Patent Grant
12028335
The present invention relates to internet of things (IoT). More particularly, the present invention relates to the user authentication system developed for the internet of things.
The Internet of Things (IoT) has also been called the next Industrial Revolution. The internet of things will have huge impact on the way all businesses, governments, and consumers interact with the physical world.
The Internet of Things (IoT) particularly refers to uniquely identifiable devices and their representations in Internet. The concept of IoT devices includes the well-connected devices which are capable of communicating with a server or with a mobile application via a network connection.
According to business intelligence survey, there will be 34 billion devices connected to the internet by 2020 which was 10 billion devices in 2015. Total IoT devices will account for 24 billion devices and the traditional computing devices including smartphones, tablets, smart watches etc. will comprise 10 billion devices. The businesses which adopt IoT solutions can improve their bottom line in three ways including lowering operating costs, increasing productivity and expanding to new markets or developing new product offerings.
When various businesses uses the IoT solutions, the IoT must be secure in order for its feature to be utilized. The IoT devices like smartphones have to be secured and the data which is being shared and the transactions being done have to be secured so that the sensitive information is not leaked. It is the fundamental requirement of today's human-centric internet that we must be able to know whom we are dealing with when transactions are done using the smartphones.
In current internet system, the websites authenticates their users by requiring a password and browsers authenticate web sites through the Secure Sockets Layer protocol. Unfortunately the passwords are not secure enough for the IoT authentication as they can be easily hacked. This makes the internet network more susceptible for data breaches which has a real threat for infringing on personal privacy, security and data. The sensitive data has to be safeguarded in this rapidly expanding network of connected devices which needs the development of a secure authentication system which is safe to use.
In the wider context of IoT, this idea of user or device authentication becomes ever more prevalent. For example, when a user wants to unlock the connected car with the smartphone, they have to reassure that only the user or the owner is authorized to do so. This process means to ensure the users of the IoT device that they have the authorized credentials to access the information.
One of the ways which are used in tackling this problem of false user authentication is through biometric data which includes unique means of identification such as fingerprints and iris scans that are incredibly difficult to replicate. The use of biometrics and behavioral biometrics like gestures, swipe and pattern predictions creates a superior level of user identification. This significantly increases the security credentials of the device and acts as a major barrier between hackers and their access to data. When the devices communicate in the IoT, the credentials embedded in the devices can not only secure network access and communication, but also support secure services such as virtual private networks, e.g. for software updates.
The best practices for IoT device protection requires the developers to understand all the potential vulnerabilities. Evaluation processes needs to cover the privacy, safety, and fraud, cyber-attacks and IP theft. The risk evaluation has to be done as the cybercriminals always find different ways to create the threats. Strong authentication, encryption and securely managed encryption keys also need to be included to secure information stored on the device and in motion. After developing a system which includes all the above mentioned features, the cyber-criminals still find ways to hack into the system to retrieve the sensitive information of the users which might cause heavy damage to the business of the users.
Therefore there is a need for a secure user authentication system which not only protects the data of the users but also carefully authorizes the user in every possible way which makes it difficult for the cybercriminals to hack into the system.
The primary object of the present invention is to provide a secure user authentication system for Internet of Things (IoT).
Another object of the present invention is to provide multiple levels of authentication for the Internet of Things (IoT).
The present invention describes the user authentication system comprising of multiple levels of security which is used to authorize the user. The system uses more than one levels of authentication process which receives the credentials from the user and authorize them to allow access to the IoT devices which are used by the user.
The connected devices represent individual targets for the cyber-criminals who would hack the devices to retrieve the secure information of the users. Such insecurities about the IoT devices and the system are eliminated by using the multiple level user authentication system which is described in the present invention.
The IoT has two connectivity models including Cloud model and Fog model. In the Cloud model, each IoT is directly connected to the server via the internet and in the Fog model, the IoT is not connected directly to the Cloud server but are connected to an intermediate device called router or gateway.
The present invention describes the user authentication system and the protocol which comprises of various levels of authentication of the user. The user authentication system comprises of two levels of authentication. The first level of authentication includes server authentication where the server authenticates the user which is typically done with the help of user name and password. The second level of authentication is done either by the gateway or the device in the Fog model or by the device itself in the Cloud model.
The second level of authentication is carried out using following steps which are taken at time of each authentication in embedded systems. The authentication process includes provisioning each of the IoT device with a variable formula based on the parameters like stock, system time, high or low temperature of the city and value of a variable from a Cloud; synchronizing time at the two ends; fetching the value on both ends for the same variable such as a stock symbol; system time, high/low weather temperature of a city, or a variable from a private Cloud; computing a number, as defined by the user (+/−/%/* etc) to the variable, based on the provisioning of the URL/device; comparing and confirming the resulting code by the IoT device for the end seeking authentication and granting access, if results match and the two ends can commence communication.
