WO2021035000A1 - Method for registering a device to a registration server - Google Patents
Method for registering a device to a registration server Download PDFInfo
- Publication number
- WO2021035000A1 WO2021035000A1 PCT/US2020/047099 US2020047099W WO2021035000A1 WO 2021035000 A1 WO2021035000 A1 WO 2021035000A1 US 2020047099 W US2020047099 W US 2020047099W WO 2021035000 A1 WO2021035000 A1 WO 2021035000A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- dataset
- registering
- server
- comparison
- subset
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/63—Location-dependent; Proximity-dependent
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/65—Environment-dependent, e.g. using captured environmental data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/77—Graphical identity
Definitions
- the present invention relates to methods for registering a device to a registration server. It relates particularly to methods of registering a device to a registration server to which another device has been already registered.
- a mobile device When accessing online resources, a mobile device can be used for user authentication instead or in addition of a username and password.
- the registration of such a mobile device is usually complicated and error prone for the end-user.
- the registration of a device can require the user to enter a set of data into the device to register (like a registration code) or to scan a visual code (like a QR code) that requires the use of a dedicated application. Those additional steps are prone to error and lead to failure or many retries before successful registration . It is used to bind two or more separate devices.
- a user may be accessing the online service from his computer and try to register his mobile phone.
- data may be shared between the two devices as a way to identify the two devices to be bound.
- Such operation requires complex actions from the user which may lead to failure or many retries before successful registration.
- the W02007003656 document discloses a way to pair a contactless card with a contactless reader by comparing temperature, pressure or light parameters in order to prevent relay attack.
- the document US9621659 describes a method for peer to peer communication based on the combination of proximity sensor and time stamps.
- the invention aims at solving at least one of the above mentioned technical problems.
- An object of the present invention is a computer- implemented method for registering a first device to a registration server, a second device being previously registered by the registration server.
- the method comprises the following steps: i) said first device generates a first dataset by collecting network signals whose sources are located in the vicinity of said first device, then sends said first dataset to the registering server, ii) said second device generates a second dataset by collecting network signals whose sources are located in the vicinity of said second device, then sends said second dataset to the registering server, iii) the registering server performs a comparison of a subset of said first dataset with a subset of said second dataset and registers said first device only if the comparison is successful.
- privileges may have been previously allocated to the second device and the registering server may allocate the privileges to the first device if the comparison is successful.
- the registration of the second device may consist in a step in which a user authenticates to the registering server by using the second device.
- network signals collection by the first device may be triggered by an action of a user on said first device.
- network signals collection by the first device may be automatically triggered by starting said first device.
- said first and second device may add in their respective dataset environment signals they collected.
- the registering server may send to said second device a request for binding agreement and may register said first device only if it received an agreement in response to the request.
- the registering server may get a type of said first device and may identify said subset of the first dataset according said type.
- Another object of the present invention is a system comprising a first device, a registration server and a second device previously registered by the registration server.
- the first device comprises a first processor and first instructions executed by the first processor for generating a first dataset by collecting network signals whose sources are located in the vicinity of the first device, and sending said first dataset to the registering server.
- the second device comprises a second processor and second instructions executed by the second processor for generating a second dataset by collecting network signals whose sources are located in the vicinity of the second device, and sending said second dataset to the registering server.
- the registering server comprises a third processor and third instructions executed by its processor for performing a comparison of subset of said first dataset with a subset of said second dataset and for registering said first device only if the comparison is successful.
- the privileges may have been previously allocated to the second device and the registering server may allocate said privileges to the first device if the comparison is successful.
- the registering server may register the second device in response to authentication of a user through the second device.
- the first device may start the network signals collection in response to an action of a user on said first device.
- the first device may automatically begin the network signals collection when it starts.
- said first and second device may add in their respective dataset environment signals they collected.
- the registering server may get a type of said first device and identifies said subset of the first dataset according said type.
- Figure 1 shows a general flow chart for registering a device according to an example of the invention
- Figure 2 shows a detailed flow chart for registering a device by using binding between a user and a device according to an example of the invention
- Figure 3 shows a detailed flow chart for registering a device by using binding between two devices according to an example of the invention. Detailed description of the preferred embodiments
- the invention may apply to any type of devices. It is well-suited for registering hardware devices like mobile phones, personal computers, connected wearable devices, video game consoles, sensors, gaming machines, tablet computers or IoT (Internet of Things) devices.
- hardware devices like mobile phones, personal computers, connected wearable devices, video game consoles, sensors, gaming machines, tablet computers or IoT (Internet of Things) devices.
