WO2022098406A1 - One-time wireless authentication of an internet-of-things device - Google Patents

One-time wireless authentication of an internet-of-things device Download PDF

Info

Publication number
WO2022098406A1
WO2022098406A1 PCT/US2021/044667 US2021044667W WO2022098406A1 WO 2022098406 A1 WO2022098406 A1 WO 2022098406A1 US 2021044667 W US2021044667 W US 2021044667W WO 2022098406 A1 WO2022098406 A1 WO 2022098406A1
Authority
WO
WIPO (PCT)
Prior art keywords
router
proxy
proxy application
authentication
identifier
Prior art date
Application number
PCT/US2021/044667
Other languages
French (fr)
Inventor
Krishnaram Muthusamy
Robert Chifamba
Original Assignee
Visa International Service Association
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Visa International Service Association filed Critical Visa International Service Association
Priority to EP21889773.4A priority Critical patent/EP4241519A4/en
Priority to CN202180072637.XA priority patent/CN116438885A/en
Publication of WO2022098406A1 publication Critical patent/WO2022098406A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/71Hardware identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/084Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol

Definitions

  • loT device is an electronic computing device that connects wirelessly to a network and has the ability to transmit data over the network.
  • loT devices are nonstandard computing devices in that they are typically not equipped with a user interface for user interaction and focus instead on machine-to-machine communication.
  • the lack of a user interface can be problematic when the loT device needs to connect to the wireless network the first time with necessary access credentials (e.g., user name and password), which are typically entered by a user.
  • necessary access credentials e.g., user name and password
  • the loT device can be equipped with some type of user interface, such as a small keyboard and/or screen. However, adding a user interface comes at a cost.
  • the exemplary embodiments provide methods and systems for one-time wireless authentication of an Internet-of-Things device. Aspects of exemplary embodiment include receiving, by a proxy application executing on a mobile device during a registration process, a device ID associated with the loT device. The proxy application transmits the device ID to a router of the wireless network. Subsequent to the registration process, the proxy application receives the device ID from the router in response to the router receiving an authorization request with no network password from the loT device for access to the wireless network, where the router forwards the device ID to the proxy application.
  • the proxy application prompts the user of the mobile device to enter the password, and transmits the entered network password to the router, such that the router validates the password and grants the loT device access to the wireless network, the loT device transmits the loT device ID to the router for subsequent network connection without a need for the mobile device.
  • methods and systems for one-time wireless authentication of an Internet-of-Things device comprises a router receiving a registration request from a proxy application executing on a mobile device, the registration request including a device identifier associated with the loT device, the device identifier entered into the proxy application by a user of the mobile device, the router further storing the device identifier and enabling a proxy authentication setting.
  • the router receives an authorization request from the loT device for access to a wireless network, the authorization request comprising at least the device identifier without a network password.
  • the router determines if a proxy authentication setting is enabled, and if so forwards the device identifier to the proxy application.
  • the router receives a message from the proxy application, a message including a network password entered into the proxy application by the user. Responsive to the router validating the network password, the router grants the loT device access to the wireless network, wherein the loT device transmits the device identifier to the router for subsequent connection without a need for the mobile device or the proxy application.
  • the disclosed embodiments enable easy wireless Internet conductivity for an Internet-of-Things device having no provisions for password entry, thus eliminating the need for keys and user interaction through the Internet-of-Things device.
  • the methods and systems facilitate such Internet-of-Things devices to connect to the Internet of long as the Internet-of-Things devices are pre-configured for proxy authentication using the mobile application in conjunction with software changes in the router.
  • Figure 1 is a block diagram illustrating a system for enabling a mobile application to provide one-time wireless authentication of an Internet-of-Things device according to a first embodiment.
  • Figure 2 is a flow diagram illustrating an overview of a process for one-time wireless authentication of an Internet-of-Things device in accordance with some embodiments.
  • Figure 3 is a block diagram illustrating a system for enabling a mobile application to provide one-time wireless authentication of an Internet-of-Things device according to a second embodiment.
  • Figure 4 is a flow diagram illustrating the process for one-time wireless authentication of an Internet-of-Things device in accordance with the second embodiment of Figure 3.
  • Figure 5 is a block diagram illustrating a system for enabling a mobile application to provide one-time wireless authentication of an Internet-of-Things device according to a third embodiment.
  • Figure 6 is a flow diagram illustrating the process for one-time wireless authentication of an Internet-of-Things device in accordance with the third embodiment of Figure 3.
  • Figure 7 shows an implementation of a computer system that may be applicable to loT device, the mobile device, the authentication mapping server and/or the router mapper system.
  • the exemplary embodiment relates to a mobile application for one-time wireless authentication of an Internet-of-Things device.
  • the following description is presented to enable one of ordinary skill in the art to make and use the invention and is provided in the context of a patent application and its requirements.
  • Various modifications to the exemplary embodiments and the generic principles and features described herein will be readily apparent.
  • the exemplary embodiments are mainly described in terms of particular methods and systems provided in particular implementations. However, the methods and systems will operate effectively in other implementations. Phrases such as "exemplary embodiment”, “one embodiment” and “another embodiment” may refer to the same or different embodiments.
  • the embodiments will be described with respect to systems and/or devices having certain components.
  • the systems and/or devices may include more or less components than those shown, and variations in the arrangement and type of the components may be made without departing from the scope of the invention.
  • the exemplary embodiments will also be described in the context of particular methods having certain steps. However, the method and system operate effectively for other methods having different and/or additional steps and steps in different orders that are not inconsistent with the exemplary embodiments.
  • the present invention is not intended to be limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles and features described hereinA
  • the terms “communication” and “communicate” may refer to the reception, receipt, transmission, transfer, provision, and/or the like of information (e.g., data, signals, messages, instructions, commands, and/or the like).
  • one unit e.g., a device, a system, a component of a device or system, combinations thereof, and/or the like
  • another unit means that the one unit is able to directly or indirectly receive information from and/or send (e.g., transmit) information to the other unit.
  • This may refer to a direct or indirect connection that is wired and/or wireless in nature.
  • two units may be in communication with each other even though the information transmitted may be modified, processed, relayed, and/or routed between the first and second unit.
  • a first unit may be in communication with a second unit even though the first unit passively receives information and does not actively send information to the second unit.
  • a first unit may be in communication with a second unit if at least one intermediary unit (e.g., a third unit located between the first unit and the second unit) processes information received from the first unit and sends the processed information to the second unit.
  • a request or message may refer to a network packet (e.g., a data packet and/or the like) that includes data.
  • a wireless router provides and communications over a local or home wireless (Wi-Fi) network and connects to the Internet via a modem.
  • An electronic device needing access to the wireless network needs to send access credentials, such as a network password, to the router.
  • access credentials such as a network password
  • the router sends an authentication request with the access credentials to a credential management system.
  • the credential management system can be local to the router or a remote server.
  • the credential management system receives the authentication request and authenticates the access credentials against previously stored access credentials for the router.
  • the credential management system sends a response to the router either allowing or denying network access, and the router then either grants the device network access or alternatively sends a denial message.
  • a one-time authentication process is provided for an loT device to use a wireless network without the need for the loT device to have a user interface for entering access credentials.
  • a mobile phone of the user and in particular, an application on the mobile phone, acts as a proxy to provide one-time wireless authentication of the loT device with a router of a wireless network during first access. Thereafter, if the loT device becomes disconnected from the network, the loT device can reconnect to the network by transmitting the device ID of the loT device to the router for subsequent connection without requiring aid of the mobile device.
  • FIG. 1 is a block diagram illustrating a system for enabling a mobile application to provide one-time wireless authentication of an Internet-of-Things device according to a first embodiment.
  • the system 10 includes a router 12 that provides a network 14 and communicates over the network 14 and the Internet 20.
  • the router 12 is connected to the Internet 20 through a gateway (not shown).
  • the network is a wireless network, but wired connections (e.g., Ethernet) with the router 12 can also be made.
  • a “router” is a networking device forwards data packets between computer networks for example, in the home and small office environment, Internet protocol (IP) routers simply forward IP packets between home/office computing devices and the Internet.
  • IP Internet protocol
  • a mobile device 16 is wirelessly connected to the network 14, and an Internet- of-Things (loT) device 18 requires first time access to the network 14.
  • a “mobile device” may be a device that is operated by a user. Examples of mobile devices 16 may include a mobile phone, a smart phone, a laptop computer, a desktop computer, a server computer, a vehicle such as an automobile, a thin-client device, a tablet PC, etc. Additionally, mobile devices may be any type of wearable technology device, such as a watch, earpiece, glasses, etc.
  • the mobile device 16 may include one or more processors capable of processing user input.
  • the mobile device 16 may also include one or more input sensors for receiving user input.
  • the mobile device may comprise any electronic device that may be operated by a user, which may also provide remote communication capabilities to a network. Examples of remote communication capabilities include using a mobile phone (wireless) network, wireless data network (e.g., 3G, 4G, 5G or similar networks), Wi-Fi, Wi-Max, or any other communication medium that may provide access to a network such as the Internet or a private network.
  • an Internet of things (loT) device describes an electronic device — “a thing” — that is embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the Internet or other network.
  • the router 12 may communicate with a credential management system 22, which maintains an access credentials database 24.
  • a credential management system 22 which maintains an access credentials database 24.
  • the router 12 may forward the authentication request to the credential management system 22 to authenticate the requesting device.
  • the loT device 18 is associated with a device identifier (ID) 34, and the proxy application 24 is associated with an application (app) ID 32.
  • IDs 34 and 32 may include any distinctive set of alphanumeric characters (numbers, graphics, symbols letters or other information) that can be used to identify a device or a program.
  • the device ID 34 may comprise a serial number, partial serial number, a key and the like, or a combination thereof, associated with the loT device 18.
  • the router 12, the loT device 18, and the mobile device 18 are configured to receive and transmit messages over the network 14 using the Internet protocol suite otherwise known as Transmission Control Protocol (TCP) and the Internet Protocol (IP) or TCP/IP.
  • TCP Transmission Control Protocol
  • IP Internet Protocol
  • the system 10 further includes a mobile application, referred to herein as a proxy application (proxy app) 24 that acts a proxy for the loT device 18 during the first network authentication attempt with the router 12, and a proxy authentication setting 28 for the router 12.
  • a proxy application proxy app
  • the authentication mapping server 26 maintains a mapping between the loT device 18 and the proxy application 24.
  • the system 10 associates the proxy app 24 with the app ID 32.
  • the app ID 32 may be a special purpose software key, a mobile phone number associated with the mobile device 16, a partial phone number, a software key, and the like, or a combination thereof.
  • the app ID 32 may be used by the system 10 to determine the mobile device 16 on which the proxy application 24 is installed.
  • FIG. 2 is a flow diagram illustrating an overview of a process for one-time wireless authentication of an Internet-of-Things device in accordance with some embodiments.
  • the process occurs between the router 12 and the proxy application 24 executing on the mobile device 16 of the user.
  • the process assumes that access credentials, such as a password, for the wireless network 14 have been sent from the router 12 to the credential management system 22 and stored in access credentials database 24.
  • the process further assumes the user has installed the proxy application 24 on the user’s mobile device 16 in order to configure the loT device 18 for a one-time proxy authentication to the wireless network 14.
  • the one-time wireless authentication process includes a registration phase in which the proxy application 24 is opened and receives the device ID 34 associated with the loT device 18 that is entered by a user (block 200). This step may be initiated in response to a user who wants to set up the loT device 18 and presses a “registration button” displayed by proxy application 24 to register the loT device 18. Thereafter, the proxy application 24 displays a field into which the user may enter the device ID 34.
  • the device ID 34 may comprise a serial number or other identifier of the loT device 18. The user may find the device ID 34 on the loT device 18 itself or in documentation provided with the loT device 18.
  • the proxy application 24 transmits the device ID to the router 12 in a registration request (block 201 ).
  • the router 12 receives the registration request, stores the device ID 34 in the credential management system 22, and enables the proxy authentication setting 28 (block 202).
  • the credential management system 22 may comprise part of a local backend system for the router 12.
  • the credential management system 22 may be a remote site on the Internet 20.
  • the proxy authentication setting can be stored by the router 12 or by the credential management system 22.
  • the registration phase may include the proxy application 24 associating the device ID 34 with the app ID 32 of the proxy application 24.
  • a mapping of the device ID 34 to the app ID 32 may be registered as an ID pair with the router 12 or another system (e.g., an authentication mapper server 326 shown in Figure 3).
  • the proxy application 24 sends both the device ID 34 the app ID 32 as an ID pair in the registration request sent to the router 12 in block 201.
  • the router 12 may then store the mapping of the ID pair in the credential management system 22 or forward the ID pair to another system in block 202.
  • the router 12 receives, an authorization request from the loT device 18 over the network 14, wherein the authorization request comprises at least the device ID 34 without a network password (block 204).
  • the loT device 18 may be configured to determine automatically which one of a plurality of detected wireless networks to request access. This may be done by selecting the network 14 having the highest signal strength based on the assumption that the physically closest router 12 would have the best signal, as is typically the case in a local network environment.
  • the loT device 18 may send an authentication request to a router of another network having the next highest signal strength and so on until the loT device finds the router with proxy authentication enabled. [030]
  • the router 12 determines if the proxy authentication setting 28 is enabled, and if so, forwards the device ID 34 to the proxy application 24 (block 206). If the proxy authentication setting 28 is not enabled, the process ends with the router sending a denial message to the loT device 18.
  • the proxy application 24 receives the device ID 34 from the router 12, and optionally validates the device ID (block 208).
  • the proxy application 24 In response to the proxy application 24 validating the device ID 34 (e.g., by checking an internal setting, table or database), the proxy application 24 prompts the user to enter the network password and receives the entered network password (block 210). The proxy application 24 then transmits the entered network password in a message to the router 12 (block 212).
  • the router 12 receives a message including the entered network password and validates the entered network password (block 214).
  • the router 12 validates the entered network password by sending a validation request to the credential management system 22, which validates the network password if a match is found for the password in the access credentials database 24.
  • the credential management system 22 may be part of a backend system for the router.
  • the router 12 sends a success message to the loT device 18 granting access to the wireless network, wherein the loT device 18 transmits the device ID 34 to the router 12 for subsequent connection without a need for the network password, the mobile device 16, or the proxy application 24 (block 216). That is, the loT device 18 typically stays connected to the wireless network
  • the loT device 18 resends the device ID 34 to the router 12.
  • the router 12 looks up the device ID 34 and if found reestablishes the network connection, all without any input from the user or the mobile device 16.
  • Figure 3 is a block diagram illustrating a system for enabling a mobile application to provide one-time wireless authentication of an Internet-of-Things device according to a second embodiment, where like components from Figure 1 have like reference numerals.
  • the system 300 is similar to the system 10 of Figure 1 , except provides additional security by separating functionality of the proxy application into two separate applications (apps), referred to herein as proxy app A 324A and proxy app B 324B, installed on mobile device 16.
  • proxy app A 324A is associated with an app A ID 32A
  • proxy app B 324B is associated with an app B ID 32B.
  • Both the app A ID 32A and the app B ID 32B may include the unique mobile phone number of the mobile device 16 in which the apps are installed.
  • the proxy system 300 further includes an authentication mapper server 326 in communication with the router 312 over the Internet 20, which is configured to communicate request and responses for proxy app A 324A and proxy app B 324B so that proxy app A 324A and proxy app B 324B do not communicate with one another directly.
  • server may refer to one or more computing devices, such as processors, storage devices, and/or similar computer components, that communicate with client devices and/or other computing devices over a network, such as the Internet or private networks and, in some examples, facilitate communication among other servers and/or client devices.
  • the server computer can be a large mainframe, a minicomputer cluster, or a group of servers functioning as a unit.
  • the server computer may be a database server coupled to a Web server, and may include or be coupled to a database.
  • the authentication mapper server 326 communicate with proxy app A 324A and proxy app B 324B though, for example, a Representational state transfer (REST) application programming interface (API) or REST API.
  • REST Representational state transfer
  • API application programming interface
  • REST API Representational state transfer
  • This second embodiment provides additional security by establishing distributed controls and distributed ownership on the data.
  • the authentication mapper server 326 may have control over network authentication and may be provided and/or run by a manufacturer of the router 312. Any subsequent need of decoupling or disabling a loT device 18 from proxy authentication may require the manufacturer of the loT device 18 to update the authentication mapper server 326 through the router manufacture.
  • proxy app A 324A is configured to receive from the router 312 the device ID 34 of the loT device 18 during the request for network authorization, and determine if that specific loT device has been enabled for proxy authentication by forwarding the device ID 34 to the authentication mapper server 326 to validate the device ID.
  • Proxy app B 324B is configured to respond to a validation message from the authentication mapper server 326 by displaying a popup screen prompting the user to enter the network password and to send the entered network password to the router 512 for validation through the authentication mapper server 326 and proxy app A 324A, as explained below.
  • proxy app A 324A and proxy app B 324B have different functionalities, but in an alternative embodiment can combined into one proxy application on the mobile device 16, as in Figure 1 . Also multiple loT devices can use the dual proxy applications or the single proxy application in the mobile device 16 for this initial setup.
  • FIG 4 is a flow diagram illustrating the process for one-time wireless authentication of an Internet-of-Things device in accordance with the second embodiment of Figure 3.
  • the one-time wireless authentication process includes a registration phase that assumes once proxy app A 324A and proxy app B 324B are started the first time on the mobile device 16, proxy app A 324A and proxy app B 324B register the respective app A ID 32A and the app B ID 32B as an application pair with the authentication mapper server 326.
  • the authentication mapping server 326 may store the registration of the app A ID 32A and the app B ID 32B as an application ID pair in the mapping database 302.
  • proxy app A 324A displays a user interface in which to receive the device ID 34 associated with the loT device 18 entered by a user (block 400). This step may be initiated in response to a user desiring to set up the loT device 18 and pressing a “registration button” on proxy app A 324A or proxy app B 324B to register the loT device 18. Thereafter, the proxy app A 324A displays a field into which the user may enter the device ID 34. Proxy app A 324A receives the device ID 34 and transmits both the app A ID 32A and device ID 34 as an ID pair in a registration request to the router 312 (block 401 ).
  • the router 312 receives the registration request, i) enables the proxy authentication setting 28, ii) stores at least the device ID 34, and iii) forwards the ID pair to the authentication mapper server 326 in a registration request (block 402).
  • the authentication mapper server 326 uses the app A ID 32A to find the record 304 having a matching app A ID 32A in the mapping database 302, and stores/associates the device ID 34 with the application ID pair in record 304.
  • proxy app B 324B may be used instead of proxy app A 324A in the above registration process.
  • the router 312 receives, an authorization request from the loT device 18 over the network 14, wherein the authorization request comprises at least the device ID 34 without a network password (block 404).
  • the authorization request may include DevicelD: “tdrgsthawu2n4n5j9aj4l5n2v97cm3bc78h3vn678” for instance.
  • the router 312 determines if the proxy authentication setting 28 is enabled, and if so, forwards the device ID 34 to the proxy app A 324A (block 406). In one embodiment, the router 312 receives and forwards the authorization request over the network 14 using the Internet protocol suite otherwise known as Transmission Control Protocol (TCP) and the Internet Protocol (IP).
  • TCP Transmission Control Protocol
  • IP Internet Protocol
  • Proxy app A 324A receives the device ID 34 from the router 312, and forwards the device ID 34 in a validation request to the authentication mapper server 326 for validation (block 408).
  • proxy app B 324B receives a validation response from the authentication mapper server 326 in response to the validation request of proxy app A 324A (block 410A).
  • the authentication mapper server 326 upon receiving the validation request, first uses the device ID 34 to search the mapping database 302 to find the mapping record 304 having a matching device ID 34, and once found, the authentication mapper server 326 sends the validation response to the proxy app B 324B listed in the matching mapping record 304 via the preconfigured REST API.
  • the authentication mapper server 326 may store the preconfigured REST API as:
  • proxy app B 324B In response to receiving the response from the authentication mapper server 326 validating the device ID 34, proxy app B 324B prompts the user to enter the network password and receives the entered network password (block 410B). Proxy app B 324B then transmits the entered network password in a message to the authentication mapper server 326 for forwarding to proxy app A 324A via the preconfigured REST API (block 412A). Proxy app A 324A then transmits the entered network password in a message to the router 12 (block 412B).
  • the router 312 receives a message including the entered network password and validates the entered network password (block 414). In one embodiment, the router 312 validates the entered network password by sending a validation request to the credential management system 22, which does so if a match is found for the password in the access credentials database 24. In one embodiment, the credential management system 22 may be part of a backend system for the router 312.
  • the router 312 sends a success message to the loT device 18 granting access to the wireless network, wherein the loT device 18 transmits the device ID 34 to the router 312 for subsequent connection without a need for the network password, the mobile device 16 or the proxy applications 324A and 324B (block 416).
  • FIG. 5 is a block diagram illustrating a system for enabling a mobile application to provide one-time wireless authentication of an Internet-of-Things device according to a third embodiment, where like components from Figure 3 have like reference numerals.
  • the system 500 is similar to the system 300 of Figure 3, except in addition to using the two separate proxy applications, proxy app A 324A and proxy app B 324B, system 500 further includes a router mapper system 502.
  • proxy app A 324A is associated with an app A ID 32A
  • proxy app B 324B is associated with an app B ID 32B, where both the app A ID 32A and the app B ID 32B may include the unique mobile phone number of the mobile device 16 in which the apps are installed.
  • the third embodiment enables the manufacturer of the router 512 and the manufacturer of the loT device 18 to share responsibility for the proxy authentication.
  • the manufacturer of the router 512 may control the router mapper system 504, while the manufacturer of the loT device 18 may control the authentication mapper server 326.
  • the proxy authentication process input from both the router mapper system 504 and the authentication mapper server 326 is required, as described with respect to Figure 6.
  • FIG. 6 is a flow diagram illustrating the process for one-time wireless authentication of an Internet-of-Things device in accordance with the third embodiment of Figure 5.
  • the one-time wireless authentication process includes a registration phase that assumes once proxy app A 324A and proxy app B 324B are started the first time on the mobile device 16 that: i) a mapping between the app A ID 32A and the network password (PW) is registered with the router mapper system 504; and ii) the app B ID 32B is registered with the authentication mapper server 326.
  • PW network password
  • This pre-mapping process safeguards the router 512 from having to receive authentication request from proxy apps on connected mobile devices other than from authorized proxy app A 324A and proxy app B 324B on mobile device 16 by checking any such request against the router DB 506 and the mapping DB 302.
  • proxy app A 324A displays a user interface in which to receive the device ID 34 associated with the loT device 18 entered by a user (block 600).
  • Proxy app A 324A receives the device ID 34 and transmits both the app A ID 32A and device ID 34 as an ID pair in a registration request to the router 312 (block 601 ).
  • the router 312 upon receiving the registration request: i) enables the proxy authentication setting 28, ii) stores at least the device ID 34, and iii) forwards the device ID pair to the router mapper system 504 in one registration request, and iv) forwards the app B ID 32B and the device ID 34 to the authentication mapper server 326 in another registration request (block 602).
  • the router mapper system 504 may store the device ID 34 in a record 508 of router database 506 associating app A ID 32A and the network password.
  • the authentication mapper server 326 may store the device ID 34 in a record 304 of mapping database 302 containing the app B ID 32B.
  • the router 312 receives an authorization request from the loT device 18 over the network 14, wherein the authorization request comprises at least the device ID 34 without a network password (block 604).
  • the authorization request may include DevicelD: “tdrgsthawu2n4n5j9aj4l5n2v97cm3bc78h3vn678” for instance.
  • the router 312 determines if the proxy authentication setting 28 is enabled, and if so, forwards the device ID 34 to the router mapper system 504 (block 606).
  • the router mapper system 504 receives the device ID 34 and uses the device ID 34 to find, and send a notification message to, the proxy app A 324A mapped to the device ID 34 by the app A ID 32A (block 608).
  • the notification message is sent using the preconfigured REST API.
  • the router mapper system 504 may store the preconfigured REST API as:
  • proxy app A 324A receives the notification message from the router mapper system 504 and forwards the notification message through the routerinternet to the authentication mapper server 326 (block 610).
  • proxy app B 324B receives a validation response from the authentication mapper server 326 in response to notification message from proxy app A 324A (block 612). That is, the authentication mapper server 326 first uses the device ID 34 received from proxy app A 324A to search the mapping database 302 to find the mapping record 304 having a matching device ID, and once the matching mapping record 304 is found, the authentication mapper server 326 sends the validation response to the proxy app B 324B mapped to the device ID in mapping record 304 via the preconfigured REST API.
  • the authentication mapper server 326 may store the preconfigured REST API as:
  • the proxy app B 324B In response to receiving the response from the authentication mapper server 326 validating the device ID 34, the proxy app B 324B prompts the user to enter the network password and receives the entered network password (block 614).
  • Proxy app B 324B then transmits the entered network password in a message to the authentication mapper server 326 for forwarding to proxy app A 324A via the preconfigured REST API (block 616). Proxy app A 324A then transmits the entered network password in a message to the router mapper system 504 using the REST API (block 618).
  • the router mapper system 504 receives a message including the entered network password and upon finding a matching network password, transmits the network password to the router 512 (block 620).
  • the router 512 receives a message including the entered network password and validates the network password (block 622).
  • the router 512 validates the entered network password by sending a validation request to the credential management system 22, which does so if a match is found for the password in the access credentials database 24.
  • the router 512 sends a success message to the loT device 18 granting access to the wireless network, wherein the loT device 18 transmits the loT device ID to the router 512 for subsequent connection without a need for the network password, the mobile device 16 or the proxy applications 324A and 324B (block 624).
  • Methods and systems for one-time wireless authentication of an loT device have been described. Methods and systems facilitate easy wireless Internet conductivity for an loT device when there is no available means for manual entry of passwords from the loT device, thus eliminating the need for keys and user interaction through the loT device 18.
  • the methods and systems facilitate loT devices having no provisions for password entry to connect to the Internet of long as the loT devices are pre-configured for proxy authentication using one or more mobile application and in addition to software changes in the router.
  • FIG. 7 shows an implementation of a computer system 700 that may be applicable to loT device 18, the mobile device 16, the authentication mapping server 26 and/or the router mapper system 504.
  • the computer system 700 can include a microprocessor(s) 703 and memory 702.
  • the microprocessor(s) 703 and memory 702 can be connected by an interconnect 701 (e.g., bus and system core logic).
  • the microprocessor 703 can be coupled to cache memory 709.
  • the interconnect 701 can connect the microprocessor(s) 703 and the memory 702 to input/output (I/O) device(s) 705 via I/O controller(s) 707.
  • I/O devices 705 can include a display device and/or peripheral devices, such as mice, keyboards, modems, network interfaces, printers, scanners, video cameras and other devices known in the art.
  • peripheral devices such as mice, keyboards, modems, network interfaces, printers, scanners, video cameras and other devices known in the art.
  • the interconnect 701 can include one or more buses connected to one another through various bridges, controllers and/or adapters.
  • the I/O controllers 707 can include a USB (Universal Serial Bus) adapter for controlli ng USB peripherals, and/or an IEEE-1394 bus adapter for controlling IEEE-1394 peripherals.
  • USB Universal Serial Bus
  • the memory 702 can include one or more of: ROM (Read Only Memory), volatile RAM (Random Access Memory), and non-volatile memory, such as hard drive, flash memory, etc.
  • Volatile RAM is typically implemented as dynamic RAM (DRAM) which requires power continually in order to refresh or maintain the data in the memory.
  • DRAM dynamic RAM
  • Non-volatile memory is typically a magnetic hard drive, a magnetic optical drive, an optical drive (e.g., a DV D RAM), or other type of memory system which maintains data even after power is removed from the system.
  • the non-volatile memory may also be a random access memory.
  • the non-volatile memory can be a local device coupled directly to the rest of the components in the data processing system.
  • a non-volatile memory that is remote from the system such as a network storage device coupled to the data processing system through a network interface such as a modem or Ethernet interface, can also be used.
  • the functions and operations as described here can be implemented using special purpose circuitry, with or without software instructions, such as using Application-Specific Integrated Circuit (ASIC) or Field-Programmable Gate Array (FPGA).
  • ASIC Application-Specific Integrated Circuit
  • FPGA Field-Programmable Gate Array
  • Embodiments can be implemented using hardwired circuitry without software instructions, or in combination with software instructions. Thus, the techniques are limited neither to any specific combination of hardware circuitry and software, nor to any particular source for the instructions executed by the data processing system.
  • At least some aspects disclosed can be embodied, at least in part, in software. That is, the techniques may be carried out in a computer system or other data processing system in response to its processor, such as a microprocessor, execut-ing sequences of instructions contained in a memory, such as ROM, volatile RAM, non-volatile memory, cache or a remote storage device.
  • processor such as a microprocessor
  • execut-ing sequences of instructions contained in a memory such as ROM, volatile RAM, non-volatile memory, cache or a remote storage device.
  • Routines executed to implement the embodiments may be implemented as part of an operating system or a specific application, component, program, object, module or sequence of instructions referred to as "computer programs.”
  • the computer programs typically include one or more instructions set at various times in various memory and storage devices in a computer, and that, when read and executed by one or more processors in a computer, cause the computer to perform operations necessary to execute elements involving the various aspects.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Authentication of an Internet-of-Things (loT) device comprises receiving, by a proxy application executing on a mobile device during a registration process, a device identifier associated with the loT device. The proxy application transmits the device identifier to a router of the wireless network. The proxy application receives the device identifier from the router in response to the router receiving an authorization request with no network password from the loT device for access to the wireless network, where the router forwards the device identifier to the proxy application. The proxy application prompts the user of the mobile device to enter the password, and transmits the entered network password to the router, such that the router validates the password and grants the loT device access to the wireless network, the loT device transmits the loT device identifier to the router for subsequent network connection without a need for the mobile device.

