MULTI-LEVEL USER DEVICE AUTHENTICATION SYSTEM FOR INTERNET OF THINGS (IOT)

Abstract

The present invention describes the user authentication system comprising of multiple levels of security which is used to authorize the user. The system uses more than one levels of authentication process which receives the credentials from the user and authorizes them to allow access to the IoT devices which are used by the user.

The connected devices represent individual targets for the cyber-criminals who 20 would hack the devices to retrieve the secure information of the users. Such insecurities about the IoT devices and the system are eliminated by using the multiple level user authentication system which is described in the present invention.

Claims

1. A user authentication system comprising: memory, of a first device, configured to store computer-executable instructions, and at least one computer processor, of the first device, configured to access the memory and execute the computer-executable instructions to: receive, at the first device, a request from a second device for access to information, the second device being an Internet of Things (IoT) device; request a user identification (ID) from the second device; receive the user ID from the second device; determine a third device associated with the user ID; send a first message to the third device associated with the user ID, the first message requesting biometric authentication on the third device using biometric information; receive a second message from the third device, the second message confirming the biometric authentication performed on the third device was successful; and grant access to the information to the second device based on the second message from the third device.

2. The authentication system of claim 1, wherein the at least one computer processer is further configured to access the memory and execute the computer-executable instructions to: determine a user profile associated with the user ID; and determine the third device is associated with the user profile.

3. The authentication system of claim 2, wherein the user profile is also associated with the second device.

4. The authentication system of claim 1, wherein the user ID is a phone number.

5. The authentication system of claim 1, wherein the biometric information obtained on the second device is a fingerprint or an iris scan.

6. The authentication system of claim 1, wherein the user ID comprises a username, and wherein the at least one computer processer is further configured to access the memory and execute the computer-executable instructions to: request a passcode from the second device; and receive a passcode from the second device.

7. The authentication system of claim 6, wherein the at least one computer processer is further configured to access the memory and execute the computer-executable instructions to determine the passcode matches the username.

8. The authentication system of claim 1, wherein the at least one computer processer is further configured to access the memory and execute the computer-executable instructions to: request a username and a passcode from the second device; and receive the username and the passcode from the second device.

9. The authentication system of claim 8, wherein the at least one computer processer is further configured to access the memory and execute the computer-executable instructions to determine the passcode matches the username.

10. The user-device authentication system of claim 1, wherein the request for access to information comprises one or more of a request for access to health information, fitness information, or entertainment information.

11. A method for user authentication comprising: receiving, at a first device, a request from a second device for access to information, the second device being an Internet of Things (IoT) device; requesting a user identification (ID) from the second device; receiving the user ID from the second device; determining a third device associated with the user ID; sending a first message to the third device associated with the user ID, the first message requesting biometric authentication on the third device using biometric information; receiving a second message from the third device, the second message confirming the biometric authentication performed on the third device was successful; and granting access to the information to the second device based on the second message from the third device.

12. The method of claim 11, further comprising: determining a user profile associated with the user ID; and determining the third device is associated with the user profile.

13. The method of claim 12, wherein the user profile is also associated with the second device.

14. The method of claim 11, wherein the user ID is a phone number.

15. The method of claim 11, wherein the biometric information obtained on the second device is a fingerprint or an iris scan.

16. The method of claim 11, wherein the user ID comprises a username, the further comprising: requesting a passcode from the second device; and receiving a passcode from the second device.

17. The method of claim 16, further comprising determining the passcode matches the username.

18. The method of claim 11, further comprising: requesting a username and a passcode from the second device; and receiving the username and the passcode from the second device.

19. The method claim 18, further comprising determining the passcode matches the username.

20. The method of claim 11, wherein the request for access to information comprises one or more of a request for access to health information, fitness information, or entertainment information.

