Method and Apparatus for Managing Authentication in a Decentralized or Distributed Network of Cyber- Physical Systems

Abstract

A Method and Apparatus is disclosed for Multi-Agent Authentication in a decentralized or distributed network of Cyber-Physical Systems for the purpose of enhancing the overall Utility of Agency and Ownership. This Apparatus consists of an End Agent Authentication Device (an Authenticator) that is necessary in all authentication processes, and this invention defines an End Agent State Machine, and a set of nine distributed authentication processes that are enabled by this Authenticator. This Method acknowledged the ability for an Authenticated End Agent to have its Semantic Data Model managed by its Authenticated Owner. This Method enhances security and reduces complexity by allowing the Authenticator to execute these nine processes in both decentralized or distributed network configurations.

An Example of this Method and Apparatus in use is a scenario with an internet-connected non-Authenticator Device (a Non-Authenticator End Agent) in a commercial/retail location whereby the Owner (an Owner Interested Agent) of that Device, very likely the Owner of the commercial/retail location, has Authenticated that Device using their Authenticator (an Authenticator End Agent) on a Decentralized or Distributed Network. In this example, the owner has pre-defined the Semantics of that Device's End Agent Sub-Class(es), State Machine Sub-Classes (if any), and its Classes and Attributed of Service to commercial/retail customers in the Device's Semantic Data Model. As a function of that Semantic Data Model, the owner has defined the Sub-Classes of commercial/retail customers (Non-Owner Interested Agents) who have the Permission to Authenticate with the internet-connected Device, be served by the Device, and in certain circumstances even Control the Device, within the Parameters set by the Owner of that Device in the Device's Semantic Data Model. When this Non-Owner Authentication occurs, an Owner-defined limited-to-significant set of capabilities are made available by the End Agent to the Non-Owner Interested Agent without compromising the notion in the Semantic Data Model of Ownership, Control and/or Authentication.

Claims

1. A method and Apparatus for Establishing Multi-Agent Authentication in a decentralized or distributed network of cyber-physical systems.

2. The method of claim 1, further compromising of an Internet-Connected Device Authentication Process that manages Owners and Non-Owners in a Decentralized or Distributed Network of Agents with the aid of an Authenticator that is not directly connected to the internet, but instead interfaces with other Internet-Connected Devices.

3. The method of claim 1, further comprising of an Internet-Connected Device Authentication Process that understands between the owner of a Device, and a Non-Owner of that device.

4. The method of claim 1, consisting of a Data Model for a Network of Cyber-Physical Systems that treats devices and non-devices as Agents, and classifies device Agents as End Agents and non-device Agents as interested Agents.

5. The method of claim 1, wherein the Data Model for a Decentralized or Distributed Network of Cyber Physical Systems defines a Sub-Classification of End Agents as an Authenticator.

6. The method of claim 1, wherein the Data Model for a Decentralized or Distributed Network of Cyber Physical Systems defines a Sub-Classification of Interested Agent as Owner.

7. The method of claim 1, wherein the Data Model for a Decentralized or Distributed Network of Cyber Physical Systems defines a Utility Relationship between an Interested Agent and an End Agents that they are said to be the Owner as a function of their Utility.

8. The Apparatus of claim 1, wherein an End Agent State Machine that applies to both Authenticator and Non-Authenticator End Agents as a function of Pre-Registration, Authentication and Service Delivery.

9. The Apparatus of claim 1, comprising of an Authentication Process by an existing Authenticator of a new Authenticator for the purpose of Transferring Ownership of the new Authenticator to another Interested Agent.

10. The Apparatus of claim 1, comprising of an Authentication Process by an Authenticator of a new End Agent for its Owner.

11. The method of claim 1, wherein a Distributed Authentication Process whereby an Owner of an Authenticator can give their Authenticator to another Interested Agent who can Authenticate New End Items on behalf or the Authenticator's Owner and whereby Ownership is Inherited by the Owner and not the Interested Agent receiving the Authenticator.

12. The method of claim 1, comprising of an Authentication Process for an Owner to Transfer Ownership of an End Agent to another Owner.

13. The method of claim 1, comprising of an Authentication Process for Transferring an Authentication Record from one Authenticator to another Authenticator when all three End Agents are owned by the same owner.