Description

ONE-TIME WIRELESS AUTHENTICATION OF AN INTERNET-OF-THINGS DEVICE
BACKGROUND
[001] Today, the use of Internet-of Things (loT) devices are proliferating. An loT device is an electronic computing device that connects wirelessly to a network and has the ability to transmit data over the network. loT devices are nonstandard computing devices in that they are typically not equipped with a user interface for user interaction and focus instead on machine-to-machine communication. The lack of a user interface can be problematic when the loT device needs to connect to the wireless network the first time with necessary access credentials (e.g., user name and password), which are typically entered by a user. If the loT has the requisite size, then the loT device can be equipped with some type of user interface, such as a small keyboard and/or screen. However, adding a user interface comes at a cost.
[002] Accordingly, it be desirable to provide an improved method and system for wireless authentication of an loT device.
BRIEF SUMMARY
[003] The exemplary embodiments provide methods and systems for one-time wireless authentication of an Internet-of-Things device. Aspects of exemplary embodiment include receiving, by a proxy application executing on a mobile device during a registration process, a device ID associated with the loT device. The proxy application transmits the device ID to a router of the wireless network. Subsequent to the registration process, the proxy application receives the device ID from the router in response to the router receiving an authorization request with no network password from the loT device for access to the wireless network, where the router forwards the device ID to the proxy application. The proxy application prompts the user of the mobile device to enter the password, and transmits the entered network password to the router, such that the router validates the password and grants the loT device access to the wireless network, the loT device transmits the loT device ID to the router for subsequent network connection without a need for the mobile device.
[004] In another embodiment, methods and systems for one-time wireless authentication of an Internet-of-Things device comprises a router receiving a registration request from a proxy application executing on a mobile device, the registration request including a device identifier associated with the loT device, the device identifier entered into the proxy application by a user of the mobile device, the router further storing the device identifier and enabling a proxy authentication setting. The router receives an authorization request from the loT device for access to a wireless network, the authorization request comprising at least the device identifier without a network password. The router determines if a proxy authentication setting is enabled, and if so forwards the device identifier to the proxy application. The router receives a message from the proxy application, a message including a network password entered into the proxy application by the user. Responsive to the router validating the network password, the router grants the loT device access to the wireless network, wherein the loT device transmits the device identifier to the router for subsequent connection without a need for the mobile device or the proxy application.
[005] According to the method and system disclosed herein, the disclosed embodiments enable easy wireless Internet conductivity for an Internet-of-Things device having no provisions for password entry, thus eliminating the need for keys and user interaction through the Internet-of-Things device. The methods and systems facilitate such Internet-of-Things devices to connect to the Internet of long as the Internet-of-Things devices are pre-configured for proxy authentication using the mobile application in conjunction with software changes in the router.
BRIEF DESCRIPTION OF SEVERAL VIEWS OF THE DRAWINGS
[006] Figure 1 is a block diagram illustrating a system for enabling a mobile application to provide one-time wireless authentication of an Internet-of-Things device according to a first embodiment.
[007] Figure 2 is a flow diagram illustrating an overview of a process for one-time wireless authentication of an Internet-of-Things device in accordance with some embodiments.
[008] Figure 3 is a block diagram illustrating a system for enabling a mobile application to provide one-time wireless authentication of an Internet-of-Things device according to a second embodiment.
[009] Figure 4 is a flow diagram illustrating the process for one-time wireless authentication of an Internet-of-Things device in accordance with the second embodiment of Figure 3.
[010] Figure 5 is a block diagram illustrating a system for enabling a mobile application to provide one-time wireless authentication of an Internet-of-Things device according to a third embodiment. [011] Figure 6 is a flow diagram illustrating the process for one-time wireless authentication of an Internet-of-Things device in accordance with the third embodiment of Figure 3.
[012] Figure 7 shows an implementation of a computer system that may be applicable to loT device, the mobile device, the authentication mapping server and/or the router mapper system.
DETAILED DESCRIPTION
[013] The exemplary embodiment relates to a mobile application for one-time wireless authentication of an Internet-of-Things device. The following description is presented to enable one of ordinary skill in the art to make and use the invention and is provided in the context of a patent application and its requirements. Various modifications to the exemplary embodiments and the generic principles and features described herein will be readily apparent. The exemplary embodiments are mainly described in terms of particular methods and systems provided in particular implementations. However, the methods and systems will operate effectively in other implementations. Phrases such as "exemplary embodiment", "one embodiment" and "another embodiment" may refer to the same or different embodiments. The embodiments will be described with respect to systems and/or devices having certain components. However, the systems and/or devices may include more or less components than those shown, and variations in the arrangement and type of the components may be made without departing from the scope of the invention. The exemplary embodiments will also be described in the context of particular methods having certain steps. However, the method and system operate effectively for other methods having different and/or additional steps and steps in different orders that are not inconsistent with the exemplary embodiments. Thus, the present invention is not intended to be limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles and features described hereinA As used herein, the terms “communication” and “communicate” may refer to the reception, receipt, transmission, transfer, provision, and/or the like of information (e.g., data, signals, messages, instructions, commands, and/or the like). For one unit (e.g., a device, a system, a component of a device or system, combinations thereof, and/or the like) to be in communication with another unit means that the one unit is able to directly or indirectly receive information from and/or send (e.g., transmit) information to the other unit. This may refer to a direct or indirect connection that is wired and/or wireless in nature. Additionally, two units may be in communication with each other even though the information transmitted may be modified, processed, relayed, and/or routed between the first and second unit. For example, a first unit may be in communication with a second unit even though the first unit passively receives information and does not actively send information to the second unit. As another example, a first unit may be in communication with a second unit if at least one intermediary unit (e.g., a third unit located between the first unit and the second unit) processes information received from the first unit and sends the processed information to the second unit. In some non-limiting embodiments, a request or message may refer to a network packet (e.g., a data packet and/or the like) that includes data.
[014] To provide context for the disclosed embodiments, today a wireless router provides and communications over a local or home wireless (Wi-Fi) network and connects to the Internet via a modem. An electronic device needing access to the wireless network needs to send access credentials, such as a network password, to the router. The first time an electronic device connects to the wireless network, a user typically inputs the network password, which is transmitted to the router. The router then sends an authentication request with the access credentials to a credential management system. The credential management system can be local to the router or a remote server. The credential management system receives the authentication request and authenticates the access credentials against previously stored access credentials for the router. The credential management system sends a response to the router either allowing or denying network access, and the router then either grants the device network access or alternatively sends a denial message.
[015] For electronic devices with no provisions for manual entry of access credentials, such as an Internet-of-Things (loT) device, methods and systems are required to facilitate easy wireless network and Internet connectivity through the router.
[016] According to the disclosed embodiments, a one-time authentication process is provided for an loT device to use a wireless network without the need for the loT device to have a user interface for entering access credentials. Instead, a mobile phone of the user, and in particular, an application on the mobile phone, acts as a proxy to provide one-time wireless authentication of the loT device with a router of a wireless network during first access. Thereafter, if the loT device becomes disconnected from the network, the loT device can reconnect to the network by transmitting the device ID of the loT device to the router for subsequent connection without requiring aid of the mobile device. Several embodiments are herein described that collectively unify the idea of proxy authentication by encapsulating underlying security controls and data distribution.
[017] Figure 1 is a block diagram illustrating a system for enabling a mobile application to provide one-time wireless authentication of an Internet-of-Things device according to a first embodiment. The system 10 includes a router 12 that provides a network 14 and communicates over the network 14 and the Internet 20. The router 12 is connected to the Internet 20 through a gateway (not shown). In one embodiment, the network is a wireless network, but wired connections (e.g., Ethernet) with the router 12 can also be made. As used herein, a “router” is a networking device forwards data packets between computer networks for example, in the home and small office environment, Internet protocol (IP) routers simply forward IP packets between home/office computing devices and the Internet.
[018] A mobile device 16 is wirelessly connected to the network 14, and an Internet- of-Things (loT) device 18 requires first time access to the network 14. A “mobile device” may be a device that is operated by a user. Examples of mobile devices 16 may include a mobile phone, a smart phone, a laptop computer, a desktop computer, a server computer, a vehicle such as an automobile, a thin-client device, a tablet PC, etc. Additionally, mobile devices may be any type of wearable technology device, such as a watch, earpiece, glasses, etc. The mobile device 16 may include one or more processors capable of processing user input. The mobile device 16 may also include one or more input sensors for receiving user input. As is known in the art, there are a variety of input sensors capable of detecting user input, such as accelerometers, cameras, microphones, etc. The user input obtained by the input sensors may be from a variety of data input types, including, but not limited to, audio data, visual data, or biometric data. The mobile device may comprise any electronic device that may be operated by a user, which may also provide remote communication capabilities to a network. Examples of remote communication capabilities include using a mobile phone (wireless) network, wireless data network (e.g., 3G, 4G, 5G or similar networks), Wi-Fi, Wi-Max, or any other communication medium that may provide access to a network such as the Internet or a private network.
[019] As used herein, an Internet of things (loT) device describes an electronic device — “a thing” — that is embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the Internet or other network.
[020] The router 12 may communicate with a credential management system 22, which maintains an access credentials database 24. When the router 12 receives an authentication request from a device, e.g., the loT device 18, for network access, the router 12 may forward the authentication request to the credential management system 22 to authenticate the requesting device.
[021] The loT device 18 is associated with a device identifier (ID) 34, and the proxy application 24 is associated with an application (app) ID 32. The IDs 34 and 32 may include any distinctive set of alphanumeric characters (numbers, graphics, symbols letters or other information) that can be used to identify a device or a program. For example, the device ID 34 may comprise a serial number, partial serial number, a key and the like, or a combination thereof, associated with the loT device 18.
[022] In one embodiment, the router 12, the loT device 18, and the mobile device 18 are configured to receive and transmit messages over the network 14 using the Internet protocol suite otherwise known as Transmission Control Protocol (TCP) and the Internet Protocol (IP) or TCP/IP.
[023] According to the disclosed embodiments, since a user cannot enter the access credentials for the network 14 on the loT device 18 due its lack of a user interface, the system 10 further includes a mobile application, referred to herein as a proxy application (proxy app) 24 that acts a proxy for the loT device 18 during the first network authentication attempt with the router 12, and a proxy authentication setting 28 for the router 12. In embodiments, the authentication mapping server 26 maintains a mapping between the loT device 18 and the proxy application 24.
[024] According to embodiments, the system 10 associates the proxy app 24 with the app ID 32. The app ID 32 may be a special purpose software key, a mobile phone number associated with the mobile device 16, a partial phone number, a software key, and the like, or a combination thereof. When associated with the proxy application 24, the app ID 32 may be used by the system 10 to determine the mobile device 16 on which the proxy application 24 is installed.
[025] Figure 2 is a flow diagram illustrating an overview of a process for one-time wireless authentication of an Internet-of-Things device in accordance with some embodiments. As an overview, the process occurs between the router 12 and the proxy application 24 executing on the mobile device 16 of the user. The process assumes that access credentials, such as a password, for the wireless network 14 have been sent from the router 12 to the credential management system 22 and stored in access credentials database 24. The process further assumes the user has installed the proxy application 24 on the user’s mobile device 16 in order to configure the loT device 18 for a one-time proxy authentication to the wireless network 14.
[026] The one-time wireless authentication process includes a registration phase in which the proxy application 24 is opened and receives the device ID 34 associated with the loT device 18 that is entered by a user (block 200). This step may be initiated in response to a user who wants to set up the loT device 18 and presses a “registration button” displayed by proxy application 24 to register the loT device 18. Thereafter, the proxy application 24 displays a field into which the user may enter the device ID 34. The device ID 34 may comprise a serial number or other identifier of the loT device 18. The user may find the device ID 34 on the loT device 18 itself or in documentation provided with the loT device 18.
[027] The proxy application 24 transmits the device ID to the router 12 in a registration request (block 201 ). The router 12 receives the registration request, stores the device ID 34 in the credential management system 22, and enables the proxy authentication setting 28 (block 202). In one embodiment, the credential management system 22 may comprise part of a local backend system for the router 12. In another embodiment, the credential management system 22 may be a remote site on the Internet 20. The proxy authentication setting can be stored by the router 12 or by the credential management system 22.
[028] In one embodiment, the registration phase may include the proxy application 24 associating the device ID 34 with the app ID 32 of the proxy application 24. In one embodiment, a mapping of the device ID 34 to the app ID 32 may be registered as an ID pair with the router 12 or another system (e.g., an authentication mapper server 326 shown in Figure 3). In one embodiment, the proxy application 24 sends both the device ID 34 the app ID 32 as an ID pair in the registration request sent to the router 12 in block 201. The router 12 may then store the mapping of the ID pair in the credential management system 22 or forward the ID pair to another system in block 202.
[029] Subsequent to the registration process, the router 12 receives, an authorization request from the loT device 18 over the network 14, wherein the authorization request comprises at least the device ID 34 without a network password (block 204). In one embodiment, when the loT device 18 is first turned on, the loT device 18 may be configured to determine automatically which one of a plurality of detected wireless networks to request access. This may be done by selecting the network 14 having the highest signal strength based on the assumption that the physically closest router 12 would have the best signal, as is typically the case in a local network environment. If the loT device 18 fails to receive a reply to the authorization request within a predetermined time threshold, the loT device 18 may send an authentication request to a router of another network having the next highest signal strength and so on until the loT device finds the router with proxy authentication enabled. [030] The router 12 then determines if the proxy authentication setting 28 is enabled, and if so, forwards the device ID 34 to the proxy application 24 (block 206). If the proxy authentication setting 28 is not enabled, the process ends with the router sending a denial message to the loT device 18. The proxy application 24 receives the device ID 34 from the router 12, and optionally validates the device ID (block 208). In response to the proxy application 24 validating the device ID 34 (e.g., by checking an internal setting, table or database), the proxy application 24 prompts the user to enter the network password and receives the entered network password (block 210). The proxy application 24 then transmits the entered network password in a message to the router 12 (block 212).
[031] The router 12 receives a message including the entered network password and validates the entered network password (block 214). In one embodiment, the router 12 validates the entered network password by sending a validation request to the credential management system 22, which validates the network password if a match is found for the password in the access credentials database 24. In one embodiment, the credential management system 22 may be part of a backend system for the router.
[032] Responsive to validating the entered network password, the router 12 sends a success message to the loT device 18 granting access to the wireless network, wherein the loT device 18 transmits the device ID 34 to the router 12 for subsequent connection without a need for the network password, the mobile device 16, or the proxy application 24 (block 216). That is, the loT device 18 typically stays connected to the wireless network
14, but if the loT device 18 becomes disconnected, the loT device 18 resends the device ID 34 to the router 12. The router 12 looks up the device ID 34 and if found reestablishes the network connection, all without any input from the user or the mobile device 16.
[033] Figure 3 is a block diagram illustrating a system for enabling a mobile application to provide one-time wireless authentication of an Internet-of-Things device according to a second embodiment, where like components from Figure 1 have like reference numerals.
[034] The system 300 is similar to the system 10 of Figure 1 , except provides additional security by separating functionality of the proxy application into two separate applications (apps), referred to herein as proxy app A 324A and proxy app B 324B, installed on mobile device 16. In this embodiment, proxy app A 324A is associated with an app A ID 32A and proxy app B 324B is associated with an app B ID 32B. Both the app A ID 32A and the app B ID 32B may include the unique mobile phone number of the mobile device 16 in which the apps are installed.
