials to the electronic device over the short range wireless link.
- View Dependent Claims (3)
- - 3. The method of claim 1, wherein a device specific secret is predetermined and stored in a memory of the electronic device before the electronic device is shipped out of factory, and the remote server includes a database recording both a device identifier and the device specific secret associated with the electronic device.

2. The method of claim 0, wherein the password key is generated at the remote server based on a random number provided by the electronic device, and the electronic device is configured to recreate the password key based on the random number for the purposes of recovering the network credentials of the secure wireless network.

4. The method of claim 0, further comprising:
- forwarding a random number provided by the electronic device to the remote server;
  
  receiving payload data that include an authentication tag and the password key both generated by the remote server based on the random number; and
  
  forwarding the authentication tag to the electronic device, wherein the electronic device is configured to verify the authentication tag based on the random number, and the client device is configured to encrypt the at least a portion of the network credentials using the password key only when the electronic device verifies the authentication tag.
- View Dependent Claims (5, 6, 7, 8)
- - 5. The method of claim 4, wherein the password key is encrypted by the remote server based on both the random number and a device secret known to the remote server and the electronic device.
  - 6. The method of claim 4, wherein the random number remains valid only for a predetermined duration of time.
  - 7. The method of claim 4, wherein the electronic device shares a device specific secret with the remote server, and the random number are provided to the remote server with a second authentication token that is generated by the electronic device based on the device specific secret, and wherein the remote server is configured to authenticate the random number based on the second authentication token and the device specific secret.
  - 8. The method of claim 4, wherein the random number, the authentication tag and the encrypted network credentials are communicated between the electronic device and the client device via the short range wireless link, and the network credentials being configured to enable the electronic device to independently access the secure wireless network.

9. A computer system, wherein the computer system includes a client device, the computer system comprising:
- one or more processors; and
  
  memory having instructions stored thereon, which when executed by the one or more processors cause the processors to perform operations, comprising;
  
  establishing a short range wireless link between an electronic device and the client device;
  
  obtaining, at the client device, a network credentials for accessing a secure wireless network;
  
  encrypting at least a portion of the network credentials using a password key provided by a remote server, the remote server being remotely located from the client device and the electronic device; and
  
  sending the encrypted network credentials to the electronic device over the short range wireless link.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The computer system of claim 9, wherein the instructions when executed further cause the processors to perform operations further comprising:
    - logging onto a user account managed by the remote server, the server being remotely located from the client device;
      
      after logging on to the user account;
      
      receiving advertising packets proactively broadcast by the electronic device, wherein the advertising packets include a device identifier that is uniquely associated with the electronic device;
      
      sending to the remote server a link approval request including the device identifier; and
      
      receiving from the remote server a link approval response that verifies that the electronic device is not associated with any user account and available for provisioning in association with the user account.
  - 11. The method of claim 10, wherein the advertising packets are broadcast using a custom data structure that is distinct from any standard data format used by a Bluetooth link.
  - 12. The method of claim 10, wherein the advertising packets further include a first authentication token that is generated based on a device specific secret shared between the electronic device and the remote server, and the remote server is configured to authenticate the device identifier based on the device specific secret and the first authentication token.
  - 13. The computer system of claim 9, wherein the instructions when executed further cause the processors to perform operations comprising:
    - receiving information concerning a list of available secure networks from the electronic device, anddetermining the secure wireless network from the list of available secure networks.
  - 14. The computer system of claim 13, wherein determining the secure wireless network from the list of available secure networks further includes:
    - displaying the list of available secure networks on a provisioning interface; and
      
      receiving a user selection of the secure wireless network.

15. A non-transitory computer-readable medium, having instructions stored thereon, which when executed by one or more processors cause the processors to perform operations comprising:
- on a client device;
  
  establishing a short range wireless link between an electronic device and the client device;
  
  obtaining, at the client device, a network credentials for accessing a secure wireless network;
  
  encrypting at least a portion of the network credentials using a password key provided by a remote server, the remote server being remotely located from the client device and the electronic device; and
  
  sending the encrypted network credentials to the electronic device over the short range wireless link.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the secure wireless network includes a wireless local area network (WLAN).
  - 17. The non-transitory computer-readable medium of claim 15, wherein the network credentials of the secure wireless network further include at least a service set identifier (SSID) and a network password for the WLAN.
  - 18. The non-transitory computer-readable medium of claim 15, wherein the instructions when executed further cause the processors to perform operations comprising:
    - executing an application on the client device, wherein the application enables a user interface for provisioning the electronic device.
  - 19. The non-transitory computer-readable medium of claim 15, wherein the network credentials of the secure wireless network include a network password, and the instructions when executed further cause the processors to perform operations comprising:
    - receiving a user input of the network password; and
      
      encoding the network password using the password key provided by the remote server.
  - 20. The non-transitory computer-readable medium of claim 15, wherein the short range wireless link is established based on classical Bluetooth technology or Bluetooth low energy (BLE) technology.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
KIRKBY, RONALD L., MITSUJI, HIRO, SHERRY, EDEN, NEAL, LAWRENCE W.

