US20140282923A1 - Device security utilizing continually changing qr codes - Google Patents
Device security utilizing continually changing qr codes Download PDFInfo
- Publication number
- US20140282923A1 US20140282923A1 US13/802,854 US201313802854A US2014282923A1 US 20140282923 A1 US20140282923 A1 US 20140282923A1 US 201313802854 A US201313802854 A US 201313802854A US 2014282923 A1 US2014282923 A1 US 2014282923A1
- Authority
- US
- United States
- Prior art keywords
- code
- authentication
- access
- new
- parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/50—Secure pairing of devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/63—Location-dependent; Proximity-dependent
- H04W12/64—Location-dependent; Proximity-dependent using geofenced areas
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/068—Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/61—Time-dependent
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/77—Graphical identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Definitions
- the present disclosure generally relates to providing security for accessing personal electronic devices and in particular to use of quick response (QR) codes to provide security for accessing personal electronic devices.
- QR quick response
- Personal electronic devices such as smart phones, tablets, and others are widely utilized to store data content that the user prefers not to be generally accessible to the public. Occasionally, the user of the device wishes to share certain data content stored on the device with a user of a second device via a direct transfer of that data content.
- Several of these devices can include a pairing mechanism by which the first device is able to communicatively connect to a second device and exchange data content via a created pairing or communication channel. The pairing of these devices can involve an exchange of a pairing credential that is pre-established for the first device and/or the second device to be able to share the data content between the devices.
- QR quick response
- FIG. 1 provides a block diagram representation of an example user equipment configured with various functional components that enable one or more of the described features of the disclosure, according to one embodiment
- FIG. 2 illustrates an example authentication QR code generation environment with functional components thereof, according to one or more embodiments
- FIG. 3 is a block diagram illustration of user interface prompts that enable entry of authentication parameters on a first user equipment, in accordance with one embodiment
- FIG. 4 is a block diagram illustration of the user interface of the first user equipment displaying an authentication QR code for communicating of the authentication QR code to a second device via image capture, in accordance with one embodiment
- FIG. 5 illustrates an example implementation scenario in which an image of a generated authentication QR code is communicated to a second device, in accordance with one embodiment
- FIG. 6 illustrates an example implementation scenario when a second device is paired with a first device and authenticated using the generated and shared authentication QR code, in accordance with one embodiment
- FIG. 7 is a flow chart illustrating aspects of a method by which a periodically changing authentication QR code is periodically generated and tracked for usage within a preset time limit, according to one or more embodiments;
- FIG. 8 is a flow chart illustrating aspects of a method by which the periodically changing authentication QR code is utilized as an authentication mechanism to enable secure access to a user equipment, according to one or more embodiments;
- FIG. 9 is a flow chart illustrating aspects of a method by which a periodically changing authentication QR code is utilized by one or more second devices to access a first device based on a pre-established usage policy, according to one or more embodiments.
- FIG. 10 is a flow chart illustrating aspects of a method by which the periodically-changing authentication QR code is utilized to enable concurrent access by multiple second devices, with a first access using a previously-generated QR code and a second, subsequent access requiring newly generated QR code, according to one or more embodiments.
- the illustrative embodiments of the present disclosure provide a method and device that provides access security via use of periodically changing Quick Response (QR) codes.
- the method includes: generating a first authentication QR code and assigning the first authentication QR code as a current authentication mechanism for accessing a first device. Contemporaneously with the generation of the QR code, at least one QR code validity parameter is established that defines when access to the first device can be provided to a second device that provides the first authentication QR code along with an access request.
- QR Quick Response
- the method also includes, in response to a pre-defined trigger associated with the selected at least one QR code validity parameter: generating a new authentication QR code that is different from a previously generated authentication QR code; assigning the new authentication QR code as the current authentication mechanism for accessing the first device; associating a corresponding new QR code validity parameter to the new authentication QR code; and initiating a tracking of the corresponding new QR code validity parameter during which the new authentication QR code remains valid.
- the at least one QR code validity parameter comprises at least one of (1) a time window having an end time and (2) a defined location within which an authentication QR code remains valid, and outside of which the authentication QR code is invalid.
- a new authentication QR code is automatically generated when the first device moves outside of the defined location and a new defined location is established for the new authentication QR code.
- the pre-defined trigger is an associated one of the end time and movement of the first device outside of the defined location.
- the method also includes enabling access to the first device by at least one second device that communicates an access request to the first device, where the access request provides an authentication QR code that is the current authentication parameter for accessing the first device, while the selected at least one QR code validity parameter associated with the authentication QR code remains valid.
- enabling access includes enabling pairing of a second device with the first device in response to the second device providing the first authentication QR code as the authentication parameter during pairing of the second device to the first device.
- the method in response to the selected at least one QR code validity parameter being the defined location, the method then includes periodically triggering the generating of the new authentication QR code at the end of a second time window associated with the first device remaining in a same defined location for longer than the second time window.
- implementation of the functional features of the disclosure described herein is provided within processing devices and/or structures and can involve use of a combination of hardware, firmware, as well as several software-level constructs (e.g., program code and/or program instructions and/or pseudo-code) that execute to provide a specific utility for the device or a specific functional logic.
- the presented figures illustrate both hardware components and software and/or logic components.
- first UE (UE1) 100 is a processing device that is designed to communicate with other devices via one of a wireless communication network, generally represented by base station 140 and antenna 142 , and one or more near field communication (NFC) devices 138 .
- UE1 100 can be one of a host of different types of devices, including but not limited to, a mobile cellular phone or smart-phone, a laptop, a net-book, an ultra-book, and/or a tablet computing device. These various devices all provide and/or include the necessary hardware and software to enable generation of an authentication QR image for use during pairing of UE1 100 with a second UE.
- UE1 100 includes the hardware and software to support the various wireless or wired communication functions.
- UE1 100 comprises processor integrated circuit (IC) 102 , which connects via a plurality of bus interconnects (illustrated by the bi-directional arrows) to a plurality of functional components of UE1 100 .
- Processor IC 102 can include one or more programmable microprocessors, such as a data processor 104 and a digital signal processor (DSP) 106 , which may both be integrated into a single processing device, in some embodiments.
- DSP digital signal processor
- the processor IC 102 controls the communication, image capture, and other functions and/or operations of UE1 100 . These functions and/or operations thus include, but are not limited to, application data processing and signal processing.
- memory 108 Connected to processor IC 102 is memory 108 , which can include volatile memory and/or non-volatile memory.
- One or more executable applications can be stored within memory for execution by data processor 104 on processor IC 102 .
- memory 108 is illustrated as containing Secure Access Authentication (SAA) utility 110 , which can include a QR code generation utility 112 .
- SAA Secure Access Authentication
- QR code generation utility 112 QR code generation utility
- UE1 100 can also include QR reader 114 and/or camera control/interface 116 .
- SAA utility 110 can be configured to access an externally located QR code generating facility 180 . As illustrated, access to QR code generating facility 180 can be via wireless network 170 , although alternate access modes can also be supported. QR code generating facility 180 can be a server that is accessible via the internet utilizing a specific universal resource locator (URL) programmed into SAA utility 110 , in one embodiment.
- URL universal resource locator
- storage 150 can be any type of available storage device capable of storing one or more application software and data. It is further appreciated that in one or more alternate embodiments, the device storage can actually be remote storage and not an integral part of the device itself. As provided, storage 150 contains current authentication mechanism(s) 152 , which includes authentication QR code 155 . The specific usage and/or functionality associated with these components are described in greater detail in the following descriptions.
- UE1 100 also comprises one or more input/output devices, including one or more input devices, such as camera 120 , microphone 121 , touch screen and/or touch pad 122 , keypad 123 , and/or one or more output devices, such as display 125 , speaker 126 , and others.
- UE1 100 can also include a subscriber information module (SIM) 127 which can provide unique identification of the subscriber that owns or utilizes the UE1 100 , as well as specific contacts associated with the particular subscriber.
- SIM subscriber information module
- UE1 100 also includes system clock 128 .
- UE1 100 supports at least one and potentially many forms of wireless, over-the-air communication, which allows UE1 100 to transmit and receive communication with at least one second device.
- UE1 100 can be one of, and be referred to as, a system, device, subscriber unit, subscriber station, mobile station (MS), mobile, mobile device, remote station, remote terminal, user terminal, terminal, communication device, user agent, user device, cellular telephone, a satellite phone, a cordless telephone, a Session Initiation Protocol (SIP) phone, a wireless local loop (WLL) station, a personal digital assistant (PDA), a handheld device having wireless connection capability, a computing device, such as a laptop, tablet, smart phone, personal digital assistant, or other processing devices connected to a wireless modem.
- SIP Session Initiation Protocol
- WLL wireless local loop
- PDA personal digital assistant
- UE1 100 includes one or more communication components, including transceiver 130 with connected antenna 132 , wireless LAN module 134 , Bluetooth® transceiver 137 and near field communication transceiver module 138 . As further illustrated, UE1 100 can also include components for wired communication, such as modem 135 and Ethernet module 136 . Collectively, these wireless and wired components provide a communication means or mechanism 165 by which UE1 100 can communicate with other devices and networks.
- the wireless communication can be via a standard wireless network, which includes a network of base stations, illustrated by evolution Node B (eNodeB) 140 and associated base station antenna 142 .
- a first over-the-air signal 144 is illustrated interconnecting base station antenna 142 with local antenna 132 of UE1 100 .
- communication with the at least one second device can be established via near field communication transceiver module 138 .
- UE1 100 can exchange communication with one or more second devices, of which UE2 146 and UE3 148 are illustrated. As described in further detail below, each of UE2 146 and UE3 148 can be second devices with which UE1 100 can establish a communication channel following the exchange of specific authentication and/or access credentials.
- the path of communication between UE1 100 and the second devices can be via near field communication, Bluetooth, or via wireless network 170 , as indicated by the second over-the-air signal 172 between base station antenna 142 and UE2 146 .
- QRGU execution environment 200 includes a combination of hardware, firmware, software and data components, which collectively perform the various aspects of the disclosure by execution of SAA utility 110 and other functional components on data processor 104 and/or embedded device controllers.
- QRGU execution environment 200 includes SAA utility 110 , which comprises QR code generation utility 112 , QR access authentication parameter validity tracking module 210 , authentication QR code checking module 220 , and user interface 230 .
- QR code generation utility 112 receives one or more current device access authentication parameter(s) 205 as input, and generates a corresponding authentication QR code 155 representing the current authentication parameter(s) 205 .