[035] According to one embodiment, for additional security the proxy system 300 further includes an authentication mapper server 326 in communication with the router 312 over the Internet 20, which is configured to communicate request and responses for proxy app A 324A and proxy app B 324B so that proxy app A 324A and proxy app B 324B do not communicate with one another directly. The term “server” may refer to one or more computing devices, such as processors, storage devices, and/or similar computer components, that communicate with client devices and/or other computing devices over a network, such as the Internet or private networks and, in some examples, facilitate communication among other servers and/or client devices. For example, the server computer can be a large mainframe, a minicomputer cluster, or a group of servers functioning as a unit. In one example, the server computer may be a database server coupled to a Web server, and may include or be coupled to a database.
[036] In one embodiment, the authentication mapper server 326 communicate with proxy app A 324A and proxy app B 324B though, for example, a Representational state transfer (REST) application programming interface (API) or REST API.
[037] This second embodiment provides additional security by establishing distributed controls and distributed ownership on the data. For example, the authentication mapper server 326 may have control over network authentication and may be provided and/or run by a manufacturer of the router 312. Any subsequent need of decoupling or disabling a loT device 18 from proxy authentication may require the manufacturer of the loT device 18 to update the authentication mapper server 326 through the router manufacture.
[038] In one embodiment, proxy app A 324A is configured to receive from the router 312 the device ID 34 of the loT device 18 during the request for network authorization, and determine if that specific loT device has been enabled for proxy authentication by forwarding the device ID 34 to the authentication mapper server 326 to validate the device ID. Proxy app B 324B is configured to respond to a validation message from the authentication mapper server 326 by displaying a popup screen prompting the user to enter the network password and to send the entered network password to the router 512 for validation through the authentication mapper server 326 and proxy app A 324A, as explained below. [039] Technically proxy app A 324A and proxy app B 324B have different functionalities, but in an alternative embodiment can combined into one proxy application on the mobile device 16, as in Figure 1 . Also multiple loT devices can use the dual proxy applications or the single proxy application in the mobile device 16 for this initial setup.
[040] Figure 4 is a flow diagram illustrating the process for one-time wireless authentication of an Internet-of-Things device in accordance with the second embodiment of Figure 3. The one-time wireless authentication process includes a registration phase that assumes once proxy app A 324A and proxy app B 324B are started the first time on the mobile device 16, proxy app A 324A and proxy app B 324B register the respective app A ID 32A and the app B ID 32B as an application pair with the authentication mapper server 326. The authentication mapping server 326 may store the registration of the app A ID 32A and the app B ID 32B as an application ID pair in the mapping database 302.
[041] Referring both to Figures 3 and 4, during the registration phase proxy app A 324A displays a user interface in which to receive the device ID 34 associated with the loT device 18 entered by a user (block 400). This step may be initiated in response to a user desiring to set up the loT device 18 and pressing a “registration button” on proxy app A 324A or proxy app B 324B to register the loT device 18. Thereafter, the proxy app A 324A displays a field into which the user may enter the device ID 34. Proxy app A 324A receives the device ID 34 and transmits both the app A ID 32A and device ID 34 as an ID pair in a registration request to the router 312 (block 401 ).
[042] The router 312 receives the registration request, i) enables the proxy authentication setting 28, ii) stores at least the device ID 34, and iii) forwards the ID pair to the authentication mapper server 326 in a registration request (block 402). Once the authentication mapper server 326 receives the ID pair, the authentication mapper server 326 uses the app A ID 32A to find the record 304 having a matching app A ID 32A in the mapping database 302, and stores/associates the device ID 34 with the application ID pair in record 304. In an alternative embodiment, proxy app B 324B may be used instead of proxy app A 324A in the above registration process.
[043] Subsequent to the registration process, the router 312 receives, an authorization request from the loT device 18 over the network 14, wherein the authorization request comprises at least the device ID 34 without a network password (block 404). As an example, the authorization request may include DevicelD: “tdrgsthawu2n4n5j9aj4l5n2v97cm3bc78h3vn678” for instance.
[044] The router 312 then determines if the proxy authentication setting 28 is enabled, and if so, forwards the device ID 34 to the proxy app A 324A (block 406). In one embodiment, the router 312 receives and forwards the authorization request over the network 14 using the Internet protocol suite otherwise known as Transmission Control Protocol (TCP) and the Internet Protocol (IP).
[045] Proxy app A 324A receives the device ID 34 from the router 312, and forwards the device ID 34 in a validation request to the authentication mapper server 326 for validation (block 408). In response, proxy app B 324B receives a validation response from the authentication mapper server 326 in response to the validation request of proxy app A 324A (block 410A). In embodiments, the authentication mapper server 326 upon receiving the validation request, first uses the device ID 34 to search the mapping database 302 to find the mapping record 304 having a matching device ID 34, and once found, the authentication mapper server 326 sends the validation response to the proxy app B 324B listed in the matching mapping record 304 via the preconfigured REST API.
[046] For example the authentication mapper server 326 may store the preconfigured REST API as:
(https://www.appa.appid/{info}) APP A -
Figure imgf000018_0001
(https://www.appb. appld/{lnfo}), where the preconfigured REST API informs the authentication mapper server 326 to call https://www.appb. appld/{lnfo} registered by app B, for any incoming requests from App A corresponding to deviceKey:”tdrgsthawu2n4n5j9aj4l5n2v97cm3bc78h3vn678.
[047] In response to receiving the response from the authentication mapper server 326 validating the device ID 34, proxy app B 324B prompts the user to enter the network password and receives the entered network password (block 410B). Proxy app B 324B then transmits the entered network password in a message to the authentication mapper server 326 for forwarding to proxy app A 324A via the preconfigured REST API (block 412A). Proxy app A 324A then transmits the entered network password in a message to the router 12 (block 412B).
[048] The router 312 receives a message including the entered network password and validates the entered network password (block 414). In one embodiment, the router 312 validates the entered network password by sending a validation request to the credential management system 22, which does so if a match is found for the password in the access credentials database 24. In one embodiment, the credential management system 22 may be part of a backend system for the router 312.
[049] Responsive to validating the entered network password, the router 312 sends a success message to the loT device 18 granting access to the wireless network, wherein the loT device 18 transmits the device ID 34 to the router 312 for subsequent connection without a need for the network password, the mobile device 16 or the proxy applications 324A and 324B (block 416).
[050] Figure 5 is a block diagram illustrating a system for enabling a mobile application to provide one-time wireless authentication of an Internet-of-Things device according to a third embodiment, where like components from Figure 3 have like reference numerals. The system 500 is similar to the system 300 of Figure 3, except in addition to using the two separate proxy applications, proxy app A 324A and proxy app B 324B, system 500 further includes a router mapper system 502. In this embodiment, proxy app A 324A is associated with an app A ID 32A and proxy app B 324B is associated with an app B ID 32B, where both the app A ID 32A and the app B ID 32B may include the unique mobile phone number of the mobile device 16 in which the apps are installed.
[051] The third embodiment enables the manufacturer of the router 512 and the manufacturer of the loT device 18 to share responsibility for the proxy authentication. For example, the manufacturer of the router 512 may control the router mapper system 504, while the manufacturer of the loT device 18 may control the authentication mapper server 326. During the proxy authentication process, input from both the router mapper system 504 and the authentication mapper server 326 is required, as described with respect to Figure 6.
[052] Figure 6 is a flow diagram illustrating the process for one-time wireless authentication of an Internet-of-Things device in accordance with the third embodiment of Figure 5. The one-time wireless authentication process includes a registration phase that assumes once proxy app A 324A and proxy app B 324B are started the first time on the mobile device 16 that: i) a mapping between the app A ID 32A and the network password (PW) is registered with the router mapper system 504; and ii) the app B ID 32B is registered with the authentication mapper server 326. This pre-mapping process safeguards the router 512 from having to receive authentication request from proxy apps on connected mobile devices other than from authorized proxy app A 324A and proxy app B 324B on mobile device 16 by checking any such request against the router DB 506 and the mapping DB 302.
[053] Referring both to Figures 5 and 6, during the registration phase proxy app A 324A displays a user interface in which to receive the device ID 34 associated with the loT device 18 entered by a user (block 600). Proxy app A 324A receives the device ID 34 and transmits both the app A ID 32A and device ID 34 as an ID pair in a registration request to the router 312 (block 601 ).
[054] The router 312 upon receiving the registration request: i) enables the proxy authentication setting 28, ii) stores at least the device ID 34, and iii) forwards the device ID pair to the router mapper system 504 in one registration request, and iv) forwards the app B ID 32B and the device ID 34 to the authentication mapper server 326 in another registration request (block 602).
[055] As shown in Figure 5, the router mapper system 504 may store the device ID 34 in a record 508 of router database 506 associating app A ID 32A and the network password. Similarly, the authentication mapper server 326 may store the device ID 34 in a record 304 of mapping database 302 containing the app B ID 32B.
[056] Subsequent to the registration process, the router 312 receives an authorization request from the loT device 18 over the network 14, wherein the authorization request comprises at least the device ID 34 without a network password (block 604). As an example, the authorization request may include DevicelD: “tdrgsthawu2n4n5j9aj4l5n2v97cm3bc78h3vn678” for instance.
[057] The router 312 then determines if the proxy authentication setting 28 is enabled, and if so, forwards the device ID 34 to the router mapper system 504 (block 606).
[058] The router mapper system 504 receives the device ID 34 and uses the device ID 34 to find, and send a notification message to, the proxy app A 324A mapped to the device ID 34 by the app A ID 32A (block 608). In one embodiment, the notification message is sent using the preconfigured REST API. For example the router mapper system 504 may store the preconfigured REST API as:
(https://www.appa.appid/{info}) APP A -
Figure imgf000021_0001
Mobile device APP A (https://www.appa.appld/{lnfo}), where the preconfigured REST API in the router mapper system 504 informs the authentication mapper server 326 to call https ://www.appa.appld/{ Info} registered by app A, for any incoming requests from the router 512 corresponding to deviceKey: ”tdrgsthawu2n4n5j9aj4l5n2v97cm3bc78h3vn678.
[059] In response, proxy app A 324A receives the notification message from the router mapper system 504 and forwards the notification message through the routerinternet to the authentication mapper server 326 (block 610). In response, proxy app B 324B receives a validation response from the authentication mapper server 326 in response to notification message from proxy app A 324A (block 612). That is, the authentication mapper server 326 first uses the device ID 34 received from proxy app A 324A to search the mapping database 302 to find the mapping record 304 having a matching device ID, and once the matching mapping record 304 is found, the authentication mapper server 326 sends the validation response to the proxy app B 324B mapped to the device ID in mapping record 304 via the preconfigured REST API.
[060] For example the authentication mapper server 326 may store the preconfigured REST API as:
(https://www.appa.appid/{info}) APP A -
Figure imgf000022_0001
(https://www.appb. appld/{lnfo}), where the preconfigured REST API informs the authentication mapper server 326 to call https://www.appb. appld/{lnfo} registered by app B, for any incoming requests from App A corresponding to deviceKey:”tdrgsthawu2n4n5j9aj4l5n2v97cm3bc78h3vn678. [061] In response to receiving the response from the authentication mapper server 326 validating the device ID 34, the proxy app B 324B prompts the user to enter the network password and receives the entered network password (block 614). Proxy app B 324B then transmits the entered network password in a message to the authentication mapper server 326 for forwarding to proxy app A 324A via the preconfigured REST API (block 616). Proxy app A 324A then transmits the entered network password in a message to the router mapper system 504 using the REST API (block 618).
[062] The router mapper system 504 receives a message including the entered network password and upon finding a matching network password, transmits the network password to the router 512 (block 620). The router 512 receives a message including the entered network password and validates the network password (block 622). In one embodiment, the router 512 validates the entered network password by sending a validation request to the credential management system 22, which does so if a match is found for the password in the access credentials database 24.
[063] Responsive to validating the entered network password, the router 512 sends a success message to the loT device 18 granting access to the wireless network, wherein the loT device 18 transmits the loT device ID to the router 512 for subsequent connection without a need for the network password, the mobile device 16 or the proxy applications 324A and 324B (block 624).
[064] Methods and systems for one-time wireless authentication of an loT device have been described. Methods and systems facilitate easy wireless Internet conductivity for an loT device when there is no available means for manual entry of passwords from the loT device, thus eliminating the need for keys and user interaction through the loT device 18. The methods and systems facilitate loT devices having no provisions for password entry to connect to the Internet of long as the loT devices are pre-configured for proxy authentication using one or more mobile application and in addition to software changes in the router.
[065] Figure 7 shows an implementation of a computer system 700 that may be applicable to loT device 18, the mobile device 16, the authentication mapping server 26 and/or the router mapper system 504. According to an embodiment. The computer system 700 can include a microprocessor(s) 703 and memory 702. In an embodiment, the microprocessor(s) 703 and memory 702 can be connected by an interconnect 701 (e.g., bus and system core logic). In addition, the microprocessor 703 can be coupled to cache memory 709. In an embodiment, the interconnect 701 can connect the microprocessor(s) 703 and the memory 702 to input/output (I/O) device(s) 705 via I/O controller(s) 707. I/O devices 705 can include a display device and/or peripheral devices, such as mice, keyboards, modems, network interfaces, printers, scanners, video cameras and other devices known in the art. In an embodiment, (e.g., when the data processing system is a server system) some of the I/O devices (705), such as printers, scanners, mice, and/or keyboards, can be optional.
[066] In an embodiment, the interconnect 701 can include one or more buses connected to one another through various bridges, controllers and/or adapters. In one embodiment, the I/O controllers 707 can include a USB (Universal Serial Bus) adapter for controlli ng USB peripherals, and/or an IEEE-1394 bus adapter for controlling IEEE-1394 peripherals.
[067] In an embodiment, the memory 702 can include one or more of: ROM (Read Only Memory), volatile RAM (Random Access Memory), and non-volatile memory, such as hard drive, flash memory, etc. Volatile RAM is typically implemented as dynamic RAM (DRAM) which requires power continually in order to refresh or maintain the data in the memory. Non-volatile memory is typically a magnetic hard drive, a magnetic optical drive, an optical drive (e.g., a DV D RAM), or other type of memory system which maintains data even after power is removed from the system. The non-volatile memory may also be a random access memory.
[068] The non-volatile memory can be a local device coupled directly to the rest of the components in the data processing system. A non-volatile memory that is remote from the system, such as a network storage device coupled to the data processing system through a network interface such as a modem or Ethernet interface, can also be used.
[069] In this description, some functions and operations are described as being performed by or caused by software code to simplify description. However, such expressions are also used to specify that the functions result from execution of the code/instructions by a processor, such as a microprocessor.
[070] Alternatively, or in combination, the functions and operations as described here can be implemented using special purpose circuitry, with or without software instructions, such as using Application-Specific Integrated Circuit (ASIC) or Field-Programmable Gate Array (FPGA). Embodiments can be implemented using hardwired circuitry without software instructions, or in combination with software instructions. Thus, the techniques are limited neither to any specific combination of hardware circuitry and software, nor to any particular source for the instructions executed by the data processing system.
[071] While one embodiment can be implemented in fully functioning computers and computer systems, various embodiments are capable of being distributed as a computing product in a variety of forms and are capable of being applied regardless of the particular type of machine or computer-readable media used to actually effect the distribution.
[072] At least some aspects disclosed can be embodied, at least in part, in software. That is, the techniques may be carried out in a computer system or other data processing system in response to its processor, such as a microprocessor, execut-ing sequences of instructions contained in a memory, such as ROM, volatile RAM, non-volatile memory, cache or a remote storage device.
[073] Routines executed to implement the embodiments may be implemented as part of an operating system or a specific application, component, program, object, module or sequence of instructions referred to as "computer programs." The computer programs typically include one or more instructions set at various times in various memory and storage devices in a computer, and that, when read and executed by one or more processors in a computer, cause the computer to perform operations necessary to execute elements involving the various aspects.
[074] Although specific embodiments have been described above, these embodiments are not intended to limit the scope of the present disclosure, even where only a single embodiment is described with respect to a particular feature. Examples of features provided in the disclosure are intended to be illustrative rather than restrictive unless stated otherwise. The above description is intended to cover such alternatives, modifications, and equivalents as would be apparent to a person skilled in the art having the benefit of the present disclosure.
[075] Methods and systems for one-time wireless authentication of an Internet-of- Things device has been disclosed. The present invention has been described in accordance with the embodiments shown, and there could be variations to the embodiments, and any variations would be within the spirit and scope of the present invention. Accordingly, many modifications may be made by one of ordinary skill in the art without departing from the spirit and scope of the appended claims.