Another embodiment of the present invention for multi-level authentication wherein the user ID is any chosen alpha numeric or email which is linked to the mobile phone number or user ID; the user ID here can be the phone number itself. For the second level authentication, when the user logins with user name and password, the server or gateway or IoT asks for the telephone number from the user. If the user number matches the number provisioned either in server or gateway or IoT, the system sends a message to the user to authenticate. The user has an application on its device such as mobile phone or tablet or other PC which authenticates the user based on biometric profile created on such personal device. The user device receives the notification of authentication from the IoT or server or gateway. Once the user is authenticated by the personal device, the device sends a yes or no message if the user is authenticated or not and that message is sent to the IoT or gateway or server. The permission to the IoT is granted once the user is authenticated and the yes is received at the IoT or server or gateway side.
The present invention describes the user authentication system and protocol comprising of multiple levels of security which is used to authorize the user to overcome the drawbacks of the prior art. The present invention uses more than one levels of authentication process to authenticate the user and provide them the access to their IoT devices. More particularly, it provides the system, method, computer readable mediums for authentication with a pass code that uses a changing parameter in user-define formula.
The IoT basically is divided into two connectivity models which include Cloud Model and Fog Model. In the cloud model, each IoT devices are directly connected to the server via the internet whereas in the Fog model, the IoT devices are connected to an intermediate device called router or gateway which is further connected to the cloud server.
The model describes that the various IoT devices like IoT1 104, IoT2 104a and IoT3 104b are connected to the Cloud which is connected to the server 102. In this model, the IoT devices are directly connected to the server 102 via internet. The user 101 is connected to the whole cloud model. Another connectivity model which are used by the IoT devices is the Fog model
The model describes that the IoT devices like IoT1 205, IoT2 205a, IoT3 205b, IoT4 205c and IoT5 205d are connected to an intermediate device called router or a gateway 204. The gateway or the router is connected to the cloud 203 which gives connectivity to the users 201. The present invention describes the connectivity models like Cloud model and the Fog model and the user authentication system involved along with the models.
The descriptions of the present invention provides the authentication process to authenticate the user to the IoT devices utilized by the user, such as authentication through ATM machine to a bank account, authentication through a mobile device to an email account and like.
The internet based variable as described in the
Once the two levels of user authentication is successful, the user is granted access to the IoT device who can retrieve information from the Cloud server. This system of user authentication with high security enables the users to store their sensitive information more safely in the Cloud server and the transactions made by the users also remain secure.
This process of user authentication can be used in various IoT applications like connected wearable with sensors and software which collect data and information about the user that is later pre-processed to extract essential insights about user. The information is mainly pertaining to health, fitness or entertainment. The present invention can be used to store and share this information with IoT in more secured manner.
Another IoT application is the smart homes wherein the user is able to access his air-conditioning, light switches, gadget switches and door locks even when the user is not at home. However this requires the secured authentication and connection with the user which can be provided by the process of user authentication described in the present invention.
Another IoT application which requires the most secure connection, is the connected cars wherein the user is able to control the various operations of the car through connected wearable or mobile phone. This requires the correct user authentication to ensure that the car is controlled by the original owner. The present invention will establish the secure connection between the owner and the car control system.
In the given invention the first level of authentication is through username or user ID and a password as provided by the user. In one embodiment of the present invention, the user ID is linked to the user's phone number. The user ID here can be the user's phone number itself. In the second level of authentication, the IoT device is pre-programmed or provisioned with the variable formula as defined by the user, wherein the variable formula is a mathematical formula. The variable formula includes a changing parameter which can be a stock symbol, a temperature of a particular city, system time etc. During pre-programming of the IoT device, the user is provided with the changing parameter options, from which the user selects the one. In the next step of provisioning, the user selects the operation (+/−/%/*) and the variable of the formula. This variable formula as defined by the user is then pre-programmed to the IoT device accordingly. For the subsequent authentication of the user, the IoT device asks for the value according to the provisioned variable formula.