- the current device access authentication parameter(s) 205 include one or more of a password, a login-password combination, an alphanumeric pin, a swipe input sequence, or other form of authentication parameter.
- the current authentication parameter(s) 205 can be randomly generated or manually inputted by a user of UE1 100 within user interface 230 .
- the current authentication parameter(s) 205 have a limited lifespan and are periodically changed and/or updated. This aspect of the current authentication parameter(s) 205 is reflected in the QR code 155 , which also constantly and/or periodically changes based on one or more triggers.
- the one or more triggers are monitored and enforced by QR access authentication parameter validity tracking module 210 .
- QR access authentication parameter validity tracking module 210 can include a timer 215 as well as a location tracker 217 , which in one embodiment can be a global positioning system (GPS) location tracker. The functional use of these two components is described in detail in a following section of the disclosure.
- location tracker 217 also has a second timer 219 , which determines a time during which a QR code remains valid within a specific device location before a new QR code is required to be generated.
- QR code generation utility 112 comprises firmware, which packages and transmits the current authentication parameter(s) 205 to an external QR code generating facility 180 ( FIG. 1 ), such as a website on a remote server.
- the QR code generating facility 180 then generates the corresponding QR code 155 , and returns the QR code 155 to UE1 100 .
- the transmission of the authentication parameters 205 and subsequent return transmission of the corresponding QR code 155 can occur via wireless network 170 or other communication medium.
- Authentication QR code checking module 220 performs a comparison of a received QR code being provided as the authentication mechanism by a second device requesting access to link to UE1 100 via a pairing channel. Authentication QR code checking module 220 either checks the received QR code against the current authentication QR code 155 (e.g., via QR image matching) or deciphers the received QR code and checks the deciphered parameters against the current authentication parameter(s) 205 .
- Authentication QR Code Generation and Usage (QRGU) execution environment 200 can include a QR code usage profile 225 as well as an associated usage register 227 .
- the QR code usage profile 225 is maintained within authentication QR code checking module 220
- usage register 227 is shown within storage 150 .
- the functionality provided by these components can include limitations on the use of the generated QR codes and functional enhancements related to the implementation of the QR codes as the authentication mechanism for UE1 100 . More detail about these two components is provided in the description of FIGS. 9 and 10 .
- QRGU execution environment 200 also comprises non-volatile storage 150 , within which is maintained several types of data and information germane to execution of the various different utilities.
- storage 150 includes current authentication mechanisms 152 , which comprises both current authentication parameter(s) 205 and current authorization QR code 155 .
- periodic timer value 232 and/or device location range parameter 234 are also maintained in storage 150 .
- Second timer value 236 corresponding to second timer 227 can also be maintained within storage 150 .
- storage 150 includes contacts 250 , which is a database or list of known persons or second devices or subscribers with which UE1 100 can communicate. Each contact is represented by a separate row in contacts 250 and includes a contact ID and/or device ID 252 . Additionally, each contact can have an associated access permission parameter, which is indicated as a device-specific QR code 254 . Accordingly, one or more embodiments enable granular assignment of QR codes to specific second devices 252 for access to specific data content 245 on UE1 100 .
- QRGU execution environment 200 also includes pairing module 260 , which controls the pairing functions of UE1 100 to one or more second devices.
- Pairing module 260 includes pairing parameters 262 , a pairing user interface 264 , and pairing device authentication module 266 .
- Pairing device authentication module 266 checks the received authentication and pairing parameters received from a second device attempting to connect with UE1 100 to ensure the second device has the correct authorization to complete the pairing.
- pairing device authentication module 266 triggers authentication QR code checking module 220 to perform the authentication checking when a QR code is provided as the received authentication parameter.
- pairing device authentication module 266 can also perform the QR code checking features of authentication QR code checking module 220 .
- UE1 100 FIG. 1
- QRGU execution environment 200 FIG. 2
- an electronic device UE1 100
- UE1 100 comprising: a display 125 ; a communication mechanism 165 ; and a processor 104 that is communicatively coupled to the display 125 and the communication mechanism 165 .
- the electronic device ( 100 ) further includes a secure access authentication (SAA) utility 110 that executes on the processor 104 and configures the device ( 100 ) to: generate a first authentication QR code 155 ; assign the first authentication QR code as an authentication mechanism for accessing a first device; and establish at least one QR code validity parameter that defines when access to the first device can be provided to at least one second device that provides the first authentication QR code along with an access request.
- SAA secure access authentication
- the SAA utility 110 further configures the device ( 100 ) to, in response to a pre-defined trigger associated with the selected at least one QR code validity parameter: generate a new authentication QR code that is different from a previously generated authentication QR code 155 ; assign the new authentication QR code 155 as the current authentication mechanism for accessing the first device; associate a corresponding new QR code validity parameter to the new authentication QR code; and initiate a tracking of the corresponding new QR code validity parameter during which the new authentication QR code 155 remains valid.
- the at least one QR code validity parameter comprises at least one of (1) a time window having an end time and (2) a defined location within which a current authentication QR code remains valid, and outside of which the authentication QR code is invalid; and (3) a defined location within which a current authentication code remains valid until the end of a second time window (as measured by second timer 227 ).
- validity parameter (3) the authentication QR code becomes invalid when the first device remains in the same defined location for longer than the second time window.
- the pre-defined trigger is an associated one of the end time, movement of the first device outside of the defined location, and the first device remaining in the defined location for longer than a set period of time.
- the pre-defined trigger can include at least one of: completion of a pre-defined amount of data transfer from the first device to a requesting device; completion of a transfer of a specific set of data from the first device to a requesting device; and movement of the requesting device out of a communication range from the first device.
- the SAA utility 110 further configures the device ( 100 ) to: enable access to the first device by at least one second device (e.g., UE2 146 ) that communicates an access request to the first device ( 100 ), where the access request provides an authentication QR code that is the current authentication parameter for accessing the first device ( 100 ), while the selected at least one QR code validity parameter associated with the authentication QR code remains valid.
- at least one second device e.g., UE2 146
- the SAA utility 110 further enables access to the first device ( 100 ) by enabling a pairing of a second device with the first device ( 100 ) in response to the second device providing the authentication QR code that is the current authentication parameter during pairing of the second device to the first device.
- the SAA utility configuring the device ( 100 ) to pair with a second device includes configuring the device ( 100 ) to perform at least one of: wireless communication between the first device and the second device; data transfer between the first device and the second device; an exchange of information between the first device and the second device; accessing one or more of files and data on the first device by the second device; and controlling of the first device via inputs provided on the second device.
- the SAA utility configuring the device to generate the first authentication QR code and periodically generate a new authentication QR code comprises the SAA utility further configuring the device to: periodically generate a new QR code validity parameter required to be entered before access is permitted to the first device; convert the new QR code validity parameter into a corresponding authentication QR code; discard the previous authentication QR code; and prevent access to the first device when a received access request includes the previous authentication QR code.
- FIGS. 3-4 there are illustrated two different views of UE1 100 and specifically features presented within different user interfaces on display 125 of UE1 100 .
- FIG. 3 presents user interface prompts that enable entry of authentication parameters on UE1 100
- FIG. 4 presents an example user interface displaying a current authentication QR code for communicating to a second device via image capture, in accordance with one embodiment.
- UE1 100 is shown with display 125 presenting SAA UI 230 .
- SAA UI 230 comprises two prompts and associated entry spaces.
- First prompt 310 is a request to enter a new authentication parameter.
- a user of UE1 100 can enter alphanumeric characters or values within first entry 315 as the authentication parameters.
- authentication parameters can be randomly generated by SAA utility 110 ( FIG. 1 ).
- First entry 315 can then be utilized when specific user authentication parameters are to be assigned to certain identified second devices.
- Second prompt 320 presents a request to identify a specific second device ID, which the user wants associated with the authentication parameters entered at first entry 315 .
- the user can enter multiple second devices or no second devices. When no entry is provided within second entry 325 , the entered authentication parameters becomes the global authentication parameters required by any and all second devices.
- SAA UI 230 also provides a return soft button 330 and an end soft button 335 to allow the user to return the entries for processing by SAA utility or to exit the SAA UI 230 , respectively.
- SAA UI 230 presents the QR code image 410 that corresponds to the authentication parameters provided within first entry 315 ( FIG. 3 ).
- UE1 100 supports transfer of authentication QR code image 410 via image capture by a second device.
- FIG. 5 illustrates an example implementation scenario in which an image of a generated authentication QR code image 410 is communicated to a second device, UE2 146 , in accordance with one embodiment.
- both devices 100 , 146 have to be placed face to face within a maximum distance from each other.
- the SAA utility 110 configures the device ( 100 ) to communicate the authentication QR code to at least one second device by displaying the generated authentication QR code on a display of the first device to allow a camera of the at least one second device that is placed in proximity to the first device to capture an image of the QR code.
- authorization to access the first device is limited to only second devices that are allowed to be placed in a position adjacent the display, within a proximate distance to the display at which an image of the authentication QR code can be captured.
- the SAA utility 110 configures the device to communicate the authentication QR code to at least one second device by transmitting the authentication QR code via a text message to a second device. In yet another embodiment, the SAA utility configures the device to: communicate the authentication QR code to at least one second device by transmitting the authentication QR code via one of an electronic and a wireless communication medium to a second device.
- FIG. 6 illustrates an example implementation scenario in which a second device, UE2 146 , is paired with UE1 100 , where the second device is authenticated using the generated and shared authentication QR code 410 , in accordance with one embodiment.
- both devices are oriented in one of several alternate pairing configurations.
- UE1 100 includes pairing UI 264 presented on display 125 .
- Pairing UI 264 can present certain aspects of the pairing functions occurring on UE1 100 within a status output area 610 , including three different status reports, namely, pairing, device access authentication, and data transfer.
- UE2 146 also includes second pairing UI 630 , which presents three second device status reports within second status output area 635 , namely pairing, device access approved, and data transfer.
- Both pairing UIs 264 and 630 include an end session soft button 620 , 640 , by which each device can terminate an ongoing pairing session.
- the connecting lines between the devices indicate two communication paths during the pairing process.
- First connecting line 625 indicates a transfer of a copy of QR code 155 from UE2 146 to UE1 100 as the authentication mechanism during initial pairing.
- a communication channel represented as bi-directional arrow 645 , is opened between the two devices and on which data content 245 can be transmitted from UE1 100 to UE2 146 .
- Communication channel 645 actually enables two-way transfer between paired devices, in one or more embodiments.
- UE2 146 first captures and stores a copy of authentication QR code 155 from UE1 100 .