Claims

CLAIMS We Claim:
1 . A computer-implemented method for authentication of an Internet-of-Things (loT) device, comprising: receiving, by a proxy application executing on a mobile device during a registration process, a device identifier associated with the loT device, the device identifier entered into the proxy application by a user of the mobile device; transmitting, by the proxy application, the device identifier to a router of a wireless network as part of the registration process; subsequent to the registration process, receiving by the proxy application, the device identifier from the router in response to the router receiving an authorization request comprising the device identifier with no network password from the loT device for access to the wireless network, and the router forwarding the device identifier to the proxy application after determining that the router has proxy authentication enabled; prompting the user of the mobile device to enter the network password, and transmitting the entered network password in a message to the router, such that in response to the router validating the network password and granting the loT device access to the wireless network, the loT device transmits the device identifier to the router for subsequent network connection without a need for the mobile device or the proxy application.
-27-
2. The method of claim 1 , wherein the registration phase further comprises: associating, by the proxy application, the device identifier with an application identifier used to identify the proxy application.
3. The computer-implemented method of claim 2, wherein the registration phase further comprises: registering, by the proxy application, a mapping of the device identifier to the application identifier as an identifier pair with the router.
4. The computer-implemented method of claim 3, wherein the registration phase further comprises: sending, by the proxy application, the identifier pair to the router such that the router stores the identifier pair in a credential management system or forwards the identifier pair to an authentication mapper server.
5. The computer-implemented method of claim 2, further comprising: separating functionality of the proxy application into a first proxy application and a second proxy application, wherein during the registration phase, the first proxy application and the second proxy application register as an application pair with an authentication mapper server.
6. The computer-implemented method of claim 5, further comprising: configuring the authentication mapper server to communicate request and responses for the first proxy application and the second proxy application.
7. The computer-implemented method of claim 6, further comprising: configuring the first proxy application to receive from the router the device identifier of the loT device and determine if the loT device has been enabled for proxy authentication by forwarding the device identifier to the authentication mapper server to validate the device identifier.
8. The computer-implemented method of claim 6, further comprising: configuring the second proxy application to prompt the user of the mobile device to enter the network password in response to receiving a validation message from the authentication mapper server, and transmit the entered network password in the message to the router through the authentication mapper server and the first proxy application.
9. The computer-implemented method of claim 1 , further comprising: implementing the proxy application as a first proxy application associated with a first application identifier and a second proxy application associated with a second application identifier, wherein the first application identifier and the second application identifier include a mobile phone number of the mobile device.
10. The computer-implemented method of claim 9, further comprising: registering a mapping between the first application identifier and the network password with a router mapper system; and registering the second application identifier with an authentication mapper server.
1 1 . The computer-implemented method of claim 1 , wherein receiving, by the proxy application, the device identifier associated with the loT device further comprises: automatically determining, by the loT device, which one of a plurality of detected wireless networks to request access to by selecting the wireless network having a highest signal strength.
12. A computer-implemented method for authentication of an loT device, comprising: receiving, by a router, a registration request from a proxy application executing on a mobile device, the registration request including a device identifier associated with the loT device, the device identifier entered into the proxy application by a user of the mobile device, the router further storing the device identifier and enabling a proxy authentication setting; receiving, by the router, an authorization request from the loT device for access to a wireless network, the authorization request comprising at least the device identifier without a network password; determining, by the router, if a proxy authentication setting is enabled, and if so forwarding the device identifier to the proxy application; receiving, by the router, a message from the proxy application, a message including a network password entered into the proxy application by the user; and responsive to the router validating the network password, granting the loT device access to the wireless network, the loT device to transmit the device identifier to the router for subsequent connection without a need for the mobile device or the proxy application.
13. The computer-implemented method of claim 12, further comprising: storing, by the router, the device identifier in a credential management system.
14. The computer-implemented method of claim 13, wherein receiving the message from the proxy application with a network password entered by the user further comprises: sending, by the router, a validation request to the credential management system, which validates the network password if a match for the network password is found.
-SO-
15. The computer-implemented method of claim 12, further comprising: in response to determining that proxy authentication setting is not enabled, sending, by the router, a denial message to the loT device.
16. The computer-implemented method of claim 12, further comprising: responsive to the loT device being disconnected from the wireless network, receiving, by the router, the device ID from the loT device; looking up the device ID and if found, reestablishing network connection with the loT device without any input from the user or the mobile device.
17. The computer-implemented method of claim 12, wherein receiving, by the router, the authorization request from the loT device further comprises: automatically determining, by the loT device, which one of a plurality of detected wireless networks to request access to by selecting the wireless network having a highest signal strength.
18. The computer-implemented method of claim 13, further comprising: in response to the loT device failing to receive a reply to the authorization request within a predetermined time threshold, sending, by the loT device, an authentication request to a router of another wireless network having a next highest signal strength until the loT device finds the router with proxy authentication enabled.
19. A system, comprising: a router that provides a wireless network and communicates over the wireless network and an Internet; an Internet-of-Things (loT) device requiring first time access to the wireless network, the loT device associated with a device identifier; and
-31 - a proxy application executing on a mobile device of a user, the proxy application to act a proxy for the loT device during a first network authentication attempt with the router, the proxy application configured to: receive during a registration process, the device identifier associated with the loT device, the device identifier entered into the proxy application by the; transmit the device identifier to the router as part of the registration process; subsequent to the registration process, receive by the proxy application, the device identifier from the router in response to the router receiving an authorization request comprising the device identifier with no network password from the loT device for access to the wireless network, and the router forwarding the device identifier to the proxy application after determining that the router has proxy authentication enabled; and prompt the user of the mobile device to enter the network password, and transmit the entered network password in a message to the router, such that in response to the router validating the network password and granting the loT device access to the wireless network, the loT device transmits the device identifier to the router for subsequent network connection without a need for the mobile device or the proxy application.
20. The system of claim 19, further comprising an authentication mapper server in communication with the router, and wherein functionality of the proxy application is separated into a first proxy application and a second proxy application, wherein the authentication mapper server stores a mapping between a first application identifier
-32- associated with the first proxy application, a second application identifier associated with the second proxy application, and the device ID.
-33-
PCT/US2021/044667 2020-11-05 2021-08-05 One-time wireless authentication of an internet-of-things device WO2022098406A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP21889773.4A EP4241519A4 (en) 2020-11-05 2021-08-05 One-time wireless authentication of an internet-of-things device
CN202180072637.XA CN116438885A (en) 2020-11-05 2021-08-05 Disposable wireless authentication of internet of things device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US17/090,385 2020-11-05
US17/090,385 US20220141658A1 (en) 2020-11-05 2020-11-05 One-time wireless authentication of an internet-of-things device