The multilevel authentication system of the present invention can be explained by taking an example of a specific changing parameter, e.g, Stock symbol. The stock symbol is the changing parameter as selected by the user for provisioning the IoT device. The stock symbol selected here for example is MFST. In addition, the user may configure the IoT to add or subtract, or multiply or divide the value of the stock with some other number to increase the complexity. E.g., MSFT4-5 as the variable used for configuring the IoT. During authentication, IoT sends the stock symbol to the server to fetch the stock value at that time (if trading is going on or the last trading value if no active trading) and user does the same by sending to the server the stock symbol. The server ensures the stock symbol received from the IoT and user are the same. If it is same, server fetches the value of the stock and sends that value to the IoT and user. The IoT and user calculates and sends the final value based on the configuration of the IoT. IoT does the same calculations and if the final value sent by the user matches with the final value by the IoT, the IoT gives the access to the user. The matching and calculations can be done in the IoT or server or gateway.
There are other variables instead of stock symbol as shown by the following examples:
IoT is configured with the city such as Boston. IoT sends the name of the city to the server. IoT and user sends the server name of the city. Server gets the temperature of the city such as High and Low for the day which will be 50/30. The IoT and user take that number to be 5030 and performs some additional function based on the configuration and calculates the final number. 5030+5=5035. If IoT receives the final number to be 5035 from the user, the user is granted access to the IoT.
For system time, the user reads its device time such as 11:46 and does additional function if required. Such as 1146+5=1151. User sends this code to the IoT and IoT also knows the system of the user device as both ends are synchronized. If 1151 is received by the IoT, the access is granted.
This application is a continuation of U.S. patent application Ser. No. 15/897,195, filed Feb. 15, 2018, now U.S. Pat. No. 11,115,403, which claims the benefit of priority to U.S. Provisional Application No. 62/461,221, filed on Feb. 21, 2017, the entire contents of each of which are incorporated herein by reference.
| Number | Name | Date | Kind |
|---|---|---|---|
| 7483984 | Jonker et al. | Jan 2009 | B1 |
| 7536304 | Di Mambro | May 2009 | B2 |
| 7894634 | Chung | Feb 2011 | B2 |
| 7941664 | Wheeler et al. | May 2011 | B2 |
| 7945034 | Gonen et al. | May 2011 | B2 |
| 8462920 | Gonen et al. | Jun 2013 | B2 |
| 8687038 | Gonen et al. | Apr 2014 | B2 |
| 8914855 | Whitmyer, Jr. | Dec 2014 | B2 |
| 9088556 | Truskovsky et al. | Jul 2015 | B2 |
| 9172699 | Vazquez | Oct 2015 | B1 |
| 9300792 | Gonen et al. | Mar 2016 | B2 |
| 9467443 | Mohan | Oct 2016 | B2 |
| 9762392 | Carrer et al. | Sep 2017 | B2 |
| 9767262 | Canavor et al. | Sep 2017 | B1 |
| 9860241 | Dixon et al. | Jan 2018 | B2 |
| 10021088 | Innes et al. | Jul 2018 | B2 |
| 10055575 | Adams et al. | Aug 2018 | B2 |
| 10146931 | Kronrod et al. | Dec 2018 | B1 |
| 10339293 | Yang et al. | Jul 2019 | B2 |
| 10491588 | Krishan | Nov 2019 | B2 |
| 10931667 | Krishan | Feb 2021 | B2 |
| 11115403 | Krishan | Sep 2021 | B2 |
| 20040193925 | Safriel | Sep 2004 | A1 |
| 20060104224 | Singh et al. | May 2006 | A1 |
| 20060183462 | Kolehmainen | Aug 2006 | A1 |
| 20070074038 | Arenburg et al. | Mar 2007 | A1 |
| 20080010674 | Lee | Jan 2008 | A1 |
| 20090042541 | Yi et al. | Feb 2009 | A1 |
| 20130179692 | Tolba et al. | Jul 2013 | A1 |
| 20130254856 | Krishan | Sep 2013 | A1 |
| 20140101453 | Senthurpandi | Apr 2014 | A1 |
| 20140173708 | Garlick | Jun 2014 | A1 |
| 20140189808 | Mahaffey et al. | Jul 2014 | A1 |
| 20140337930 | Hoyos et al. | Nov 2014 | A1 |
| 20150143490 | Fang | May 2015 | A1 |
| 20150278510 | Alexander | Oct 2015 | A1 |
| 20150294313 | Kamal et al. | Oct 2015 | A1 |
