WO2016181347A1 - A system, device and method for indicating authentication decisions in uniquely identifiable computing devices - Google Patents

A system, device and method for indicating authentication decisions in uniquely identifiable computing devices Download PDF

Info

Publication number
WO2016181347A1
WO2016181347A1 PCT/IB2016/052747 IB2016052747W WO2016181347A1 WO 2016181347 A1 WO2016181347 A1 WO 2016181347A1 IB 2016052747 W IB2016052747 W IB 2016052747W WO 2016181347 A1 WO2016181347 A1 WO 2016181347A1
Authority
WO
WIPO (PCT)
Prior art keywords
short
communication network
authentication
uniquely identifiable
computing device
Prior art date
Application number
PCT/IB2016/052747
Other languages
French (fr)
Inventor
Jason M. PITTMAN
Daniel R. FORD
Original Assignee
Silent Circle, LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Silent Circle, LLC filed Critical Silent Circle, LLC
Publication of WO2016181347A1 publication Critical patent/WO2016181347A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/082Access security using revocation of authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/65Environment-dependent, e.g. using captured environmental data

Definitions

  • the present invention relates to the field of authentication of computing devices to a local and private network, and signaling of authentication decisions to users.
  • NFC Near Field Communication
  • BluetoothTM an authentication between user and device or device and device takes place, to establish confidence between the two devices for different types of data communication and exchange.
  • NFC Near Field Communication
  • Such authentication is the basis for systems security and occurs implicitly.
  • the salient deficiency in existing loT devices is that authentication decisions occur opaquely.
  • a user operating in a short-range communication field either succeeds in accessing devices within the communications field of his IoT device or does not succeed. For example, when a device is able to connect to another device via BluetoothTM, the authentication decision is usually presented by a message prompt or a status bar icon.
  • the decision is embedded in the underlying authentication algorithm and there is no visual, auditory, tactile, or temperature indicator or feedback that would allow a user from intelligently interacting with IoT devices in a secure and also private manner. This leaves users susceptible to connecting to potentially rogue IoT devices, which may lead to a compromise in security and privacy.
  • a method for communicating to a user an authentication decision of a uniquely identifiable computing device to a short-range communication network is provided.
  • the method is performed on a hardware processor of a hardware device that is in connection with the short-range communication network, and the method includes the steps of moving the uniquely identifiable computing device into a communication range of the short-range communication network, and performing an authentication process of the uniquely identifiable computing device by the hardware device with a goal to authenticate the uniquely identifiable computing device for communication on the short-range communication network.
  • the method also preferably includes the steps of indicating by a first indicator including at least one of an audio, visual, tactile, and thermal response triggered by the hardware device that the authentication process has failed when the step of performing the authentication indicates that the uniquely identifiable computing device could not be authenticated to communicate on the short-range communication network, and indicating by a second indicator including at least one of an audio, visual, tactile, and thermal response triggered by the hardware device that the authentication process was successful when the step of performing the authentication indicates that the uniquely identifiable computing device could be authenticated to communicate on the short-range communication network.
  • a non-transitory computer readable medium having computer instructions recorded thereon, the computer instructions configured to perform a method for communicating to a user an authentication decision of a uniquely identifiable computing device to a short-range communication network when executed on a hardware processor of a hardware device.
  • the hardware device being in connection with the short-range communication network, and the method includes the steps of moving the uniquely identifiable computing device into a communication range of the short-range communication network, and performing an authentication process of the uniquely identifiable computing device by the hardware device with a goal to authenticate the uniquely identifiable computing device for communication on the short-range communication network.
  • the method preferably also includes the steps of indicating by a first indicator including at least one of an audio, visual, tactile, and thermal response triggered by the hardware device that the authentication process has failed when the step of performing the authentication indicates that the uniquely identifiable computing device could not be authenticated to communicate on the short-range communication network, and indicating by a second indicator including at least one of an audio, visual, tactile, and thermal response triggered by the hardware device that the authentication process was successful when the step of performing the authentication indicates that the uniquely identifiable computing device could be authenticated to communicate on the short-range communication network.
  • a system for communicating to a user an authentication decision of a uniquely identifiable computing device includes a short-range communication network, a hardware device having a hardware processor that is in connection with the short-range communication network for controlling the short-range communication network, and a signaling device for performing at least one of an audio, visual, tactile, and thermal response to indicate the authentication decision to the user, the signaling device being connected to the short-range communication network.
  • the hardware device is preferably configured to perform an
  • the authentication process of the uniquely identifiable computing device by the hardware device with a goal to authenticate the uniquely identifiable computing device for communication on the short-range communication network after the uniquely identifiable computing device has been moved into a communication range of the short-range communication network, instruct the signaling device to indicate by a first indicator including at least one of an audio, visual, tactile, and thermal response that the authentication process has failed when the performing of the authentication indicates that the uniquely identifiable computing device could not be authenticated to communicate on the short-range communication network, and instruct the signaling device to indicate by a second indicator including at least one of an audio, visual, tactile, and thermal response that the authentication process was successful when the performing of the authentication indicates that the uniquely identifiable computing device could be authenticated to communicate on the short-range communication network.
  • FIGs. 1 A-1C schematically show different stages of a method and the system according to a first embodiment of the present invention
  • FIG. 2 schematically shows a flow chart that represents the method according to the first embodiment of the present invention
  • FIG. 3 shows a stage of a method according to another embodiment of the present invention.
  • FIG. 4 schematically shows a flow chart that represents the method according to still another embodiment of the present invention.
  • FIG. 2 schematically shows different stages in method that is schematically represented in FIG. 2, the method indicating authentication decisions for an loT device 20 for a short-range wireless communication network 15.
  • a system 5 for performing the method, having a short-range wireless communication network 15, for example but not limited to a BluetoothTM network, WiFi IEEE 802.1 1 network, dedicated short-range communications network (DSRC) network, near filed communication (NFC) network, communications access for land mobiles (CALM) network, Infrared Data Association (IrDa) network, WiMAX IEEE 802.16e network, radio frequency identification (RFID) network, with the network 15 having a certain range covering a limited area, for example a room or office in a premise, a home or apartment, an access control location such as toll booths, security airlock, meeting room, waiting room, commercial locations such as a retail store, restaurant, bar, club house, or any other location that is equipped with a short-range wireless communication network.
  • a short-range wireless communication network for example but not limited to a BluetoothTM network, WiFi IEEE 802.1 1 network, dedicated short-range communications network (DSRC) network, near filed communication (NFC) network, communications access for land mobiles (CALM) network, In
  • Short-range wireless communication network 15 can be generated by an access point 10, like a modem, router, adapter, network central, that has an antenna 12 or other transceiver device that allows generating the short-range wireless communication network 1 5.
  • the short-range wireless communication network 15 can be in connection with various Internet-of- Things (loT) devices 32, 34, 36, 38 that can be permanently, temporality or intermittently connected to the short-range wireless communication network 15 with a respective interface, for example a smart phone 32 or other handheld computing device, electronic device 36 such as but not limited to cameras, sports trackers, music players, radios, mapping electronic devices, television sets, radio sets, media streaming devices, home entertainments systems, gaming consoles, electronic wallets, wireless phones, personal digital devices, electronic appliances 34 that are IoT equipped such as but not limited to stoves, ovens, microwaves, mixers, house security systems, thermostats, washers, dryers.
  • IoT Internet-of- Things
  • computing devices 38 can also be connected to the short-range wireless communication network 15, for example but not limited to laptops, notebooks, servers, Internet gateways that connect to the Internet 60, personal computers, AppleTM computers, storage units.
  • the principles of the present invention are also applicable to a point-to-point connection, for example but not limited to Bluetooth i M or IrDa, such that user 50 requests with his IoT device 20 for a direct connection via a short-range wireless communication network 15 to one other IoT device 32, 34, 36, 38.