Publications (1)

Publication Number Publication Date
WO2022098406A1 true WO2022098406A1 (en) 2022-05-12

Family

ID=81379520

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2021/044667 WO2022098406A1 (en) 2020-11-05 2021-08-05 One-time wireless authentication of an internet-of-things device

Country Status (4)

Country Link
US (1) US20220141658A1 (en)
EP (1) EP4241519A4 (en)
CN (1) CN116438885A (en)
WO (1) WO2022098406A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140123265A1 (en) * 2012-10-12 2014-05-01 Citrix Systems, Inc. Single Sign-On Access in an Orchestration Framework for Connected Devices
US20160171479A1 (en) * 2014-12-12 2016-06-16 Gyan Prakash Provisioning platform for machine-to-machine devices
US20160337346A1 (en) * 2015-05-12 2016-11-17 Citrix Systems, Inc. Multifactor Contextual Authentication and Entropy from Device or Device Input or Gesture Authentication
US20190334869A1 (en) * 2018-04-27 2019-10-31 Cloudflare, Inc. Protecting Internet of Things (IoT) Devices at the Network Level
WO2020133467A1 (en) * 2018-12-29 2020-07-02 华为技术有限公司 Method for smart home appliance to access network and related device

Family Cites Families (466)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6600915B1 (en) * 1997-04-22 2003-07-29 John K. Wedeking Cellular device authorized user tracking systems and methods
EP1168752A1 (en) * 2000-06-23 2002-01-02 Matra Nortel Communications Access control in client-sever systems
US7587499B1 (en) * 2000-09-14 2009-09-08 Joshua Haghpassand Web-based security and filtering system with proxy chaining
US6839761B2 (en) * 2001-04-19 2005-01-04 Microsoft Corporation Methods and systems for authentication through multiple proxy servers that require different authentication data
FR2827104B1 (en) * 2001-07-03 2004-01-30 Elzbieta Krystyna Ploc Cochard METHOD FOR CONTROLLING THE EXCHANGE OF DATA BETWEEN TWO APPLICATIONS, RESPECTIVELY OF THE CLIENT TYPE AND OF THE SERVER TYPE
US7197301B2 (en) * 2002-03-04 2007-03-27 Telespree Communications Method and apparatus for secure immediate wireless access in a telecommunications network
US7213143B1 (en) * 2003-01-27 2007-05-01 Nortel Networks Limited Security over a network
US7427024B1 (en) * 2003-12-17 2008-09-23 Gazdzinski Mark J Chattel management apparatus and methods
KR100664110B1 (en) * 2004-02-04 2007-01-04 엘지전자 주식회사 Usage restriction setting method for mobile communication device
US11316958B2 (en) * 2008-08-11 2022-04-26 Icontrol Networks, Inc. Virtual device systems and methods
CA2564865C (en) * 2004-04-30 2013-07-16 Research In Motion Limited System and method for handling peripheral connections to mobile devices
GB0420409D0 (en) * 2004-09-14 2004-10-20 Waterleaf Ltd Online commercial transaction system and method of operation thereof
US8005913B1 (en) * 2005-01-20 2011-08-23 Network Protection Sciences, LLC Controlling, filtering, and monitoring of mobile device access to the internet, data, voice, and applications
US8700729B2 (en) * 2005-01-21 2014-04-15 Robin Dua Method and apparatus for managing credentials through a wireless network
US7958347B1 (en) * 2005-02-04 2011-06-07 F5 Networks, Inc. Methods and apparatus for implementing authentication
CN101223489A (en) * 2005-06-23 2008-07-16 汤姆森特许公司 Portable playback machine, method and system with admission of digital copyright management
US20070011452A1 (en) * 2005-07-08 2007-01-11 Alcatel Multi-level and multi-factor security credentials management for network element authentication
US20070179794A1 (en) * 2006-01-20 2007-08-02 Jamie Fisher Internet based credential management system
US9860965B2 (en) * 2006-03-28 2018-01-02 Wireless Environment, Llc Cloud connected lighting system
EP1881672A1 (en) * 2006-05-03 2008-01-23 Medinbiz Co., Ltd. Ultrasonic moving-picture real-time service system and method and recording medium having embodied thereon computer program for performing method
US7536383B2 (en) * 2006-08-04 2009-05-19 Apple Inc. Method and apparatus for searching metadata
US8341708B1 (en) * 2006-08-29 2012-12-25 Crimson Corporation Systems and methods for authenticating credentials for management of a client
US20160315824A1 (en) * 2006-09-25 2016-10-27 Weaved, Inc. Networking systems
US9712486B2 (en) * 2006-09-25 2017-07-18 Weaved, Inc. Techniques for the deployment and management of network connected devices
US10637724B2 (en) * 2006-09-25 2020-04-28 Remot3.It, Inc. Managing network connected devices
US20180262388A1 (en) * 2006-09-25 2018-09-13 Weaved, Inc. Remote device deployment
US11336511B2 (en) * 2006-09-25 2022-05-17 Remot3.It, Inc. Managing network connected devices
US20130339509A1 (en) * 2012-06-15 2013-12-19 Yoics, Inc. Networking systems
US9231904B2 (en) * 2006-09-25 2016-01-05 Weaved, Inc. Deploying and managing networked devices
KR101393012B1 (en) * 2007-07-03 2014-05-12 삼성전자주식회사 System and method for management of license
US8306509B2 (en) * 2007-08-31 2012-11-06 At&T Mobility Ii Llc Enhanced messaging with language translation feature
US8266306B2 (en) * 2007-12-31 2012-09-11 Symantec Corporation Systems and methods for delegating access to online accounts
US20090249443A1 (en) * 2008-04-01 2009-10-01 William Fitzgerald Method for monitoring the unauthorized use of a device
US8719909B2 (en) * 2008-04-01 2014-05-06 Yougetitback Limited System for monitoring the unauthorized use of a device
US8522326B2 (en) * 2008-05-30 2013-08-27 Motorola Mobility Llc System and method for authenticating a smart card using an authentication token transmitted to a smart card reader
US8201232B2 (en) * 2008-06-26 2012-06-12 Samsung Electronics Co., Ltd. Authentication, identity, and service management for computing and communication systems
US8099767B2 (en) * 2008-07-01 2012-01-17 International Business Machines Corporation Secure agent-less enterprise infrastructure discovery
US8302204B2 (en) * 2008-07-30 2012-10-30 Sap Ag Secure distributed item-level discovery service using secret sharing
US9084282B2 (en) * 2008-10-17 2015-07-14 Qualcomm Incorporated Apparatus and method for providing a portable broadband service using a wireless convergence platform
US9781148B2 (en) * 2008-10-21 2017-10-03 Lookout, Inc. Methods and systems for sharing risk responses between collections of mobile communications devices
US8505078B2 (en) * 2008-12-28 2013-08-06 Qualcomm Incorporated Apparatus and methods for providing authorized device access
US8286231B2 (en) * 2009-01-28 2012-10-09 The Boeing Company System and method for information sharing between non-secure devices
US20100325719A1 (en) * 2009-06-19 2010-12-23 Craig Stephen Etchegoyen System and Method for Redundancy in a Communication Network
US8458353B2 (en) * 2009-08-13 2013-06-04 Qualcomm Incorporated Method and apparatus for link aggregation in a heterogeneous communication system
US8560855B2 (en) * 2009-08-27 2013-10-15 Cleversafe, Inc. Verification of dispersed storage network access control information
US8437742B2 (en) * 2009-10-16 2013-05-07 At&T Intellectual Property I, L.P. Systems and methods for providing location-based application authentication using a location token service
US8510816B2 (en) * 2010-02-25 2013-08-13 Secureauth Corporation Security device provisioning
US8632000B2 (en) * 2010-12-23 2014-01-21 Paydiant, Inc. Mobile phone ATM processing methods and systems
US9356916B2 (en) * 2010-04-30 2016-05-31 T-Central, Inc. System and method to use a cloud-based platform supported by an API to authenticate remote users and to provide PKI- and PMI-based distributed locking of content and distributed unlocking of protected content
US8984597B2 (en) * 2010-05-27 2015-03-17 Microsoft Technology Licensing, Llc Protecting user credentials using an intermediary component
EP2619703B1 (en) * 2010-09-24 2019-02-27 BlackBerry Limited Method and apparatus for differentiated access control
US10069837B2 (en) * 2015-07-09 2018-09-04 Biocatch Ltd. Detection of proxy server
US8527582B2 (en) * 2011-01-10 2013-09-03 Bank Of America Corporation Systems and methods for requesting and delivering network content
BR112013017889B1 (en) * 2011-01-14 2021-12-07 Nokia Solutions And Networks Oy EXTERNAL AUTHENTICATION SUPPORT OVER AN UNRELIABLE NETWORK
CN107529693B (en) * 2011-02-11 2020-08-21 Iot控股公司 System, method and apparatus for managing machine-to-machine (M2M) entities
CN103535090B (en) * 2011-02-15 2017-07-07 黑莓有限公司 For the system and method for the Identity Management of mobile device
BR112013022905A2 (en) * 2011-03-08 2017-11-14 Telefonica Sa method of providing authorized access to a service application to use a protected end-user resource
US8572701B2 (en) * 2011-08-22 2013-10-29 Verizon Patent And Licensing Inc. Authenticating via mobile device
WO2013040250A1 (en) * 2011-09-13 2013-03-21 Aicent, Inc. Method of and system for data access over dual data channels with dynamic sim credential
US9043886B2 (en) * 2011-09-29 2015-05-26 Oracle International Corporation Relying party platform/framework for access management infrastructures
US20170063566A1 (en) * 2011-10-04 2017-03-02 Electro Industries/Gauge Tech Internet of things (iot) intelligent electronic devices, systems and methods
EP2792104B1 (en) * 2011-12-21 2021-06-30 SSH Communications Security Oyj Automated access, key, certificate, and credential management
EP3425942A1 (en) * 2012-01-13 2019-01-09 Iot Holdings, Inc. Method and apparatus for supporting machine-to-machine communications
US9129127B2 (en) * 2012-01-23 2015-09-08 Verizon Patent And Licensing Inc. Secure mobile interface access system
EP3410675B1 (en) * 2012-01-23 2020-08-19 Headwater Research LLC Method for child wireless device activation to subscriber account of a master wireless device
US8364817B1 (en) * 2012-02-09 2013-01-29 Gramboo Inc. Method and system for managing a data item
AU2013221600B2 (en) * 2012-02-13 2016-09-29 Xceedid Corporation Credential management system
US8661246B1 (en) * 2012-04-09 2014-02-25 Rockwell Collins, Inc. System and method for protecting certificate applications using a hardened proxy
US9378356B2 (en) * 2012-04-13 2016-06-28 Paypal, Inc. Two factor authentication using a one-time password
US10515363B2 (en) * 2012-06-12 2019-12-24 Square, Inc. Software PIN entry
KR102152008B1 (en) * 2012-06-15 2020-09-07 삼성전자주식회사 Method and system for transfering profiles of certification module
CN104798111B (en) * 2012-08-16 2018-10-23 爱克斯蒂德公司 Wireless communication system based on cloud and method
WO2014074681A1 (en) * 2012-11-07 2014-05-15 Interdigital Patent Holdings, Inc. Reliable multicast/broadcast for p2p communications
CN107547571B (en) * 2012-11-21 2021-06-22 苹果公司 Method for managing access control and access control client provisioning server
US9172699B1 (en) * 2012-11-30 2015-10-27 Microstrategy Incorporated Associating a device with a user account
US9112844B2 (en) * 2012-12-06 2015-08-18 Audible, Inc. Device credentialing for network access
US9621495B1 (en) * 2012-12-10 2017-04-11 Jeffrey Brian Shumate Anonymous messaging proxy
US9185078B2 (en) * 2012-12-18 2015-11-10 Salesforce.Com, Inc. Systems, methods, and apparatuses for implementing cross organizational data sharing
JP6396320B2 (en) * 2012-12-20 2018-09-26 エアビクティ インコーポレイテッド Efficient head unit communication integration
US20140196129A1 (en) * 2013-01-07 2014-07-10 Prium Inc. User credential management system and method thereof
US8966260B1 (en) * 2013-01-30 2015-02-24 Palo Alto Networks, Inc. Credentials management in large scale virtual private network deployment
US8904504B2 (en) * 2013-01-31 2014-12-02 Netlq Corporation Remote keychain for mobile devices
US9398050B2 (en) * 2013-02-01 2016-07-19 Vidder, Inc. Dynamically configured connection to a trust broker
WO2014124318A1 (en) * 2013-02-08 2014-08-14 Interdigital Patent Holdings, Inc. METHOD AND APPARATUS FOR INCORPORATING AN INTERNET OF THINGS (IoT) SERVICE INTERFACE PROTOCOL LAYER IN A NODE
US9900171B2 (en) * 2013-02-25 2018-02-20 Qualcomm Incorporated Methods to discover, configure, and leverage relationships in internet of things (IoT) networks
US9173101B1 (en) * 2013-03-14 2015-10-27 Microstrategy Incorporated Acquiring client device data
US9143492B2 (en) * 2013-03-15 2015-09-22 Fortinet, Inc. Soft token system
US9355223B2 (en) * 2013-03-29 2016-05-31 Citrix Systems, Inc. Providing a managed browser
US20140331295A1 (en) * 2013-05-02 2014-11-06 Rogers Communications Inc. Credential management gateway and method
US9154488B2 (en) * 2013-05-03 2015-10-06 Citrix Systems, Inc. Secured access to resources using a proxy
US9438576B2 (en) * 2013-06-12 2016-09-06 Luiz M Franca-Neto Apparatus and method for validation and authorization of device and user by global positioning and non-prompted exchange of information
US9317704B2 (en) * 2013-06-12 2016-04-19 Sequent Software, Inc. System and method for initially establishing and periodically confirming trust in a software application
US9843624B1 (en) * 2013-06-13 2017-12-12 Pouya Taaghol Distributed software defined networking
US9807092B1 (en) * 2013-07-05 2017-10-31 Dcs7, Llc Systems and methods for classification of internet devices as hostile or benign
GB2516050A (en) * 2013-07-09 2015-01-14 Ibm A Network Security System
US10122714B2 (en) * 2013-08-01 2018-11-06 Bitglass, Inc. Secure user credential access system
EP3039824A1 (en) * 2013-08-30 2016-07-06 Convida Wireless, LLC Smart object identification in the digital home
US9501776B2 (en) * 2013-09-09 2016-11-22 Capital One Financial Corporation System and method for automatically authenticating a caller
WO2015042547A1 (en) * 2013-09-20 2015-03-26 Oracle International Corporation Web-based interface integration for single sign-on
US9319392B1 (en) * 2013-09-27 2016-04-19 Amazon Technologies, Inc. Credential management
US11812258B2 (en) * 2013-10-04 2023-11-07 Sol Mingso Li Systems and methods for programming, controlling and monitoring wireless networks
US10652735B2 (en) * 2013-10-04 2020-05-12 Sol Mingso Li Systems and methods for programming, controlling and monitoring wireless networks
KR101418799B1 (en) * 2013-11-14 2014-07-15 (주)세이퍼존 System for providing mobile OTP service
US10902459B2 (en) * 2013-12-31 2021-01-26 Salesforce.Com, Inc. Facilitating smart advertising on curated content-based networking websites in an on-demand services environment
US9286473B2 (en) * 2013-12-31 2016-03-15 Cisco Technology, Inc. Quarantine-based mitigation of effects of a local DoS attack
US9584482B2 (en) * 2014-03-03 2017-02-28 Qualcomm Connected Experiences, Inc. Access control lists for private networks of system agnostic connected devices
US9805131B2 (en) * 2014-03-13 2017-10-31 Ebay Inc. Wear time as metric of buying intent
US10057325B2 (en) * 2014-03-31 2018-08-21 Nuvestack, Inc. Remote desktop infrastructure
WO2015175437A1 (en) * 2014-05-12 2015-11-19 Microsoft Technology Licensing, Llc Connecting public cloud with private network resources
CA3030129C (en) * 2014-06-02 2021-11-23 Schlage Lock Company Llc Electronic credential management system
CN104349423B (en) * 2014-06-30 2015-11-18 腾讯科技(深圳)有限公司 From the method, system and device of the WLAN (wireless local area network) that is dynamically connected
US9942756B2 (en) * 2014-07-17 2018-04-10 Cirrent, Inc. Securing credential distribution
US10834592B2 (en) * 2014-07-17 2020-11-10 Cirrent, Inc. Securing credential distribution
US20160026983A1 (en) * 2014-07-25 2016-01-28 Cisco Technology, Inc. System and method for brokering electronic data in a network environment
US9253639B1 (en) * 2014-08-11 2016-02-02 Afirma Consulting & Technologies, S.L. Methods and systems to enable presence related services
US9210167B1 (en) * 2014-08-11 2015-12-08 Afirma Consulting & Technologies, S.L. Methods and systems to enable presence related services
US10623956B2 (en) * 2014-08-21 2020-04-14 Hewlett-Packard Development Company, L.P. Request for network credential
KR102297475B1 (en) * 2014-10-17 2021-09-02 삼성전자주식회사 Terminal for internet of things and operation method of the same
US10129078B2 (en) * 2014-10-30 2018-11-13 Equinix, Inc. Orchestration engine for real-time configuration and management of interconnections within a cloud-based services exchange
US9426650B2 (en) * 2014-10-31 2016-08-23 Gogo Llc Autonomous-mode content delivery and key management
US9992352B2 (en) * 2014-11-01 2018-06-05 Somos, Inc. Toll-free telecommunications and data management platform
US9413756B1 (en) * 2014-12-09 2016-08-09 Google Inc. Systems and methods using short-lived proxy token values obfuscating a stable long-lived token value
US10673852B2 (en) * 2014-12-23 2020-06-02 Mcafee, Llc Self-organizing trusted networks
US9860057B2 (en) * 2014-12-23 2018-01-02 Intel Corporation Diffie-Hellman key agreement using an M-of-N threshold scheme
US9898474B1 (en) * 2015-01-05 2018-02-20 Amazon Technologies, Inc. Object sharding in a host-side processing device for distributed storage
US9762556B2 (en) * 2015-01-09 2017-09-12 Verisign, Inc. Registering, managing, and communicating with IOT devices using domain name system processes
US9935950B2 (en) * 2015-01-12 2018-04-03 Verisign, Inc. Systems and methods for establishing ownership and delegation ownership of IOT devices using domain name system services
US20160205106A1 (en) * 2015-01-12 2016-07-14 Verisign, Inc. Systems and methods for providing iot services
US10223549B2 (en) * 2015-01-21 2019-03-05 Onion ID Inc. Techniques for facilitating secure, credential-free user access to resources
US10230736B2 (en) * 2015-01-21 2019-03-12 Onion ID Inc. Invisible password reset protocol
US9967260B1 (en) * 2015-01-26 2018-05-08 Microstrategy Incorporated Enhanced authentication security
US11277390B2 (en) * 2015-01-26 2022-03-15 Listat Ltd. Decentralized cybersecure privacy network for cloud communication, computing and global e-commerce
US10270774B1 (en) * 2015-01-26 2019-04-23 Microstrategy Incorporated Electronic credential and analytics integration
US10257179B1 (en) * 2015-01-26 2019-04-09 Microstrategy Incorporated Credential management system and peer detection
US9659166B2 (en) * 2015-01-30 2017-05-23 International Business Machines Corporation Risk-based credential management
KR102346062B1 (en) * 2015-02-27 2021-12-31 삼성전자주식회사 Electronic apparatus for transmitting configuration information and operating method thereof
CN105930040A (en) * 2015-02-27 2016-09-07 三星电子株式会社 Electronic device including electronic payment system and operating method thereof
US10055554B2 (en) * 2015-03-02 2018-08-21 Parallel Wireless, Inc. Software-enabled remote licensing and provisioning
US9722987B2 (en) * 2015-03-13 2017-08-01 Ssh Communications Security Oyj Access relationships in a computer system
US9667635B2 (en) * 2015-03-26 2017-05-30 Cisco Technology, Inc. Creating three-party trust relationships for internet of things applications
US10019498B2 (en) * 2015-03-31 2018-07-10 Northrup Grumman Systems Corporation Biometric data brokerage system and method for transfer of biometric records between biometric collection devices and biometric processing services
US9838390B2 (en) * 2015-03-31 2017-12-05 Afero, Inc. System and method for automatic wireless network authentication
US10116658B2 (en) * 2015-04-29 2018-10-30 Cyberark Software Ltd. Privileged access to target services
US9781090B2 (en) * 2015-05-11 2017-10-03 Citrix Systems, Inc. Enterprise computing environment with continuous user authentication
US9934544B1 (en) * 2015-05-12 2018-04-03 CADG Partners, LLC Secure consent management system
US9769865B2 (en) * 2015-05-26 2017-09-19 Avago Technologies General Ip (Singapore) Pte. Ltd. Opportunistic data transfer
WO2016192387A1 (en) * 2015-05-29 2016-12-08 乐鑫信息科技(上海)有限公司 Internet of things configuration method and system for secure low-power-consumption proxy device
US10299118B1 (en) * 2015-06-01 2019-05-21 Benten Solutions Inc. Authenticating a person for a third party without requiring input of a password by the person
US20160364553A1 (en) * 2015-06-09 2016-12-15 Intel Corporation System, Apparatus And Method For Providing Protected Content In An Internet Of Things (IOT) Network
US10554758B2 (en) * 2015-06-15 2020-02-04 Blub0X Security, Inc. Web-cloud hosted unified physical security system
US9888070B2 (en) * 2015-06-29 2018-02-06 Microsoft Technology Licensing, Llc Brokered advanced pairing
US10140600B2 (en) * 2015-07-01 2018-11-27 Liveensure, Inc. System and method for mobile peer authentication and asset control