- Figure 1 shows a general flow chart for registering a first device according to an example of the invention.
- a second device for example a smart phone
- the binding server may have registered the second device using a conventional way. For instance the binding server may have checked a login/password or enciphered credentials received from the second device.
- the registering server may be implemented in a dedicated hardware computer or in a hardware computing resources reached through the cloud.
- the first device may be a connected watch belonging to the user who owns the second device.
- the user goes to the second device to initiate the registration (also called binding) of the first device.
- step S12 the user goes to the first device to initiate the registration.
- Steps Sll and S12 may be executed in any order or simultaneously .
- Each device detects networks vicinity signals and build its own dataset based on the collected signals at steps S21 and S22.
- steps S21 an S22 devices are capturing networks signals on their own in their vicinity.
- Networks signals are assumed to be originated from other devices located in their neighborhood.
- networks signals are signals coming from wireless networks.
- networks signals may comprise the list of reachable Bluetooth® devices, the list of visible Wi Fi devices or applications, data related to nearby wireless networks (like the SSID - Service Set Identifier or local network carriers) or data related to contactless devices in the vicinity (like type of device, type or version of operating system embedded in the nearby devices, IP addresses).
- the collection of networks signals may be initiated by numbers of triggers depending on the type of the device or security policies.
- the triggering event may be the push of a button on the device, the launching of an application on the device or the starting (or reboot) of the device. It also can be triggered from the Registering server. It is to be noted that the operation of collecting networks signals is not a pairing operation with nearby devices.
- the network signals collected by a device may comprise data emitted by the other device involved in the data collection operation.
- the first device may collect data related to the second device and mutually.
- each device may detect environment vicinity signals (like temperature, pressure, humidity, ambient noise, snippet/decibel level, voice, velocity, altitude or luminosity) and complete its own dataset according to collected environment signals at steps S31 and S32.
- environment vicinity signals like temperature, pressure, humidity, ambient noise, snippet/decibel level, voice, velocity, altitude or luminosity
- a dataset may include the SSID of two detected wireless networks, the type (ex: router, phone, PC, set top box, printer, etc.) of each detected contactless devices in the vicinity for example.
- the dataset may also comprise the value of measured environments signals like temperature, humidity, and ambient noise for instance.
- each device sends its dataset to the registering server at steps S41 and S42.
- the registering server identifies subsets of the two datasets and performs a comparison between the two subsets. If the comparison is successful, the registering server is allowed to register the first device.
- the identification of a subset of a dataset may depend on the type of the device that created the dataset (or the type of the other device).
- the nature of data collected by a device may depend on the capabilities of the device.
- the identification of a subset may be ruled by a predefined policy allowing to provide subsets whose structures are compatible with each other. For example if only one device is able to detect Bluetooth® communication, the subset may exclude Bluetooth® data.
- the comparison may be executed by taking into account one or several preset rules.
- the comparison may be considered as successful if the two subsets comprise at least three parameters whose values are equal.
- the comparison may be considered as successful if the two subsets are similar (i.e. all the parameters they contain have the same values.)
- the comparison may be considered as successful if the two subsets comprise parameters whose values are close, for example within an acceptable range or variation. For instance, comparison of the strengths of a network signal may be considered as successful even if the values are slightly different (i.e. with a delta below an acceptable threshold.)
- the registration server can check that the two devices have access to similar network contexts.
- the registration server may check that the two devices are located in their mutual neighborhood. It is to be noted that the distance between the two devices is not measured.
- the registering server may allocate specific privileges (for example: access rights) to this device.
- the newly registered device may get privileges allowing a user to access an online service via the newly registered device.
- privileges may have been previously allocated to the second device and the registering server may allocate the same privileges to the first device if the comparison is successful.
- the privileges may be credentials or specific access rights for instance. In this case, a binding between the two devices is carried out by both registering the first device to the registering server and sharing the same privileges between the two devices.
- the registering server may use the dataset provided by a device to identify the other device.
- each device involved in the data collection is assumed to comprise a hardware processor, a collector unit and a dataset generator.
- the collector unit may be implemented via an antenna and communication components dedicated to communicate according to one or several network communication protocols.
- the collector unit may comprise a Bluetooth® communication component and a Li-Fi communication component for instance.
- the collector unit may also comprise one or several sensors dedicated to collect environment data like a hygrometric sensor or a temperature sensor.
- the dataset generator may comprise a set of instructions intended to be executed by the processor to generate the dataset from the collected data.
- the dataset generator may be implemented in full hardware solution or a combination of firmware and hardware components.