- the SAA utility 110 further configures the device ( 100 ) to, in response to receiving a request for access to the first device from a second device: identify whether the request for access includes a received QR code; compare the received QR code with a currently assigned authentication QR code; and enable the second device to access the first device only in response to the received QR code matching the currently assigned authentication QR code.
- FIG. 7 is a flow chart illustrating aspects of a method 700 by which a periodically changing authentication QR code is periodically generated and tracked for usage within a preset time limit, according to one or more embodiments.
- FIG. 8 is a flow chart illustrating aspects of a method 800 by which the periodically changing authentication QR code is utilized as an authentication mechanism to enable secure access to an user equipment, according to one or more embodiments.
- FIG. 9 is a flow chart illustrating aspects of a method by which a periodically changing authentication QR code is utilized by one or more second devices to access a first device based on a pre-established usage policy, according to one or more embodiments.
- FIG. 10 is a flow chart illustrating aspects of a method by which the periodically changing authentication QR code enables overlapping access by one or more second devices to the first device while the QR code is changed for other second devices not currently accessing the first device, according to one or more embodiments.
- processor 104 executing code from one or more of SAA utility 110 and/or pairing module 260 and/or other software or firmware components of UE1 100 .
- the methods 700 , 800 , 900 , and/or 1000 can be described as being performed by one or more of UE1 100 , processor 104 or a specific utility, e.g., SAA utility 110 , without limitation.
- FIG. 7 presents a method 700 for providing security via Quick Response (QR) codes.
- the method 700 begins at block 702 at which processor 104 executes SAA utility 110 on UE1 100 .
- Processor 104 then generates or receives an entry (e.g., via SAA UI 230 ) of one or more authentication parameter(s) 205 (block 704 ).
- processor 104 With the received or generated authentication parameter(s) 205 , processor 104 generates a corresponding authentication QR code 155 (block 706 ), and assigns the authenticated QR code 155 as the authentication mechanism for pairing with and/or accessing UE1 100 from a second device (block 708 ).
- processor 104 establishes a QR code validity parameter 210 .
- QR code validity parameter 210 defines when access to the first device can be provided to at least one second device that provides the current authentication QR code along with an access request.
- QR code validity parameter 210 can be one or both of a time limit or a defined location within which the authentication QR code remains valid and outside of which the authentication QR code becomes stale or invalid and is automatically replaced with a new QR code.
- the at least one QR code validity parameter comprises at least one of (1) a time window having an end time; (2) a defined location within which an authentication QR code remains valid, and outside of which the authentication QR code is invalid, wherein a new authentication QR code is automatically generated when the first device moves outside of the defined location and a new defined location is established for the new authentication QR code; and (3) a defined location within which a current authentication code remains valid until the end of a second time window, where a new authentication QR code is generated when the second time window ends and a new defined location and time window is established for the new authentication QR code.
- processor 104 determines whether a pre-defined trigger associated with the QR code validity parameter 210 is registered or detected. In one embodiment, this determination can generally be represented by a tracking value that indicates when the current authentication QR code 155 is still valid. In one embodiment, the pre-defined trigger is an associated one of the end time, movement of the first device outside of the defined location; and no movement outside of the defined location within a defined period of time.
- the pre-defined trigger may include at least one of: passage of a preset amount of time following generation of a previously generated authentication QR code; completion of a pre-defined amount of data transfer from the first device to a requesting device; completion of a transfer of a specific set of data from the first device to a requesting device; and movement of the requesting device out of a communication range from the first device.
- method 700 includes processor 104 continuing to utilize the authentication QR code as the current authentication mechanism for accessing UE1 100 , unless one of a first periodic timer or a second location timer expires (block 716 ).
- a second periodic timer is utilized to automatically update the authentication QR code after passage of a certain amount of time and/or after the device has not moved from a general location following a pre-set amount of time. This embodiment can be utilized primarily when the QR code validity parameter 210 is a location based parameter and UE1 100 is not moved out of an initial location in which the first assigned authentication QR code would remain valid.
- method 700 when the authentication QR code is no longer valid, e.g., in response to occurrence or detection of a pre-defined trigger associated with the selected QR code validity parameter 210 , method 700 further includes processor 104 discarding the current (or previous) authentication QR code and preventing any future access to UE1 100 where the received access request includes and/or utilizes the discarded or stale QR code as the access mechanism (block 714 ). Method 700 also includes processor 104 returning to block 704 and, after receiving or generating new authentication parameters, generating a new authentication QR code that is different from a previously generated authentication QR code.
- the generation of a new authentication QR code includes processor 104 also: assigning the new authentication QR code as the current authentication mechanism for accessing the first device; associating a corresponding new QR code validity parameter 210 to the new authentication QR code; and initiating a tracking of the corresponding new QR code validity parameter 210 during which the new authentication QR code remains valid (blocks 708 - 712 ).
- generating the first authentication QR code and periodically generating a new authentication QR code comprises the processor 104 : periodically generating a new QR code validity parameter required to be entered before access is permitted to the first device; and converting the new QR code validity parameter into a corresponding authentication QR code.
- method 800 begins at start block and proceeds to block 802 at which processor 104 generates a new authorization QR code 155 and associates the new authorization QR code with a corresponding new QR code validity parameter 210 .
- UE1 100 communicates the authentication QR code to at least one second device by displaying the generated authentication QR code on a display of UE1 100 to allow a camera or a QR reader of the at least one second device that is placed in proximity to the first device to capture an image of the QR code.
- authorization to access the first device can then be limited to only second devices that are allowed to be placed in a position adjacent the display, within a proximate distance to the display at which an image of the authentication QR code can be captured.
- method 800 can involve UE1 100 communicating the authentication QR code to at least one second device by transmitting the authentication QR code via a text message to a second device. In yet other embodiments, method 800 can involve UE1 100 communicating the authentication QR code to at least one second device by transmitting the authentication QR code via one of an electronic and a wireless communication medium to a second device.
- method 800 includes processor 104 mapping or linking the new authentication QR code to one or more of (a) a general device access, (b) access to specific content on UE1 100 , and/or access by one or more selected, specific second devices.
- One or more of the different accesses can include a time limit for such access.
- Method 800 further includes processor 104 enabling access to the UE1 100 by at least one second device that communicates an access request to the first device, where the access request provides an authentication QR code that is the current authentication parameter for accessing the first device, while the selected at least one QR code validity parameter associated with the authentication QR code remains valid (block 807 ).
- the enabling access comprises enabling pairing of a second device with UE1 100 in response to the second device providing the first authentication QR code as the authentication parameter during pairing of the second device to the first device.
- pairing of the devices comprises at least one of: enabling wireless communication between the first device and the second device; enabling at least one data transfer between the first device and the second device; enabling an exchange of information between the first device and the second device; enabling access to one or more of files and data on the first device by the second device; and enabling control of the first device via inputs provided on the second device.
- method 800 includes processor 104 detecting a request from the second device to access UE1 100 .
- method 800 includes processor 104 performing the following sequence of functions: identifying, as indicated by decision block 810 , whether the request for access includes a received QR code; comparing the received QR code with a currently assigned authentication QR code (block 812 ); determining at block 814 if the received QR code matches the current authentication QR code, which is still valid; and enabling the second device to access the first device only in response to the received QR code matching the currently assigned authentication QR code (block 816 ).
- the processor 104 denies access to UE1 100 (block 818 ). Similarly, if received QR code does not match the current, valid, authentication QR code, the processor 104 denies access to UE1 100 (block 818 ). Method 800 then ends.
- FIG. 9 provides a flow chart of a method for providing secure access to a first device via Quick Response (QR) codes with one or more usage profiles.
- Method 900 begins at block 902 at which processor 104 of UE1 100 generates a new authentication QR code, with associated validity parameter(s). The authentication QR code is then assigned as a current authentication mechanism for accessing UE1 100 .
- method 900 includes identifying and associating a usage profile 225 ( FIG. 2 ) for the authentication QR code.
- the usage profile 225 can include permitting secure access by a specified number of second devices using the authentication QR code and/or permitting secure access under pre-established access criteria supporting the secure access.
- the usage profile is set to enable any second device to access the first device once the second device provides the valid authentication QR code during the access request.
- the usage profile can also be set to prevent any access to the first device that does not include the valid authentication QR code.
- method 900 includes processor 104 setting the usage profile of the authentication QR to enable at least one of (a) only a single second device to access the first device using the valid authentication QR code and (b) only a single access using the valid authentication QR code by any one second device.
- Method 900 then includes enabling connection to the first device by an initial second device that provides a valid authentication QR code during an access request (block 908 ).
- method includes UE1 100 detecting a request for access to UE1 100 by another second device (separate from the already connected initial second device), wherein the other second device also provides the valid authentication QR code as the access mechanism.
- method 900 involves a determination of whether the usage profile includes supporting multiple simultaneous or concurrent second device accesses to UE1 100 .
- decision block 912 yields an affirmative response, and the usage profile allows for concurrent access by multiple second devices, multiple other second devices that provide the valid authentication QR code are permitted to connect to and exchange data with UE1 100 (block 914 ). However, access to UE1 100 is denied for all other second devices that do not provide the valid authentication QR code (block 916 ).
- method 900 in response to the usage profile being set to a single access usage for the generated authentication QR code, method 900 includes determining at decision block 918 whether the QR code has been previously utilized to access UE1 100 . In response to the QR code having already been utilized to access UE1 100 , method 900 includes denying access to the first device by any other second device that utilizes the authentication QR code (as the access mechanism) or which does not provide a currently valid authentication QR code during the access request (block 920 ). However, when the QR code has not been previously utilized and is a current valid QR code, method 900 includes enabling the access by the initial second device to the first device (block 922 ).
- method 900 includes denying access to any subsequent second device, including second devices that provide the previously valid authentication QR code (block 920 ).
- Method 1000 begins at block 1002 at which an initial second device connects to UE1 100 using the valid authorization QR code.
- the QR code is recorded within a QR code usage register 227 as being a used QR code.
- the usage register 227 is a single register or bit associated with the QR code, and can be set to a logic high or low to indicate that the QR code has already been used to access UE1 100 .
- the register 227 can include multiple entries, one for each of a plurality of QR codes, with each QR code being tracked such that a first usage is recorded in the register 227 in an entry corresponding to that QR code.
- Alternate embodiments can allow for a fixed number of uses (greater than a single use) for one or more QR codes, as defined by the usage policy 225 associated with the QR code.