  • the one other IoT device 32, 34, 36, 38 acts as the access point 10 to authenticate access of IoT device 20.
  • short-range wireless communication network 15 can also be connected to a signaling device 40 that allow to provide for a certain signaling to user 50, for example a signaling lamp 41 , an alarm central 42, these devices being capable of communicating certain events to the user 50 by signaling, for example devices that are capable of generating an auditory, visual, tactile, thermal, and olfactory response.
  • the signaling device 40 could be a home controller that allows setting the temperature of a house or premise, or can control various actuators in a house.
  • Signaling devices 40, 42 can be themselves IoT capable devices, but they can also be locally connected to different IoT devices 32, 34, 36, 38 by a local wireless or wired communication link, or can be part of a IoT device 32, 34, 36, 38 itself.
  • External devices 70, 72 that are external to system 5 can be used to communicate information with respect to system 5 to users, for example a desktop device 70 having a display and being connected to the system 5 via the Internet 60 and the computing device 38 or a wireless computing device 72 that is connected via a mobile data network to the Internet 60, and computing device 38.
  • Devices 70, 72 can be configured to display information related to the system 5 for remote signaling and control by user.
  • FIG. 1 A shows user 50 holding an IoT device 20, for example his smart phone that has a communication connectivity for the short-range wireless communication network 15, and currently not in the range of the short-range wireless communication network 15.
  • user 50 moves with his IoT device 20 into the range of short-range wireless communication network 1 5, as shown in FIG. IB.
  • the IoT device 20 is set such that it can be detected by the short-range wireless communication network 15 and can attempt to establish a communication link, for example by access point 10.
  • the IoT device 20 has the BluetoothTM communication connectivity
  • FIG. 1 A shows user 50 moving IoT device 20 into the range of network 215, but IoT device 20 can be moved by other means to be in the range of network 15.
  • IoT device 20 can be an electronic device of a car, motorbike, bicycle, boat, airplane or other vehicle that is driven to be in a range of a network 1 5, a remote controlled device such as but not limited to drones, household devices, toys that move into a range of network 15, and electronic device that is attached to a pet or other animal that enters range of network 15.
  • a step S20 is performed after IoT device 20 has moved into the range of the short-range wireless communication network 15 shown in FIG. IB.
  • IoT device 20 Upon detecting network 15 and, if necessary, performing an initial connection for authentication purposes, IoT device 20 makes a request Rl to establish a communication channel, connection or link L, and for this purpose, the IoT device 20 needs first to by authenticated by access point 10.
  • the access point 10 periodically checks for presence of new IoT devices 20 that are discoverable on the network, and once IoT device 20 is detected by access point 10 of network 1 5, the access point 15 or another device on the network can make a request Rl to establish a communication link L between IoT device 20 and network 15.
  • an authentication process of the IoT device 20 is started between IoT device 20 and the access point 10, for example but not limited to by encrypted key exchange (EKE), digital signature or certificate authentication, password authentication, transport layer security authentication (TLS), Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST), Lightweight Extensible Authentication Protocol (LEAP).
  • EKE encrypted key exchange
  • TLS transport layer security authentication
  • EAP-FAST Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling
  • LEAP Lightweight Extensible Authentication Protocol
  • a step S40 or a step S50 is performed.
  • a confirmation R2 is sent to IoT device 20 with a step S40 indicating that the authentication of device 20 was successful and that a communication link L can established with the network 15 with step S80, by the authentication authority.
  • the authentication authority can be access point 10 or another IoT device 32, 34, 36, 38 that is connected to network 15.
  • a confirmation R3 is sent to IoT device 20 with step S50 by the authentication authority indicating that the authentication was unsuccessful.
  • Step S80 of establishing a communication link can be performed right upon sending confirmation R2 or in parallel with the sending of conformation R2 to IoT device 20, or can also be performed only after step S60 of performing the first indictor II has been accomplished.
  • access point 10 In the case the authentication was successful, access point 10, or another
  • step S60 in which access point 10 triggers a performance of a first indicator I I with a signaling device 40, 42, the first indicator II configured to inform user 50 of the IoT device 20, or other users, that the authentication of step S30 has passed.
  • Signaling device 40, 42 can be an element of access point 10, can be wired or wirelessly connected to access point 10, can be a separate IoT device that is connected to network 15, can be an element of the IoT device 20 of user 50, can be an external device 44 connected to the Internet 60 that needs to be accessed via computing device 38 and Internet 60.
  • a first message or instruction can be sent from access point 10 to the signaling device 40, 42 that will in turn perform indicator I I .
  • Indicator 11 can be signal that is auditory, visual, tactile, thermal, and olfactory, and can be such that it can be perceived by users 50 over the entire range of network 15.
  • access point 10 performs step S70 in which access point 10 triggers the performance of a second indicator 12 with a signaling device 40, 42, the second indicator configured to inform user 50 of the IoT device 20, or other users, that the authentication of step S30 has failed.
  • a second message or instruction can be sent from access point 10 to the signaling device 40, 42 that will in turn perform second indicator 12.
  • indicator 12 can be signal that is auditory, visual, tactile, thermal, and olfactory, but is different from the first indicator I I , and can be also such that it can be perceived by users 50 over the entire range of network 15.
  • Indicators I I and 12 can be signals or indicators that are active for limited time duration, for example the naturally expire or are automatically deactivated after a certain time period, or can be signals that are permanent until they are cancelled or turned off.
  • signaling device 40 can be a signal lamp installed in the premise that is perceivable by user 50 or other users.
  • a positive authentication can be indicated by a first indicator I I with a green light emitted by signaling device I I, while a negative decision on authentication can be indicated by a second indicator 12 with a red light.
  • signaling device 40, 42 can be one or more speakers that can for a positive auditory peep as the first indicator I I or a negative auditory buzzing as a second indictor.
  • signaling device 40, 42 can be an odor diffusion device that allows to generate two different olfactory messages within the premise as first and second indicators II, 12, respectively, for example a flowery smell for first indicator II, and a burnt smell for second indicator 12.
  • the signaling device 40, 42 can also be a part of the IoT device 20, for example, if IoT device 20 is a handheld device such as a smart phone, tablet, personal digital assistant, GPS mapping device, the vibration actuator can be used to generate first and second indicators I I , 12, respectively, for example a longer vibration buzz as first indicator I I , and a series of short vibration buzzes for the second indicator 12.
  • Signaling device 42 can also be a home controller device, such as a thermostat controlling at least one of heating, ventilating, and air conditioning (HVAC) of a premise, a security alarm central at the premise that can control an alarm signal of various types, a home entertainment electronics controller that can control television sets, radio sets, speakers, projectors, media streaming device, gaming consoles and computers, weather stations, a home electronic actuator controller that can control electric blinds, curtains, electronic switches for lights and lamps, appliances, wired telephone.
  • HVAC heating, ventilating, and air conditioning
  • signaling device 42 can use different actuators and devices that are already part of the infrastructure of the premise to generate first and second indicators II , 12, and no specific infrastructure for the messaging is used.
  • the first and second indicators 1 1 , 12 could be the lowering or raising of the temperature in the premise by HVAC, respectively, switching on different lamps in the premise, lowering different blinds as first and second indicators I I , 12, respectively, turning on a specific television, radio, or streaming channel for the first and second indicators I I, 12, respectively, playing a specific video, making the telephone ring in a specific ringtone at the premise.
  • Specific indicators can be made for disabled or impaired users, such as blind and/or hearing-impaired users, by the use of olfactory or tactile indicators for II and 12.
  • Another way of generate first and second indicators I I , 12, respectively is by a common or joint action among various IoT devices 20, 32, 34, 36, 38 that are connected to network 15.
  • IoT devices 20, 32, 34, 36, 38 can generate a synchronous auditory signal like a beep or a ringtone, can be simultaneously vibrating, can simultaneously have a signal light blinking.
  • the method and system provides for substantial advantages over existing notification devices for connection with short-range communication networks, and provide for an empowerment of different users on their decision making for network connections by the indicators I I , 12 of authentication decisions in a clear and easy readable way, and at the same time, increase the level of data security and data privacy of the IoT device 20 of the user 50. Also, the method provides for an authentication indication platform that is modular and can be made entirely operating system and technology-independent, as it allows using existing infrastructure and networks for signaling the indicators, and is also not tied to the underlying authentication algorithms and protocols.
  • a step S85 can be performed in which the IoT device 20 is removed from being in the range of network 15, or is manually or automatically disconnected from network 15.
