公开(公告)号：US20170214664A1

公开(公告)日：2017-07-27

申请号：US15413762

申请日：2017-01-24

Applicant: Google Inc.

Inventor： Arnar Birgisson ,  Bo Zhu ,  Yevgeniy Gutnik

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32

CPC classification number: H04L63/0428 ,  H04L9/0869 ,  H04L9/3247 ,  H04L63/10 ,  H04L2209/24 ,  H04W12/06 ,  H04W12/08 ,  Y02D70/142 ,  Y02D70/144 ,  Y02D70/164 ,  Y02D70/166 ,  Y02D70/26

Abstract: The disclosed embodiments include computerized methods, systems, and devices, including computer programs encoded on a computer storage medium, for establishing secure wireless communications sessions involving low-power devices. A client device may discover a low-power resource device operating within a wireless network. Upon discovery, the client and resource devices may establish mutual randomness, and establish mutual possession of a shared cryptographic key. The resource device may, in some aspects, provide data proving its knowledge of an authentication tag of a local authentication token held confidentially by the client device. If the resource device proves its knowledge of the client device's authentication tag, the client and resource device may establish a secure communication session and generate session keys for subsequent communications.

公开(公告)号：US20170223005A1

公开(公告)日：2017-08-03

申请号：US15392316

申请日：2016-12-28

Applicant: Google Inc.

Inventor： Arnar Birgisson ,  Yevgeniy Gutnik ,  Bo Zhu ,  Vitaly Buka ,  Jason Reid Ederle ,  Alexey Semenov ,  Mackenzie Lee Jacoby ,  Vikas Gupta

IPC: H04L29/06

CPC classification number: H04L63/083 ,  G07C9/00174 ,  G07C2009/00769 ,  G07C2209/04 ,  H04L63/0807 ,  H04L63/101 ,  H04L2012/2841 ,  H04W4/70 ,  H04W4/80 ,  H04W12/08

Abstract: The disclosed embodiments include computerized methods, systems, and devices, including computer programs encoded on a computer storage medium, for device authentication. For example, the resource device may generate and maintain master access tokens, which may be transmitted to a computing system. The computing system may receive, from a device of an owner of the resource device, data granting a client device limited access to the resource device in accordance with various access restrictions. The computing system may generate and provide to the client device a limited version of the master access token that specifies the access restrictions. The client device may present the local access token to the resource device over a direct wireless connection, and the resource device may verify the token and grant the requested access without communication with the computing system.