14. The method of claim 1, compromising of a De-Authentication Process of an End Agent by their Owner with the Authenticator holding the Authentication Record.

15. The method of claim 1, compromising of a De-Authentication Process of an Authenticator with another Authenticator.

16. The method of claim 1, compromising of a De-Authentication Process of an Authentication that has no Authentication Records.

17. The method of claim 1, compromising of an Authentication process that allows Owners of End Agents to Specify any defined Sub-Class of Interested Agent that is able to Authenticate on the Owner's End Agent, and be served by that End Agent, without giving the ability for the Non-Owner Interested Agent to take Ownership or Full Control themselves.

18. The method of claim 1, comprising of the ability for the State Machine's States to be split into Sub-Classified States.

19. The method of claim 1, compromising of a trust or Authorization chain that can continue to grow given the method and apparatus of authorization that is stored on a disconnected Apparatus (Authenticator).

20. The method of claim 1, comprising of a trust or authorization chain that can continue to grow given the method and apparatus of authorization that is partially or fully broadcast when authorizations occur.

21. The method of claim 1, wherein there is a method for identifying an Interested Agent sub-classification and ownership status based on transmission between Non-Authenticators Devices and Authenticator Devices.

Description

BRIEF DESCRIPTION OF DRAWINGS

[0038] FIG. 1 shows three distinct types of Authentication Network Configurations: Centralized 001, Decentralized 006, and Distributed 028.

[0039] FIG. 2 shows two distinct authentication processes (101 and 102) showing the interplay between multiple Interested Agents, multiple Authenticators, and a non-Authenticator End Agent, with Utility Services, Ownership and Semantic Data Model management throughout.

[0040] FIG. 3 shows the portion of the Semantic Data Model of Devices/Apparatuses (Classified as Ed Agents or by the nomenclature Ae) that defines their Relationship (or Utility) with non-Device/non-Apparatus agents (Classified as Interested Agents or by the nomenclature Ai) in an example Network of Cyber Physical Systems.

[0041] FIG. 4 shows an End Agent State Machine for both Authenticators and Non-Authenticators that is a representation of the minimum possible states and transitions of any End Agent in this invention.

[0042] FIGS. 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, and 5.8 show how the Semantic Data Model of Agency between Owner and Non-Owner Interested Agents, and Authenticator and Non-Authenticated End Agents, and Sub-Classifications of Non-Owner Interested Agents, and the End Agent State Machine, and End Agent Authentication Services and Triggers and other Semantic Data, come together in a set of integrated and distributed Authentication processes that enable a Network of Cyber Physical Systems.

[0043] FIG. 6 shows how a Network of Cyber Physical Systems with distributed Trust between Agents enables an Interested Agent to Authenticate with, and be served by, an End Agent that is Owned by another Interested Agent.

[0044] FIG. 7 shows the relationship between the End Agent State Machine in a Pre-Registration and Authentication, and an Authentication and Trigger set of Utilize cases.

[0045] FIG. 8 shows how a Network of Cyber Physical Systems can have infinitely defined State Machine Sub-Classifications based on the End Agent State Machine defined in this Invention.

DETAILED DESCRIPTION OF DRAWINGS

[0046] FIG. 1 shows three distinct types of Authentication Network Configurations: Centralized 001, Decentralized 006, and Distributed 028.

[0047] In a Centralized 001 Authentication Network, the Ownership, and Semantic Data Model Control, of End Agents (such as 004) are authenticated by a Central Server 002 by their respective Owner (for example Interested Agent 003). The Ownership Relationship and Utility are represented Centrally on the Server 002. In this Configuration, Agents that do not connect to the Network cannot be Authenticated by any Third Party Agent (represented by 005), even as, in this Configuration, the Owner of the Central Authenticator 002 can hypothetically gain access to any Authenticated End Agent on the Network because in a sense the Owner of the Network owns all of the End Agents on the Network.

[0048] In a Decentralized Authentication Network 006, the Ownership, and the Semantic Data Control, of End Agents (such as 012) are Authenticated by an Authenticator (such as 010) by their respective Owner (for example Interested Agent 011) without the aid of a Central Server. The Owner's Authenticator 010 maintains a record of the Owner's Ownership locally, and does not communicate Authentication data to a Central Server 007. The Authenticated End Agent broadcasts certain limited data points of their Ownership, their Authentication, and their Semantic Data Model, to a Central Server 007 in order to aid in Non-Owner Authentication with the End Agent.

