Biometrics based electronic device authentication and authorization

US 9,160,743 B2
Filed: 02/12/2013
Issued: 10/13/2015
Est. Priority Date: 02/12/2013
Status: Expired due to Fees

First Claim

Patent Images

1. A method for authentication and authorization, the method comprising:

receiving, at a security server, a first indication of an access request for a first electronic device, wherein the first indication of the access request comprises biometric data, wherein the biometric data identifies a user requesting access to the first electronic device;

validating the biometric data against previously captured biometric data accessible by the security server;

in response to the biometric data being valid based, at least in part, on validating the biometric data against the previously captured biometric data,accessing a first user profile associated with the biometric data, wherein the first user profile comprises data that at least indicates an operation and a permission associated with the operation;

generating a message that indicates access authorization to the first electronic device in accordance with the first user profile, wherein the message includes a subset of the first user profile that at least indicates the operation and the permission; and

transmitting the message to the first electronic device;

in response to the biometric data being not valid based, at least in part, on validating the biometric data against the previously captured biometric data, generating and transmitting a notification that an unauthorized access has been attempted;

receiving, at the security server, an indication of a configuration request for the first electronic device, wherein the indication of the configuration request is associated with a zero configuration networking protocol, wherein the indication of the configuration request comprises the biometric data;

determining whether the biometric data of the configuration request is associated with a second user profile, the second user profile having a user permission indicating that the user is permitted to configure an electronic device;

in response to determining that the biometric data of the configuration request is associated with the second user profile, configuring the first electronic device to operate with the security server; and

in response to determining that the biometric data of the configuration request is not associated with the second user profile, denying the configuration request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An indication of a configuration request for an electronic device is received. An indication of an access request for the electronic device is received after receiving the indication of the configuration request. The indication of the access request comprises biometric data. The biometric data is validated against previously captured biometric data. If the biometric data is valid based, at least in part, on said validation of the biometric data, a user profile associated with the biometric data is accessed and access to the electronic device is authorized in accordance with the user profile. If the biometric data is not valid based, at least in part, on said validation of the biometric data, a notification that an unauthorized access has been attempted is generated and transmitted.

67 Citations

View as Search Results

32 Claims

1. A method for authentication and authorization, the method comprising:
- receiving, at a security server, a first indication of an access request for a first electronic device, wherein the first indication of the access request comprises biometric data, wherein the biometric data identifies a user requesting access to the first electronic device;
  
  validating the biometric data against previously captured biometric data accessible by the security server;
  
  in response to the biometric data being valid based, at least in part, on validating the biometric data against the previously captured biometric data,accessing a first user profile associated with the biometric data, wherein the first user profile comprises data that at least indicates an operation and a permission associated with the operation;
  
  generating a message that indicates access authorization to the first electronic device in accordance with the first user profile, wherein the message includes a subset of the first user profile that at least indicates the operation and the permission; and
  
  transmitting the message to the first electronic device;
  
  in response to the biometric data being not valid based, at least in part, on validating the biometric data against the previously captured biometric data, generating and transmitting a notification that an unauthorized access has been attempted;
  
  receiving, at the security server, an indication of a configuration request for the first electronic device, wherein the indication of the configuration request is associated with a zero configuration networking protocol, wherein the indication of the configuration request comprises the biometric data;
  
  determining whether the biometric data of the configuration request is associated with a second user profile, the second user profile having a user permission indicating that the user is permitted to configure an electronic device;
  
  in response to determining that the biometric data of the configuration request is associated with the second user profile, configuring the first electronic device to operate with the security server; and
  
  in response to determining that the biometric data of the configuration request is not associated with the second user profile, denying the configuration request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein generating the message that indicates the access authorization in accordance with the first user profile comprises:
    - determining an access permission defined in the first user profile;
      
      determining whether the first indication of the access request indicates a type of access permitted based, at least in part, on the access permission;
      