- a determination is made at block 1006 whether a trigger condition associated with the validity parameter has been encountered or detected. If the trigger condition is not encountered, then the devices continue the session using the existing QR code (block 1007 ). However, in response to detection of the trigger condition, the current QR code is made invalid, and the method 1000 includes generating a new authentication QR code and assigning the new QR code as the authentication mechanism (block 1008 ). As shown at block 1010 , the method 1000 also includes enabling the ongoing session established prior to the generating of the new authentication QR code to continue while the session remains connected.
- method 1000 further comprises requiring the new authentication QR code before enabling a next session with any other second device, even while the first session initiated with the previously valid QR code is ongoing.
- decision block 1014 a determination is made whether the disconnection of the session with the initial second device is detected.
- a subsequent access request by the initial second device requires the new QR code before the initial second device will be able to initiate the next session.
- method 1000 includes preventing the second device involved in the session from reconnecting to the first device without the second device providing the new authentication QR code with an access request to reconnect the session (block 1016 ).
- the initial second device is permitted to continue with the session using the previously valid QR code so long as the session remains open and is not terminated.
- embodiments of the present innovation may be embodied as a system, device, and/or method. Accordingly, embodiments of the present innovation may take the form of an entirely hardware embodiment or an embodiment combining software and hardware embodiments that may all generally be referred to herein as a “circuit,” “module” or “system.”
Abstract
A method provides device access security via use of periodically changing Quick Response (QR) codes. The method includes: generating a first authentication QR code and assigning the generated QR code as the current authentication mechanism for accessing the device. Contemporaneously with the generation of the QR code, at least one QR code validity parameter is established to define when access to the device can be provided to a second device that provides the correct authentication QR code along with the access request. The method includes, in response to a pre-defined trigger of the QR code validity parameter: generating a new authentication QR code, different from a previously generated authentication QR code; assigning the new authentication QR code as the current authentication mechanism for accessing the device; and enabling access to the first device to only second devices that provide the current authentication QR code as the authentication mechanism.
Description
- 1. Technical Field
- The present disclosure generally relates to providing security for accessing personal electronic devices and in particular to use of quick response (QR) codes to provide security for accessing personal electronic devices.
- 2. Description of the Related Art
- Personal electronic devices such as smart phones, tablets, and others are widely utilized to store data content that the user prefers not to be generally accessible to the public. Occasionally, the user of the device wishes to share certain data content stored on the device with a user of a second device via a direct transfer of that data content. Several of these devices can include a pairing mechanism by which the first device is able to communicatively connect to a second device and exchange data content via a created pairing or communication channel. The pairing of these devices can involve an exchange of a pairing credential that is pre-established for the first device and/or the second device to be able to share the data content between the devices.
- The use of quick response (QR) codes has grown over the years as a mechanism for providing direct access via a QR image to a website or other information that is embedded within the QR image. With most personal devices now including a display and a QR code scanner, the exchange of QR codes from one device to another via direct QR image capture is possible.
- The disclosure will best be understood by reference to the following detailed description of illustrative embodiments when read in conjunction with the accompanying drawings, wherein:
-
FIG. 1 provides a block diagram representation of an example user equipment configured with various functional components that enable one or more of the described features of the disclosure, according to one embodiment; -
FIG. 2 illustrates an example authentication QR code generation environment with functional components thereof, according to one or more embodiments; -
FIG. 3 is a block diagram illustration of user interface prompts that enable entry of authentication parameters on a first user equipment, in accordance with one embodiment; -
FIG. 4 is a block diagram illustration of the user interface of the first user equipment displaying an authentication QR code for communicating of the authentication QR code to a second device via image capture, in accordance with one embodiment; -
FIG. 5 illustrates an example implementation scenario in which an image of a generated authentication QR code is communicated to a second device, in accordance with one embodiment; -
FIG. 6 illustrates an example implementation scenario when a second device is paired with a first device and authenticated using the generated and shared authentication QR code, in accordance with one embodiment; -
FIG. 7 is a flow chart illustrating aspects of a method by which a periodically changing authentication QR code is periodically generated and tracked for usage within a preset time limit, according to one or more embodiments; -
FIG. 8 is a flow chart illustrating aspects of a method by which the periodically changing authentication QR code is utilized as an authentication mechanism to enable secure access to a user equipment, according to one or more embodiments; -
FIG. 9 is a flow chart illustrating aspects of a method by which a periodically changing authentication QR code is utilized by one or more second devices to access a first device based on a pre-established usage policy, according to one or more embodiments; and -
FIG. 10 is a flow chart illustrating aspects of a method by which the periodically-changing authentication QR code is utilized to enable concurrent access by multiple second devices, with a first access using a previously-generated QR code and a second, subsequent access requiring newly generated QR code, according to one or more embodiments. - The illustrative embodiments of the present disclosure provide a method and device that provides access security via use of periodically changing Quick Response (QR) codes. According to one aspect, the method includes: generating a first authentication QR code and assigning the first authentication QR code as a current authentication mechanism for accessing a first device. Contemporaneously with the generation of the QR code, at least one QR code validity parameter is established that defines when access to the first device can be provided to a second device that provides the first authentication QR code along with an access request. The method also includes, in response to a pre-defined trigger associated with the selected at least one QR code validity parameter: generating a new authentication QR code that is different from a previously generated authentication QR code; assigning the new authentication QR code as the current authentication mechanism for accessing the first device; associating a corresponding new QR code validity parameter to the new authentication QR code; and initiating a tracking of the corresponding new QR code validity parameter during which the new authentication QR code remains valid.
- According to one or more embodiments, the at least one QR code validity parameter comprises at least one of (1) a time window having an end time and (2) a defined location within which an authentication QR code remains valid, and outside of which the authentication QR code is invalid. A new authentication QR code is automatically generated when the first device moves outside of the defined location and a new defined location is established for the new authentication QR code. Also, the pre-defined trigger is an associated one of the end time and movement of the first device outside of the defined location. The method also includes enabling access to the first device by at least one second device that communicates an access request to the first device, where the access request provides an authentication QR code that is the current authentication parameter for accessing the first device, while the selected at least one QR code validity parameter associated with the authentication QR code remains valid. In one implementation, enabling access includes enabling pairing of a second device with the first device in response to the second device providing the first authentication QR code as the authentication parameter during pairing of the second device to the first device.
- Additionally, in response to the selected at least one QR code validity parameter being the defined location, the method then includes periodically triggering the generating of the new authentication QR code at the end of a second time window associated with the first device remaining in a same defined location for longer than the second time window.
- In the following detailed description of exemplary embodiments of the disclosure, specific exemplary embodiments in which the various aspects of the disclosure may be practiced are described in sufficient detail to enable those skilled in the art to practice the invention, and it is to be understood that other embodiments may be utilized and that logical, architectural, programmatic, mechanical, electrical and other changes may be made without departing from the spirit or scope of the present disclosure. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present disclosure is defined by the appended claims and equivalents thereof.
- Within the descriptions of the different views of the figures, similar elements are provided similar names and reference numerals as those of the previous figure(s). The specific numerals assigned to the elements are provided solely to aid in the description and are not meant to imply any limitations (structural or functional or otherwise) on the described embodiment. It will be appreciated that for simplicity and clarity of illustration, elements illustrated in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements are exaggerated relative to other elements.
- It is understood that the use of specific component, device and/or parameter names, such as those of the executing utility, logic, and/or firmware described herein, are for example only and not meant to imply any limitations on the described embodiments. The embodiments may thus be described with different nomenclature and/or terminology utilized to describe the components, devices, parameters, methods and/or functions herein, without limitation. References to any specific protocol or proprietary name in describing one or more elements, features or concepts of the embodiments are provided solely as examples of one implementation, and such references do not limit the extension of the claimed embodiments to embodiments in which different element, feature, protocol, or concept names are utilized. Thus, each term utilized herein is to be given its broadest interpretation given the context in which that terms is utilized.
- As further described below, implementation of the functional features of the disclosure described herein is provided within processing devices and/or structures and can involve use of a combination of hardware, firmware, as well as several software-level constructs (e.g., program code and/or program instructions and/or pseudo-code) that execute to provide a specific utility for the device or a specific functional logic. The presented figures illustrate both hardware components and software and/or logic components.
- Those of ordinary skill in the art will appreciate that the hardware components and basic configurations depicted in the figures may vary. The illustrative components are not intended to be exhaustive, but rather are representative to highlight essential components that are utilized to implement aspects of the described embodiments. For example, other devices/components may be used in addition to or in place of the hardware and/or firmware depicted. The depicted example is not meant to imply architectural or other limitations with respect to the presently described embodiments and/or the general invention.
- The description of the illustrative embodiments can be read in conjunction with the accompanying figures. It will be appreciated that for simplicity and clarity of illustration, elements illustrated in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements are exaggerated relative to other elements. Embodiments incorporating teachings of the present disclosure are shown and described with respect to the figures presented herein.