[0049] Only Non-Owner Authentication requires Centralization: Upon Non-Owner Authentication with their Authenticator End Agent verifies Authentication Factors with an Authentication Server 007.

[0050] This Decentralizes Ownership Authentication Management, while enabling any Non-Owner Interested Agent (such as 013) to Authenticate with their own Authenticator End Agent (such as 014) on any Non-Authenticator End Agent (such as 012), so long as their Semantics match and access to the non-Owner Authentication Server is possible. No Authenticator needs to be represented on the Central Server.

[0051] This enables Non-Owner Interested Agents (such as 013, 018, 025, and 026) to Authenticate and interact freely with End Agents (such as 015, 020, 023, and 012) that allow those Sub-Classifications as determined by their respective Owners (such as 017, 021, 026 and 011), without Centralization of Ownership Management.

[0052] If, during Non-Owner Authentication, there is no route to the Authentication Server, Non-Owner Authentication is not possible.

[0053] The Owner 009 of the Network Server 007 cannot gain access to Authenticators on the Network because they are not represented on the Network Server. Only the Network Server 007 Owner 009 has an Authenticator 008 that is represented on the Network, as the Network Server is just another End Agent on the Network that requires its own Authentication.

[0054] In this Decentralized Model, a Non-Owner Interested Agent (such as 018) can Authenticate on two End Agents (such as 015 and 020) synchronously or asynchronously.

[0055] In this Decentralized Model, two Non-Owner Interested Agents (such as 025 and 026) can Authenticate on a single End Agent (such as 023) synchronously or asynchronously.

[0056] In this Decentralized Model, an Owner Interested Agent (such as 028) can choose not to represent their End Agent(s) (such as 030 or 031) on the Network, but this would prohibit other Non-Owner Interested Agents to ever Authenticate with non-network End Agents. However, the Owner can still make use of an Authenticator (such as 029) to streamline their management of their End Agents, and to potentially link those End Agents to the wider Network at some point in the future.

[0057] A drawback of this Decentralized Model is that if during Non-Owner Authentication no connection can be establishes to Authenticate the Non-Owner's Authenticator, Authentication is not possible. It also requires a Central Server for Non-Owner Authentication.

[0058] In a Distributed Authentication network 028, there is no requirement for a central server to aid in the Non-Owner Authentication Management of an End Agent. Instead, End Agents can verify Non-Owner Authentication factors through other Non-Authenticator End Agents 030, including potentially an Authentication Server 029, but also without an Authentication Server 029. Multiple End Agents can be queried as part of the Authentication Process 030. Owners (such as 033) can chose which End Agents or network of End Agents or Sub-Network of End Agents their End Agents seek Distributed Authentication Factors from.

[0059] In this Distributed Authentication Model 028, if during Non-Owner Authentication, one route to establishing Authenticating Factor Trust is interrupted (such as 031), other routes can be utilized (such as 032).

[0060] An advantage to this Distributed Authentication Model is that multiple routes to multiple Authentication server records can be utilized to establish Non-Owner Authentication, with no centralization required. Furthermore, all the advantages and features in Decentralized Authentication Model apply, without the disadvantages of any form of Centralization.

[0061] In both Decentralized 006 and Distributed 028 Networks of Cyber Physical Systems, establishing Ownership and Non-Ownership Trust via an Authenticator Apparatus require 1) a Semantic Data Model for Agency sub-classification and services classification and sub-classification, 2) the definition of an End Agent State Machine, and 3) the definition of a set of 9 distributed ownership and non-ownership authentication processes.

[0062] FIG. 2 shows two distinct authentication processes (101 and 102) showing the interplay between multiple Interested Agents, multiple Authenticators, and a non-Authenticator End Agent, with Utility Services, Ownership and Semantic Data Model management throughout.

[0063] In 101, Interested Agent Ai1 201 owns Authenticator End Agent Ae1 205. In the first process 101, Interested Agent Ai1 201 is served Utility by Authenticator End Agent Ae1 205 pre-registers and Authenticates Non-Authenticator End Agent Ae3 207 (represented in this example as the Authenticator End Agent Ae1 205 scanning a barcode on the Non-Authenticator End Agent Ae3 207). At this time, Authenticator End Agent Ae1 205 records Ownership 214 of Ae3 207 by Ai1 201.