- the registering server is assumed to comprise a hardware processor, a comparator unit and a registering unit.
- the comparator unit is configured to identify a subset from a received dataset. It may use a set of rules (or predefined policy) allowing to refine the content of the subset. For instance, if one device is not able to measure the temperature, the subset may exclude the temperature value.
- the rules may take into account the type of each device.
- the rules may define an acceptable (tolerated) distance between values coming from several subsets to take into account the uncertainty of the measured values due to various precision of the sensors. For instance, temperature can be considered as matching even with a difference of 0.5°Fahrenheit.
- the rules may state that if at least three networks signals are equal, the comparison is considered as successful even if one or two additional networks signals do not match.
- the comparator unit is also configured to compare the content of two (or more) subsets.
- the registering unit is configured to register a device only if the corresponding comparison is successful.
- the registering unit may be configured to ask the user an agreement to register a device. It may also be configured to report the completion of the registering operation to any number of devices.
- Both the comparator unit and the registering unit may be implemented in full hardware solution or a combination of software instructions (executed by the processor) and hardware components.
- Figure 2 shows a detailed flow chart for registering a device by using binding between a user and a device according to an example of the invention.
- the registration of the second device consists in a phase in which the user authenticates to the registering server by using the second device.
- the user opens a web browser on a Personal Computer (i.e. the second device also named access device) and authenticates to the Registration Server.
- Authentication can be carried out by providing a password which is checked by the registering server for instance.
- the Personal Computer scans and collects information related to nearby devices (like visible Bluetooth devices and available Wi-Fi networks).
- the Personal Computer may also scan and collect environment data (like location, temperature and luminosity).
- the Personal Computer sends the data collected in step #3 to the Registration Server.
- the sending may be secured by security data (like a pre-provisioned key).
- the user opens a web browser on his mobile device (i.e. the first device which is the device to register/bind) and goes to the binding URL (on the registering server).
- the user can open a mobile application that will perform the registration of the mobile device at step #7.
- the mobile device i.e. mobile phone
- step #9 the dataset collected in step #8 is sent to the Registration Server.
- the Registration Server compares a subset of the dataset received from the Personal Computer (step #4) with a subset of the dataset received from the mobile device (step #9) in order to match the datasets.
- the registering server registers the mobile phone.
- the mobile phone has been bound to the registering server by using the access device (i.e. Personal Computer).
- the Registration server binds the mobile phone with the access device.
- the Registration Server could display a confirmation message on the access device (Personal Computer), asking the user to confirm the registration with the mobile device. (Step #11).
- the User can provide confirmation approval of the registration back to Registration Server at step #12.
- the registration server updates its data for reflecting the registration of the mobile phone.
- Each device may be notified of the completion of the registration at steps #14 and #15.
- Figure 3 shows a detailed flow chart for registering a device by using binding between two devices according to an example of the invention.
- the registration of the second device is assumed to have been already done in a previous phase.
- This example is well suited for registering IoT devices (like hardware sensors or Machine-to-Machine boxes) which may have limited capabilities compared to personal computers or smart phones.
- the user plugs in and turns on a new device (i.e. first device to be registered.)
- a new device i.e. first device to be registered.
- the new device once the new device is started it periodically collects (step #2) data related to nearby network signals and sends the corresponding generated dataset to the Registration Server (step #3), until it is itself registered.
- the new device may collect environment signals and generate the dataset using the collected environment signals.
- the user may press a button (or equivalent action) to trigger data collection (step #7) and sending (step #8) on a device which is already registered to the binding server.
- the registration Server may analyze the data received from the new device (step #3) and identify possible registered device(s) in the same vicinity as the new device to be registered. Based upon the analysis performed in step #5, the registration server can send a polling request to the identified device(s) in order to gather fresh dataset.
- the already registered device(s) scans and collects information related to nearby devices (network signals) and possibly environment data (like location, temperature or luminosity).
- the dataset generated from the data collected in step #7 are sent to the registration server.
- the registration server compares the set of data received from the new device (step #3) and the registered device(s) (step #8) in order to match the datasets and register the new device in case of successful comparison .
- the registration server updates its data for recording the effective registering of the new device.
- each device involved in the dataset generation may be notified of the completion of the registration by the registration server at steps #11 and #12.
- the invention allows to register devices devoid of Man Machine Interface since the data collection can be automatically started on boot of the device or triggered by the registration server.
- the registering server may automatically grant to the first device the same privilege(s) which were already granted to the second device.