- Turning now to
FIG. 1 , there is depicted a block diagram representation of an example user equipment (UE) within which several of the features of the disclosure can be implemented. According to the general illustration, first UE (UE1) 100 is a processing device that is designed to communicate with other devices via one of a wireless communication network, generally represented bybase station 140 andantenna 142, and one or more near field communication (NFC)devices 138. UE1 100 can be one of a host of different types of devices, including but not limited to, a mobile cellular phone or smart-phone, a laptop, a net-book, an ultra-book, and/or a tablet computing device. These various devices all provide and/or include the necessary hardware and software to enable generation of an authentication QR image for use during pairing ofUE1 100 with a second UE. Additionally, UE1 100 includes the hardware and software to support the various wireless or wired communication functions. - Referring now to the specific component makeup and the associated functionality of the presented components, UE1 100 comprises processor integrated circuit (IC) 102, which connects via a plurality of bus interconnects (illustrated by the bi-directional arrows) to a plurality of functional components of UE1 100. Processor IC 102 can include one or more programmable microprocessors, such as a
data processor 104 and a digital signal processor (DSP) 106, which may both be integrated into a single processing device, in some embodiments. The processor IC 102 controls the communication, image capture, and other functions and/or operations of UE1 100. These functions and/or operations thus include, but are not limited to, application data processing and signal processing. - Connected to processor IC 102 is
memory 108, which can include volatile memory and/or non-volatile memory. One or more executable applications can be stored within memory for execution bydata processor 104 onprocessor IC 102. For example,memory 108 is illustrated as containing Secure Access Authentication (SAA)utility 110, which can include a QRcode generation utility 112. The associated functionality and/or usage of each of the software modules will be described in greater detail within the descriptions which follow. In particular, the functionality associated with and/or provided bySAA utility 110 is described in greater details with the description ofFIG. 2 and several of the flow charts and other figures. In one embodiment, and particularly whereUE1 100 is utilized as the device that is being used to capture an image of a QR code from a second device,UE1 100 can also includeQR reader 114 and/or camera control/interface 116. Also, in one or more embodiments,SAA utility 110 can be configured to access an externally located QRcode generating facility 180. As illustrated, access to QRcode generating facility 180 can be viawireless network 170, although alternate access modes can also be supported. QRcode generating facility 180 can be a server that is accessible via the internet utilizing a specific universal resource locator (URL) programmed intoSAA utility 110, in one embodiment. - Also shown coupled to
processor IC 102 isstorage 150 which can be any type of available storage device capable of storing one or more application software and data. It is further appreciated that in one or more alternate embodiments, the device storage can actually be remote storage and not an integral part of the device itself. As provided,storage 150 contains current authentication mechanism(s) 152, which includesauthentication QR code 155. The specific usage and/or functionality associated with these components are described in greater detail in the following descriptions. -
UE1 100 also comprises one or more input/output devices, including one or more input devices, such ascamera 120,microphone 121, touch screen and/ortouch pad 122,keypad 123, and/or one or more output devices, such asdisplay 125,speaker 126, and others.UE1 100 can also include a subscriber information module (SIM) 127 which can provide unique identification of the subscriber that owns or utilizes theUE1 100, as well as specific contacts associated with the particular subscriber. In order to allowUE1 100 to provide time data,UE1 100 also includessystem clock 128. - According to one aspect of the disclosure and as illustrated by
FIG. 1 ,UE1 100 supports at least one and potentially many forms of wireless, over-the-air communication, which allowsUE1 100 to transmit and receive communication with at least one second device. As a device supporting wireless communication,UE1 100 can be one of, and be referred to as, a system, device, subscriber unit, subscriber station, mobile station (MS), mobile, mobile device, remote station, remote terminal, user terminal, terminal, communication device, user agent, user device, cellular telephone, a satellite phone, a cordless telephone, a Session Initiation Protocol (SIP) phone, a wireless local loop (WLL) station, a personal digital assistant (PDA), a handheld device having wireless connection capability, a computing device, such as a laptop, tablet, smart phone, personal digital assistant, or other processing devices connected to a wireless modem. To support the wireless communication,UE1 100 includes one or more communication components, includingtransceiver 130 withconnected antenna 132,wireless LAN module 134,Bluetooth® transceiver 137 and near fieldcommunication transceiver module 138. As further illustrated,UE1 100 can also include components for wired communication, such asmodem 135 andEthernet module 136. Collectively, these wireless and wired components provide a communication means ormechanism 165 by whichUE1 100 can communicate with other devices and networks. - The wireless communication can be via a standard wireless network, which includes a network of base stations, illustrated by evolution Node B (eNodeB) 140 and associated
base station antenna 142. A first over-the-air signal 144 is illustrated interconnectingbase station antenna 142 withlocal antenna 132 ofUE1 100. Additionally, communication with the at least one second device can be established via near fieldcommunication transceiver module 138. In at least one embodiment,UE1 100 can exchange communication with one or more second devices, of whichUE2 146 andUE3 148 are illustrated. As described in further detail below, each ofUE2 146 andUE3 148 can be second devices with which UE1 100 can establish a communication channel following the exchange of specific authentication and/or access credentials. The path of communication betweenUE1 100 and the second devices can be via near field communication, Bluetooth, or viawireless network 170, as indicated by the second over-the-air signal 172 betweenbase station antenna 142 andUE2 146. - Turning now to
FIG. 2 , a more detailed diagram of an example Authentication QR Code Generation and Usage (QRGU)execution environment 200 is illustrated.QRGU execution environment 200 includes a combination of hardware, firmware, software and data components, which collectively perform the various aspects of the disclosure by execution ofSAA utility 110 and other functional components ondata processor 104 and/or embedded device controllers. As shown,QRGU execution environment 200 includesSAA utility 110, which comprises QRcode generation utility 112, QR access authentication parametervalidity tracking module 210, authentication QRcode checking module 220, anduser interface 230. QRcode generation utility 112 receives one or more current device access authentication parameter(s) 205 as input, and generates a correspondingauthentication QR code 155 representing the current authentication parameter(s) 205. In one or more implementations, the current device access authentication parameter(s) 205 include one or more of a password, a login-password combination, an alphanumeric pin, a swipe input sequence, or other form of authentication parameter. The current authentication parameter(s) 205 can be randomly generated or manually inputted by a user ofUE1 100 withinuser interface 230. Importantly, the current authentication parameter(s) 205 have a limited lifespan and are periodically changed and/or updated. This aspect of the current authentication parameter(s) 205 is reflected in theQR code 155, which also constantly and/or periodically changes based on one or more triggers. The one or more triggers are monitored and enforced by QR access authentication parametervalidity tracking module 210. As shown, QR access authentication parametervalidity tracking module 210 can include atimer 215 as well as alocation tracker 217, which in one embodiment can be a global positioning system (GPS) location tracker. The functional use of these two components is described in detail in a following section of the disclosure. In one implementation,location tracker 217 also has asecond timer 219, which determines a time during which a QR code remains valid within a specific device location before a new QR code is required to be generated. - In one or more embodiments, QR
code generation utility 112 comprises firmware, which packages and transmits the current authentication parameter(s) 205 to an external QR code generating facility 180 (FIG. 1 ), such as a website on a remote server. The QRcode generating facility 180 then generates thecorresponding QR code 155, and returns theQR code 155 toUE1 100. In these implementations, the transmission of theauthentication parameters 205 and subsequent return transmission of thecorresponding QR code 155 can occur viawireless network 170 or other communication medium. - Authentication QR
code checking module 220 performs a comparison of a received QR code being provided as the authentication mechanism by a second device requesting access to link toUE1 100 via a pairing channel. Authentication QRcode checking module 220 either checks the received QR code against the current authentication QR code 155 (e.g., via QR image matching) or deciphers the received QR code and checks the deciphered parameters against the current authentication parameter(s) 205. - In one or more embodiments, Authentication QR Code Generation and Usage (QRGU)
execution environment 200 can include a QR code usage profile 225 as well as an associated usage register 227. In the illustrative embodiment, the QR code usage profile 225 is maintained within authentication QRcode checking module 220, while usage register 227 is shown withinstorage 150. Regardless of their location relative to the other components, the functionality provided by these components can include limitations on the use of the generated QR codes and functional enhancements related to the implementation of the QR codes as the authentication mechanism forUE1 100. More detail about these two components is provided in the description ofFIGS. 9 and 10 . -
QRGU execution environment 200 also comprisesnon-volatile storage 150, within which is maintained several types of data and information germane to execution of the various different utilities. Specifically,storage 150 includescurrent authentication mechanisms 152, which comprises both current authentication parameter(s) 205 and currentauthorization QR code 155. Also maintained instorage 150 areperiodic timer value 232 and/or devicelocation range parameter 234, both respectively utilized byperiodic timer 215 and (GPS) location tracker 225.Second timer value 236 corresponding to second timer 227 can also be maintained withinstorage 150. - Also illustrated within
storage 150 isdata content 245, which can be divided into separate sets of data content, each having different requirements for security and/or being assigned different secure access parameters and/or being tagged for access by specific second devices. As further shown,storage 150 includescontacts 250, which is a database or list of known persons or second devices or subscribers with which UE1 100 can communicate. Each contact is represented by a separate row incontacts 250 and includes a contact ID and/ordevice ID 252. Additionally, each contact can have an associated access permission parameter, which is indicated as a device-specific QR code 254. Accordingly, one or more embodiments enable granular assignment of QR codes to specificsecond devices 252 for access tospecific data content 245 onUE1 100. -
QRGU execution environment 200 also includespairing module 260, which controls the pairing functions ofUE1 100 to one or more second devices.Pairing module 260 includespairing parameters 262, apairing user interface 264, and pairingdevice authentication module 266. Pairingdevice authentication module 266 checks the received authentication and pairing parameters received from a second device attempting to connect withUE1 100 to ensure the second device has the correct authorization to complete the pairing. In one embodiment, pairingdevice authentication module 266 triggers authentication QRcode checking module 220 to perform the authentication checking when a QR code is provided as the received authentication parameter. In an alternate embodiment, pairingdevice authentication module 266 can also perform the QR code checking features of authentication QRcode checking module 220. - The above described features of UE1 100 (
FIG. 1 ) and QRGU execution environment 200 (FIG. 2 ) presents a first aspect of the disclosure, which provides an electronic device (UE1 100) comprising: adisplay 125; acommunication mechanism 165; and aprocessor 104 that is communicatively coupled to thedisplay 125 and thecommunication mechanism 165. The electronic device (100) further includes a secure access authentication (SAA)utility 110 that executes on theprocessor 104 and configures the device (100) to: generate a firstauthentication QR code 155; assign the first authentication QR code as an authentication mechanism for accessing a first device; and establish at least one QR code validity parameter that defines when access to the first device can be provided to at least one second device that provides the first authentication QR code along with an access request. TheSAA utility 110 further configures the device (100) to, in response to a pre-defined trigger associated with the selected at least one QR code validity parameter: generate a new authentication QR code that is different from a previously generatedauthentication QR code 155; assign the newauthentication QR code 155 as the current authentication mechanism for accessing the first device; associate a corresponding new QR code validity parameter to the new authentication QR code; and initiate a tracking of the corresponding new QR code validity parameter during which the newauthentication QR code 155 remains valid. - In one or more embodiments, the at least one QR code validity parameter comprises at least one of (1) a time window having an end time and (2) a defined location within which a current authentication QR code remains valid, and outside of which the authentication QR code is invalid; and (3) a defined location within which a current authentication code remains valid until the end of a second time window (as measured by second timer 227). According to validity parameter (3), the authentication QR code becomes invalid when the first device remains in the same defined location for longer than the second time window. Thus, the pre-defined trigger is an associated one of the end time, movement of the first device outside of the defined location, and the first device remaining in the defined location for longer than a set period of time. Additionally, the pre-defined trigger can include at least one of: completion of a pre-defined amount of data transfer from the first device to a requesting device; completion of a transfer of a specific set of data from the first device to a requesting device; and movement of the requesting device out of a communication range from the first device.