| 20150295930 | Dixon et al. | Oct 2015 | A1 |
| 20160014457 | Dua | Jan 2016 | A1 |
| 20160057136 | Wang | Feb 2016 | A1 |
| 20160063235 | Tussy | Mar 2016 | A1 |
| 20160269403 | Koutenaei | Sep 2016 | A1 |
| 20160359864 | Dhaliwal | Dec 2016 | A1 |
| 20160379220 | Tunnell et al. | Dec 2016 | A1 |
| 20170019390 | Gu | Jan 2017 | A1 |
| 20170076293 | Cage et al. | Mar 2017 | A1 |
| 20170085563 | Royyuru | Mar 2017 | A1 |
| 20170086069 | Liu | Mar 2017 | A1 |
| 20170142191 | Caldwell | May 2017 | A1 |
| 20170195319 | Gerber et al. | Jul 2017 | A1 |
| 20170201513 | Krempel et al. | Jul 2017 | A1 |
| 20170286656 | Kohli | Oct 2017 | A1 |
| 20170310663 | Krishan | Oct 2017 | A1 |
| 20180005209 | Ranganathan et al. | Jan 2018 | A1 |
| 20180075231 | Subramanian et al. | Mar 2018 | A1 |
| 20180176221 | Zhou et al. | Jun 2018 | A1 |
| 20180176222 | Bhaskar et al. | Jun 2018 | A1 |
| 20180183779 | Krishan | Jun 2018 | A1 |
| 20190066114 | Ross | Feb 2019 | A1 |
| 20190213430 | Schwartz | Jul 2019 | A1 |
| 20190222570 | Krishan | Jul 2019 | A1 |
| 20190268332 | Wang | Aug 2019 | A1 |
| 20190370583 | Van Os et al. | Dec 2019 | A1 |
| 20200358760 | Krishan | Nov 2020 | A1 |
| 20210400039 | Wang | Dec 2021 | A1 |
| Number | Date | Country |
|---|---|---|
| WO-2016145454 | Sep 2016 | WO |
| WO-2020219771 | Oct 2020 | WO |
| Entry |
|---|
| Agholor, et al., A Secured Mobile-Based Password Manager, 2016 Sixth International Conference on Digital Information Processing and Communications (ICDIPC), pp. 103-108, IEEE (Apr. 2016). |
| Faisca, et al., Decentralized Semantic Identity, Proceedings of the 12th International Conference on Semantic Systems, pp. 177-180 (Sep. 2016). |
| International Search Report & Written Opinion dated Sep. 14, 2020 in Int'l PCT Patent Appl. Serial No. PCT/US2020029650. |
| PCT International Search Report & Written Opinion dated Jun. 24, 2019 in Int'l. PCT Patent Appl. Serial No. PCT/US2019/013716. |
| Publication-3: A downloadable Plugin available to the general public at the Google Chrome Store. Four Screen Shots from the website, Published in Jan. 2015, Developed and published by iKeyPass, Inc. and was available for download to the general public since Jan. 2015, The Plugin can be currently viewed and downloaded at https://chrome.google.com/webstore/detail/byoa/nbnkenkheongccomnjibebdfjl- cpcefh?hl=en. |
| Publication-1: iKeyVault Website (formally under iKeyPass), Four Screen Shots (pages), Published in Oct. 2016, Developed and published by Janani Mohan, prior to launching a crowd funding campaign with the crowd funding site Indiegogo, in Q1/Q2 2017, and distributed to the general public. The website can be accessed at www.ikeyvault.com. |
| Publication-2: A Plugin for WordPress Administrators, Four Screen Shots (pages) from the website. First Published in Oct. 2014, Developed and published by iKeyPass, Inc. and was available for download to the general public since 2014, The Plugin can be currently viewed and downloaded at https://wordpress.org/plugins/search/ikeypass/. |
| Third-Party Submission Under 37 CFR 1.290 dated Feb. 11, 2018, filed with the U.S. Patent & Trademark Office against U.S. Patent Appl. U.S. Appl. No. 15/636,827 (3 pages). |
| Wang, et al., IDKeeper: A Web Password Manager with Roaming Capability Based on USB Key, 2012 International Conference on Industrial Control and Electronics Engineering, pp. 1228-1231, IEEE, (Aug. 2012). |
| Yang et al., Cloud Password Manager Using Privacy-Preserved Biometrics, 2014 International Conference on Cloud Engineering, IEEE, pp. 505-509 (Mar. 2014). |
| U.S. Appl. No. 16/118,416, filed Aug. 30, 2018. |
| U.S. Appl. No. 16/962,787, filed Jul. 16, 2020. |
| Yu, et al., Research on a Security Enhanced Three Factor Remote User Identity Authentication Scheme, Software Guide, vol. 16(12):188-193 (Dec. 2017) (English Abstract Only). |
| Number | Date | Country | |
|---|---|---|---|
| 20210400036 A1 | Dec 2021 | US |
| Number | Date | Country | |
|---|---|---|---|
| 62461221 | Feb 2017 | US |
| Number | Date | Country | |
|---|---|---|---|
| Parent | 15897195 | Feb 2018 | US |
| Child | 17466590 | US |