- privilege for example communication inter devices like device to device communication via server, adhoc network (pairing via server), Two Factors Authentication (2FA), proximity detection, IoT services like home or factory automation and security monitoring.
- the invention applies to any types of software or hardware devices.
- the invention removes the need for the user to enter specific registration data when a registering a device.
- the invention provide simplicity and usability which translates into better user accessibility. For instance users with disabilities, very young people or old people can take benefit of the invention.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention is a method for registering a first device to a registration server, a second device being previously registered by the registration server, said first device generates a first dataset by collecting network signals whose sources are located in the vicinity of said first device, then sends said first dataset to the registering server. Said second device generates a second dataset by collecting network signals whose sources are located in the vicinity of said second device, then sends said second dataset to the registering server. The registering server performs a comparison of a subset of said first dataset with a subset of said second dataset and registers said first device only if the comparison is successful.
Description
METHOD FOR REGISTERING A DEVICE TO A REGISTRATION
SERVER
Field of the invention
The present invention relates to methods for registering a device to a registration server. It relates particularly to methods of registering a device to a registration server to which another device has been already registered.
Background of the invention
When accessing online resources, a mobile device can be used for user authentication instead or in addition of a username and password. The registration of such a mobile device is usually complicated and error prone for the end-user.
For example, the registration of a device can require the user to enter a set of data into the device to register (like a registration code) or to scan a visual code (like a QR code) that requires the use of a dedicated application. Those additional steps are prone to error and lead to failure or many retries before successful registration . It is used to bind two or more separate devices.
For example a user may be accessing the online service from his computer and try to register his mobile phone. In order to bind those devices together, there is a need for data to be shared between the two devices as a way to identify the two devices to be bound. Such operation requires complex actions from the user which may lead to failure or many retries before successful registration.
The W02007003656 document discloses a way to pair a contactless card with a contactless reader by comparing
temperature, pressure or light parameters in order to prevent relay attack. The document US9621659 describes a method for peer to peer communication based on the combination of proximity sensor and time stamps.
There is need to provide a solution improving experience of the user when trying to register a new device.
Summary of the Invention
The invention aims at solving at least one of the above mentioned technical problems.
An object of the present invention is a computer- implemented method for registering a first device to a registration server, a second device being previously registered by the registration server. The method comprises the following steps: i) said first device generates a first dataset by collecting network signals whose sources are located in the vicinity of said first device, then sends said first dataset to the registering server, ii) said second device generates a second dataset by collecting network signals whose sources are located in the vicinity of said second device, then sends said second dataset to the registering server, iii) the registering server performs a comparison of a subset of said first dataset with a subset of said second dataset and registers said first device only if the comparison is successful.
Advantageously, privileges may have been previously allocated to the second device and the registering server may allocate the privileges to the first device if the comparison is successful.
Advantageously, the registration of the second device may consist in a step in which a user authenticates to the registering server by using the second device.
Advantageously, network signals collection by the first device may be triggered by an action of a user on said first device.
Advantageously, network signals collection by the first device may be automatically triggered by starting said first device.
Advantageously, said first and second device may add in their respective dataset environment signals they collected.
Advantageously, the registering server may send to said second device a request for binding agreement and may register said first device only if it received an agreement in response to the request.
Advantageously, the registering server may get a type of said first device and may identify said subset of the first dataset according said type.
Another object of the present invention is a system comprising a first device, a registration server and a second device previously registered by the registration server. The first device comprises a first processor and first instructions executed by the first processor for generating a first dataset by collecting network signals whose sources are located in the vicinity of the first device, and sending said first dataset to the registering server. The second device comprises a second processor and second instructions executed by the second processor for generating a second dataset by collecting network signals whose sources are located in the vicinity of the
second device, and sending said second dataset to the registering server. The registering server comprises a third processor and third instructions executed by its processor for performing a comparison of subset of said first dataset with a subset of said second dataset and for registering said first device only if the comparison is successful.
Advantageously, the privileges may have been previously allocated to the second device and the registering server may allocate said privileges to the first device if the comparison is successful.
Advantageously, the registering server may register the second device in response to authentication of a user through the second device.
Advantageously, the first device may start the network signals collection in response to an action of a user on said first device.
Advantageously, the first device may automatically begin the network signals collection when it starts.
Advantageously, said first and second device may add in their respective dataset environment signals they collected.
Advantageously, the registering server may get a type of said first device and identifies said subset of the first dataset according said type.