      generating the message with an indication of approval in response to determining that the first indication of the access request indicates the type of access permitted based, at least in part, on the access permission; and
      
      generating the message with an indication of denial in response to determining that the first indication of the access request indicates a type of access that is not permitted based, at least in part, on the access permission.
  - 3. The method of claim 1, wherein the message includes an access permission defined in the first user profile.
  - 4. The method of claim 1, wherein generating the message that indicates the access authorization in accordance with the first user profile comprises:
    - accessing operation data for the first electronic device based, at least in part, on an identifier of the first electronic device indicated in the first indication of the access request; and
      
      determining the operation from the operation data for a type of access indicated as authorized in the first user profile, wherein the first indication of the access request indicates the type of access.
  - 5. The method of claim 1, wherein generating and transmitting the notification that the unauthorized access has been attempted comprises:
    - determining that a third user profile indicates a user to receive a notification when an access has been attempted with invalid biometric data;
      
      loading the third user profile that indicates the user to receive the notification when the access has been attempted with the invalid biometric data; and
      
      transmitting the notification that the unauthorized access has been attempted with the invalid biometric data in accordance with the third user profile when the access has been attempted with the invalid biometric data.
  - 6. The method of claim 1 further comprising:
    - receiving, at the security server, a second indication of the access request for the first electronic device without the biometric data in response to the biometric data being valid for the first electronic device, wherein the second indication of the access request comprises a user identifier.
  - 7. The method of claim 1 further comprising:
    - receiving, at the security server, an indication of a user profile update request from the first electronic device, wherein the indication of the user profile update request comprises a user identifier.
  - 8. The method of claim 1 further comprising:
    - generating and transmitting a notification that a third user profile has been modified, wherein the notification that the third user profile has been modified comprises at least one of a user identifier associated with the third user profile and the third user profile.
  - 9. The method of claim 1, wherein the first electronic device comprises one of a microwave, a refrigerator, a washer, a dryer, a dishwasher, a toaster, a television, a game console, a video player, a cable box, a satellite receiver, an IPTV receiver, an audio receiver, and an audio player.
  - 10. The method of claim 1, wherein the first indication of the access request further comprises at least one of an electronic device identifier and an operation identifier.
  - 11. The method of claim 1, wherein the first indication of the access request is received from a second electronic device, wherein the first electronic device and the second electronic device are different electronic devices.
  - 12. The method of claim 11, wherein the second electronic device comprises one of a cellphone and a control panel.
  - 13. The method of claim 1 further comprising:
    - receiving, at the security server, an indication of a permission transfer request from the first electronic device, wherein the indication of the permission transfer request identifies the first user profile and a third user profile; and
      
      replicating a user permission associated with the first user profile to the third user profile.
  - 14. The method of claim 1 further comprising:
    - in response to the biometric data not being valid based, at least in part, on validating the biometric data against the previously captured biometric data, creating a third user profile associated with the biometric data.

15. A non-transitory machine-readable storage medium having instructions stored therein, which when executed by a processor causes the processor to perform operations that comprise:
- receiving, at a security server, a first indication of an access request for an electronic device, wherein the first indication of the access request comprises biometric data, wherein the biometric data identifies a user requesting access to the electronic device;
  
  validating the biometric data against previously captured biometric data accessible by the security server;
  
  in response to the biometric data being valid based, at least in part, on validating the biometric data against the previously captured biometric data,accessing a first user profile associated with the biometric data, wherein the first user profile at least indicates an operation and a permission associated with the operation;
  
  generating a message that indicates access authorization to the electronic device in accordance with the first user profile, wherein the message includes a subset of the first user profile that at least indicates the operation and the permission; and
  
  transmitting the message to the electronic device;
  
  in response to the biometric data being not valid based, at least in part, on validating the biometric data against the previously captured biometric data, generating and transmitting a notification that an unauthorized access has been attempted;
  
  receiving, at the security server, an indication of a configuration request for the electronic device, wherein the indication of the configuration request is associated with a zero configuration networking protocol, wherein the indication of the configuration request comprises the biometric data;
  