- The
SAA utility 110 further configures the device (100) to: enable access to the first device by at least one second device (e.g., UE2 146) that communicates an access request to the first device (100), where the access request provides an authentication QR code that is the current authentication parameter for accessing the first device (100), while the selected at least one QR code validity parameter associated with the authentication QR code remains valid. - According to one embodiment, the
SAA utility 110 further enables access to the first device (100) by enabling a pairing of a second device with the first device (100) in response to the second device providing the authentication QR code that is the current authentication parameter during pairing of the second device to the first device. In at least one implementation, the SAA utility configuring the device (100) to pair with a second device includes configuring the device (100) to perform at least one of: wireless communication between the first device and the second device; data transfer between the first device and the second device; an exchange of information between the first device and the second device; accessing one or more of files and data on the first device by the second device; and controlling of the first device via inputs provided on the second device. - In yet another embodiment, the SAA utility configuring the device to generate the first authentication QR code and periodically generate a new authentication QR code comprises the SAA utility further configuring the device to: periodically generate a new QR code validity parameter required to be entered before access is permitted to the first device; convert the new QR code validity parameter into a corresponding authentication QR code; discard the previous authentication QR code; and prevent access to the first device when a received access request includes the previous authentication QR code.
- Turning now to
FIGS. 3-4 , there are illustrated two different views ofUE1 100 and specifically features presented within different user interfaces ondisplay 125 ofUE1 100.FIG. 3 presents user interface prompts that enable entry of authentication parameters onUE1 100, whileFIG. 4 presents an example user interface displaying a current authentication QR code for communicating to a second device via image capture, in accordance with one embodiment. WithinFIG. 3 ,UE1 100 is shown withdisplay 125 presentingSAA UI 230.SAA UI 230 comprises two prompts and associated entry spaces. First prompt 310 is a request to enter a new authentication parameter. A user ofUE1 100 can enter alphanumeric characters or values withinfirst entry 315 as the authentication parameters. In one or more alternate embodiments, authentication parameters can be randomly generated by SAA utility 110 (FIG. 1 ).First entry 315 can then be utilized when specific user authentication parameters are to be assigned to certain identified second devices.Second prompt 320 presents a request to identify a specific second device ID, which the user wants associated with the authentication parameters entered atfirst entry 315. In one implementation, the user can enter multiple second devices or no second devices. When no entry is provided withinsecond entry 325, the entered authentication parameters becomes the global authentication parameters required by any and all second devices.SAA UI 230 also provides a returnsoft button 330 and an endsoft button 335 to allow the user to return the entries for processing by SAA utility or to exit theSAA UI 230, respectively. - Within
FIG. 4 ,SAA UI 230 presents theQR code image 410 that corresponds to the authentication parameters provided within first entry 315 (FIG. 3 ). When the QR code is being displayed withinSAA UI 230,UE1 100 supports transfer of authenticationQR code image 410 via image capture by a second device.FIG. 5 illustrates an example implementation scenario in which an image of a generated authenticationQR code image 410 is communicated to a second device,UE2 146, in accordance with one embodiment. As shown, in order for direct image transfer, bothdevices UE1 100 will likely be in a position to capture the displayedQR code image 410 and later utilize theQR code image 410 as the authentication parameter to access data content onUE1 100. - According to one embodiment, the
SAA utility 110 configures the device (100) to communicate the authentication QR code to at least one second device by displaying the generated authentication QR code on a display of the first device to allow a camera of the at least one second device that is placed in proximity to the first device to capture an image of the QR code. In one or more embodiments, authorization to access the first device is limited to only second devices that are allowed to be placed in a position adjacent the display, within a proximate distance to the display at which an image of the authentication QR code can be captured. - In one alternate embodiment, the
SAA utility 110 configures the device to communicate the authentication QR code to at least one second device by transmitting the authentication QR code via a text message to a second device. In yet another embodiment, the SAA utility configures the device to: communicate the authentication QR code to at least one second device by transmitting the authentication QR code via one of an electronic and a wireless communication medium to a second device. -
FIG. 6 illustrates an example implementation scenario in which a second device,UE2 146, is paired withUE1 100, where the second device is authenticated using the generated and sharedauthentication QR code 410, in accordance with one embodiment. As shown, both devices are oriented in one of several alternate pairing configurations.UE1 100 includespairing UI 264 presented ondisplay 125.Pairing UI 264 can present certain aspects of the pairing functions occurring onUE1 100 within astatus output area 610, including three different status reports, namely, pairing, device access authentication, and data transfer.UE2 146 also includessecond pairing UI 630, which presents three second device status reports within secondstatus output area 635, namely pairing, device access approved, and data transfer. Bothpairing UIs soft button line 625 indicates a transfer of a copy ofQR code 155 fromUE2 146 toUE1 100 as the authentication mechanism during initial pairing. Once authentication is completed, a communication channel, represented asbi-directional arrow 645, is opened between the two devices and on whichdata content 245 can be transmitted fromUE1 100 toUE2 146.Communication channel 645 actually enables two-way transfer between paired devices, in one or more embodiments. - To facilitate the use of
authentication QR code 155 as the authentication mechanism for accessing data content onUE1 100,UE2 146 first captures and stores a copy ofauthentication QR code 155 fromUE1 100. According to a least one embodiment, theSAA utility 110 further configures the device (100) to, in response to receiving a request for access to the first device from a second device: identify whether the request for access includes a received QR code; compare the received QR code with a currently assigned authentication QR code; and enable the second device to access the first device only in response to the received QR code matching the currently assigned authentication QR code. - With reference now to the flow charts,
FIG. 7 is a flow chart illustrating aspects of amethod 700 by which a periodically changing authentication QR code is periodically generated and tracked for usage within a preset time limit, according to one or more embodiments.FIG. 8 is a flow chart illustrating aspects of amethod 800 by which the periodically changing authentication QR code is utilized as an authentication mechanism to enable secure access to an user equipment, according to one or more embodiments.FIG. 9 is a flow chart illustrating aspects of a method by which a periodically changing authentication QR code is utilized by one or more second devices to access a first device based on a pre-established usage policy, according to one or more embodiments. Finally,FIG. 10 is a flow chart illustrating aspects of a method by which the periodically changing authentication QR code enables overlapping access by one or more second devices to the first device while the QR code is changed for other second devices not currently accessing the first device, according to one or more embodiments. - With the descriptions that follow, certain aspects of the various methods can be implemented by
processor 104 executing code from one or more ofSAA utility 110 and/orpairing module 260 and/or other software or firmware components ofUE1 100. Generally, themethods UE1 100,processor 104 or a specific utility, e.g.,SAA utility 110, without limitation. -
FIG. 7 presents amethod 700 for providing security via Quick Response (QR) codes. Themethod 700 begins atblock 702 at whichprocessor 104 executesSAA utility 110 onUE1 100.Processor 104 then generates or receives an entry (e.g., via SAA UI 230) of one or more authentication parameter(s) 205 (block 704). With the received or generated authentication parameter(s) 205,processor 104 generates a corresponding authentication QR code 155 (block 706), and assigns the authenticatedQR code 155 as the authentication mechanism for pairing with and/or accessingUE1 100 from a second device (block 708). Atblock 710,processor 104 establishes a QRcode validity parameter 210. The QRcode validity parameter 210 defines when access to the first device can be provided to at least one second device that provides the current authentication QR code along with an access request. As provided herein, QRcode validity parameter 210 can be one or both of a time limit or a defined location within which the authentication QR code remains valid and outside of which the authentication QR code becomes stale or invalid and is automatically replaced with a new QR code. In one or more embodiments, the at least one QR code validity parameter comprises at least one of (1) a time window having an end time; (2) a defined location within which an authentication QR code remains valid, and outside of which the authentication QR code is invalid, wherein a new authentication QR code is automatically generated when the first device moves outside of the defined location and a new defined location is established for the new authentication QR code; and (3) a defined location within which a current authentication code remains valid until the end of a second time window, where a new authentication QR code is generated when the second time window ends and a new defined location and time window is established for the new authentication QR code. - Thus, at
decision block 712,processor 104 determines whether a pre-defined trigger associated with the QRcode validity parameter 210 is registered or detected. In one embodiment, this determination can generally be represented by a tracking value that indicates when the currentauthentication QR code 155 is still valid. In one embodiment, the pre-defined trigger is an associated one of the end time, movement of the first device outside of the defined location; and no movement outside of the defined location within a defined period of time. In one or more embodiments, the pre-defined trigger may include at least one of: passage of a preset amount of time following generation of a previously generated authentication QR code; completion of a pre-defined amount of data transfer from the first device to a requesting device; completion of a transfer of a specific set of data from the first device to a requesting device; and movement of the requesting device out of a communication range from the first device. - While the QR
code validity parameter 210 indicates the current authentication QR code is still valid,method 700 includesprocessor 104 continuing to utilize the authentication QR code as the current authentication mechanism for accessingUE1 100, unless one of a first periodic timer or a second location timer expires (block 716). In one embodiment, a second periodic timer is utilized to automatically update the authentication QR code after passage of a certain amount of time and/or after the device has not moved from a general location following a pre-set amount of time. This embodiment can be utilized primarily when the QRcode validity parameter 210 is a location based parameter andUE1 100 is not moved out of an initial location in which the first assigned authentication QR code would remain valid. - Returning to the flow chart, when the authentication QR code is no longer valid, e.g., in response to occurrence or detection of a pre-defined trigger associated with the selected QR
code validity parameter 210,method 700 further includesprocessor 104 discarding the current (or previous) authentication QR code and preventing any future access toUE1 100 where the received access request includes and/or utilizes the discarded or stale QR code as the access mechanism (block 714).Method 700 also includesprocessor 104 returning to block 704 and, after receiving or generating new authentication parameters, generating a new authentication QR code that is different from a previously generated authentication QR code. As with the previously generated authentication QR code, the generation of a new authentication QR code includesprocessor 104 also: assigning the new authentication QR code as the current authentication mechanism for accessing the first device; associating a corresponding new QRcode validity parameter 210 to the new authentication QR code; and initiating a tracking of the corresponding new QRcode validity parameter 210 during which the new authentication QR code remains valid (blocks 708-712). - Thus, according to the above described embodiments, generating the first authentication QR code and periodically generating a new authentication QR code comprises the processor 104: periodically generating a new QR code validity parameter required to be entered before access is permitted to the first device; and converting the new QR code validity parameter into a corresponding authentication QR code.