Brief description of the drawings
Other characteristics and advantages of the present invention will emerge more clearly from a reading of the following description of a number of preferred embodiments of the invention with reference to the corresponding accompanying drawings in which:
Figure 1 shows a general flow chart for registering a device according to an example of the invention;
Figure 2 shows a detailed flow chart for registering a device by using binding between a user and a device according to an example of the invention; and
Figure 3 shows a detailed flow chart for registering a device by using binding between two devices according to an example of the invention. Detailed description of the preferred embodiments
The invention may apply to any type of devices. It is well-suited for registering hardware devices like mobile phones, personal computers, connected wearable devices, video game consoles, sensors, gaming machines, tablet computers or IoT (Internet of Things) devices.
Figure 1 shows a general flow chart for registering a first device according to an example of the invention.
A second device (for example a smart phone) is assumed to have been previously registered by the registering server (also called binding server). The binding server may have registered the second device using a conventional way. For instance the binding server may have checked a login/password or enciphered credentials received from the second device. The registering server may be implemented in a dedicated hardware computer or in a hardware computing resources reached through the cloud.
The first device may be a connected watch belonging to the user who owns the second device.
At step Sll, the user goes to the second device to initiate the registration (also called binding) of the first device.
At step S12, the user goes to the first device to initiate the registration.
Steps Sll and S12 may be executed in any order or simultaneously .
Each device detects networks vicinity signals and build its own dataset based on the collected signals at steps S21 and S22.
During steps S21 an S22, devices are capturing networks signals on their own in their vicinity. Networks signals are assumed to be originated from other devices located in their neighborhood. Preferably, networks signals are signals coming from wireless networks.
For example, networks signals may comprise the list of reachable Bluetooth® devices, the list of visible Wi Fi devices or applications, data related to nearby wireless networks (like the SSID - Service Set Identifier or local network carriers) or data related to contactless devices in the vicinity (like type of device, type or version of operating system embedded in the nearby devices, IP addresses).
The collection of networks signals may be initiated by numbers of triggers depending on the type of the device or security policies. For example the triggering event may be the push of a button on the device, the launching of an application on the device or the starting (or reboot) of the device. It also can be triggered from the Registering server.
It is to be noted that the operation of collecting networks signals is not a pairing operation with nearby devices.
The network signals collected by a device may comprise data emitted by the other device involved in the data collection operation. For instance, the first device may collect data related to the second device and mutually.
Optionally, each device may detect environment vicinity signals (like temperature, pressure, humidity, ambient noise, snippet/decibel level, voice, velocity, altitude or luminosity) and complete its own dataset according to collected environment signals at steps S31 and S32.
A dataset may include the SSID of two detected wireless networks, the type (ex: router, phone, PC, set top box, printer, etc.) of each detected contactless devices in the vicinity for example. The dataset may also comprise the value of measured environments signals like temperature, humidity, and ambient noise for instance.
Then each device sends its dataset to the registering server at steps S41 and S42.
Then the registering server identifies subsets of the two datasets and performs a comparison between the two subsets. If the comparison is successful, the registering server is allowed to register the first device.
The identification of a subset of a dataset may depend on the type of the device that created the dataset (or the type of the other device). The nature of data collected by a device may depend on the capabilities of
the device. Thus the identification of a subset may be ruled by a predefined policy allowing to provide subsets whose structures are compatible with each other. For example if only one device is able to detect Bluetooth® communication, the subset may exclude Bluetooth® data.
The comparison may be executed by taking into account one or several preset rules. In one embodiment, the comparison may be considered as successful if the two subsets comprise at least three parameters whose values are equal. In another embodiment, the comparison may be considered as successful if the two subsets are similar (i.e. all the parameters they contain have the same values.) In other embodiments, the comparison may be considered as successful if the two subsets comprise parameters whose values are close, for example within an acceptable range or variation. For instance, comparison of the strengths of a network signal may be considered as successful even if the values are slightly different (i.e. with a delta below an acceptable threshold.)
Thanks to the received datasets, the registration server can check that the two devices have access to similar network contexts. The registration server may check that the two devices are located in their mutual neighborhood. It is to be noted that the distance between the two devices is not measured.
Once a device is registered, the registering server may allocate specific privileges (for example: access rights) to this device. For instance, the newly registered device may get privileges allowing a user to access an online service via the newly registered device.
Preferably, privileges may have been previously allocated to the second device and the registering server may allocate the same privileges to the first device if the comparison is successful. The privileges may be credentials or specific access rights for instance. In this case, a binding between the two devices is carried out by both registering the first device to the registering server and sharing the same privileges between the two devices.
In one embodiment, the registering server may use the dataset provided by a device to identify the other device.