[0064] In 102, Interested Agent Ai3 203 owns Authenticator End Agent Ae6 210. In the second process 102, upon Authentication of Non-Authenticator End Agent Ae3 207 with Authenticator End Agent Ae6 210, Interested Agent Ai3 203 is Served Utility 215 by Non-Authenticator End Agent Ae3 207, while Ownership 214 of Ae3 207 is maintained by Ai1 201 (Authentication represented in this example as the Authenticator End Agent Ae6 210 scanning a barcode on the Non-Authenticator End Agent Ae3 207).

[0065] This Figure Assumes that after authentication of Ownership of Ae3 207 by Ai1 201, Owner Ai1 201 Utilizes Authenticator Ae1 205 to determine the Semantic Data Model of End Agent Ae3 207, to include allowing the non-specified Sub-Classification of Interested Agent Ai3 203 to be capable of Authenticating 102 with Ae3 207.

[0066] FIG. 3 shows the portion of the Semantic Data Model of Devices/Apparatuses (Classified as Ed Agents or by the nomenclature Ae) that defines their Relationship (or Utility) with non-Device/non-Apparatus agents (Classified as Interested Agents or by the nomenclature Ai) in an example Network of Cyber Physical Systems.

[0067] Ai1 201 is an Interested Agent that Owns 211 an Authenticator End Agent Ae1 205, Owns 221 an un-specified Sub-Classification End Agent Ae2 206, and Owns 214 an un-specifies Sub-Classification End Agent Ae3 207. Another Interested Agent Ai2 202 then owns 219 Ae3 207 after ownership is transferred by Ai1 201.

[0068] Ae3 207 was pre-registers and Authenticated 213 by non-Owner Interested Agent Ai4 204 wen Ai1 201 Distributed 212 their Authenticator Ae1 205 to Ai4 204 for this purpose.

[0069] Ae4 208 is an Authenticator End Agent that was Pre-Registered and Authenticated 220 by Ai1 201. Ai2 202 is an Interested Agent that then Owns 217 Ae4 208 after ownership is transferred by Ai1 201.

[0070] Ai2 202 Owns 218 an additional Authenticator End Agent Ae5 209. Ai3 207 is Served Utility 215 by Ae3 207 on Authentication but does not Own Ae3 207.

[0071] Ai3 203 is an Interested Agent that Owns 216 an Authenticator End Agent Ae6 210.

[0072] Ai3 203 has an un-specified Sub-Classification of Interested Agency that matched an Authetnicatable Sub-Classification on the End Agent Ae3 207 as defined in the End Agents (Ae3 207) Semantic Data Model. The Semantic Data Model of Ae3 207 is defined by Owner Interested Agent Ai1 201 after it is pre-registered and authenticated, and the Semantic Data Model transfers with the End Agent Ae3 207 when its ownership is transferred to Ai2 202 by Ai1 201.

[0073] FIG. 4 shows an End Agent State Machine for both Authenticators and Non-Authenticators that is a representation of the minimum possible states and transitions of any End Agent in this invention.

[0074] If an End Agent has no record, having either never been Pre-Pre-Pre-Registered of having had every instance of its Registration Destroyed in the Network, it logically has 300 No Record.

[0075] To start 301 its Life, an End Agent must first be Pre-Pre-Registered 302 by an Authenticator.

[0076] Pre-Registration, defines at a minimum, the unique identification record of End Agent Semantic Data Model, Ownership is inherited from the Utilized Authenticator. One Pre-Pre-Registered, the End Agent is in Non-Utilized 303 State. At a minimum, no new data is required for the Semantic Data Model of the Non-Utilized End Agent, and no Services can be Triggered, in this Non-Utilized State 305 state.

[0077] An Authenticator matching the Owner of the Pre-Pre-Registering Authenticator can Authenticate 304 the End Agentupon Authentication, the End Agent is in Utilized Resting 305 State.

[0078] An infinite array of Semantic Data Model (sub-classes, services, triggers, content, etc) can be defined by an Authenticator matching the Owner of the Utilized Resting End Agent.