  determining whether the biometric data of the configuration request is associated with a second user profile, the second user profile having a user permission indicating that the user is permitted to configure the electronic device;
  
  in response to determining that the biometric data of the configuration request is associated with the second user profile, configuring the electronic device to operate with the security server; and
  
  in response to determining that the biometric data of the configuration request is not associated with the second user profile, denying the configuration request.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
- - 16. The non-transitory machine-readable storage medium of claim 15, wherein generating the message that indicates the access authorization in accordance with the first user profile comprises:
    - determining an access permission defined in the first user profile;
      
      determining whether the first indication of the access request indicates a type of access permitted based, at least in part, on the access permission;
      
      generating the message with an indication of approval in response to determining that the first indication of the access request indicates the type of access permitted based, at least in part, on the access permission; and
      
      generating the message with an indication of denial in response to determining that the first indication of the access request indicates a type of access that is not permitted based, at least in part, on the access permission.
  - 17. The non-transitory machine-readable storage medium of claim 15, wherein generating the message that indicates the access authorization in accordance with the first user profile comprises:
    - accessing operation data for the electronic device based, at least in part, on an identifier of the electronic device indicated in the first indication of the access request; and
      
      determining the operation from the operation data for a type of access indicated as authorized in the first user profile, wherein the first indication of the access request indicates the type of access.
  - 18. The non-transitory machine-readable storage medium of claim 15, wherein generating and transmitting the notification that the unauthorized access has been attempted comprises:
    - determining that a third user profile indicates a user to receive a notification when an access has been attempted with invalid biometric data;
      
      loading the third user profile that indicates the user to receive the notification when the access has been attempted with the invalid biometric data; and
      
      transmitting the notification that the unauthorized access has been attempted with the invalid biometric data in accordance with the third user profile when the access has been attempted with the invalid biometric data.
  - 19. The non-transitory machine-readable storage medium of claim 15, wherein the operations further comprise:
    - receiving, at the security server, a second indication of the access request for the electronic device without the biometric data in response to the biometric data being valid for the electronic device, wherein the second indication of the access request comprises a user identifier.
  - 20. The non-transitory machine-readable storage medium of claim 15, wherein the operations further comprise:
    - receiving, at the security server, an indication of a user profile update request from the electronic device, wherein the indication of the user profile update request comprises a user identifier.
  - 21. The non-transitory machine-readable storage medium of claim 15, wherein the operations further comprise:
    - generating and transmitting a notification that a third user profile has been modified, wherein the notification that the third user profile has been modified comprises at least one of an user identifier associated with the third user profile and the third user profile.
  - 22. The non-transitory machine-readable storage medium of claim 15, wherein the operations further comprise:
    - receiving, at the security server, an indication of a permission transfer request from the electronic device, wherein the indication of the permission transfer request identifies the first user profile and a third user profile; and
      
      replicating a user permission associated with the first user profile to the third user profile.
  - 23. The non-transitory machine-readable storage medium of claim 15, wherein the operations further comprise:
    - in response to the biometric data not being valid based, at least in part, on validating the biometric data against the previously captured biometric data, creating a third user profile associated with the biometric data.

24. A device comprising:
- a network interface; and
  
  memory including instructions stored therein, the instructions executable by a processor to cause the device to;
  
  receive a first indication of an access request for an electronic device, wherein the first indication of the access request comprises biometric data, wherein the biometric data identifies a user requesting access to the electronic device;
  
  validate the biometric data against previously captured biometric data accessible by the device;
  
  in response to the biometric data being valid based, at least in part, on validation of the biometric data against the previously captured biometric data,access a first user profile associated with the biometric data, wherein the first user profile at least indicates an operation and a permission associated with the operation;
  
  generate a message that indicates access authorization to the electronic device in accordance with the first user profile, wherein the message includes a subset of the first user profile that at least indicates the operation and the permission; and
  