  • Manual disconnect could be the user 50 switching off the network access, turning off the IoT device 20, switching to airplane mode
  • an automatic disconnect could be an expiration or time-out of network access credentials, crashing of a software that provides for the link L or connection to network 15, running out of battery of IoT device 20, spyware or virus detection alert in IoT device 20 that generates a security alert and disconnects IoT device from the network 15.
  • a step S90 can be performed to reset the first or second indicators I I , 12 to stop performing its signaling.
  • indicators I I or 12 were not permanent or only of short duration, then no step S90 is necessary.
  • a specific light or indicator on IoT device that was active to indicate either I I or 12 can be cleared, the temperature of the premise can be brought back to the normal temperature, olfactory scent generation can be stopped, lights indicating II or 12 turned off.
  • step S90 of removing or deactivating the indicators II or 12 can also be automatic after a certain time period, irrespective of step 80 of establishing link L or the disconnecting of IoT device 20. Also, it is possible that indicators I I or 12 can be manually deactivated, for example by a specific reset button on the premise, a remote control, or remotely via a software application.
  • the signaling capabilities of system 5 are not limited to the indication of successful authentication with first indicator I I and failed authentication with indicator 12.
  • Other statuses and changes in the authentication process can also be communicated to the users, with different indicators, signaling events, and patterns thereof.
  • indicators I I and 12 it is possible to indicate that an authentication has passed recently or has failed recently, and thereby the status of an authentication process is signaled in a delayed manner.
  • steps S60 and S70 can be equipped with a timer, and upon receipt of confirmation R2, R3, the timer is started to delay the performance of indicators II, 12 by a predetermined time period.
  • indicators II, 12 for example another user with administration credentials to network 15 entering into the range of the network 15, display of the indicators I I , 12 only once the user 50 and his IoT device 20 have left and disconnected from the network 15, or an administrator or other user enters a code to the security system of the premise.
  • Other types of events that can be displayed is the successful or unsuccessful de- authentication of a IoT device 20, and delayed signaling of the successful or unsuccessful de- authentication of a IoT device 20.
  • Different patterns of indicators can be used to signal different authentication events, statuses and transitions.
  • an administrator and other authorized user defines different signaling patterns for II , 12 and thereby uses a dashboard or a settings menu of a graphical user interface or other type of interface to program access point 10, for example via alarm central 42, or a device that remotely connects to the system 5 via the Internet 60, for example a remote PC 70, a mobile device 72.
  • FIG. 3 shows an embodiment in which the range of the short-range wireless communication network 1 15 covers a house 105 as a premise, with an access point 1 10 generating the network 1 15.
  • Access point 1 10 is also connected to a home electronic actuator controller 142 that serves as a signaling device 140, but is also configured to control various electric and electronic devices inside house 105.
  • JoT device 120 is installed in a vehicle 150 that can be driven such that antenna 1 12 of IoT device 120 can be in connection with network 1 15 and thereby can be put into the range of network 1 15.
  • Blinds 144, 145 that can be moved electrically and remotely by home electronic actuator controller 142 serve as indicators I I , 12.
  • both blinds 144, 145 can be open, indicator II generated by step S60 can be the partial or full lowering of left blind 144, indicator 12 generated by step S70 can be the partial or full lowering of right blind 145, and after a certain predetermined period has expired, or after the vehicle 150 is removed from being in the range of network 1 15, with step S90 the indicators I I , 12 can be reset or cleared by fully opening both blinds 144, 145.
  • Analogous patterns can be used for interior or exterior lights, locking and unlocking of doors, raising or lowering a temperature in house 105, switching on radio or television channels.
  • the indicators I I , 12 can be generated by already existing infrastructure, and no dedicated signaling devices need to be used, it is possible to establish a signaling pattern that may be secret for some users, and known to other users. For example, a specific light that has been turned on in a premise could be representative for indicator I I for success authentication, and another specific light could be representative for indicator 12 for unsuccessful authentication.
  • This signaling pattern could be known to user 50 or not, or could just be known by the owner, operator, or tenant of premise where the network is located. Specific users can be previously informed by the signaling pattern, while others will not be informed.
  • indicator 12 will be activated by step S70, and can remain active, for example a lower or higher temperature on the premise, a specific light that has been turned on, a certain smell that has been produced by the odor diffusion device.
  • user 50 of IoT device 20 may not be appraised by the presence and significance of any signaling devices 40 and their patterns of the indicators II and 12, while the another user, for example a user who has authorization to access premise, is aware of the signaling devices 40 and patterns for the indicators I I and 12. Therefore, after user 50 unsuccessfully attempted to connect his rogue IoT device 20 to network 15, later when the authorized user accesses the premise, he can immediately see whether the previously present user 50 was granted or denied access to network 15.
  • FIG. 4 shows a diagrammatic view of another embodiment of a method, in which an already established link LI that has been established by the method shown in FIG. 2 is re- authenticated.
  • the re-authentication can be triggered after a certain time duration, when user 50 attempts to access data, applications or services within the network 15 that require a higher level of security and encryption, when the network 15 has gone through some security policy change that requires re-authentication of already established links L, LI .
  • a link LI is already established between IoT device 20 and network 15
  • a re-authentication step is performed in step S230.
  • step S260 can be performed in which access point 10 triggers a performance of a third indicator II with a signaling device 40, 42, the third indicator II configured to inform user 50 of the IoT device 20, or other users, that the re-authentication of step S230 has successfully passed.
  • Step S280 can be performed either after step S240 or S260 or even simultaneously with step S240, to establish communication link L2, which can permit IoT device 20 to access more resources, communicate with higher level of data security or encryption, access IoT device 32, 34, 36, 38 that were not accessible with communication link LI .
  • Third indicator 13 can be different from both the first and the second indicator II, 12. For the triggering of the performance of third indicator 13, a thrid message or instruction can be sent from access point 10 to the signaling device 40, 42 that will in turn perform third indicator 14.
  • a confirmation message R5 is sent by re-authentication authority, typically the access point 10 so that IoT device 20 is informed of this decision.
  • Re-authentication authority for example access point 10 performs step S270 in which access point 10 triggers the performance of a fourth indicator 14 with a signaling device 40, 42, the fourth indicator configured to inform user 50 of the IoT device 20, or other users, that the re-authentication by step S230 has failed.
  • a fourth message or instruction can be sent from access point 10 to the signaling device 40, 42 that will in turn perform fourth indicator 14.
  • one aspect of the present invention is the provision of a software code that can be recorded on a non-transitory computer-readable medium, for example but not limited to a CD-ROM, DVD-ROM or RAM, memory stick, thumb drive, memoiy card, portable hard drive, flash drive, or a software code that can be downloaded from a network device, for example but not limited to a cloud server, network server, remote hard drive, and can be installed and executed by a system 5.
  • the software code can be executed by a hardware processor or central processing unit (CPU) on one or more devices of the system 5 to perform the methods described before.
  • the executed software code can provide for an additional software layer on top of the existing operating system, for example but not limited to AndroidTM, iOSTM, SymbianTM, Windows MobileTM, Windows CETM, RIMTM, LinuxTM, but it is also possible that the authentication functionality of the present invention and the methods described before be an integral part of the connectivity functions of the operating system.
  • the invention has been disclosed with reference to certain preferred embodiments, numerous modifications, alterations, and changes to the described embodiments are possible without departing from the sphere and scope of the invention, as defined in the appended claims and their equivalents thereof. Accordingly, it is intended that the invention not be limited to the described embodiments, but that it have the full scope defined by the language of the following claims.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method for communicating to a user an authentication decision of a uniquely identifiable computing device to a short-range communication network, the method being performed on a hardware processor of a hardware device that is in connection with the short- range communication network, the method including the steps of moving the uniquely identifiable computing device into a communication range of the short-range communication network, performing an authentication process of the uniquely identifiable computing device by the hardware device with a goal to authenticate the uniquely identifiable computing device for communication on the short-range communication network, and indicating by at least one of an audio, visual, tactile, and thermal response triggered by the hardware device that the authentication process has failed when the step of performing the authentication indicates that the uniquely identifiable computing device could not be authenticated to communicate on the short-range communication network.