Description

BRIEF DESCRIPTION OF DRAWING

[0019] FIG. 1 is a block diagram illustrating the Cloud connectivity model of the Internet of Things (IoT)

[0020] FIG. 2 is a block diagram illustrating the FOG connectivity model of the Internet of Things (IoT)

[0021] FIG. 3 is a block diagram illustrating the user authentication process for the Internet of Things (IoT) device.

[0022] FIG. 4 is a block diagram illustrating the user authentication process based on the user login credentials wherein the user login credential is system time.

[0023] FIG. 5 is a block diagram illustrating the user authentication process based on the user login credentials wherein the user login credential is Internet based variable

[0024] FIG. 6 is a block diagram illustrating the user authentication based on telephone number provisioned to IoT and biometric profile in user's device.

DETAILED DESCRIPTION OF THE INVENTION

[0025] The present invention describes the user authentication system and protocol comprising of multiple levels of security which is used to authorize the user to overcome the drawbacks of the prior art. The present invention uses more than one levels of authentication process to authenticate the user and provide them the access to their IoT devices. More particularly, it provides the system, method, computer readable mediums for authentication with a pass code that uses a changing parameter in user-define formula.

[0026] The IoT basically is divided into two connectivity models which include Cloud Model and Fog Model. In the cloud model, each IoT devices are directly connected to the server via the internet whereas in the Fog model, the IoT devices are connected to an intermediate device called router or gateway which is further connected to the cloud server.

[0027] FIG. 1, illustrates the block diagram for Cloud model 103 which is one of connectivity models for IoT. The Cloud model is the connectivity system that enables ubiquitous access to shared pools of configurable system resources that can be provisioned with minimal efforts, over the Internet. In the present invention Cloud model is used as the connectivity means for Internet of Things (IoT).

[0028] The model describes that the various IoT devices like IoT1 104, IoT2 104a and IoT3 104b are connected to the Cloud which is connected to the server 102. In this model, the IoT devices are directly connected to the server 102 via internet. The user 101 is connected to the whole cloud model. Another connectivity model which are used by the IoT devices is the Fog model

[0029] FIG. 2, illustrates the block diagram for FOG model which is one of connectivity models for IoT. The FOG model is the connectivity system that provides data, compute, storage and application services closer to client or near-user edge devices, such as network routers or gateways. In the present invention FOG model is used as the connectivity means for Internet of Things (IoT). In this FOG model, the IoT, unlike Cloud model, is not directly connected to the server 202 but are connected to an intermediate device called router or gateway 204.

[0030] The model describes that the IoT devices like IoT1 205, IoT2 205a, IoT3 205b, IoT4 205c and IoT5 205d are connected to an intermediate device called router or a gateway 204. The gateway or the router is connected to the cloud 203 which gives connectivity to the users 201. The present invention describes the connectivity models like Cloud model and the Fog model and the user authentication system involved along with the models.

[0031] The descriptions of the present invention provides the authentication process to authenticate the user to the IoT devices utilized by the user, such as authentication through ATM machine to a bank account, authentication through a mobile device to an email account and like.

[0032] FIG. 3, illustrates the process of user authentication to an IoT device, where it is shown that the authentication system of the present invention comprises two levels of authentication. First level, as seen in FIG. 1, involves server authentication 301 wherein the authentication is done by input of correct and valid username and password 302 credentials by the user. The second level of authentication is done either by the gateway or the device in the Fog model or by the device itself in the Cloud Model. The second level of authentication is carried out in various steps which are taken at time of each authentication in embedded systems. The authentication process includes six steps which authorizes the user by carefully analyzing all the provided data before granting access to the user. The first step of authentication includes provisioning each of the IoT device with a variable formula 303. The variable formula here is based on changing parameters like stock symbol, system time, high/low temperature of a city, variable value from cloud and like 304. The variable formula here is a mathematical formula which is defined by the user which is then provisioned with the IoT device. The mathematical formula includes a changing parameter with the variable (e.g., [changing parameter value]+2) as selected by the user. The second steps involves the synchronizing of the time at two ends 305 i.e the system time of the user's access device and the IoT device is synchronized. The third step is the fetching of value of the variable on both ends 306 wherein the value can be a stock symbol, system time, high/low temperature of the city, variable value from private cloud and like 307, this value is searched by the user and the IoT device through the internet server in the real time. The fourth step of user authentication involves computing a number 308 as defined by the user (+/−/%/*) to the variable which is based on the provisioning of the device 309, wherein the real time number or value of the changing parameter fetched in the step three is substituted in the variable formula as defined by the user and the specific value is obtained. The fifth step of the user authentication includes comparing and confirming the resulting code or the value obtained in step four by IoT device 310. This is done for the end seeking authentication. The sixth step includes the matching of the two end results followed by granting access 311 to the user wherein the communication between the user and the IoT device can commence 312.