[0079] Services can be triggered when the End Agent is in Utilized Resting, although Services cannot be provisioned when the End Agent is in this Utilized Resting State.

[0080] An End Agent can be Triggered 306 through Authentication by matching the Sub-Classification of Interested Agent to the Semantic Data Model sub-classifications defined by the Owner of the End Agent.

[0081] Upon Triggering, the End Agent is in the Utilized Serving 307 state. An End Agent can provision services in this Utilized Serving State.

[0082] An End Agent can be Triggered 308 in this Utilized Serving State to stop provisioning services, returning the End Agent to Utilizing Resting 305 state.

[0083] An End Agent can be De-Authenticated 309 by an Authenticator matching the Owner of the End Agent. When De-Authenticated, the End Agent is in Non-Utilized 303 state, does not lose its Ownership, but can have its Sub-Classification removed.

[0084] If the End Agent is an Authenticator, it can only have its Sub-Class as an Authenticator removed if the Authenticator has no Utility relationships with any other End Agent.

[0085] An End Agent can have its Record Destroyed 310 by an Authenticator that matches the Owner of the End Agent if it is in Non-Utilized 303 state, and therefore is in No Record 300 state.

[0086] FIGS. 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, and 5.8 show how the Semantic Data Model of Agency between Owner and Non-Owner Interested Agents, and Authenticator and Non-Authenticated End Agents, and Sub-Classifications of Non-Owner Interested Agents, and the End Agent State Machine, and End Agent Authentication Services and Triggers and other Semantic Data, come together in a set of integrated and distributed Authentication processes that enable a Network of Cyber Physical Systems.

[0087] In FIG. 5.1, Interested Agent Ai1 201 Utilizes their Authenticator Ae1 205 to Authenticate 304 a transfer 411 Ownership 217 their Authenticator End Agent Ae4 208 to Interested Agent Ai2 202. This enables Interested Agent Ai2 202 to begin authenticating End Agents of their own.

[0088] In FIG. 5.2, Interested Agent Ai1 201 utilizes their 211 Authenticator Ae1 205 to Authenticate 304 Un-Specified Sub-Class End Agent Ae3 402, noting that the previously transferred Authenticator Ae4 208 inherits no ownership in the Authenticating Process 421.

[0089] In FIG. 5.3, Interested Agent Ai1 201 Distributes their Authenticator Privileges of Authenticator End Agent Ae1 205 (which is owned 211 by Ai1 201), to Ai4. This involves the Authentication 304 of the Distribution 431 of the Authenticator Ai1 201 establishing the temporary control 212 if Interested Agent Ai1 201. Next, the Interested Agent Ai4 204 Utilizes the Authenticator Ae1 205 to Authenticate 304/432 the new End Agent Ae3 307 with Ownership 214 inherited by the Authenticator Owner Ai1 201this Authentication 304/432 by Ai4 204 on behalf of Ai1201 is distinct from the Authentication in FIG. 5.2 because the operation of the Authentication is by a 3.sup.rd party Interested Agent to the Owner Interested Agent. The Utility 213 between Interested Agent Ai4 204 and End Agent Ae3 307 is removed 433 once the Authenticator Ae1 205 is Redistributed to its Owner Ai1 201.

[0090] In FIG. 5.4, Interested Agent Ai1 201 Utilizes their 211 Authenticator Ae1 205 to transfer 641 their Ownership 214 of End Agent Ae3 205 to Interested Agent Ai2 202. Interested Agent Ai2 202 Utilizes their 217 Authenticator Ae4 208 to Confirm 642 the Transfer of End Agent Ae3 205, establishing the Ownership 219 between End Agent Ae3 205 and Interested Agent Ai2 202.

[0091] In FIG. 5.5, Interested Agent Ai2 202 Utilizes their 217 Authenticator Ae4 208 to Transfer 451 the Authentication of End Agent Ae3 205 from Authenticator Ae4 208 to Authenticator Ae5 209, and confirms 452 the Transfer with Authenticator Ae5 209. In this case, all three End Agents retain their respective Ownerships to Owner Ai2 202: 217, 218, and 219.

[0092] In FIG. 5.6, Interested Agent Ai2 202 Utilizes their 218 Authenticator Ae5 209 to De-Authenticate 309/461 their End Agent Ae3 205.