Description

A SYSTEM, DEVICE AND METHOD FOR INDICATING AUTHENTICATION DECISIONS IN UNIQUELY IDENTIFIABLE COMPUTING DEVICES
FIELD OF THE INVENTION
The present invention relates to the field of authentication of computing devices to a local and private network, and signaling of authentication decisions to users.
REFERENCE TO RELATED APPLICATIONS
This application claims benefit to U.S. Provisional Application No. 62/161,409 filed May 14, 2015, which is hereby incorporated in its entirety for all purposes.
BACKGROUND
In the field of communication authentication between uniquely identifiable computing devices in the Internet-of- Things ecosystem, when users or devices enter a short-range communication network, for example Near Field Communication (NFC) and Bluetooth™, an authentication between user and device or device and device takes place, to establish confidence between the two devices for different types of data communication and exchange. Such authentication is the basis for systems security and occurs implicitly. The salient deficiency in existing loT devices is that authentication decisions occur opaquely. A user operating in a short-range communication field either succeeds in accessing devices within the communications field of his IoT device or does not succeed. For example, when a device is able to connect to another device via Bluetooth™, the authentication decision is usually presented by a message prompt or a status bar icon. The decision is embedded in the underlying authentication algorithm and there is no visual, auditory, tactile, or temperature indicator or feedback that would allow a user from intelligently interacting with IoT devices in a secure and also private manner. This leaves users susceptible to connecting to potentially rogue IoT devices, which may lead to a compromise in security and privacy.
Additionally, users are susceptible to disruptions in IoT service since de- authentication can take place silently and without any messaging other than a change of a notification icon on a display, despite potentially requiring user intervention to correct. Moreover, in case a disabled user of a IoT device wants to connect to a local network, effective communication of results of an authentication algorithm are more difficult, depending on the disability of the users. Therefore, in light of all these deficiencies in the background art, novel methods for indicating authentication decisions for IoT devices are desired.
SUMMARY OF THE EMBODIMENTS OF THE INVENTION
According to one aspect of the present invention, a method for communicating to a user an authentication decision of a uniquely identifiable computing device to a short-range communication network is provided. Preferably, the method is performed on a hardware processor of a hardware device that is in connection with the short-range communication network, and the method includes the steps of moving the uniquely identifiable computing device into a communication range of the short-range communication network, and performing an authentication process of the uniquely identifiable computing device by the hardware device with a goal to authenticate the uniquely identifiable computing device for communication on the short-range communication network.
In addition, the method also preferably includes the steps of indicating by a first indicator including at least one of an audio, visual, tactile, and thermal response triggered by the hardware device that the authentication process has failed when the step of performing the authentication indicates that the uniquely identifiable computing device could not be authenticated to communicate on the short-range communication network, and indicating by a second indicator including at least one of an audio, visual, tactile, and thermal response triggered by the hardware device that the authentication process was successful when the step of performing the authentication indicates that the uniquely identifiable computing device could be authenticated to communicate on the short-range communication network.
Moreover, according to another aspect of the present invention, a non-transitory computer readable medium having computer instructions recorded thereon, the computer instructions configured to perform a method for communicating to a user an authentication decision of a uniquely identifiable computing device to a short-range communication network when executed on a hardware processor of a hardware device is provided. Preferably, the hardware device being in connection with the short-range communication network, and the method includes the steps of moving the uniquely identifiable computing device into a communication range of the short-range communication network, and performing an authentication process of the uniquely identifiable computing device by the hardware device with a goal to authenticate the uniquely identifiable computing device for communication on the short-range communication network.
In addition, the method preferably also includes the steps of indicating by a first indicator including at least one of an audio, visual, tactile, and thermal response triggered by the hardware device that the authentication process has failed when the step of performing the authentication indicates that the uniquely identifiable computing device could not be authenticated to communicate on the short-range communication network, and indicating by a second indicator including at least one of an audio, visual, tactile, and thermal response triggered by the hardware device that the authentication process was successful when the step of performing the authentication indicates that the uniquely identifiable computing device could be authenticated to communicate on the short-range communication network.
Furthermore, according to another aspect of the present invention, a system for communicating to a user an authentication decision of a uniquely identifiable computing device is provided. Preferably, the system includes a short-range communication network, a hardware device having a hardware processor that is in connection with the short-range communication network for controlling the short-range communication network, and a signaling device for performing at least one of an audio, visual, tactile, and thermal response to indicate the authentication decision to the user, the signaling device being connected to the short-range communication network. Additionally, the hardware device is preferably configured to perform an
authentication process of the uniquely identifiable computing device by the hardware device with a goal to authenticate the uniquely identifiable computing device for communication on the short-range communication network, after the uniquely identifiable computing device has been moved into a communication range of the short-range communication network, instruct the signaling device to indicate by a first indicator including at least one of an audio, visual, tactile, and thermal response that the authentication process has failed when the performing of the authentication indicates that the uniquely identifiable computing device could not be authenticated to communicate on the short-range communication network, and instruct the signaling device to indicate by a second indicator including at least one of an audio, visual, tactile, and thermal response that the authentication process was successful when the performing of the authentication indicates that the uniquely identifiable computing device could be authenticated to communicate on the short-range communication network.
BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS
The accompanying drawings, which are incorporated herein and constitute part of this specification, illustrate the presently preferred embodiments of the invention, and together with the general description given above and the detailed description given below, serve to explain features of the invention.
FIGs. 1 A-1C schematically show different stages of a method and the system according to a first embodiment of the present invention;
FIG. 2 schematically shows a flow chart that represents the method according to the first embodiment of the present invention;
FIG. 3 shows a stage of a method according to another embodiment of the present invention; and