[0033] FIG. 4 is a block diagram illustrating the user authentication process based on the user login credentials wherein the user login credential is system time. The user—login credential are provided during sign-up in the IoT device. As shown in FIG. 4, the user login credential is system time 401, wherein the login code 402 is send to the server 403 since the two ends are time synchronized. The server 403 passes this login code to the IoT embedded device 404 which has its own device passcode provisioned. The matching of login code and device passcode 405, authenticates the user thus granting the access 406 to establish the communication.

[0034] FIG. 5 is a block diagram illustrating the user authentication process based on the user login credentials wherein the user login credential is internet based variable. As shown in the FIG. 5, the internet based variable is stock symbol 501, the IoT is provisioned with the variable like stock symbol 502. This stock symbol 501 is sent to the server 505 by the IoT device 503 and user 504. The matching of the stock symbol I received from IoT device 503 and user 504 is carried out at the server 505. If these stock symbols are matched at both ends, the value of the stock 506 is send by the server 505 to the IoT device 503 and the user 504. The user 504 now operates on the received value based on the set up of the login and generates the final value 507 that is then forwarded to the server 505. The server 505 then sends this value to the IoT device 503. The matching of the number values 508 is carried out. The IoT device validates the final value received with the user. If the number value sent to the IoT device matches with value generated by the IoT device itself, the access is granted 509 that establishes the communication.

[0035] The internet based variable as described in the FIG. 5 is a changing parameter which can include a stock or index value at given time, number of points scored by the favorite team, a calendar value or a temperature of specified location and like. This changing parameter strengthens the user-defined formula used as the login credential thus increasing the security of the transaction or communication.

[0036] FIG. 6 is a block diagram illustrating the user authentication based on telephone number provisioned to IoT and biometric profile in user's device wherein the user logins through username and password 601. The user ID used here is linked to the telephone number of the user or the user ID is the telephone number of the user itself. In the second level, the username and password is sent to server/IoT/gateway 602. At the server/IoT/gateway the telephone number of the user is asked 603, which is then send by the user 610 to the server/IoT/gateway 602. The received telephone number is matched with the telephone number provisioned with the server/IoT/gateway 604. If the phone number is matched, the message is sent to the user for authentication 605. This message is received by the user's device which has the application for authentication 606. The biometric authentication of the user is done through the biometric profile of the user on the users device application 607. The device sends the Yes or No message to the server/IoT/gateway about the validation of the authentication 608. At last, if the validation is complete, the permission is granted to access the IoT 609.

[0037] Once the two levels of user authentication is successful, the user is granted access to the IoT device who can retrieve information from the Cloud server. This system of user authentication with high security enables the users to store their sensitive information more safely in the Cloud server and the transactions made by the users also remain secure.

[0038] This process of user authentication can be used in various IoT applications like connected wearable with sensors and software which collect data and information about the user that is later pre-processed to extract essential insights about user. The information is mainly pertaining to health, fitness or entertainment. The present invention can be used to store and share this information with IoT in more secured manner.

[0039] Another IoT application is the smart homes wherein the user is able to access his air-conditioning, light switches, gadget switches and door locks even when the user is not at home. However this requires the secured authentication and connection with the user which can be provided by the process of user authentication described in the present invention.