  transmit the message to the electronic device;
  
  in response to the biometric data not being valid based, at least in part, on validation of the biometric data against the previously captured biometric data, generate and transmit a notification that an unauthorized access has been attempted;
  
  receive an indication of a configuration request for the electronic device, wherein the indication of the configuration request is associated with a zero configuration networking protocol, wherein the indication of the configuration request comprises the biometric data;
  
  determine whether the biometric data of the configuration request is associated with a second user profile, the second user profile having a user permission indicating that the user is permitted to configure the electronic device;
  
  in response to a determination that the biometric data of the configuration request is associated with the second user profile, configure the electronic device to operate with the device; and
  
  in response to a determination that the biometric data of the configuration request is not associated with the second user profile, deny the configuration request.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32)
- - 25. The device of claim 24, wherein the instructions to generate the message that indicates the access authorization in accordance with the first user profile comprise instructions to:
    - determine an access permission defined in the first user profile;
      
      determine whether the first indication of the access request indicates a type of access permitted based, at least in part, on the access permission;
      
      generate the message with an indication of approval in response to a determination that the first indication of the access request indicates the type of access permitted based, at least in part, on the access permission; and
      
      generate the message with an indication of denial in response to a determination that the first indication of the access request indicates a type of access that is not permitted based, at least in part, on the access permission.
  - 26. The device of claim 24, wherein the instructions to generate the message that indicates the access authorization in accordance with the first user profile comprise instructions to:
    - access operation data for the electronic device based, at least in part, on an identifier of the electronic device indicated in the first indication of the access request; and
      
      determine the operation from the operation data for a type of access indicated as authorized in the first user profile, wherein the first indication of the access request indicates the type of access.
  - 27. The device of claim 24, wherein the instructions to generate and transmit the notification that the unauthorized access has been attempted comprise instructions to:
    - determine that a third user profile indicates a user to receive notifications when an access has been attempted with invalid biometric data;
      
      load the third user profile that indicates the user to receive the notifications when the access has been attempted with the invalid biometric data; and
      
      transmit the notification that the unauthorized access has been attempted with the invalid biometric data in accordance with the third user profile when the access has been attempted with the invalid biometric data.
  - 28. The device of claim 24, wherein the instructions further comprise instructions:
    - receive a second indication of the access request for the electronic device without the biometric data in response to the biometric data being valid for the electronic device, wherein the second indication of the access request comprises a user identifier.
  - 29. The device of claim 24, wherein the instructions further comprise instructions to:
    - receive an indication of a user profile update request from the electronic device, wherein the indication of the user profile update request comprises a user identifier.
  - 30. The device of claim 24, wherein the instructions further comprise instructions to:
    - generate and transmit a notification indicating that a third user profile has been modified, wherein the notification that the third user profile has been modified comprises at least one of an user identifier associated with the third user profile and the third user profile.
  - 31. The device of claim 24, wherein the instructions further comprise instructions to:
    - receive an indication of a permission transfer request, wherein the indication of the permission transfer request identifies the first user profile and a third user profile; and
      
      replicate a user permission associated with the first user profile to the third user profile.
  - 32. The device of claim 24, wherein the instructions further comprise instructions to:
    - in response to the biometric data not being valid based, at least in part, on validating the biometric data against the previously captured biometric data, create a third user profile associated with the invalid biometric data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Anantharaman, Subramanian
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
GRACIA, GARY S

Application Number

US13/765,682
Publication Number

US 20140230018A1
Time in Patent Office

973 Days
Field of Search

726/4
US Class Current

1/1
CPC Class Codes

H04L 12/2816   Controlling appliance servi...

H04L 63/0861   using biometrical features,...

H04L 63/102   Entity profiles

Biometrics based electronic device authentication and authorization

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

67 Citations

32 Claims

Specification

Use Cases

Quick Links

Others

Biometrics based electronic device authentication and authorization

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

32 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others