FIG. 4 schematically shows a flow chart that represents the method according to still another embodiment of the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Figures 1 A to 1C schematically shows different stages in method that is schematically represented in FIG. 2, the method indicating authentication decisions for an loT device 20 for a short-range wireless communication network 15. A system 5 is shown for performing the method, having a short-range wireless communication network 15, for example but not limited to a Bluetooth™ network, WiFi IEEE 802.1 1 network, dedicated short-range communications network (DSRC) network, near filed communication (NFC) network, communications access for land mobiles (CALM) network, Infrared Data Association (IrDa) network, WiMAX IEEE 802.16e network, radio frequency identification (RFID) network, with the network 15 having a certain range covering a limited area, for example a room or office in a premise, a home or apartment, an access control location such as toll booths, security airlock, meeting room, waiting room, commercial locations such as a retail store, restaurant, bar, club house, or any other location that is equipped with a short-range wireless communication network. Short-range wireless communication network 15 can be generated by an access point 10, like a modem, router, adapter, network central, that has an antenna 12 or other transceiver device that allows generating the short-range wireless communication network 1 5. The short-range wireless communication network 15 can be in connection with various Internet-of- Things (loT) devices 32, 34, 36, 38 that can be permanently, temporality or intermittently connected to the short-range wireless communication network 15 with a respective interface, for example a smart phone 32 or other handheld computing device, electronic device 36 such as but not limited to cameras, sports trackers, music players, radios, mapping electronic devices, television sets, radio sets, media streaming devices, home entertainments systems, gaming consoles, electronic wallets, wireless phones, personal digital devices, electronic appliances 34 that are IoT equipped such as but not limited to stoves, ovens, microwaves, mixers, house security systems, thermostats, washers, dryers. Also, computing devices 38 can also be connected to the short-range wireless communication network 15, for example but not limited to laptops, notebooks, servers, Internet gateways that connect to the Internet 60, personal computers, Apple™ computers, storage units. In the variant shown, several IoT devices 32, 34, 36, 38 are connected together the short-range wireless communication network 1 5, however, the principles of the present invention are also applicable to a point-to-point connection, for example but not limited to Bluetooth i M or IrDa, such that user 50 requests with his IoT device 20 for a direct connection via a short-range wireless communication network 15 to one other IoT device 32, 34, 36, 38. In such case, the one other IoT device 32, 34, 36, 38 acts as the access point 10 to authenticate access of IoT device 20.
In addition, short-range wireless communication network 15 can also be connected to a signaling device 40 that allow to provide for a certain signaling to user 50, for example a signaling lamp 41 , an alarm central 42, these devices being capable of communicating certain events to the user 50 by signaling, for example devices that are capable of generating an auditory, visual, tactile, thermal, and olfactory response. In a variant, the signaling device 40 could be a home controller that allows setting the temperature of a house or premise, or can control various actuators in a house. Signaling devices 40, 42 can be themselves IoT capable devices, but they can also be locally connected to different IoT devices 32, 34, 36, 38 by a local wireless or wired communication link, or can be part of a IoT device 32, 34, 36, 38 itself. External devices 70, 72 that are external to system 5 can be used to communicate information with respect to system 5 to users, for example a desktop device 70 having a display and being connected to the system 5 via the Internet 60 and the computing device 38 or a wireless computing device 72 that is connected via a mobile data network to the Internet 60, and computing device 38. Devices 70, 72, can be configured to display information related to the system 5 for remote signaling and control by user. Also, a remote signaling device 44 can be connected to system 5 via Internet 60 that can used for signaling events FIG. 1 A shows user 50 holding an IoT device 20, for example his smart phone that has a communication connectivity for the short-range wireless communication network 15, and currently not in the range of the short-range wireless communication network 15. Next, with a step S 10, user 50 moves with his IoT device 20 into the range of short-range wireless communication network 1 5, as shown in FIG. IB. Moreover, the IoT device 20 is set such that it can be detected by the short-range wireless communication network 15 and can attempt to establish a communication link, for example by access point 10. As an example, in a case where Bluetooth™ is the technology used for the short-range wireless communication network 15, the IoT device 20 has the Bluetooth™ communication connectivity, the
Bluetooth™ is turned on, IoT device 20 can request to communicate with the access point 10 that is also provided with Bluetooth™ connectivity, and device 20 is discoverable by short- range wireless communication network .15. FIG. 1 A shows user 50 moving IoT device 20 into the range of network 215, but IoT device 20 can be moved by other means to be in the range of network 15. For example, IoT device 20 can be an electronic device of a car, motorbike, bicycle, boat, airplane or other vehicle that is driven to be in a range of a network 1 5, a remote controlled device such as but not limited to drones, household devices, toys that move into a range of network 15, and electronic device that is attached to a pet or other animal that enters range of network 15.
Next, a step S20 is performed after IoT device 20 has moved into the range of the short-range wireless communication network 15 shown in FIG. IB. Upon detecting network 15 and, if necessary, performing an initial connection for authentication purposes, IoT device 20 makes a request Rl to establish a communication channel, connection or link L, and for this purpose, the IoT device 20 needs first to by authenticated by access point 10. In a variant, the access point 10 periodically checks for presence of new IoT devices 20 that are discoverable on the network, and once IoT device 20 is detected by access point 10 of network 1 5, the access point 15 or another device on the network can make a request Rl to establish a communication link L between IoT device 20 and network 15. Thereafter, in a step S30, an authentication process of the IoT device 20 is started between IoT device 20 and the access point 10, for example but not limited to by encrypted key exchange (EKE), digital signature or certificate authentication, password authentication, transport layer security authentication (TLS), Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST), Lightweight Extensible Authentication Protocol (LEAP). After the authentication process S30 has been performed, IoT device 20 will either pass the authentication test, or fails the authentication test.
Next, as shown in FIG. 1C, either a step S40 or a step S50 is performed. In a case the authentication of IoT device 20 to network 1 5 has been passed, a confirmation R2 is sent to IoT device 20 with a step S40 indicating that the authentication of device 20 was successful and that a communication link L can established with the network 15 with step S80, by the authentication authority. The authentication authority can be access point 10 or another IoT device 32, 34, 36, 38 that is connected to network 15. Moreover, in a case the authentication of IoT device 20 to network 15 failed, a confirmation R3 is sent to IoT device 20 with step S50 by the authentication authority indicating that the authentication was unsuccessful. With steps S40 and S50, IoT device 20 will be appraised of its connection status by confirmation R2 or R3. Step S80 of establishing a communication link can be performed right upon sending confirmation R2 or in parallel with the sending of conformation R2 to IoT device 20, or can also be performed only after step S60 of performing the first indictor II has been accomplished.
In the case the authentication was successful, access point 10, or another