[0040] Another IoT application which requires the most secure connection, is the connected cars wherein the user is able to control the various operations of the car through connected wearable or mobile phone. This requires the correct user authentication to ensure that the car is controlled by the original owner. The present invention will establish the secure connection between the owner and the car control system.

EXAMPLE 1

[0041] In the given invention the first level of authentication is through username or user ID and a password as provided by the user. In one embodiment of the present invention, the user ID is linked to the user's phone number. The user ID here can be the user's phone number itself. In the second level of authentication, the IoT device is pre-programmed or provisioned with the variable formula as defined by the user, wherein the variable formula is a mathematical formula. The variable formula includes a changing parameter which can be a stock symbol, a temperature of a particular city, system time etc. During pre-programming of the IoT device, the user is provided with the changing parameter options, from which the user selects the one. In the next step of provisioning, the user selects the operation (+/−/%/*) and the variable of the formula. This variable formula as defined by the user is then pre-programmed to the IoT device accordingly. For the subsequent authentication of the user, the IoT device asks for the value according to the provisioned variable formula.

EXAMPLE 2

[0042] The multilevel authentication system of the present invention can be explained by taking an example of a specific changing parameter, e.g, Stock symbol. The stock symbol is the changing parameter as selected by the user for provisioning the IoT device. The stock symbol selected here for example is MFST. In addition, the user may configure the IoT to add or subtract, or multiply or divide the value of the stock with some other number to increase the complexity. E.g., MSFT4-5 as the variable used for configuring the IoT. During authentication, IoT sends the stock symbol to the server to fetch the stock value at that time (if trading is going on or the last trading value if no active trading) and user does the same by sending to the server the stock symbol. The server ensures the stock symbol received from the IoT and user are the same. If it is same, server fetches the value of the stock and sends that value to the IoT and user. The IoT and user calculates and sends the final value based on the configuration of the IoT. IoT does the same calculations and if the final value sent by the user matches with the final value by the IoT, the IoT gives the access to the user. The matching and calculations can be done in the IoT or server or gateway.

[0043] There are other variables instead of stock symbol as shown by the following examples:

[0044] IoT is configured with the city such as Boston. IoT sends the name of the city to the server. IoT and user sends the server name of the city. Server gets the temperature of the city such as High and Low for the day which will be 50/30. The IoT and user take that number to be 5030 and performs some additional function based on the configuration and calculates the final number. 5030+5=5035. If IoT receives the final number to be 5035 from the user, the user is granted access to the IoT.

[0045] For system time, the user reads its device time such as 11:46 and does additional function if required. Such as 1146+5=1151. User sends this code to the IoT and IoT also knows the system of the user device as both ends are synchronized. If 1151 is received by the IoT, the access is granted.

MULTI-LEVEL USER DEVICE AUTHENTICATION SYSTEM FOR INTERNET OF THINGS (IOT)

Inventors

Cpc classification

Classification Explorer

H04L63/083

ELECTRICITY

Classification Explorer

H04W12/06

ELECTRICITY

Classification Explorer

H04L63/105

ELECTRICITY

Classification Explorer

H04L2463/121

ELECTRICITY

Classification Explorer

H04W12/65

ELECTRICITY

Classification Explorer

G06F2221/2113

PHYSICS

Classification Explorer

H04W12/61

ELECTRICITY

Classification Explorer

H04L63/0861

ELECTRICITY

Classification Explorer

G06F21/32

PHYSICS

Classification Explorer

H04W4/70

ELECTRICITY

Classification Explorer

G06F21/31

PHYSICS

International classification

Classification Explorer

H04L29/06

ELECTRICITY

Classification Explorer

G06F21/31

PHYSICS

Classification Explorer

G06F21/32

PHYSICS

Classification Explorer

H04W12/06

ELECTRICITY

Classification Explorer

H04W4/70

ELECTRICITY

Abstract

Claims

Description