In one embodiment, each device involved in the data collection is assumed to comprise a hardware processor, a collector unit and a dataset generator. The collector unit may be implemented via an antenna and communication components dedicated to communicate according to one or several network communication protocols. The collector unit may comprise a Bluetooth® communication component and a Li-Fi communication component for instance. The collector unit may also comprise one or several sensors dedicated to collect environment data like a hygrometric sensor or a temperature sensor.
The dataset generator may comprise a set of instructions intended to be executed by the processor to generate the dataset from the collected data. The dataset generator may be implemented in full hardware solution or a combination of firmware and hardware components.
In one embodiment, the registering server is assumed to comprise a hardware processor, a comparator unit and a registering unit.
The comparator unit is configured to identify a subset from a received dataset. It may use a set of rules (or predefined policy) allowing to refine the content of the subset. For instance, if one device is not able to measure the temperature, the subset may exclude the temperature value. The rules may take into account the type of each device.
The rules may define an acceptable (tolerated) distance between values coming from several subsets to take into account the uncertainty of the measured values due to various precision of the sensors. For instance, temperature can be considered as matching even with a difference of 0.5°Fahrenheit.
The rules may state that if at least three networks signals are equal, the comparison is considered as successful even if one or two additional networks signals do not match.
The comparator unit is also configured to compare the content of two (or more) subsets. The registering unit is configured to register a device only if the corresponding comparison is successful. The registering unit may be configured to ask the user an agreement to register a device. It may also be configured to report the completion of the registering operation to any number of devices.
Both the comparator unit and the registering unit may be implemented in full hardware solution or a combination of software instructions (executed by the processor) and hardware components.
Figure 2 shows a detailed flow chart for registering a device by using binding between a user and a device according to an example of the invention.
In the example of Figure 2, the registration of the second device consists in a phase in which the user authenticates to the registering server by using the second device.
At steps #1 and #2, the user opens a web browser on a Personal Computer (i.e. the second device also named access device) and authenticates to the Registration Server. Authentication can be carried out by providing a password which is checked by the registering server for instance.
At step #3, the Personal Computer scans and collects information related to nearby devices (like visible Bluetooth devices and available Wi-Fi networks). The Personal Computer may also scan and collect environment data (like location, temperature and luminosity).
At step #4, the Personal Computer sends the data collected in step #3 to the Registration Server. In one embodiment, the sending may be secured by security data (like a pre-provisioned key).
At steps #5 and #6, the user opens a web browser on his mobile device (i.e. the first device which is the device to register/bind) and goes to the binding URL (on the registering server).
Alternatively to steps #5 and #6, the user can open a mobile application that will perform the registration of the mobile device at step #7.
At step #8, the mobile device (i.e. mobile phone) scans and collects information related to nearby devices.
It may also scan and collect additional information related to environment data.
At step #9, the dataset collected in step #8 is sent to the Registration Server.
At step #10, the Registration Server compares a subset of the dataset received from the Personal Computer (step #4) with a subset of the dataset received from the mobile device (step #9) in order to match the datasets. In case of successful comparison, the registering server registers the mobile phone. At this stage, the mobile phone has been bound to the registering server by using the access device (i.e. Personal Computer).
In a sense, one can consider that the Registration server binds the mobile phone with the access device.
Optionally, the Registration Server could display a confirmation message on the access device (Personal Computer), asking the user to confirm the registration with the mobile device. (Step #11). The User can provide confirmation approval of the registration back to Registration Server at step #12.
At step #13, the registration server updates its data for reflecting the registration of the mobile phone.
Each device (PC and mobile device) may be notified of the completion of the registration at steps #14 and #15.
Figure 3 shows a detailed flow chart for registering a device by using binding between two devices according to an example of the invention.
In the example of Figure 3, the registration of the second device is assumed to have been already done in a previous phase. This example is well suited for
registering IoT devices (like hardware sensors or Machine-to-Machine boxes) which may have limited capabilities compared to personal computers or smart phones.
At step #1, the user plugs in and turns on a new device (i.e. first device to be registered.) In one embodiment, once the new device is started it periodically collects (step #2) data related to nearby network signals and sends the corresponding generated dataset to the Registration Server (step #3), until it is itself registered. Optionally, the new device may collect environment signals and generate the dataset using the collected environment signals.
At step #4, in one embodiment the user may press a button (or equivalent action) to trigger data collection (step #7) and sending (step #8) on a device which is already registered to the binding server. Alternatively, the registration Server may analyze the data received from the new device (step #3) and identify possible registered device(s) in the same vicinity as the new device to be registered. Based upon the analysis performed in step #5, the registration server can send a polling request to the identified device(s) in order to gather fresh dataset.