authentication authority, performs step S60 in which access point 10 triggers a performance of a first indicator I I with a signaling device 40, 42, the first indicator II configured to inform user 50 of the IoT device 20, or other users, that the authentication of step S30 has passed. Signaling device 40, 42 can be an element of access point 10, can be wired or wirelessly connected to access point 10, can be a separate IoT device that is connected to network 15, can be an element of the IoT device 20 of user 50, can be an external device 44 connected to the Internet 60 that needs to be accessed via computing device 38 and Internet 60. For the triggering of the performance of indicator I I, a first message or instruction can be sent from access point 10 to the signaling device 40, 42 that will in turn perform indicator I I . Indicator 11 can be signal that is auditory, visual, tactile, thermal, and olfactory, and can be such that it can be perceived by users 50 over the entire range of network 15.
Analogously, in the case the authentication failed, access point 10 performs step S70 in which access point 10 triggers the performance of a second indicator 12 with a signaling device 40, 42, the second indicator configured to inform user 50 of the IoT device 20, or other users, that the authentication of step S30 has failed. For the triggering of the performance of second indicator 12, a second message or instruction can be sent from access point 10 to the signaling device 40, 42 that will in turn perform second indicator 12.
Analogously to first indicator I I, indicator 12 can be signal that is auditory, visual, tactile, thermal, and olfactory, but is different from the first indicator I I , and can be also such that it can be perceived by users 50 over the entire range of network 15.
Indicators I I and 12 can be signals or indicators that are active for limited time duration, for example the naturally expire or are automatically deactivated after a certain time period, or can be signals that are permanent until they are cancelled or turned off. For example, in a case the range of network 15 is within a premise such as but not limited to a meeting room, office, hall, entrance area, garage, signaling device 40 can be a signal lamp installed in the premise that is perceivable by user 50 or other users. For example, upon receiving first or second message, respectively, a positive authentication can be indicated by a first indicator I I with a green light emitted by signaling device I I, while a negative decision on authentication can be indicated by a second indicator 12 with a red light. Moreover, signaling device 40, 42 can be one or more speakers that can for a positive auditory peep as the first indicator I I or a negative auditory buzzing as a second indictor. As another example, signaling device 40, 42 can be an odor diffusion device that allows to generate two different olfactory messages within the premise as first and second indicators II, 12, respectively, for example a flowery smell for first indicator II, and a burnt smell for second indicator 12. The signaling device 40, 42 can also be a part of the IoT device 20, for example, if IoT device 20 is a handheld device such as a smart phone, tablet, personal digital assistant, GPS mapping device, the vibration actuator can be used to generate first and second indicators I I , 12, respectively, for example a longer vibration buzz as first indicator I I , and a series of short vibration buzzes for the second indicator 12.
Signaling device 42 can also be a home controller device, such as a thermostat controlling at least one of heating, ventilating, and air conditioning (HVAC) of a premise, a security alarm central at the premise that can control an alarm signal of various types, a home entertainment electronics controller that can control television sets, radio sets, speakers, projectors, media streaming device, gaming consoles and computers, weather stations, a home electronic actuator controller that can control electric blinds, curtains, electronic switches for lights and lamps, appliances, wired telephone. Thereby, signaling device 42 can use different actuators and devices that are already part of the infrastructure of the premise to generate first and second indicators II , 12, and no specific infrastructure for the messaging is used. This allows implementing an inconspicuous, secret, or hidden messaging scheme of the authentication decision for IoT device 20, for example to its user, or to other users, such as the owners, operators, or tenants of the premise. For example, the first and second indicators 1 1 , 12 could be the lowering or raising of the temperature in the premise by HVAC, respectively, switching on different lamps in the premise, lowering different blinds as first and second indicators I I , 12, respectively, turning on a specific television, radio, or streaming channel for the first and second indicators I I, 12, respectively, playing a specific video, making the telephone ring in a specific ringtone at the premise. Specific indicators can be made for disabled or impaired users, such as blind and/or hearing-impaired users, by the use of olfactory or tactile indicators for II and 12. Another way of generate first and second indicators I I , 12, respectively is by a common or joint action among various IoT devices 20, 32, 34, 36, 38 that are connected to network 15. For example, it possible that two or more IoT devices 20, 32, 34, 36, 38 can generate a synchronous auditory signal like a beep or a ringtone, can be simultaneously vibrating, can simultaneously have a signal light blinking. The method and system provides for substantial advantages over existing notification devices for connection with short-range communication networks, and provide for an empowerment of different users on their decision making for network connections by the indicators I I , 12 of authentication decisions in a clear and easy readable way, and at the same time, increase the level of data security and data privacy of the IoT device 20 of the user 50. Also, the method provides for an authentication indication platform that is modular and can be made entirely operating system and technology-independent, as it allows using existing infrastructure and networks for signaling the indicators, and is also not tied to the underlying authentication algorithms and protocols. Moreover, with the method and system, it is possible to materially enhance data security and privacy by protecting against rogue IoT devices for short-range communication networks, and also allows to provide for new methodologies to inform vision-impaired, hearing-impaired, and motor-impaired users on authentication decisions for short-range connectivity and authentication, as specific signaling devices 40 can be used for impaired or disabled users.
Next, in a variant, a step S85 can be performed in which the IoT device 20 is removed from being in the range of network 15, or is manually or automatically disconnected from network 15. Manual disconnect could be the user 50 switching off the network access, turning off the IoT device 20, switching to airplane mode, an automatic disconnect could be an expiration or time-out of network access credentials, crashing of a software that provides for the link L or connection to network 15, running out of battery of IoT device 20, spyware or virus detection alert in IoT device 20 that generates a security alert and disconnects IoT device from the network 15. After a disconnect has occurred, in a case where the first or second indicators I I , 12 are permanently active, for example a specific light has been switched on as a signaling device 40, a step S90 can be performed to reset the first or second indicators I I , 12 to stop performing its signaling. However, if indicators I I or 12 were not permanent or only of short duration, then no step S90 is necessary. For example, in step S90, a specific light or indicator on IoT device that was active to indicate either I I or 12 can be cleared, the temperature of the premise can be brought back to the normal temperature, olfactory scent generation can be stopped, lights indicating II or 12 turned off. Moreover, step S90 of removing or deactivating the indicators II or 12 can also be automatic after a certain time period, irrespective of step 80 of establishing link L or the disconnecting of IoT device 20. Also, it is possible that indicators I I or 12 can be manually deactivated, for example by a specific reset button on the premise, a remote control, or remotely via a software application.
