Method and apparatus for optimized access of security credentials via mobile edge-computing systems
US-10452824-B2 · Oct 22, 2019 · US
Systems and methods for managing device association
US11979392B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11979392-B2 |
| Application number | US-201715651762-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 17, 2017 |
| Priority date | Jul 17, 2017 |
| Publication date | May 7, 2024 |
| Grant date | May 7, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method and system for managing device association and access is disclosed. Some embodiments may include receiving, from a user device, a request to access a network device. The request may include a public key of the user device. The request may include a digital certificate, wherein the digital certificate may include the public key of the user device. A distributed database address of the user device may be determined by applying a deterministic function to the public key of the user device. A distributed database entry may include the address of the user device. A distributed database entry may be generated. The distributed database entry may include the address of the user device. Based on the address of the user device, access to the network device may be granted to the user device.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method comprising: receiving, by a computing device and from a user device, a request to access a destination device, wherein the computing device has authority to grant access to the destination device, and wherein the request comprises a digital certificate comprising one or more unique identifiers of the user device; validating, based on the one or more unique identifiers of the user device, the digital certificate; determining, based on the digital certificate, an address of the user device; determining to grant the user device access to the destination device; generating, based on the determining to grant the user device access to the destination device, a distributed database entry comprising an address of the destination device, the address of the user device, and a digital signature associated with the computing device; and transmitting, to the user device, a public key of the destination device and a locator of the destination device on a network, wherein the locator of the destination device comprises a network address of the destination device. 2. The method of claim 1 , wherein the digital certificate comprises a public key of the user device. 3. The method of claim 2 , wherein determining the address of the user device comprises applying at least a deterministic function to the public key of the user device. 4. The method of claim 1 , wherein the generated distributed database entry comprises a blockchain transaction; and wherein the generating the distributed database entry comprises transmitting the blockchain transaction to a blockchain network. 5. The method of claim 1 , wherein the generated distributed database entry further comprises an indication of a time limit on access to the destination device. 6. The method of claim 1 , wherein information indicative of an association between the computing device and the destination device is stored in a distributed database entry created prior to the generated distributed database entry. 7. The method of claim 1 , wherein a distributed database comprising the generated distributed database entry, the computing device, and the destination device are associated with a common entity, and wherein the common entity comprises one of a user, a household, or a service provider. 8. A system comprising: a destination device; and an intermediary device authorized to grant access to the destination device, wherein the intermediary device is configured to: receive, from a user device, a first request to access the destination device, wherein the first request comprises a certificate of the user device and a public key of the user device and wherein the certificate comprises one or more unique identifiers of the user device; validate, based on the one or more unique identifiers of the user device, the certificate; determine, by applying at least a deterministic function to the public key of the user device, an address of the user device; determine, based on the address of the user device, to grant the user device access to the destination device; generate, based on the determining to grant the user device access to the destination device, a distributed database entry comprising an address of the destination device, the address of the user device, and a digital signature associated with the intermediary device; and transmit, to the user device, a public key of the destination device and a locator of the destination device on a network, wherein the locator of the destination device comprises a network address of the destination device; and wherein the destination device is configured to: receive, from the user device, a second request to access the destination device, wherein the second request comprises the public key of the user device; determine, by applying at least the deterministic function to the public key of the user device, the address of the user device; access, using the address of the user device, the distributed database entry; and grant, based on the distributed database entry, the user device access to the destination device. 9. The system of claim 8 , wherein the intermediary device is associated with a distributed database; and wherein the intermediary device is configured to determine to grant the user device access to the destination device further based on a second distributed database entry comprising an indication that the user device is associated with the distributed database. 10. The system of claim 8 , wherein the intermediary device is configured to create additional distributed database entries comprising identifiers of devices associated with the intermediary device. 11. The system of claim 8 , wherein the destination device is configured to grant, based on the generated distributed database entry, the user device access to the destination device by enabling the user device to control or use a functionality of the destination device. 12. The system of claim 8 , wherein the destination device is configured to: receive an indication of a device associated with the destination device; generate, responsive to receiving the indication of the associated device, a private key and a public key of the associated device; and generate a new distributed database entry comprising an identifier of the associated device. 13. The system of claim 8 , further comprising the user device configured to: transmit, to the intermediary device, the first request to access the destination device, the first request comprising the public key of the user device; receive, from the intermediary device, the public key of the destination device and the locator of the destination device on the network; connect, using the locator, to the destination device; and responsive to the destination device granting the user device access, accessing the destination device. 14. The system of claim 8 , wherein at least one of the intermediary device or the destination device comprises a mobile device, a mobile application, or an Internet of Things (IoT) device. 15. The system of claim 8 , wherein information indicative of an association between the intermediary device and the destination device is stored in a distributed database entry created prior to the generated distributed database entry. 16. The system of claim 8 , wherein a distributed database comprising the generated distributed database entry, the computing device, and the destination device are associated with a common entity, and wherein the common entity comprises one of a user, a household, or a service provider. 17. A computing device comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the computing device to receive, from a user device, a request to access a destination device, wherein the request comprises a certificate of the user device and a public key of the user device and wherein the certificate comprises one or more unique identifiers of the user device; validate, based on the one or more unique identifiers of the user device, the certificate; determine, based on certificate the one or more unique identifiers, an identity of the user device; determine, by applying at least one hash function to the public key, an address of the user device; determine, based on the identity of the user device, to grant the user device access to the destination device; generate, based on determining to grant the user device access to the destination device, a distributed database entry comprising the address of the destination device, an indication o
Assignees
Inventors
Classifications
- H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor · CPC title
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
when the policy decisions are valid for a limited amount of time · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11979392B2 cover?
- A method and system for managing device association and access is disclosed. Some embodiments may include receiving, from a user device, a request to access a network device. The request may include a public key of the user device. The request may include a digital certificate, wherein the digital certificate may include the public key of the user device. A distributed database address of the u…
- Who is the assignee on this patent?
- Comcast Cable Comm Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 07 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).