Granted Patent

US 10,262,210 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/447   Temporal browsing, e.g. tim...

G06F 3/048   Interaction techniques base...

G06F 3/0481   based on specific propertie...

G06F 3/0482   Interaction with lists of s...

G06F 3/04842   Selection of displayed obje...

G06F 3/04845   for image manipulation, e.g...

G06F 3/04847   Interaction techniques to c...

G06F 3/0485   Scrolling or panning

G06F 3/04855   Interaction with scrollbars

G06F 3/0488   using a touch-screen or dig...

G06F 3/04883   for inputting data by handw...

G06T 2207/10016   Video; Image sequence

G06T 2207/30232   Surveillance

G06T 7/20   Analysis of motion motion e...

G06V 20/40   in video content extracting...

G06V 20/41   Higher-level, semantic clus...

G06V 20/44   Event detection

G06V 20/49   Segmenting video sequences,...

G06V 20/52   Surveillance or monitoring ...

G08B 13/194   using image scanning and co...

G08B 13/196 : using television cameras

G08B 13/19604 : involving reference image o...

G08B 13/19606 : Discriminating between targ...

G08B 13/19613 : Recognition of a predetermi...

G08B 13/19615 : wherein said pattern is def...

G08B 13/19676 : Temporary storage, e.g. cyc...

G08B 13/19682 : Graphic User Interface [GUI...

G08B 13/19684 : Portable terminal, e.g. mob...

G11B 27/005 : Reproducing at a different ...

G11B 27/028 : with computer assistance

G11B 27/031 : Electronic editing of digit...

G11B 27/105 : of operating discs

G11B 27/30 : on the same track as the ma...

G11B 27/34 : Indicating arrangements in...

H04L 2209/80 : Wireless network architectu...

H04L 2463/062 : applying encryption of the ...

H04L 63/0428 : wherein the data content is...

H04L 63/083 : using passwords cryptograph...

H04L 67/10 : in which an application is ...

H04L 9/0822 : using key encryption key

H04L 9/085 : Secret sharing or secret sp...

H04L 9/0869 : involving random numbers or...

H04N 21/2187 : Live feed

H04N 21/2347 : involving video stream encr...

H04N 21/239 : Interfacing the upstream pa...

H04N 21/2393 : involving handling client r...

H04N 21/2541 : Rights Management protectin...

H04N 21/2743 : Video hosting of uploaded d...

H04N 21/42204 : User interfaces specially a...

H04N 21/4222 : Remote control device emula...

H04N 21/431 : Generation of visual interf...

H04N 21/4312 : involving specific graphica...

H04N 21/4314 : for fitting data in a restr...

H04N 21/4316 : for displaying supplemental...

H04N 21/4334 : Recording operations record...

H04N 21/4335 : Housekeeping operations, e....

H04N 21/4408 : involving video stream encr...

H04N 21/4438 : Window management, e.g. eve...

H04N 21/4622 : Retrieving content or addit...

H04N 21/4627 : Rights management associate...

H04N 21/4753 : for user identification, e....

H04N 23/65 : Control of camera operation...

H04N 23/651 : for reducing power consumpt...

H04N 23/6811 : based on the image signal

H04N 23/6815 : by distinguishing pan or ti...

H04N 5/144 : Movement detection for vide...

H04N 5/93 : Regeneration of the televis...

H04N 7/18 : Closed-circuit television [...

H04N 7/183 : for receiving images from a...

H04N 7/185 : from a mobile camera, e.g. ...

H04N 7/186 : Video door telephones

H04N 9/87 : Regeneration of colour tele...

H04W 12/02 : Protecting privacy or anony...

H04W 12/033 : of the user plane, e.g. use...

H04W 12/04 : Key management, e.g. using ...

H04W 12/06 : Authentication

H04W 12/08 : Access security

H04W 12/50 : Secure pairing of devices

H04W 4/80 : Services using short range ...

H04W 84/12 : WLAN [Wireless Local Area N...

View All

Method and System for Provisioning an Electronic Device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and System for Provisioning an Electronic Device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links