Moreover, the signaling capabilities of system 5 are not limited to the indication of successful authentication with first indicator I I and failed authentication with indicator 12. Other statuses and changes in the authentication process can also be communicated to the users, with different indicators, signaling events, and patterns thereof. For example, with indicators I I and 12, it is possible to indicate that an authentication has passed recently or has failed recently, and thereby the status of an authentication process is signaled in a delayed manner. For this purpose, steps S60 and S70 can be equipped with a timer, and upon receipt of confirmation R2, R3, the timer is started to delay the performance of indicators II, 12 by a predetermined time period. Also, it is possible that another external events and conditions triggers the actual performance of indicators II, 12, for example another user with administration credentials to network 15 entering into the range of the network 15, display of the indicators I I , 12 only once the user 50 and his IoT device 20 have left and disconnected from the network 15, or an administrator or other user enters a code to the security system of the premise. Other types of events that can be displayed is the successful or unsuccessful de- authentication of a IoT device 20, and delayed signaling of the successful or unsuccessful de- authentication of a IoT device 20. Different patterns of indicators can be used to signal different authentication events, statuses and transitions.
It is also possible that an administrator and other authorized user defines different signaling patterns for II , 12 and thereby uses a dashboard or a settings menu of a graphical user interface or other type of interface to program access point 10, for example via alarm central 42, or a device that remotely connects to the system 5 via the Internet 60, for example a remote PC 70, a mobile device 72.
FIG. 3 shows an embodiment in which the range of the short-range wireless communication network 1 15 covers a house 105 as a premise, with an access point 1 10 generating the network 1 15. Access point 1 10 is also connected to a home electronic actuator controller 142 that serves as a signaling device 140, but is also configured to control various electric and electronic devices inside house 105. JoT device 120 is installed in a vehicle 150 that can be driven such that antenna 1 12 of IoT device 120 can be in connection with network 1 15 and thereby can be put into the range of network 1 15. Blinds 144, 145 that can be moved electrically and remotely by home electronic actuator controller 142 serve as indicators I I , 12. For example, before any authentication between vehicle 150 and network 15 has happened in step S30, both blinds 144, 145 can be open, indicator II generated by step S60 can be the partial or full lowering of left blind 144, indicator 12 generated by step S70 can be the partial or full lowering of right blind 145, and after a certain predetermined period has expired, or after the vehicle 150 is removed from being in the range of network 1 15, with step S90 the indicators I I , 12 can be reset or cleared by fully opening both blinds 144, 145. Analogous patterns can be used for interior or exterior lights, locking and unlocking of doors, raising or lowering a temperature in house 105, switching on radio or television channels.
Moreover, as the indicators I I , 12 can be generated by already existing infrastructure, and no dedicated signaling devices need to be used, it is possible to establish a signaling pattern that may be secret for some users, and known to other users. For example, a specific light that has been turned on in a premise could be representative for indicator I I for success authentication, and another specific light could be representative for indicator 12 for unsuccessful authentication. This signaling pattern could be known to user 50 or not, or could just be known by the owner, operator, or tenant of premise where the network is located. Specific users can be previously informed by the signaling pattern, while others will not be informed. Moreover, as certain signaling patterns can remain active indefinitely or for a predetermined amount of time, it is possible that when a user 50 unsuccessfully attempts to log his IoT device 20 onto the network 15, the failed authentication can be detected in a later stage. As a consequence, indicator 12 will be activated by step S70, and can remain active, for example a lower or higher temperature on the premise, a specific light that has been turned on, a certain smell that has been produced by the odor diffusion device. Also, user 50 of IoT device 20 may not be appraised by the presence and significance of any signaling devices 40 and their patterns of the indicators II and 12, while the another user, for example a user who has authorization to access premise, is aware of the signaling devices 40 and patterns for the indicators I I and 12. Therefore, after user 50 unsuccessfully attempted to connect his rogue IoT device 20 to network 15, later when the authorized user accesses the premise, he can immediately see whether the previously present user 50 was granted or denied access to network 15.
FIG. 4 shows a diagrammatic view of another embodiment of a method, in which an already established link LI that has been established by the method shown in FIG. 2 is re- authenticated. The re-authentication can be triggered after a certain time duration, when user 50 attempts to access data, applications or services within the network 15 that require a higher level of security and encryption, when the network 15 has gone through some security policy change that requires re-authentication of already established links L, LI . After a link LI is already established between IoT device 20 and network 15, a re-authentication step is performed in step S230. In case the re-authentication has passed or was successful, a confirmation message R4 is sent by re-authentication authority, typically the access point 10 so that IoT device 20 is informed of this decision. Next, step S260 can be performed in which access point 10 triggers a performance of a third indicator II with a signaling device 40, 42, the third indicator II configured to inform user 50 of the IoT device 20, or other users, that the re-authentication of step S230 has successfully passed. Step S280 can be performed either after step S240 or S260 or even simultaneously with step S240, to establish communication link L2, which can permit IoT device 20 to access more resources, communicate with higher level of data security or encryption, access IoT device 32, 34, 36, 38 that were not accessible with communication link LI . Third indicator 13 can be different from both the first and the second indicator II, 12. For the triggering of the performance of third indicator 13, a thrid message or instruction can be sent from access point 10 to the signaling device 40, 42 that will in turn perform third indicator 14.
Analogously, in the case the re-authentication failed, a confirmation message R5 is sent by re-authentication authority, typically the access point 10 so that IoT device 20 is informed of this decision. Re-authentication authority, for example access point 10 performs step S270 in which access point 10 triggers the performance of a fourth indicator 14 with a signaling device 40, 42, the fourth indicator configured to inform user 50 of the IoT device 20, or other users, that the re-authentication by step S230 has failed. For the triggering of the performance of fourth indicator 14, a fourth message or instruction can be sent from access point 10 to the signaling device 40, 42 that will in turn perform fourth indicator 14.
Moreover, one aspect of the present invention is the provision of a software code that can be recorded on a non-transitory computer-readable medium, for example but not limited to a CD-ROM, DVD-ROM or RAM, memory stick, thumb drive, memoiy card, portable hard drive, flash drive, or a software code that can be downloaded from a network device, for example but not limited to a cloud server, network server, remote hard drive, and can be installed and executed by a system 5. The software code can be executed by a hardware processor or central processing unit (CPU) on one or more devices of the system 5 to perform the methods described before. For example, the executed software code can provide for an additional software layer on top of the existing operating system, for example but not limited to Android™, iOS™, Symbian™, Windows Mobile™, Windows CE™, RIM™, Linux™, but it is also possible that the authentication functionality of the present invention and the methods described before be an integral part of the connectivity functions of the operating system. While the invention has been disclosed with reference to certain preferred embodiments, numerous modifications, alterations, and changes to the described embodiments are possible without departing from the sphere and scope of the invention, as defined in the appended claims and their equivalents thereof. Accordingly, it is intended that the invention not be limited to the described embodiments, but that it have the full scope defined by the language of the following claims.