- Turning now to
FIG. 8 ,method 800 begins at start block and proceeds to block 802 at whichprocessor 104 generates a newauthorization QR code 155 and associates the new authorization QR code with a corresponding new QRcode validity parameter 210. At block 804,UE1 100 communicates the authentication QR code to at least one second device by displaying the generated authentication QR code on a display ofUE1 100 to allow a camera or a QR reader of the at least one second device that is placed in proximity to the first device to capture an image of the QR code. With this embodiment, authorization to access the first device can then be limited to only second devices that are allowed to be placed in a position adjacent the display, within a proximate distance to the display at which an image of the authentication QR code can be captured. In one or more alternate embodiments,method 800 can involveUE1 100 communicating the authentication QR code to at least one second device by transmitting the authentication QR code via a text message to a second device. In yet other embodiments,method 800 can involveUE1 100 communicating the authentication QR code to at least one second device by transmitting the authentication QR code via one of an electronic and a wireless communication medium to a second device. - At
block 806,method 800 includesprocessor 104 mapping or linking the new authentication QR code to one or more of (a) a general device access, (b) access to specific content onUE1 100, and/or access by one or more selected, specific second devices. One or more of the different accesses can include a time limit for such access.Method 800 further includesprocessor 104 enabling access to theUE1 100 by at least one second device that communicates an access request to the first device, where the access request provides an authentication QR code that is the current authentication parameter for accessing the first device, while the selected at least one QR code validity parameter associated with the authentication QR code remains valid (block 807). - Continuing with the illustrative embodiment, but not shown in
FIG. 8 , the enabling access comprises enabling pairing of a second device withUE1 100 in response to the second device providing the first authentication QR code as the authentication parameter during pairing of the second device to the first device. In one or more embodiments, pairing of the devices comprises at least one of: enabling wireless communication between the first device and the second device; enabling at least one data transfer between the first device and the second device; enabling an exchange of information between the first device and the second device; enabling access to one or more of files and data on the first device by the second device; and enabling control of the first device via inputs provided on the second device. - The actual method processes involved in the above described accesses by a second device to
UE1 100 are presented in blocks 808-818. Atblock 808,method 800 includesprocessor 104 detecting a request from the second device to accessUE1 100. In response to receiving the request for access toUE1 100 from a second device,method 800 includesprocessor 104 performing the following sequence of functions: identifying, as indicated bydecision block 810, whether the request for access includes a received QR code; comparing the received QR code with a currently assigned authentication QR code (block 812); determining atblock 814 if the received QR code matches the current authentication QR code, which is still valid; and enabling the second device to access the first device only in response to the received QR code matching the currently assigned authentication QR code (block 816). If atdecision block 810, the request from the second device does not include a QR code, theprocessor 104 denies access to UE1 100 (block 818). Similarly, if received QR code does not match the current, valid, authentication QR code, theprocessor 104 denies access to UE1 100 (block 818).Method 800 then ends. -
FIG. 9 provides a flow chart of a method for providing secure access to a first device via Quick Response (QR) codes with one or more usage profiles.Method 900 begins atblock 902 at whichprocessor 104 ofUE1 100 generates a new authentication QR code, with associated validity parameter(s). The authentication QR code is then assigned as a current authentication mechanism for accessingUE1 100. Atblock 904,method 900 includes identifying and associating a usage profile 225 (FIG. 2 ) for the authentication QR code. According to one or more embodiments, the usage profile 225 can include permitting secure access by a specified number of second devices using the authentication QR code and/or permitting secure access under pre-established access criteria supporting the secure access. For example, in one embodiment, the usage profile is set to enable any second device to access the first device once the second device provides the valid authentication QR code during the access request. The usage profile can also be set to prevent any access to the first device that does not include the valid authentication QR code. Atblock 906,method 900 includesprocessor 104 setting the usage profile of the authentication QR to enable at least one of (a) only a single second device to access the first device using the valid authentication QR code and (b) only a single access using the valid authentication QR code by any one second device.Method 900 then includes enabling connection to the first device by an initial second device that provides a valid authentication QR code during an access request (block 908). Atblock 910, method includesUE1 100 detecting a request for access toUE1 100 by another second device (separate from the already connected initial second device), wherein the other second device also provides the valid authentication QR code as the access mechanism. Atdecision block 912,method 900 involves a determination of whether the usage profile includes supporting multiple simultaneous or concurrent second device accesses toUE1 100. - When
decision block 912 yields an affirmative response, and the usage profile allows for concurrent access by multiple second devices, multiple other second devices that provide the valid authentication QR code are permitted to connect to and exchange data with UE1 100 (block 914). However, access toUE1 100 is denied for all other second devices that do not provide the valid authentication QR code (block 916). - However, at
decision block 912, in response to the usage profile being set to a single access usage for the generated authentication QR code,method 900 includes determining atdecision block 918 whether the QR code has been previously utilized to accessUE1 100. In response to the QR code having already been utilized to accessUE1 100,method 900 includes denying access to the first device by any other second device that utilizes the authentication QR code (as the access mechanism) or which does not provide a currently valid authentication QR code during the access request (block 920). However, when the QR code has not been previously utilized and is a current valid QR code,method 900 includes enabling the access by the initial second device to the first device (block 922). Thus, with this embodiment, access toUE1 100 is permitted only if the valid authentication QR code has not been previously utilized to provide access by another second device. Also, in response to the valid authentication QR code having been previously utilized to provide access by another second device,method 900 includes denying access to any subsequent second device, including second devices that provide the previously valid authentication QR code (block 920). - Turning now to
FIG. 10 , there is illustrated another flow chart showing themethod 1000 by which an ongoing session is maintained between two connected devices.Method 1000 begins atblock 1002 at which an initial second device connects toUE1 100 using the valid authorization QR code. Atblock 1004, the QR code is recorded within a QR code usage register 227 as being a used QR code. In one embodiment, the usage register 227 is a single register or bit associated with the QR code, and can be set to a logic high or low to indicate that the QR code has already been used to accessUE1 100. In one embodiment, the register 227 can include multiple entries, one for each of a plurality of QR codes, with each QR code being tracked such that a first usage is recorded in the register 227 in an entry corresponding to that QR code. Alternate embodiments can allow for a fixed number of uses (greater than a single use) for one or more QR codes, as defined by the usage policy 225 associated with the QR code. A determination is made atblock 1006 whether a trigger condition associated with the validity parameter has been encountered or detected. If the trigger condition is not encountered, then the devices continue the session using the existing QR code (block 1007). However, in response to detection of the trigger condition, the current QR code is made invalid, and themethod 1000 includes generating a new authentication QR code and assigning the new QR code as the authentication mechanism (block 1008). As shown atblock 1010, themethod 1000 also includes enabling the ongoing session established prior to the generating of the new authentication QR code to continue while the session remains connected. Notably, this ongoing session still maintains the previous authentication QR code, which has been made invalid by the trigger condition. However, as provided atblock 1012,method 1000 further comprises requiring the new authentication QR code before enabling a next session with any other second device, even while the first session initiated with the previously valid QR code is ongoing. Atdecision block 1014, a determination is made whether the disconnection of the session with the initial second device is detected. In response to disconnection of the session, a subsequent access request by the initial second device requires the new QR code before the initial second device will be able to initiate the next session. Thus,method 1000 includes preventing the second device involved in the session from reconnecting to the first device without the second device providing the new authentication QR code with an access request to reconnect the session (block 1016). However, as previously noted, the initial second device is permitted to continue with the session using the previously valid QR code so long as the session remains open and is not terminated. - In each of the flow charts presented herein, certain steps of the methods can be combined, performed simultaneously or in a different order, or perhaps omitted, without deviating from the spirit and scope of the described innovation. While the method steps are described and illustrated in a particular sequence, use of a specific sequence of steps is not meant to imply any limitations on the innovation. Changes may be made with regards to the sequence of steps without departing from the spirit or scope of the present innovation. Use of a particular sequence is therefore, not to be taken in a limiting sense, and the scope of the present innovation is defined only by the appended claims.
- As will be appreciated by one skilled in the art, embodiments of the present innovation may be embodied as a system, device, and/or method. Accordingly, embodiments of the present innovation may take the form of an entirely hardware embodiment or an embodiment combining software and hardware embodiments that may all generally be referred to herein as a “circuit,” “module” or “system.”
- Aspects of the present innovation are described below with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the innovation. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
- While the innovation has been described with reference to exemplary embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted for elements thereof without departing from the scope of the innovation. In addition, many modifications may be made to adapt a particular system, device or component thereof to the teachings of the innovation without departing from the essential scope thereof. Therefore, it is intended that the innovation not be limited to the particular embodiments disclosed for carrying out this innovation, but that the innovation will include all embodiments falling within the scope of the appended claims. Moreover, the use of the terms first, second, etc. do not denote any order or importance, but rather the terms first, second, etc. are used to distinguish one element from another.
- The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the innovation. As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises” and/or “comprising,” when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
- The corresponding structures, materials, acts, and equivalents of all means or step plus function elements in the claims below are intended to include any structure, material, or act for performing the function in combination with other claimed elements as specifically claimed. The description of the present innovation has been presented for purposes of illustration and description, but is not intended to be exhaustive or limited to the innovation in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the innovation. The embodiment was chosen and described in order to best explain the principles of the innovation and the practical application, and to enable others of ordinary skill in the art to understand the innovation for various embodiments with various modifications as are suited to the particular use contemplated.
Claims (24)
1. A method for providing security via Quick Response (QR) codes, the method comprising:
generating a first authentication QR code;
assigning the first authentication QR code as a current authentication mechanism for accessing a first device;
establishing at least one QR code validity parameter that defines when access to the first device can be provided to at least one second device that provides the first authentication QR code along with an access request; and
in response to a pre-defined trigger associated with the selected at least one QR code validity parameter: generating a new authentication QR code that is different from a previously generated authentication QR code; assigning the new authentication QR code as the current authentication mechanism for accessing the first device; associating a corresponding new QR code validity parameter to the new authentication QR code; and initiating a tracking of the corresponding new QR code validity parameter during which the new authentication QR code remains valid.
2. The method of claim 1 , wherein:
the at least one QR code validity parameter comprises at least one of (1) a time window having an end time and (2) a defined location within which an authentication QR code remains valid, and outside of which the authentication QR code is invalid, wherein a new authentication QR code is automatically generated when the first device moves outside of the defined location and a new defined location is established for the new authentication QR code;
the pre-defined trigger is an associated one of the end time and movement of the first device outside of the defined location; and
the method further comprises:
enabling access to the first device by at least one second device that communicates an access request to the first device, where the access request provides an authentication QR code that is the current authentication parameter for accessing the first device, while the selected at least one QR code validity parameter associated with the authentication QR code remains valid; and
in response to the selected at least one QR code validity parameter being the defined location, periodically triggering the generating of the new authentication QR code.
