Systems and Methods for Providing Automated Access to Resources of Computer Systems
US-2024430261-A1 · Dec 26, 2024 · US
Multi-tiered authentication methods for facilitating communications amongst smart home devices and cloud-based servers
US9237141B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9237141-B2 |
| Application number | US-201313969172-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 16, 2013 |
| Priority date | Sep 22, 2012 |
| Publication date | Jan 12, 2016 |
| Grant date | Jan 12, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Apparatus, systems, methods, and related computer program products for synchronizing distributed states amongst a plurality of entities and authenticating devices to access information and/or services provided by a remote server. Synchronization techniques include client devices and remote servers storing buckets of information. The client device sends a subscription request to the remote serve identifying a bucket of information and, when that bucket changes, the remote server sends the change to the client device. Authentication techniques include client devices including unique default credentials that, when presented to a remote server, provide limited access to the server. The client device may obtain assigned credentials that, when presented to the remote server, provide less limited access to the server.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of authenticating a client device, comprising: receiving, at a registration server, first device credentials from the client device, the first device credentials including a secret generated by a third party that is unique to the client device; determining, by the registration server, whether the first device credentials are valid; determining, by the registration server, whether receiving the first device credentials from the client device is an initial registration contact involving the first device credentials or a subsequent registration contact involving the first device credentials; when it is determined that the first device credentials are valid and that receiving the first device credentials from the client device is an initial registration contact: generating, by the registration server, second device credentials, wherein the second device credentials are accessible to a synchronization server; and communicating the second device credentials to the client device; when it is determined that receiving the first device credentials is a subsequent registration contact involving the first device credentials: determining whether a user account is already paired with a client device that previously provided the first device credentials to the registration server; and when it is determined that the user account is already paired with the client device that previously provided the first device credentials, unpairing the user account from the client device that previously provided the first credentials. 2. The method of claim 1 , further comprising: determining, by the registration server, whether a rate at which first device credentials have been received from the client device exceeds a preset rate; and when it is determined that the rate at which first device credentials have been received from the client device exceeds the preset rate, denying the client device access to the registration server. 3. The method of claim 1 , further comprising: receiving, by the synchronization server, the second device credentials from the client device; determining, by the synchronization server, whether the received second device credentials are valid; and when it is determined that the second device credentials are valid, granting, by the synchronization server, the client device access to secured resources. 4. The method of claim 3 , wherein determining whether the received second device credentials are valid includes: comparing the received second device credentials to previously stored second device credentials; and determining that the received second device credentials are valid when the received second device credentials match the previously stored second device credentials. 5. The method of claim 3 , wherein determining whether the received second device credentials are valid includes: determining whether the received second device credentials match recently assigned second device credentials; and when the received second device credentials match the recently assigned second device credentials, determining that the received second device credentials are valid. 6. The method of claim 5 , wherein determining whether the received second device credentials are valid further includes: when the received second device credentials do not match the recently assigned second device credentials: determining whether the received second device credentials match previously assigned second device credentials, the previously assigned second device credentials having been assigned to the client device prior to the recently assigned second device credentials; when the received second device credentials do not match the previously assigned second device credentials, determining that the received second device credentials are invalid; and when the received second device credentials match the previously assigned second device credentials: sending the recently assigned second device credentials to the client device; and determining that the received second device credentials are valid. 7. The method of claim 5 , wherein determining whether the received second device credentials are valid includes: extracting an assigned secret from the received second device credentials; hashing the assigned secret resulting in a received hashed secret; determining whether the received hashed secret matches a pre-stored hash of recently assigned second device credentials; and when the received hashed secret matches the pre-stored hash of the recently assigned second device credentials, determining that the received second device credentials are valid. 8. The method of claim 7 , wherein determining whether the second device credentials are valid further includes: when the received hashed secret does not match the pre-stored hash of the recently assigned second device credentials: determining whether the received hashed secret matches a pre-stored hash of previously assigned second device credentials, the previously assigned second device credentials having been assigned to the client device prior to the recently assigned second device credentials; when the received hashed secret does not match the pre-stored hash of the previously assigned second device credentials, determining that the received second device credentials are invalid; and when the received hashed secret matches the pre-stored hash of the previously assigned second device credentials, determining that the received second device credentials are valid. 9. The method of claim 8 , further comprising: when the received hashed secret matches the pre-stored hash of the previously assigned second device credentials: decrypting an encrypted version of the recently assigned credentials resulting in a decrypted version of the recently assigned credentials, the encrypted and decrypted versions of the recently assigned credentials being stored on at least one storage device associated with the synchronization server; sending the decrypted version of the recently assigned credentials to the client device; and after sending the decrypted version of the recently assigned credentials to the client device, deleting the decrypted version of the recently assigned credentials from the at least one storage device associated with the synchronization server. 10. A registration server comprising: one or more processors; and one or more memory devices comprising instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising: receiving, at the registration server, first device credentials from the client device, the first device credentials including a secret generated by a third party that is unique to the client device; determining, by the registration server, whether the first device credentials are valid; determining, by the registration server, whether receiving the first device credentials from the client device is an initial registration contact involving the first device credentials or a subsequent registration contact involving the first device credentials; when it is determined that the first device credentials are valid and that receiving the first device credentials from the client device is an initial registration contact: generating, by the registration server, second device credentials, wherein the second device credentials are accessible to a synchronization server; and communicating the second device credentials to the client device; when it is determined that receiving the first device credentials is a subsequent registration contact involving the first device credentials: determining whether a user account is already paired with a client
Assignees
Inventors
Classifications
- H04L63/10Primary
for controlling access to devices or network resources · CPC title
providing single-sign-on or federations · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
User authentication · CPC title
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9237141B2 cover?
- Apparatus, systems, methods, and related computer program products for synchronizing distributed states amongst a plurality of entities and authenticating devices to access information and/or services provided by a remote server. Synchronization techniques include client devices and remote servers storing buckets of information. The client device sends a subscription request to the remote serve…
- Who is the assignee on this patent?
- Google Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/10. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 12 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).