Claims

Claim 1 : A method for communicating to a user an authentication decision of a uniquely identifiable computing device to a short-range communication network, the method being performed on a hardware processor of a hardware device that is in connection with the short-range communication network, the method comprising the steps of:
moving the uniquely identifiable computing device into a communication range of the short-range communication network;
performing an authentication process of the uniquely identifiable computing device by the hardware device with a goal to authenticate the uniquely identifiable computing device for communication on the short-range communication network;
indicating by a first indicator including at least one of an audio, visual, tactile, and thermal response triggered by the hardware device that the authentication process has failed when the step of performing the authentication indicates that the uniquely identifiable computing device could not be authenticated to communicate on the short-range
communication network; and
indicating by a second indicator including at least one of an audio, visual, tactile, and thermal response triggered by the hardware device that the authentication process was successful when the step of performing the authentication indicates that the uniquely identifiable computing device could be authenticated to communicate on the short-range communication network.
Claim 2: The method for communicating to the user the authentication decision according to Claim 1 , wherein
the first and second indicators are such that they are perceivable by the user within the entire communication range of the short-range communication network. Claim 3 : The method for communicating to the user the authentication decision according to Claim 1 , wherein the first and second indicators, respectively, are performed simultaneously on the uniquely identifiable computing device and the hardware device.
Claim 4: The method for communicating to the user the authentication decision according to Claim 1, further comprising the step of:
performing a second authentication process of the uniquely identifiable computing device by the hardware device with a goal to re-authenticate the uniquely identifiable computing device that is currently in communication on the short-range communication network;
indicating by a third indicator including at least one of an audio, visual, tactile, and thermal response triggered by the hardware device that the second authentication process has failed when the step of performing the second authentication indicates that the uniquely identifiable computing device could not be re-authenticated to continue to communicate on the short-range communication network.
Claim 5: The method for communicating to the user the authentication decision according to Claim 1 , wherein the first indicator triggered by the hardware device is an instruction to a thermostat controller of a home to change a temperature of the home.
Claim 6: The method for communicating to the user the authentication decision according to Claim 1, wherein the first indicator triggered by the hardware device is an instruction to a speaker to generate a sound.
Claim 7: A non-transitory computer readable medium having computer instructions recorded thereon, the computer instructions configured to perform a method for communicating to a user an authentication decision of a uniquely identifiable computing device to a short-range communication network when executed on a hardware processor of a hardware device, the hardware device being in connection with the short-range
communication network, the method comprising the steps of:
moving the uniquely identifiable computing device into a communication range of the short-range communication network;
performing an authentication process of the uniquely identifiable computing device by the hardware device with a goal to authenticate the uniquely identifiable computing device for communication on the short-range communication network;
indicating by a first indicator including at least one of an audio, visual, tactile, and thermal response triggered by the hardware device that the authentication process has failed when the step of performing the authentication indicates that the uniquely identifiable computing device could not be authenticated to communicate on the short-range
communication network; and
indicating by a second indicator including at least one of an audio, visual, tactile, and thermal response triggered by the hardware device that the authentication process was successful when the step of performing the authentication indicates that the uniquely identifiable computing device could be authenticated to communicate on the short-range communication network.
Claim 8: The non-transitory computer readable medium according to Claim 7, wherein
the first and second indicators are such that they are perceivable by the user within the entire communication range of the short-range communication network. Claim 9: The non-transitory computer readable medium according to Claim 7, wherein the first and second indicators, respectively, are performed simultaneously on the uniquely identifiable computing device and the hardware device.
Claim 10: The non-transitory computer readable medium according to Claim 7, further comprising the step of:
performing a second authentication process of the uniquely identifiable computing device by the hardware device with a goal to re-authenticate the uniquely identifiable computing device that is currently in communication on the short-range communication network;
ind icating by a th ird indicator including at least one of an audio, visual, tactile, and thermal response triggered by the hardware device that the second authentication process has failed when the step of performing the second authentication indicates that the uniquely identifiable computing device could not be re-authenticated to continue to communicate on the short-range communication network.
Claim 1 1 : The non-transitory computer readable medium according to Claim 7, wherein the first indicator triggered by the hardware device is an instruction to a thermostat controller of a home to change a temperature of the home.
Claim 12: The non-transitory computer readable medium according to Claim 7, wherein the first indicator triggered by the hardware device is an instruction to a speaker to generate a sound.
Claim 13 : A system for communicating to a user an authentication decision of a uniquely identifiable computing device, the system comprising: a short-range communication network;
a hardware device having a hardware processor that is in connection with the short- range communication network for controlling the short-range communication network; and a signal ing device for performing at least one of an audio, visual, tactile, and thermal response to indicate the authentication decision to the user, the signaling device being connected to the short-range communication network,
wherein the hardware device is configured to,
perform an authentication process of the uniquely identifiable computing device by the hardware device with a goal to authenticate the uniquely identifiable computing device for communication on the short-range communication network, after the uniquely identifiable computing device has been moved into a communication range of the short-range communication network,
instruct the signaling device to indicate by a first indicator including at least one of an audio, visual, tactile, and thermal response that the authentication process has failed when the performing of the authentication indicates that the uniquely identifiable computing device could not be authenticated to communicate on the short-range communication network, and instruct the signaling device to indicate by a second indicator including at least one of an audio, visual, tactile, and thermal response that the authentication process was successful when the performing of the authentication indicates that the uniquely identifiable computing device could be authenticated to communicate on the short-range communication network.
Claim 14: The system for communicating to the user the authentication decision according to Claim 13, wherein
the first and second indicators are such that they are perceivable by the user within the entire communication range of the short-range communication network. Claim 1 5 : The system for communicating to the user the authentication decision according to Claim 1 3, wherein the first and second indicators, respectively, are performed simultaneously on the uniquely identifiable computing device and the hardware device.
Claim 16: The system for communicating to the user the authentication decision according to Claim 13, the hardware device further configured to:
perform a second authentication process of the uniquely identifiable computing device by the hardware device with a goal to re-authenticate the uniquely identifiable computing device that is currently in communication on the short-range communication network;
instruct the signaling device to indicate by a third indicator including at least one of an audio, visual, tactile, and thermal response that the second authentication process has failed when the performing of the second authentication indicates that the uniquely identifiable computing device could not be re-authenticated to continue to communicate on the short-range communication network.
Claim 17: The system for communicating to the user the authentication decision according to Claim 13, wherein the first indicator triggered by the hardware device is an instruction to a thermostat controller of a home to change a temperature of the home.
Claim 18: The system for communicating to the user the authentication decision according to Claim 13, wherein the first indicator triggered by the hardware device is an instruction to a speaker to generate a sound.
PCT/IB2016/052747 2015-05-14 2016-05-12 A system, device and method for indicating authentication decisions in uniquely identifiable computing devices WO2016181347A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201562161409P 2015-05-14 2015-05-14
US62/161,409 2015-05-14

Publications (1)

Publication Number Publication Date
WO2016181347A1 true WO2016181347A1 (en) 2016-11-17

Family

ID=56072376

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2016/052747 WO2016181347A1 (en) 2015-05-14 2016-05-12 A system, device and method for indicating authentication decisions in uniquely identifiable computing devices

Country Status (1)

Country Link
WO (1) WO2016181347A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8381270B1 (en) * 2011-09-14 2013-02-19 Google Inc. Network configuration and authorization
US20130086637A1 (en) * 2011-09-29 2013-04-04 Apple Inc. Indirect authentication
EP2806370A1 (en) * 2013-05-21 2014-11-26 Knightsbridge Portable Communications SP Portable authentication tool and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8381270B1 (en) * 2011-09-14 2013-02-19 Google Inc. Network configuration and authorization
US20130086637A1 (en) * 2011-09-29 2013-04-04 Apple Inc. Indirect authentication
EP2806370A1 (en) * 2013-05-21 2014-11-26 Knightsbridge Portable Communications SP Portable authentication tool and method

Similar Documents

Publication Publication Date Title
US11451545B2 (en) Cloud device identification and authentication
JP6359103B2 (en) System for remote control of controllable devices
JP6457698B2 (en) How to control access to non-vehicle wireless networks
EP3149548B1 (en) Controller networks for an accessory management system
US10964196B1 (en) Keypad projection
EP4007210A1 (en) Accessory's communication with a controller
WO2017069932A1 (en) Systems and methods for correlating sound events to security and/or automation system operations
US10157271B1 (en) Setting up a system with a mobile device
WO2016004134A2 (en) Systems and techniques for wireless device configuration
CN110050438B (en) Authority management method, related equipment and system
WO2015191937A1 (en) Virtual gateway for a connected device
US10687025B2 (en) Anti-theft doorbell camera
EP3345338A1 (en) Home automation communication system
US20170245314A1 (en) Communication device, communication method, and computer program product
WO2014116526A1 (en) Method, security server and device utilizing an optical signal to access an access point
KR102297889B1 (en) Method and apparatus for wlan device pairing
CN105392182B (en) The setting method and system of the network configuration information of WIFI equipment
CN108874573B (en) Techniques for repairing inoperable secondary device using another device
WO2014205956A1 (en) Terminal peripheral control method, m2m gateway, and communications system
JP6270542B2 (en) Authentication system
US10779166B2 (en) Technique for controlling access to a radio access network
WO2016181347A1 (en) A system, device and method for indicating authentication decisions in uniquely identifiable computing devices
JP5246029B2 (en) Wireless communication system
CN106878049B (en) Configuration method and device
JP6290469B1 (en) Operation control system and operation control method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16724724

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16724724

Country of ref document: EP

Kind code of ref document: A1