[0093] In FIG. 5.7, Interested Agent Ai2 202 Utilizes their 218 Authenticator Ae5 209 to destroy 310/471 their 217 Authenticator Ae4 208, eliminating as well Ownership 217.

[0094] In FIG. 5.8, Interested Agent Ai2 202 Destroys their only 310/481 Authenticator Ae5 209.

[0095] FIG. 6 shows how a Network of Cyber Physical Systems with distributed Trust between Agents enables an Interested Agent to Authenticate with, and be served by, an End Agent that is Owned by another Interested Agent.

[0096] Interested Agent Ai1 201 Owns 211 Authenticator End Agent Ae1 205. Interested Agent Ai1 201 Utilizes their Authenticator End Agent Ae1 205 to pre-register 302 and Authenticate 304 End Agent Ae3 207, establishing Ownership 214. Owner Ai1 201 then sets the Semantic Data Model of Ae3 207, including the Sub-Classifications of Interested Agents who may Authenticate with Ae3 207 to receive Services from Ae3 207. Ai1 201 may identify a specific person Sub-Classification or more broadly a group of people who self-identify their Sub-Classification. Interested Agent Ai3 203 independently Sub-Classifies themselves using their own 216 Authenticator Ae6 210. This invention does not specify the means of an Interested Agent Authenticating their Sub-Classification, but examples could include holding an Email Address with a particular Domain, participating in an Airline Miles Program, Owning a clothing item, physically being present with the End Agent, or any other elemental designation in an infinite array of Sub-Classifications. If he Sub-Classification of the Interested Agent Ai3 203 matches the Semantics Data Model set by the Ai1 201 for End Agent Ae3 207, Interested Agent Ai3 203 may trigger 306 with Ae3 207 using their Authenticator Ae6 210, establishing a temporary Utility 215 between Ai3 203 and Ae3 207. Ae3 207 will provide service 307 until triggered to stop providing Service 308. At no point will Ai3 203 be able to seize Ownership of Ae3 207, and the Services that Ai3 203 receive will only be those that are defined by Owner Ai1 201 in the Semantic Data Model of Ae3 207.

[0097] FIG. 7 shows the relationship between the End Agent State Machine in a Pre-Registration and Authentication, and an Authentication and Trigger set of Utilize cases.

[0098] Upon Bar Code Scanner Authentication (as an example) 101, the State Machines of the Relevant End Agents are altered 601, acting as a Trigger 306, Authenticator End Agent Ae1 205 goes from Utilizing Resting 305 to Utilized Serving 307 and pre-registers 302 End Agent Ae3 207. End Agent Ae3 207 is now in Non-Utilized State 303 and Ownership 214 is established between Ae1 201 and Ae3 207. Next, with or without a second bar code scan, the Authenticator End Agent Ae1 205 (or another End Agent that Ai1 Owns) again goes from Utilized Resting 305 to Utilized Serving 307 as it Authenticates 304 End Agent Ae3 207, which goes from Non-Utilized 303 to Utilized Resting 305. The Owner Ai1 201 can now se the Semantic Data Model of End Agent Ae3 207. Upon Bar Code Scanner Authentication (as an example) 102, the State Machines of relevant End Agents are altered 602, acting as a Trigger 306 on Authenticator Ae6 210, which goes from Utilized Resting 305 to Utilized Serving 307, which leads to End Agent Ae3 207 to then be triggered 306 from Utilized Resting 305 to Utilized Serving 307. Authenticator Ae1 205 does not change States.

[0099] FIG. 8 shows how a Network of Cyber Physical Systems can have infinitely defined State Machine Sub-Classifications based on the End Agent State Machine defined in this Invention.

[0100] The Simplified 701 State Classifications can be further defined with Sub-Classifications that correspond to Pre-Service 702, Ready to Serve 703, Serving 704, Post Service 705, and Destruction 706. These example Sub-Classifications can be defined in an infinite array as a part of an End Agent's Semantic Data Model and be driven by various events. However, an End Agent Must be Authenticated before it can be considered Ready to Serve, and it must be Pre-Registered before its Service can be defined in the Semantic Data Model. However, utilizing this method of Sub-Classification, an End Agent's Authentication for management and utilization purposes can be established as early as its Birth Record.