US10395253B2 (en) * 2015-07-01 2019-08-27 Liveensure, Inc. System and method for securing and monetizing peer-to-peer digital content
EP3125502A1 (en) * 2015-07-31 2017-02-01 GridSystronic Energy GmbH Method for providing access to a web server
WO2017024005A1 (en) * 2015-08-03 2017-02-09 Convida Wireless, Llc Mobile core network service exposure for the user equipment
WO2017027487A1 (en) * 2015-08-09 2017-02-16 Google Inc. Access control for internet of things devices
US10135792B2 (en) * 2015-08-25 2018-11-20 Anchorfree Inc. Secure communications with internet-enabled devices
US9871787B2 (en) * 2016-02-23 2018-01-16 Assured Information Security, Inc. Authentication processing for a plurality of self-encrypting storage devices
US10187376B2 (en) * 2015-08-28 2019-01-22 Texas Instruments Incorporated Authentication of networked devices having low computational capacity
US10713660B2 (en) * 2015-09-15 2020-07-14 Visa International Service Association Authorization of credential on file transactions
US10992678B1 (en) * 2015-09-15 2021-04-27 Sean Gilman Internet access control and reporting system and method
US9660803B2 (en) * 2015-09-15 2017-05-23 Global Risk Advisors Device and method for resonant cryptography
US10313881B2 (en) * 2015-09-21 2019-06-04 Lawrence Liu System and method of authentication by leveraging mobile devices for expediting user login and registration processes online
US9668136B2 (en) * 2015-09-25 2017-05-30 Citrix Systems, Inc. Using derived credentials for enrollment with enterprise mobile device management services
US10129265B2 (en) * 2015-09-29 2018-11-13 Ca, Inc. Fetching vendor specific policy events and corresponding device feature mappings from a policy server at mobile device runtime of a managed application
US20170093700A1 (en) * 2015-09-30 2017-03-30 WoT. io, Inc. Device platform integrating disparate data sources
US10181760B2 (en) * 2015-10-19 2019-01-15 Ossia Inc. Techniques for authenticating devices in wireless power delivery environments
US20200389495A1 (en) * 2015-10-28 2020-12-10 Qomplx, Inc. Secure policy-controlled processing and auditing on regulated data sets
US20200412767A1 (en) * 2015-10-28 2020-12-31 Qomplx, Inc. Hybrid system for the protection and secure data transportation of convergent operational technology and informational technology networks
WO2017070797A1 (en) * 2015-10-30 2017-05-04 Investel Capital Corporation Data network access selection, migration and quality management systems and methods
US20170171176A1 (en) * 2015-12-11 2017-06-15 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Maintenance credential permitting performance of just maintenance-related actions when computing device requires repair and/or maintenance
EP3179432A1 (en) * 2015-12-11 2017-06-14 Mastercard International Incorporated Delegation of transactions
US10460117B2 (en) * 2015-12-13 2019-10-29 Noam Camiel System and method for removing internet attack surface from internet connected devices
US10142344B2 (en) * 2015-12-15 2018-11-27 Hrb Innovations, Inc. Credential management system
US10084780B2 (en) * 2015-12-15 2018-09-25 Verizon Patent And Licensing Inc. Network-based authentication and security services
US20170180208A1 (en) * 2015-12-22 2017-06-22 Intel Corporation Organically composable iot networks
US10341320B2 (en) * 2016-01-19 2019-07-02 Aerohive Networks, Inc. BYOD credential management
US10044705B2 (en) * 2016-01-20 2018-08-07 Facebook, Inc. Session management for internet of things devices
US10324745B2 (en) * 2016-02-01 2019-06-18 Airwatch, Llc Thin client with managed profile-specific remote virtual machines
US20180232514A1 (en) * 2016-02-03 2018-08-16 Averon Us, Inc. Method and apparatus for facilitating access to a device utilizing frictionless two-factor authentication
US9949130B2 (en) * 2016-02-04 2018-04-17 StarHome Mach GmbH Data security for internet of things (IOT) devices
US10509574B2 (en) * 2016-02-08 2019-12-17 Microsoft Technology Licensing, Llc Container credentialing by host
US9948506B2 (en) * 2016-02-12 2018-04-17 Verizon Patent And Licensing Inc. High availability internet services provisioning
US20170236179A1 (en) * 2016-02-15 2017-08-17 Henry Dreifus Service monitoring and optimization systems and methods
GB2547441B (en) * 2016-02-17 2020-04-29 Arm Ip Ltd A method for mitigating a DOS attack on a device
US10404758B2 (en) * 2016-02-26 2019-09-03 Time Warner Cable Enterprises Llc Apparatus and methods for centralized message exchange in a user premises device
US10069834B2 (en) * 2016-04-18 2018-09-04 Verizon Patent And Licensing Inc. Using mobile devices as gateways for internet of things devices
US10382196B2 (en) * 2016-04-29 2019-08-13 Olympus Sky Technologies, S.A. System and method for secure communications based on locally stored values
US10382208B2 (en) * 2016-04-29 2019-08-13 Olympus Sky Technologies, S.A. Secure communications using organically derived synchronized processes
US10367794B2 (en) * 2016-05-06 2019-07-30 Ian L Sayers Method and apparatus for securing a sensor or device
US20200348662A1 (en) * 2016-05-09 2020-11-05 Strong Force Iot Portfolio 2016, Llc Platform for facilitating development of intelligence in an industrial internet of things system
US20190339688A1 (en) * 2016-05-09 2019-11-07 Strong Force Iot Portfolio 2016, Llc Methods and systems for data collection, learning, and streaming of machine signals for analytics and maintenance using the industrial internet of things
US10732621B2 (en) * 2016-05-09 2020-08-04 Strong Force Iot Portfolio 2016, Llc Methods and systems for process adaptation in an internet of things downstream oil and gas environment
US11327475B2 (en) * 2016-05-09 2022-05-10 Strong Force Iot Portfolio 2016, Llc Methods and systems for intelligent collection and analysis of vehicle data
US20200225655A1 (en) * 2016-05-09 2020-07-16 Strong Force Iot Portfolio 2016, Llc Methods, systems, kits and apparatuses for monitoring and managing industrial settings in an industrial internet of things data collection environment
US10673838B2 (en) * 2016-05-13 2020-06-02 MobileIron, Inc. Unified VPN and identity based authentication to cloud-based services
US10643212B2 (en) * 2016-05-15 2020-05-05 Bank Of America Corporation Linking channel-specific systems with a user authentication hub to provide omni-channel user authentication
US11838271B2 (en) * 2016-05-18 2023-12-05 Zscaler, Inc. Providing users secure access to business-to-business (B2B) applications
US20170339000A1 (en) * 2016-05-19 2017-11-23 Basic6 Inc. Remote controlled led based id emitter
US10064062B2 (en) * 2016-06-07 2018-08-28 Sears Brands, L.L.C. System and method for automatically and securely registering an internet of things device
US10970380B2 (en) * 2016-06-13 2021-04-06 Verizon Patent And Licensing Inc. Internet-of-Things partner integration
US11237546B2 (en) * 2016-06-15 2022-02-01 Strong Force loT Portfolio 2016, LLC Method and system of modifying a data collection trajectory for vehicles
WO2017218775A1 (en) * 2016-06-15 2017-12-21 Intel Corporation Services provisioning for internet-of-things devices in cellular networks
US10674357B2 (en) * 2016-06-16 2020-06-02 T-Mobile Usa, Inc. Single interface for activating IoT devices to network data plans
EP3479249B1 (en) * 2016-06-29 2021-08-25 Greeneden U.S. Holdings II, LLC Technologies for managing application configurations and associated credentials
CA3058076A1 (en) * 2016-07-01 2018-01-04 Paxgrid Cdn Inc. System for authenticating and authorizing access to and accounting for wireless access vehicular environment consumption by client devices
US10158610B2 (en) * 2016-07-06 2018-12-18 Adp, Llc Secure application communication system
US10250612B1 (en) * 2016-07-07 2019-04-02 Amazon Technologies, Inc. Cross-account role management
GB201611948D0 (en) * 2016-07-08 2016-08-24 Kalypton Int Ltd Distributed transcation processing and authentication system
US9999557B2 (en) * 2016-07-14 2018-06-19 Challenging Solutions, Inc. Robotic mobility device
EP3488646B1 (en) * 2016-07-20 2021-04-21 Convida Wireless, LLC Mobility for radio devices using beamforming and selection
US10397778B2 (en) * 2016-07-29 2019-08-27 Citrix Systems, Inc. Computer network providing secure mobile device enrollment features and related methods
US9923755B2 (en) * 2016-08-01 2018-03-20 Data I/O Corporation Device programming with system generation
US11050605B2 (en) * 2016-08-01 2021-06-29 Data I/O Corporation Device programming with system generation
US10496811B2 (en) * 2016-08-04 2019-12-03 Data I/O Corporation Counterfeit prevention
US10268844B2 (en) * 2016-08-08 2019-04-23 Data I/O Corporation Embedding foundational root of trust using security algorithms
EP3501204A1 (en) * 2016-08-18 2019-06-26 Convida Wireless, LLC Network service exposure for service and session continuity
MX2019002184A (en) * 2016-08-22 2019-08-16 fybr System for distributed intelligent remote sensing systems.
US11184766B1 (en) * 2016-09-07 2021-11-23 Locurity Inc. Systems and methods for continuous authentication, identity assurance and access control
US10419226B2 (en) * 2016-09-12 2019-09-17 InfoSci, LLC Systems and methods for device authentication
US9722803B1 (en) * 2016-09-12 2017-08-01 InfoSci, LLC Systems and methods for device authentication
US10942946B2 (en) * 2016-09-26 2021-03-09 Splunk, Inc. Automatic triage model execution in machine data driven monitoring automation apparatus
US10942960B2 (en) * 2016-09-26 2021-03-09 Splunk Inc. Automatic triage model execution in machine data driven monitoring automation apparatus with visualization
US10069633B2 (en) * 2016-09-30 2018-09-04 Data I/O Corporation Unified programming environment for programmable devices
US10778775B2 (en) * 2016-10-25 2020-09-15 Cisco Technology, Inc. Control of network connected devices
US10523678B2 (en) * 2016-10-25 2019-12-31 Sean Dyon System and method for architecture initiated network access control
EP3316163B1 (en) * 2016-10-28 2020-08-12 Hewlett-Packard Development Company, L.P. Authentication system
US10667134B2 (en) * 2016-11-21 2020-05-26 International Business Machines Corporation Touch-share credential management on multiple devices
AU2017363882B2 (en) * 2016-11-23 2021-08-12 Fasetto, Inc. Systems and methods for streaming media
US10764394B2 (en) * 2016-11-30 2020-09-01 At&T Intellectual Property I, L.P. Resource based framework to support service programmability for a 5G or other next generation mobile core network
US20200380506A1 (en) * 2016-12-20 2020-12-03 Wells Fargo Bank, N.A. Systems and methods for financial authentication hotspot
US20180184290A1 (en) * 2016-12-22 2018-06-28 Cypress Semiconductor Corporation Embedded Certificate Method for Strong Authentication and Ease of Use for Wireless IoT Systems
US10764056B2 (en) * 2017-01-12 2020-09-01 Oleksandr Senyuk Short-distance network electronic authentication
CN108337677B (en) * 2017-01-19 2020-10-09 阿里巴巴集团控股有限公司 Network authentication method and device
US10389753B2 (en) * 2017-01-23 2019-08-20 Ntt Innovation Institute, Inc. Security system and method for internet of things infrastructure elements
EP3577952B1 (en) * 2017-02-03 2022-11-30 Nokia Technologies Oy Method and system for selection of an access and mobility management function in an access network environment
EP3577878B1 (en) * 2017-02-06 2021-07-07 PCMS Holdings, Inc. Securing communication of devices in the internet of things
US10691816B2 (en) * 2017-02-24 2020-06-23 International Business Machines Corporation Applying host access control rules for data used in application containers
JP6787190B2 (en) * 2017-03-06 2020-11-18 カシオ計算機株式会社 Authentication device and program
WO2018164778A1 (en) * 2017-03-10 2018-09-13 Walmart Apollo, Llc Automated databot system
US10503427B2 (en) * 2017-03-10 2019-12-10 Pure Storage, Inc. Synchronously replicating datasets and other managed objects to cloud-based storage systems
US11089105B1 (en) * 2017-12-14 2021-08-10 Pure Storage, Inc. Synchronously replicating datasets in cloud-based storage systems
US10341814B2 (en) * 2017-03-17 2019-07-02 SCRRD, Inc. Wireless device detection, tracking, and authentication platform and techniques
US11191037B2 (en) * 2017-03-23 2021-11-30 Interdigital Patent Holdings, Inc. Altitude path-loss based power control for aerial vehicles
US20180287869A1 (en) * 2017-03-29 2018-10-04 Intel Corporation Technologies for altering modem configurations
US10757103B2 (en) * 2017-04-11 2020-08-25 Xage Security, Inc. Single authentication portal for diverse industrial network protocols across multiple OSI layers
US10530865B2 (en) * 2017-04-19 2020-01-07 Vmware, Inc. Offline sideloading for enrollment of devices in a mobile device management system
US10136322B2 (en) * 2017-04-21 2018-11-20 Kirio Inc. Anonymous authentication system
US10057269B1 (en) * 2017-04-21 2018-08-21 InfoSci, LLC Systems and methods for device verification and authentication
US10546139B2 (en) * 2017-04-21 2020-01-28 Ntropy Llc Systems and methods for securely transmitting large data files
US11750609B2 (en) * 2017-04-28 2023-09-05 Cyberark Software Ltd. Dynamic computing resource access authorization
US10382390B1 (en) * 2017-04-28 2019-08-13 Cisco Technology, Inc. Support for optimized microsegmentation of end points using layer 2 isolation and proxy-ARP within data center
WO2018204769A1 (en) * 2017-05-04 2018-11-08 Modjoul, Inc. Wearable electronic belt device
WO2018208949A1 (en) * 2017-05-09 2018-11-15 Intel IP Corporation Privacy protection and extensible authentication protocol authentication and authorization in cellular networks
US11601436B2 (en) * 2017-05-09 2023-03-07 Intel Corporation Internet of things (IoT) network domain resource model
TWI652594B (en) * 2017-05-10 2019-03-01 周宏建 Authentication method for login
US9794965B1 (en) * 2017-06-05 2017-10-17 Chengfu Yu Autonomous and remote pairing of internet of things devices utilizing a cloud service
US10868836B1 (en) * 2017-06-07 2020-12-15 Amazon Technologies, Inc. Dynamic security policy management
KR20200015752A (en) * 2017-06-15 2020-02-12 콘비다 와이어리스, 엘엘씨 Scheduling requests, status reports, and logical channel prioritization
US11336654B2 (en) * 2017-06-16 2022-05-17 Intel Corporation Cloud-to-device mediator service from services definition
CN110770695B (en) * 2017-06-16 2024-01-30 密码研究公司 Internet of things (IOT) device management
US20210289351A1 (en) * 2017-06-19 2021-09-16 Idac Holdings, Inc. Methods and systems for privacy protection of 5g slice identifier
US10454896B2 (en) * 2017-07-04 2019-10-22 Is5 Communications Inc Critical infrastructure security framework
US11509644B2 (en) * 2017-07-05 2022-11-22 Intel Corporation Establishing connections between IOT devices using authentication tokens
CA3010945A1 (en) * 2017-07-10 2019-01-10 3D Bridge Solutions Inc. Systems, devices and methods for protecting 3d rendered designs
US11025627B2 (en) * 2017-07-10 2021-06-01 Intel Corporation Scalable and secure resource isolation and sharing for IoT networks
AU2018301495B2 (en) * 2017-07-14 2023-03-30 Callyo 2009 Corp. Mobile phone as a police body camera over a cellular network
US10445487B2 (en) * 2017-07-20 2019-10-15 Singou Technology (Macau) Ltd. Methods and apparatus for authentication of joint account login
US10691779B2 (en) * 2017-07-24 2020-06-23 Otis Elevator Company Service tool credential management
US10735407B2 (en) * 2017-07-26 2020-08-04 Secret Double Octopus Ltd. System and method for temporary password management
US10924466B2 (en) * 2017-07-28 2021-02-16 SmartAxiom, Inc. System and method for IOT security
US10574462B2 (en) * 2017-07-29 2020-02-25 Nokia Technologies Oy Interfaces for privacy management as service or function
CN110073301A (en) * 2017-08-02 2019-07-30 强力物联网投资组合2016有限公司 The detection method and system under data collection environment in industrial Internet of Things with large data sets
US11397428B2 (en) * 2017-08-02 2022-07-26 Strong Force Iot Portfolio 2016, Llc Self-organizing systems and methods for data collection
WO2019032728A1 (en) * 2017-08-08 2019-02-14 Sentinel Labs, Inc. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
EP3659359A1 (en) * 2017-08-11 2020-06-03 Convida Wireless, LLC Network data analytics in a communications network
US9998334B1 (en) * 2017-08-17 2018-06-12 Chengfu Yu Determining a communication language for internet of things devices
US11153298B1 (en) * 2017-09-02 2021-10-19 Chipiworks Company Method and apparatus for one or more certified approval services
US20190095478A1 (en) * 2017-09-23 2019-03-28 Splunk Inc. Information technology networked entity monitoring with automatic reliability scoring
US11106442B1 (en) * 2017-09-23 2021-08-31 Splunk Inc. Information technology networked entity monitoring with metric selection prior to deployment
US11093518B1 (en) * 2017-09-23 2021-08-17 Splunk Inc. Information technology networked entity monitoring with dynamic metric and threshold selection
US11159397B2 (en) * 2017-09-25 2021-10-26 Splunk Inc. Lower-tier application deployment for higher-tier system data monitoring
US10601837B1 (en) * 2017-10-02 2020-03-24 EMC IP Holding Company LLC Systems and methods for performing data protection operations with a proxy register
US11006273B2 (en) * 2017-10-03 2021-05-11 Citrix Systems, Inc. Location/things aware cloud services delivery solution
US10361859B2 (en) * 2017-10-06 2019-07-23 Stealthpath, Inc. Methods for internet communication security
US10375019B2 (en) * 2017-10-06 2019-08-06 Stealthpath, Inc. Methods for internet communication security
US10104077B1 (en) * 2017-10-06 2018-10-16 Xage Security, Inc. Enabling multitenant data access on a single industrial network
US10397186B2 (en) * 2017-10-06 2019-08-27 Stealthpath, Inc. Methods for internet communication security
US10374803B2 (en) * 2017-10-06 2019-08-06 Stealthpath, Inc. Methods for internet communication security
US10367811B2 (en) * 2017-10-06 2019-07-30 Stealthpath, Inc. Methods for internet communication security
US10630642B2 (en) * 2017-10-06 2020-04-21 Stealthpath, Inc. Methods for internet communication security
US10785222B2 (en) * 2018-10-11 2020-09-22 Spredfast, Inc. Credential and authentication management in scalable data networks
US10343649B2 (en) * 2017-10-23 2019-07-09 Afero, Inc. Wireless key system and method
US10477395B2 (en) * 2017-11-06 2019-11-12 Fujitsu Limited Open public internet-of-things systems and methods
US11190510B2 (en) * 2017-11-15 2021-11-30 Parallel Wireless, Inc. Two-factor authentication in a cellular radio access network
WO2019109097A1 (en) * 2017-12-01 2019-06-06 Averon Us, Inc. Identity verification document request handling utilizing a user certificate system and user identity document repository
US10972471B2 (en) * 2017-12-15 2021-04-06 International Business Machines Corporation Device authentication using synchronized activity signature comparison
US11099964B2 (en) * 2017-12-20 2021-08-24 Pivotal Software, Inc. Framework actuator integration
CN111602417B (en) * 2018-01-15 2023-03-28 瑞典爱立信有限公司 Profile processing for communication devices
US20210019429A1 (en) * 2018-01-15 2021-01-21 Jason Ryan Cooner Internet of things devices for use with an encryption service
KR102400580B1 (en) * 2018-01-22 2022-05-23 삼성전자주식회사 Electronic device for performing an authentication of another electronic device and method of operating the same
US20210067507A1 (en) * 2018-01-22 2021-03-04 Sony Corporation Information processing apparatus and processing method for the same
WO2019152587A1 (en) * 2018-02-01 2019-08-08 Halo Maritime Defense Systems, Inc. Presence-based automatic gate operation for marine barriers and gate systems
US10492074B2 (en) * 2018-02-07 2019-11-26 Carrier Corporation Credential synchronization for a mobile device
US10826946B2 (en) * 2018-02-15 2020-11-03 Nokia Technologies Oy Security management in communication systems with provisioning based mechanism to identify information elements
US10645094B2 (en) * 2018-02-16 2020-05-05 Integrity Security Services Llc Systems, methods, and devices for provisioning and processing geolocation information for computerized devices
US10960782B2 (en) * 2018-02-19 2021-03-30 Power Hero Corp. Method and device for converting standalone EV charging stations into intelligent stations with remote communications connectivity and control
WO2019173828A1 (en) * 2018-03-09 2019-09-12 Averon Us, Inc. Using location paths of user-possessed devices to increase transaction security