At step #7, the already registered device(s) scans and collects information related to nearby devices (network signals) and possibly environment data (like location, temperature or luminosity).
At step #8, the dataset generated from the data collected in step #7 are sent to the registration server.
At step #9, the registration server compares the set of data received from the new device (step #3) and the registered device(s) (step #8) in order to match the datasets and register the new device in case of successful comparison .
At step #10, the registration server updates its data for recording the effective registering of the new device.
Then each device involved in the dataset generation may be notified of the completion of the registration by the registration server at steps #11 and #12.
It is to be noted that several datasets may be retrieved from many registered devices in order to counterbalance the fact that the already registered devices may have limited means of collection.
The invention allows to register devices devoid of Man Machine Interface since the data collection can be automatically started on boot of the device or triggered by the registration server.
When a first device has been registered thanks to dataset provided by a second device (previously registered), the registering server may automatically grant to the first device the same privilege(s) which were already granted to the second device. Several use cases may take advantage of the automatic allocation of privilege (s); for example communication inter devices like device to device communication via server, adhoc network (pairing via server), Two Factors Authentication (2FA), proximity detection, IoT services like home or factory automation and security monitoring.
It must be understood, within the scope of the invention, that the above-described embodiments are provided as non-limitative examples. In particular, the features described in the presented embodiments and examples may be combined.
The invention applies to any types of software or hardware devices.
The invention removes the need for the user to enter specific registration data when a registering a device. The invention provide simplicity and usability which translates into better user accessibility. For instance users with disabilities, very young people or old people can take benefit of the invention.
Claims
1. A computer-implemented method for registering a first device to a registration server, a second device being previously registered by the registration server, wherein the method comprises the steps: i) said first device generates a first dataset by collecting a first set of network signals originated from hardware and/or software sources located in the vicinity of said first device, each network signal of said first set having a value reflecting a characteristic intrinsic to its originating source, then sends said first dataset to the registering server, ii) said second device generates a second dataset by collecting a second set of network signals originated from hardware and/or software devices located in the vicinity of said second device, each network signal of said second set having a value reflecting a characteristic intrinsic to its originating device, then sends said second dataset to the registering server, iii) the registering server performs a comparison of a subset of said first dataset with a subset of said second dataset and registers said first device only if the comparison is successful.
2. The method according to claim 1, wherein privileges have been previously allocated to the second device and wherein the registering server allocates said privileges to the first device if the comparison is successful.
3. The method according to claim 1, wherein the registration of the second device consists in a step in which a user authenticates to the registering server by using the second device.
4. The method according to claim 1, wherein network signals collection by the first device is triggered by an action of a user on said first device.
5. The method according to claim 1, wherein network signals collection by the first device is automatically triggered by starting said first device.
6. The method according to claim 1, wherein said first device collects a first group of environment signals and adds said first group in said first dataset, and wherein said second device collects a second group of environment signals and adds said second group in said second dataset.
7. The method according to claim 1, wherein the registering server sends to said second device a request for binding agreement and registers said first device only if it received an agreement in response to the request.
8. The method according to claim 1, wherein the registering server gets a type of said first device and identifies said subset of the first dataset according to said type.
9. A system comprising a first device, a registration server and a second device previously registered by the registration server, wherein said first device comprises a first processor and first instructions executed by the first processor for generating a first dataset by collecting a first set of network signals originated from hardware and/or software sources located in the vicinity of the first device, each network signal of said first set having a value reflecting a characteristic intrinsic to its originating source, and sending said first dataset to the registering server, wherein said second device comprises a second processor and second instructions executed by the second processor for generating a second dataset by collecting a second set of network signals originated from hardware and/or software devices located in the vicinity of the second device, each network signal of said second set having a value reflecting a characteristic intrinsic to its originating device, and sending said second dataset to the registering server, and wherein the registering server comprises a third processor and third instructions executed by its processor for performing a comparison of subset of said first dataset with a subset of said second dataset and for registering said first device only if the comparison is successful.
10. The system according to claim 9, wherein privileges have been previously allocated to the second device and wherein the registering server allocates said
privileges to the first device if the comparison is successful.
11. The system according to claim 9, wherein the registering server registers the second device in response to authentication of a user through the second device.
12. The system according to claim 9, wherein the first device is configured to start the network signals collection in response to an action of a user on said first device.
13. The system according to claim 9, wherein the first device is configured to automatically begin the network signals collection when it starts.
14. The system according to claim 9, wherein said first device is configured to collect a first group of environment signals and to add said first group in said first dataset, and wherein said second device is configured to collect a second group of environment signals and to add said second group in said second dataset.
15. The system according to claim 9, wherein the registering server gets a type of said first device and identifies said subset of the first dataset according to said type.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US201916548222A | 2019-08-22 | 2019-08-22 | |
| US16/548,222 | 2019-08-22 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2021035000A1 true WO2021035000A1 (en) | 2021-02-25 |
Family
ID=72291154
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/US2020/047099 WO2021035000A1 (en) | 2019-08-22 | 2020-08-20 | Method for registering a device to a registration server |
Country Status (1)
| Country | Link |
|---|---|
| WO (1) | WO2021035000A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113645268A (en) * | 2021-06-25 | 2021-11-12 | 宁波奥克斯电气股份有限公司 | Household appliance control method and device, server and mobile terminal |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007003656A1 (en) | 2005-07-05 | 2007-01-11 | Gemplus | Secured identification system and medium, and method for securing same |
| US8918844B1 (en) * | 2012-09-28 | 2014-12-23 | Emc Corporation | Device presence validation |
| US9621659B1 (en) | 2013-07-09 | 2017-04-11 | Faryar Ghazanfari | Systems and methods for peer to peer communication |
| US10148631B1 (en) * | 2015-09-29 | 2018-12-04 | Symantec Corporation | Systems and methods for preventing session hijacking |
-
2020
- 2020-08-20 WO PCT/US2020/047099 patent/WO2021035000A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007003656A1 (en) | 2005-07-05 | 2007-01-11 | Gemplus | Secured identification system and medium, and method for securing same |
| US8918844B1 (en) * | 2012-09-28 | 2014-12-23 | Emc Corporation | Device presence validation |
| US9621659B1 (en) | 2013-07-09 | 2017-04-11 | Faryar Ghazanfari | Systems and methods for peer to peer communication |
| US10148631B1 (en) * | 2015-09-29 | 2018-12-04 | Symantec Corporation | Systems and methods for preventing session hijacking |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113645268A (en) * | 2021-06-25 | 2021-11-12 | 宁波奥克斯电气股份有限公司 | Household appliance control method and device, server and mobile terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9894630B2 (en) | ADSS enabled global roaming system | |
| CN109309657B (en) | Unauthorized access point detection system and method, user terminal used for same, and computer program | |
| US20190342342A1 (en) | Personal device network for user identification and authentication | |
| US9298890B2 (en) | Preventing unauthorized account access using compromised login credentials | |
| CN107005442B (en) | Method and apparatus for remote access | |
| JP4966319B2 (en) | Method and system for determining network location of user equipment based on transmitter fingerprint | |
| CN108337677B (en) | Network authentication method and device | |
| US11683353B2 (en) | Automated service enrollment in a machine-to-machine communications network | |
| CN104767713B (en) | Account binding method, server and system | |
| AU2015201272A1 (en) | Secure distribution of electronic content | |
| US20190020640A1 (en) | Cloud operation interface sharing method, related device, and system | |
| KR20120072557A (en) | Mobile terminal, server and information providing method using the same | |
| US9787678B2 (en) | Multifactor authentication for mail server access | |
| CN104219339A (en) | Method and device for detecting address resolution protocol attack in local area network | |
| US20140335886A1 (en) | Network identifier position determining system and method for same | |
| KR101606352B1 (en) | System, user terminal, and method for detecting rogue access point and computer program for the same | |
| WO2017219748A1 (en) | Method and device for access permission determination and page access | |
| US9661000B2 (en) | Communication apparatus, communication system, method of controlling communication apparatus, and storage medium | |
| US20170078100A1 (en) | Providing device, terminal device, providing method, non-transitory computer readable storage medium, and authentication processing system | |
| US11363017B2 (en) | Smart home network security through blockchain | |
| CN114363067A (en) | Network access control method, device, computer equipment and storage medium | |
| WO2021035000A1 (en) | Method for registering a device to a registration server | |
| CN107396363B (en) | Method and equipment for carrying out wireless connection pre-authorization on user equipment | |
| JP2016126670A (en) | Risk base authentication method and system using portable terminal | |
| CN111492358B (en) | Device authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20764546 Country of ref document: EP Kind code of ref document: A1 |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 20764546 Country of ref document: EP Kind code of ref document: A1 |
|
| 32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 01/07/2022) |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 20764546 Country of ref document: EP Kind code of ref document: A1 |