US10681544B2 (en) * 2018-03-12 2020-06-09 Cypress Semiconductor Corporation Devices, systems and methods for connecting and authenticating local devices to common gateway device
US11762980B2 (en) * 2018-03-14 2023-09-19 Microsoft Technology Licensing, Llc Autonomous secrets renewal and distribution
US10135835B1 (en) * 2018-03-19 2018-11-20 Cyberark Software Ltd. Passwordless and decentralized identity verification
CN110290094B (en) * 2018-03-19 2022-03-11 华为技术有限公司 Method and device for controlling data access authority
US10440028B1 (en) * 2018-03-19 2019-10-08 Cyberark Software Ltd. Distributed authorization of identities in a dynamic connected environment
US11171950B1 (en) * 2018-03-21 2021-11-09 Pure Storage, Inc. Secure cloud-based storage system management
US11880436B2 (en) * 2018-03-23 2024-01-23 Nanolock Security Inc. Remote access control for digital hardware
US10609154B2 (en) * 2018-03-30 2020-03-31 Ofinno, Llc Data transmission over user plane for cellular IoT
US10938856B2 (en) * 2018-03-30 2021-03-02 Intel Corporation Systems and methods for security protocol execution in a hierarchical state machine-driven execution plan
US10320569B1 (en) * 2018-04-05 2019-06-11 HOTYB, Inc. Systems and methods for authenticating a digitally signed assertion using verified evaluators
US11218324B2 (en) * 2018-04-05 2022-01-04 Ares Technologies, Inc. Systems and methods authenticating a digitally signed assertion using verified evaluators
US11019668B2 (en) * 2018-04-09 2021-05-25 Ofinno, Llc PDU session establishment for cellular IoT
US11386412B1 (en) * 2018-04-12 2022-07-12 Wells Fargo Bank, N.A. Authentication circle management
US10924363B2 (en) * 2018-04-13 2021-02-16 The Curators Of The University Of Missouri Method and system for secure resource management utilizing blockchain and smart contracts
US11316693B2 (en) * 2018-04-13 2022-04-26 Microsoft Technology Licensing, Llc Trusted platform module-based prepaid access token for commercial IoT online services
WO2019204213A1 (en) * 2018-04-15 2019-10-24 Cooner Jason Encryption for blockchain cryptocurrency transactions and uses in conjunction with carbon credits
US11019059B2 (en) * 2018-04-26 2021-05-25 Radware, Ltd Blockchain-based admission processes for protected entities
US11102190B2 (en) * 2018-04-26 2021-08-24 Radware Ltd. Method and system for blockchain based cyber protection of network entities
US10868711B2 (en) * 2018-04-30 2020-12-15 Splunk Inc. Actionable alert messaging network for automated incident resolution
US20190342874A1 (en) * 2018-05-04 2019-11-07 Intel Corporation Interlace-Based Uplink Physical Channel Design for New Radio-Unlicensed (NR-U)
US20200150643A1 (en) * 2018-05-07 2020-05-14 Strong Force Iot Portfolio 2016, Llc Methods and systems for data collection, learning, and streaming of machine signals for analytics and maintenance using the industrial internet of things
EP3791236A4 (en) * 2018-05-07 2022-06-08 Strong Force Iot Portfolio 2016, LLC Methods and systems for data collection, learning, and streaming of machine signals for analytics and maintenance using the industrial internet of things
US11413982B2 (en) * 2018-05-15 2022-08-16 Power Hero Corp. Mobile electric vehicle charging station system
US20190356661A1 (en) * 2018-05-21 2019-11-21 Cyberark Software Ltd. Proxy manager using replica authentication information
US11095653B2 (en) * 2018-05-24 2021-08-17 International Business Machines Corporation Secure provisioning of unknown devices through trusted third-party devices
US10325596B1 (en) * 2018-05-25 2019-06-18 Bao Tran Voice control of appliances
US11171937B2 (en) * 2018-05-25 2021-11-09 Target Brands, Inc. Continuous guest re-authentication system
US10417454B1 (en) * 2018-06-05 2019-09-17 Cyberark Software Ltd. Automated secure operating system policy integration
US11394691B2 (en) * 2018-06-05 2022-07-19 Acreto Cloud Corporation Ecosystem per distributed element security through virtual isolation networks
GB201809887D0 (en) * 2018-06-15 2018-08-01 Iothic Ltd Decentralised authentication
US10218708B1 (en) * 2018-06-21 2019-02-26 Capital One Services, Llc Systems for providing electronic items having customizable locking mechanism
US20190392162A1 (en) * 2018-06-25 2019-12-26 Merck Sharp & Dohme Corp. Dynamic consent enforcement for internet of things
US10805104B2 (en) * 2018-06-26 2020-10-13 Verizon Patent And Licensing Inc. Virtual network endpoints for internet of things (IOT) devices
US11271801B2 (en) * 2018-06-27 2022-03-08 T-Mobile Usa, Inc. Compromised network node detection system
US11258861B2 (en) * 2018-06-29 2022-02-22 Intel Corporation Secure reporting of platform state information to a remote server
US20200004946A1 (en) * 2018-07-02 2020-01-02 Cyberark Software Ltd. Secretless and secure authentication of network resources
US11588785B2 (en) * 2018-07-05 2023-02-21 Interdigital Patent Holdings, Inc. Methods and procedures for the dynamic mac address distribution in IEEE 802.11 networks
US20210282003A1 (en) * 2018-07-09 2021-09-09 Convida Wireless, Llc Core network assisted service discovery
US11323948B2 (en) * 2018-07-24 2022-05-03 T-Mobile Usa, Inc. Device management for NB-IoT devices
US10917389B2 (en) * 2018-07-31 2021-02-09 Splunk Inc. Trusted tunnel bridge
US11664338B2 (en) * 2018-08-02 2023-05-30 Anwar A. Mohammed Stretchable and self-healing solders for dies and components in manufacturing environments
US10824700B2 (en) * 2018-08-02 2020-11-03 Arm Limited Device, system, and method of selective activation, deactivation, and configuration of components
CN112740723B (en) * 2018-08-03 2022-08-12 艾普拉控股有限公司 Low latency messaging service for 5GC
US10749876B2 (en) * 2018-08-09 2020-08-18 Cyberark Software Ltd. Adaptive and dynamic access control techniques for securely communicating devices
US10594694B2 (en) * 2018-08-09 2020-03-17 Cyberark Software Ltd. Secure offline caching and provisioning of secrets
US11907354B2 (en) * 2018-08-09 2024-02-20 Cyberark Software Ltd. Secure authentication
EP3821658A1 (en) * 2018-08-09 2021-05-19 Convida Wireless, Llc Resource management for 5g ev2x
US11758432B2 (en) * 2018-08-09 2023-09-12 Telefonaktiebolaget Lm Ericsson (Publ) Enhanced end to end flow control for multi-hop integrated access backhaul (IAB) networks
US20200052889A1 (en) * 2018-08-09 2020-02-13 Cyberark Software Ltd. Secure distributed transmission and recombination of secrets
US10498611B1 (en) * 2018-08-29 2019-12-03 Charter Communications Operating, Llc System architecture and methods for controlling and managing networking devices and expediting new service delivery in a subscriber's home network using micro-domains
CN112930668A (en) * 2018-09-11 2021-06-08 阿韦瓦软件有限责任公司 Server and system for secure configuration push of DMZ proxy client
US20220030431A1 (en) * 2018-09-17 2022-01-27 Nokia Solutions And Networks Oy Credentials management
US10944757B2 (en) * 2018-09-19 2021-03-09 Cisco Technology, Inc. Granting wireless network access based on application authentication credentials of client devices
AU2019344067B2 (en) * 2018-09-21 2023-01-05 Schlage Lock Company Llc Wireless access credential system
US11206710B2 (en) * 2018-09-25 2021-12-21 Ofinno, Llc Network initiated release assistance indication
US11205011B2 (en) * 2018-09-27 2021-12-21 Amber Solutions, Inc. Privacy and the management of permissions
US11366842B1 (en) * 2018-09-28 2022-06-21 Splunk Inc. IT service monitoring by ingested machine data with KPI prediction and impactor determination
US10757757B2 (en) * 2018-09-28 2020-08-25 Intel Corporation MEC-based distributed computing environment with multiple edge hosts and user devices
US20200112555A1 (en) * 2018-10-05 2020-04-09 Averon Us, Inc. Apparatuses, methods, and computer program products for secure access credential management
US10887447B2 (en) * 2018-10-10 2021-01-05 Amber Solutions, Inc. Configuration and management of smart nodes with limited user interfaces
US20200134686A1 (en) * 2018-10-31 2020-04-30 The Boeing Company Aircraft modification user interface marketplace
EP3647984A1 (en) * 2018-10-31 2020-05-06 Hewlett-Packard Development Company, L.P. Region restricted data routing
CN112997546A (en) * 2018-11-08 2021-06-18 康维达无线有限责任公司 Sidelink transmit power control for new radio V2X
US20200186358A1 (en) * 2018-12-11 2020-06-11 Syccure Inc. Persistent network device authentication
US11057531B2 (en) * 2019-01-03 2021-07-06 Kodak Alaris Inc. Operating an appliance scanner system
US20200228311A1 (en) * 2019-01-10 2020-07-16 Syccure Inc. Lightweight encryption, authentication, and verification of data moving to and from intelligent devices
US10936643B1 (en) * 2019-02-22 2021-03-02 Splunk Inc. User interface with automated condensation of machine data event streams
US11997205B2 (en) * 2019-02-25 2024-05-28 Tbcasoft, Inc. Credential verification and issuance through credential service providers
US10931661B2 (en) * 2019-03-05 2021-02-23 Centripetal Networks Methods and systems for certificate filtering
JP2022525167A (en) * 2019-03-13 2022-05-11 コンヴィーダ ワイヤレス, エルエルシー Dynamic network capacity configuration
US20220191962A1 (en) * 2019-03-27 2022-06-16 Convida Wireless, Llc Rlm and rlf procedures for nr v2x
US11197232B2 (en) * 2019-04-01 2021-12-07 Ofinno, Llc Location reporting handling
EP4027618A1 (en) * 2019-04-02 2022-07-13 Bright Data Ltd. Managing a non-direct url fetching service
US11457010B2 (en) * 2019-04-05 2022-09-27 Comcast Cable Communications, Llc Mutual secure communications
US10742744B1 (en) * 2019-04-08 2020-08-11 Oracle International Corporation Methods, systems, and computer readable media for monitoring lightweight machine to machine (LWM2M) internet of things (IoT) devices through service capability exposure funtion (SCEF) T8 interface
US11483143B2 (en) * 2019-04-15 2022-10-25 Smart Security Systems, Llc Enhanced monitoring and protection of enterprise data
IT201900005876A1 (en) * 2019-04-16 2020-10-16 Roberto Griggio SYSTEM AND METHOD FOR MANAGING THE MULTI-DOMAIN ACCESS CREDENTIALS OF A USER ENABLED TO ACCESS A PLURALITY OF DOMAINS
CA3080225C (en) * 2019-04-30 2023-09-19 10353744 Canada Ltd. Computer systems, computer-implemented methods, and computer devices for processing a transaction message
US11716617B2 (en) * 2019-05-02 2023-08-01 Ares Technologies, Inc. Systems and methods for cryptographic authorization of wireless communications
US11100757B2 (en) * 2019-05-04 2021-08-24 Pilot Games, Inc. Linked bingo tournament having a tournament prize and a progressive prize
US10970378B2 (en) * 2019-05-13 2021-04-06 Cyberark Software Ltd. Secure generation and verification of machine-readable visual codes
US10693872B1 (en) * 2019-05-17 2020-06-23 Q5ID, Inc. Identity verification system
US10411894B1 (en) * 2019-05-17 2019-09-10 Cyberark Software Ltd. Authentication based on unique encoded codes
US11395139B1 (en) * 2019-06-03 2022-07-19 Sprint Communications Company Lp Network profile anti-spoofing on wireless gateways
EP3984187A1 (en) * 2019-06-12 2022-04-20 Telefonaktiebolaget Lm Ericsson (Publ) Internet of things (iot) trustworthiness as a service (taas)
US11102125B2 (en) * 2019-06-27 2021-08-24 Citrix Systems, Inc. Securing communications between services in a cluster using load balancing systems and methods
US20210006933A1 (en) * 2019-07-03 2021-01-07 R. Thomas Dean Security model using integrated technology
KR20220031575A (en) * 2019-07-08 2022-03-11 퀄컴 인코포레이티드 Lossless transmission for Unacknowledged Mode (UM) Data Radio Bearer (DRB)
US11394551B2 (en) * 2019-07-17 2022-07-19 Microsoft Technology Licensing, Llc Secure authentication using puncturing
US11316842B2 (en) * 2019-07-23 2022-04-26 Cyberark Software Ltd. Identity verification based on electronic file fingerprinting data
JP7331532B2 (en) * 2019-07-30 2023-08-23 京セラドキュメントソリューションズ株式会社 Information processing system, information processing device, and information processing method
US11023511B1 (en) * 2019-07-31 2021-06-01 Splunk Inc. Mobile device composite interface for dual-sourced incident management and monitoring system
US10887157B1 (en) * 2019-07-31 2021-01-05 Splunk Inc. Dual-sourced incident management and monitoring system
US11133962B2 (en) * 2019-08-03 2021-09-28 Microsoft Technology Licensing, Llc Device synchronization with noise symbols and pattern recognition
US11405414B2 (en) * 2019-08-06 2022-08-02 Bank Of America Corporation Automated threat assessment system for authorizing resource transfers between distributed IoT components
US10921787B1 (en) * 2019-08-06 2021-02-16 Bank Of America Corporation Centralized resource transfer engine for facilitating resource transfers between distributed internet-of-things (IoT) components
WO2021030040A1 (en) * 2019-08-09 2021-02-18 Critical Ideas, Inc. Dba Chipper Authentication via ussd
US11962585B2 (en) * 2019-08-20 2024-04-16 Cisco Technology, Inc. Guest onboarding of devices onto 3GPP-based networks with use of realm-based discovery of identity providers and mutual authentication of identity federation peers
US11223560B2 (en) * 2019-08-21 2022-01-11 Verzon Patent and Licensing Inc. System and methods for unified collection of network information
US20210067350A1 (en) * 2019-09-04 2021-03-04 Adero, Inc. Presence and identity verification using wireless tags
US10623446B1 (en) * 2019-09-09 2020-04-14 Cyberark Software Ltd. Multi-factor authentication for applications and virtual instance identities
US11477016B1 (en) * 2019-09-10 2022-10-18 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11218300B1 (en) * 2019-09-10 2022-01-04 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography communications channels
US11626983B1 (en) * 2019-09-10 2023-04-11 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11552793B1 (en) * 2019-09-10 2023-01-10 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography communications channels
US11343270B1 (en) * 2019-09-10 2022-05-24 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11240014B1 (en) * 2019-09-10 2022-02-01 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11218301B1 (en) * 2019-09-10 2022-01-04 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography communications channels
US20210082548A1 (en) * 2019-09-17 2021-03-18 Bloxton Investment Group, Llc Health platform
KR102097577B1 (en) * 2019-09-24 2020-04-07 주식회사 단솔플러스 System for controlling IoT gate using sound wave communication
WO2021062054A1 (en) * 2019-09-25 2021-04-01 Payfone, Inc. Systems and methods for caller verification
US11438805B2 (en) * 2019-09-25 2022-09-06 Verizon Patent And Licensing Inc. System and method for latency certification service
US11245577B2 (en) * 2019-09-26 2022-02-08 Amazon Technologies, Inc. Template-based onboarding of internet-connectible devices
US11558423B2 (en) * 2019-09-27 2023-01-17 Stealthpath, Inc. Methods for zero trust security with high quality of service
US20210012357A1 (en) * 2019-09-27 2021-01-14 Intel Corporation Protection against misuse of software-defined silicon
WO2021067510A1 (en) * 2019-09-30 2021-04-08 Intel Corporation Methods and apparatus to attest objects in edge computing environments
US12022354B2 (en) * 2019-10-01 2024-06-25 Qualcomm Incorporated Low-tier user equipment positioning with premium user equipment assistance
US11895232B1 (en) * 2019-10-04 2024-02-06 Wells Fargo Bank, N.A. Systems and methods for quantum entanglement authentication
US11245519B1 (en) * 2019-10-04 2022-02-08 Wells Fargo Bank, N.A. Systems and methods for quantum entanglement random number generation
US10985970B1 (en) * 2019-10-18 2021-04-20 Splunk Inc. Automatic actionable event responder for operational clusters
US11188397B2 (en) * 2019-10-18 2021-11-30 Splunk Inc. Mobile application for an information technology (IT) and security operations application
US11153748B2 (en) * 2019-10-31 2021-10-19 Arris Enterprises Llc Secure system and method for onboarding router
US11128637B2 (en) * 2019-11-05 2021-09-21 Cyberark Software Ltd. Automatic least-privilege access and control for target resources
US11663510B1 (en) * 2019-11-26 2023-05-30 Wells Fargo Bank, N.A. Systems and methods for quantum one-time pad generation
US11356247B1 (en) * 2019-11-26 2022-06-07 Wells Fargo Bank, N.A. Systems and methods for quantum one-time pad generation
US11574045B2 (en) * 2019-12-10 2023-02-07 Winkk, Inc. Automated ID proofing using a random multitude of real-time behavioral biometric samplings
US11588794B2 (en) * 2019-12-10 2023-02-21 Winkk, Inc. Method and apparatus for secure application framework and platform
US11249462B2 (en) * 2020-01-06 2022-02-15 Rockwell Automation Technologies, Inc. Industrial data services platform
US11233805B2 (en) * 2020-01-28 2022-01-25 Cyberark Software Ltd. Centralized security assessments of scripts in network environments
US11232198B2 (en) * 2020-01-28 2022-01-25 Cyberark Software Ltd. Dynamic visualization of scripts based on centralized security assessments
US11322050B1 (en) * 2020-01-30 2022-05-03 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11533175B1 (en) * 2020-01-30 2022-12-20 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography on a smartcard
US11838410B1 (en) * 2020-01-30 2023-12-05 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11449799B1 (en) * 2020-01-30 2022-09-20 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11601266B1 (en) * 2020-02-11 2023-03-07 Wells Fargo Bank, N.A. Systems and methods for quantum consensus
US11218471B1 (en) * 2020-02-11 2022-01-04 Wells Fargo Bank, N.A. Systems and methods for quantum consensus
US11240223B1 (en) * 2020-02-11 2022-02-01 Wells Fargo Bank, N.A. Systems and methods for quantum consensus
US11271911B2 (en) * 2020-02-26 2022-03-08 Amera Lot Inc. Method and apparatus for imprinting private key on IoT
US20210279341A1 (en) * 2020-03-05 2021-09-09 Timothy Arthur Huck Cryptographic security system, method, and program product using data partitioning
US11223470B1 (en) * 2020-03-06 2022-01-11 Wells Fargo Bank, N.A. Post-quantum cryptography side chain
US11816612B1 (en) * 2020-03-18 2023-11-14 Amazon Technologies, Inc. Predicting true demand of network services with usage constraints
US11539682B2 (en) * 2020-03-31 2022-12-27 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Connection parameter awareness in an authenticated link-layer network session
US10999164B1 (en) * 2020-04-30 2021-05-04 Splunk Inc. Securely executing custom playbook code in a hybrid execution environment
US11516197B2 (en) * 2020-04-30 2022-11-29 Capital One Services, Llc Techniques to provide sensitive information over a voice connection
US11652632B2 (en) * 2020-05-07 2023-05-16 Vmware, Inc. Contextual automated device onboarding
US11651363B2 (en) * 2020-05-29 2023-05-16 Pilot Games, Inc. Anonymous funding of an online account with cash
US10963583B1 (en) * 2020-06-04 2021-03-30 Cyberark Software Ltd. Automatic detection and protection against file system privilege escalation and manipulation vulnerabilities
CN115769626A (en) * 2020-07-10 2023-03-07 联想(新加坡)私人有限公司 Policy modification in TSN systems
US11057491B1 (en) * 2020-07-17 2021-07-06 Snowflake Inc. Remote execution using a global identity
US20220036323A1 (en) * 2020-07-28 2022-02-03 International Business Machines Corporation Electronic wallet allowing virtual currency expiration date
US11457361B2 (en) * 2020-08-31 2022-09-27 T-Mobile Usa, Inc. Wireless network that discovers hotspots for cyberattacks based on social media data
US20220078209A1 (en) * 2020-09-08 2022-03-10 Cisco Technology, Inc. Enhanced trusted application manager utilizing intelligence from a secure access server edge (sase)
US11398902B2 (en) * 2020-09-10 2022-07-26 Cyborn Limited Systems and methods for non-deterministic multi-party, multi-user sender-receiver authentication and non-repudiatable resilient authorized access to secret data
US20210012282A1 (en) * 2020-09-25 2021-01-14 Intel Corporation Decentralized data supply chain provenance
US20210081271A1 (en) * 2020-09-25 2021-03-18 Intel Corporation Dynamic tracing control
US11546368B2 (en) * 2020-09-28 2023-01-03 T-Mobile Usa, Inc. Network security system including a multi-dimensional domain name system to protect against cybersecurity threats
US11496522B2 (en) * 2020-09-28 2022-11-08 T-Mobile Usa, Inc. Digital on-demand coupons for security service of communications system
US11983522B2 (en) * 2020-10-30 2024-05-14 Ayla Networks, Inc. Edge-based intelligence for over the air update

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140123265A1 (en) * 2012-10-12 2014-05-01 Citrix Systems, Inc. Single Sign-On Access in an Orchestration Framework for Connected Devices
US20160171479A1 (en) * 2014-12-12 2016-06-16 Gyan Prakash Provisioning platform for machine-to-machine devices
US20160337346A1 (en) * 2015-05-12 2016-11-17 Citrix Systems, Inc. Multifactor Contextual Authentication and Entropy from Device or Device Input or Gesture Authentication
US20190334869A1 (en) * 2018-04-27 2019-10-31 Cloudflare, Inc. Protecting Internet of Things (IoT) Devices at the Network Level
WO2020133467A1 (en) * 2018-12-29 2020-07-02 华为技术有限公司 Method for smart home appliance to access network and related device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP4241519A4 *

Also Published As

Publication number Publication date
EP4241519A4 (en) 2024-04-03
CN116438885A (en) 2023-07-14
US20220141658A1 (en) 2022-05-05
EP4241519A1 (en) 2023-09-13

Similar Documents

Publication Publication Date Title
US11838841B2 (en) System, apparatus and method for scalable internet of things (IOT) device on-boarding with quarantine capabilities
US11153754B2 (en) Devices, systems and methods for connecting and authenticating local devices to common gateway device
EP2888855B1 (en) Systems and methods for lock access management using wireless signals
US9763094B2 (en) Methods, devices and systems for dynamic network access administration
US20160183092A1 (en) Online account access control by mobile device
US20130212653A1 (en) Systems and methods for password-free authentication
US9178874B2 (en) Method, device and system for logging in through a browser application at a client terminal
JP2018517367A (en) Service provider certificate management
US10708769B2 (en) Cloud assisted accessory pairing
US20240031352A1 (en) Mobile device enabled desktop tethered and tetherless authentication
WO2006073008A1 (en) Login-to-network-camera authentication system
US9661000B2 (en) Communication apparatus, communication system, method of controlling communication apparatus, and storage medium
EP3404528B1 (en) Information processing system, control method, and storage medium therefor
WO2014205956A1 (en) Terminal peripheral control method, m2m gateway, and communications system
CN111492358B (en) Device authentication
EP2741465A1 (en) Method and device for managing secure communications in dynamic network environments
US20220141658A1 (en) One-time wireless authentication of an internet-of-things device
US20180198625A1 (en) Method and authentication system for automatic re-authentication
CN113489695B (en) Private cloud networking method, device, system, computer equipment and storage medium
KR20180034199A (en) Unified login method and system based on single sign on service
US11991174B2 (en) Authentication system with an automatic authentication mechanism and automatic authentication method
JP7305072B1 (en) Method and system
WO2024050754A1 (en) Method for starting client, first device, configuration device, and cloud platform
US20240098176A1 (en) Voice call identification and authentication based on application usage
WO2024073120A1 (en) System and method of imaged based login to an access device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21889773

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2021889773

Country of ref document: EP

Effective date: 20230605