3. The method of claim 2 , wherein enabling access comprises enabling pairing of a second device with the first device in response to the second device providing the first authentication QR code as the current authentication parameter during pairing of the second device to the first device.
4. The method of claim 3 , wherein pairing of the devices comprises at least one of: enabling wireless communication between the first device and the second device; enabling at least one data transfer between the first device and the second device; enabling an exchange of information between the first device and the second device; enabling access to one or more of files and data on the first device by the second device; and enabling control of the first device via inputs provided on the second device.
5. The method of claim 1 , wherein generating the first authentication QR code and periodically generating a new authentication QR code comprises:
periodically generating a new device access authentication parameter required to be entered before access is permitted to the first device;
converting the new device access authentication parameter into a corresponding authentication QR code;
discarding the previous authentication QR code; and
preventing access to the first device when a received access request includes the previous authentication QR code.
6. The method of claim 1 , further comprising:
in response to receiving a request for access to the first device from a second device:
identifying whether the request for access includes a received QR code;
comparing the received QR code with a currently assigned authentication QR code; and
enabling the second device to access the first device only in response to the received QR code matching the currently assigned authentication QR code.
7. The method of claim 1 , further comprising:
communicating the authentication QR code to at least one second device by displaying the generated authentication QR code on a display of the first device to allow a camera of the at least one second device that is placed in proximity to the first device to capture an image of the QR code, wherein authorization to access the first device is limited to only second devices that are allowed to be placed in a position adjacent the display, within a proximate distance to the display at which an image of the authentication QR code can be captured.
8. The method of claim 1 , further comprising:
communicating the authentication QR code to at least one second device by transmitting the authentication QR code via a text message to a second device.
9. The method of claim 1 , further comprising:
communicating the authentication QR code to at least one second device by transmitting the authentication QR code via one of an electronic and a wireless communication medium to a second device.
10. The method of claim 1 , wherein the pre-defined trigger includes at least one of: passage of a preset amount of time following generation of a previously generated authentication QR code; completion of a pre-defined amount of data transfer from the first device to a requesting device; completion of a transfer of a specific set of data from the first device to a requesting device; and movement of the requesting device out of a communication range from the first device.
11. An electronic device comprising:
a display;
a communication mechanism;
a processor that is communicatively coupled to the display and the communication mechanism; and
a secure access authentication (SAA) utility that executes on the processor and configures the device to:
generate a first authentication QR code;
assign the first authentication QR code as an authentication mechanism for accessing a first device;
establish at least one QR code validity parameter that defines when access to the first device can be provided to at least one second device that provides the first authentication QR code along with an access request; and
in response to a pre-defined trigger associated with the at least one QR code validity parameter: generate a new authentication QR code that is different from a previously generated authentication QR code; assign the new authentication QR code as the current authentication mechanism for accessing the first device; associate a corresponding new QR code validity parameter to the new authentication QR code; and
initiate a tracking of the corresponding new QR code validity parameter during which the new authentication QR code remains valid.
12. The electronic device of claim 11 , wherein:
the at least one QR code validity parameter comprises at least one of (1) a time window having an end time and (2) a defined location within which an authentication QR code remains valid, and outside of which the authentication QR code is invalid, wherein a new authentication QR code is automatically generated when the first device moves outside of the defined location and a new defined location is established for the new authentication QR code;
the pre-defined trigger is an associated one of the end time and movement of the first device outside of the defined location; and
the SAA utility further configures the device to:
enable access to the first device by at least one second device that communicates an access request to the first device, where the access request provides an authentication QR code that is the current authentication parameter for accessing the first device, while the selected at least one QR code validity parameter associated with the authentication QR code remains valid; and
in response to the selected at least one QR code validity parameter being the defined location, periodically trigger the generating of the new authentication QR code when the first device is moved away from the defined location.
13. The electronic device of claim 12 , wherein the SAA utility further configures the device to enable access to the first device by enabling a pairing of a second device with the first device in response to the second device providing the authentication QR code that is the current authentication parameter during pairing of the second device to the first device.
14. The electronic device of claim 13 , wherein the SAA utility configuring the device to pair the devices includes configuring the device to perform at least one of: wireless communication between the first device and the second device; data transfer between the first device and the second device; an exchange of information between the first device and the second device;
accessing one or more of files and data on the first device by the second device; and controlling of the first device via inputs provided on the second device.
15. The electronic device of claim 11 , wherein the SAA utility configuring the device to generate the first authentication QR code and periodically generate a new authentication QR code comprises the SAA utility further configuring the device to:
periodically generate a new device access authentication parameter required to be entered before access is permitted to the first device;
convert the new device access authentication parameter into a corresponding authentication QR code;
discard the previous authentication QR code; and
preventing access to the first device when a received access request includes the previous authentication QR code.
16. The electronic device of claim 11 , wherein the SAA utility further configures the device to:
in response to receiving a request for access to the first device from a second device:
identify whether the request for access includes a received QR code;
compare the received QR code with a currently assigned authentication QR code; and
enable the second device to access the first device only in response to the received QR code matching the currently assigned authentication QR code.
17. The electronic device of claim 11 , wherein the SAA utility further configures the device to:
communicate the authentication QR code to at least one second device by displaying the generated authentication QR code on a display of the first device to allow a camera of the at least one second device that is placed in proximity to the first device to capture an image of the QR code, wherein authorization to access the first device is limited to only second devices that are allowed to be placed in a position adjacent the display, within a proximate distance to the display at which an image of the authentication QR code can be captured.
18. The electronic device of claim 11 , wherein the SAA utility further configures the device to communicate the authentication QR code to at least one second device by transmitting the authentication QR code via a text message to a second device.
19. The electronic device of claim 11 , wherein the SAA utility further configures the device to: communicate the authentication QR code to at least one second device by transmitting the authentication QR code via one of an electronic and a wireless communication medium to a second device.
20. The electronic device of claim 1 , wherein the pre-defined trigger includes at least one of: passage of a preset amount of time following generation of a previously generated authentication QR code; completion of a pre-defined amount of data transfer from the first device to a requesting device; completion of a transfer of a specific set of data from the first device to a requesting device; and movement of the requesting device out of a communication range from the first device.
21. A method for providing secure access to a first device via Quick Response (QR) codes, the method comprising:
generating a first authentication QR code;
assigning the first authentication QR code as a current authentication mechanism for accessing the first device;
identifying and associating a usage profile for the authentication QR code to permit secure access by a specified number of second devices using the authentication QR code and under pre-established access criteria supporting the secure access;
enabling connection to the first device by an initial second device that provides a valid authentication QR code during an access request; and
denying access to the first device by any second device that does not provide the valid authentication QR code during the access request.
22. The method of claim 21 , further comprising setting the usage profile of the authentication QR to enable any second device to access the first device once the second device provides the valid authentication QR code during the access request and to prevent any access to the first device that does not include the valid authentication QR code.
23. The method of claim 21 , further comprising setting the usage profile of the authentication QR to enable at least one of (a) only a single second device to access the first device using the valid authentication QR code and (b) only a single access using the valid authentication QR code by any one second device, wherein the method further comprises:
in response to receiving the access request from the initial second device:
confirming whether the valid authentication QR code has been previously received from another second device to provide access to the first device by the other second device; and
enabling the access by the initial second device to the first device only if the valid authentication QR code has not been previously utilized to provide access by another second device; and
in response to the valid authentication QR code having been previously utilized to provide access by another second device, denying access to the initial second device and any subsequent second device, including second devices that provide the authentication QR code.
24. The method of claim 21 , further comprising:
generating a new authentication QR code in response to a pre-established trigger;
enabling an ongoing session established prior to the generating of the new authentication QR code to continue while the session remains connected;
detecting a disconnection of the session; and
preventing the second device involved in the session from reconnecting to the first device without the second device providing the new authentication QR code with an access request to reconnect the session.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/802,854 US20140282923A1 (en) | 2013-03-14 | 2013-03-14 | Device security utilizing continually changing qr codes |
PCT/US2014/017555 WO2014158510A1 (en) | 2013-03-14 | 2014-02-21 | Device security utilizing continually changing qr codes |
US14/712,034 US9794253B2 (en) | 2013-03-14 | 2015-05-14 | Device security utilizing continually changing QR codes |
US15/786,336 US10430568B2 (en) | 2013-03-14 | 2017-10-17 | Device security utilizing continually changing QR codes |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/802,854 US20140282923A1 (en) | 2013-03-14 | 2013-03-14 | Device security utilizing continually changing qr codes |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/712,034 Continuation US9794253B2 (en) | 2013-03-14 | 2015-05-14 | Device security utilizing continually changing QR codes |
Publications (1)
Publication Number | Publication Date |
---|---|
US20140282923A1 true US20140282923A1 (en) | 2014-09-18 |
Family
ID=50280479
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/802,854 Abandoned US20140282923A1 (en) | 2013-03-14 | 2013-03-14 | Device security utilizing continually changing qr codes |
US14/712,034 Active US9794253B2 (en) | 2013-03-14 | 2015-05-14 | Device security utilizing continually changing QR codes |
US15/786,336 Active US10430568B2 (en) | 2013-03-14 | 2017-10-17 | Device security utilizing continually changing QR codes |
Family Applications After (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/712,034 Active US9794253B2 (en) | 2013-03-14 | 2015-05-14 | Device security utilizing continually changing QR codes |
US15/786,336 Active US10430568B2 (en) | 2013-03-14 | 2017-10-17 | Device security utilizing continually changing QR codes |
Country Status (2)
Country | Link |
---|---|
US (3) | US20140282923A1 (en) |
WO (1) | WO2014158510A1 (en) |
Cited By (43)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150304588A1 (en) * | 2005-04-26 | 2015-10-22 | Searete Llc | Shared Image Devices |
US9172759B2 (en) | 2013-06-25 | 2015-10-27 | Google Inc. | Fabric network |
US9191209B2 (en) | 2013-06-25 | 2015-11-17 | Google Inc. | Efficient communication for devices of a home network |
US20160078206A1 (en) * | 2014-09-16 | 2016-03-17 | Chiun Mai Communication Systems, Inc. | Terminal device and method for controlling access to same |
US20160127892A1 (en) * | 2014-10-31 | 2016-05-05 | Nen-Fu Huang | Communication method of hiding privacy information and system thereof |
WO2016085683A1 (en) * | 2014-11-25 | 2016-06-02 | Microsoft Technology Licensing, Llc | User-authentication-based approval of a first device via communication with a second device |
US20160316369A1 (en) * | 2014-04-30 | 2016-10-27 | Tencent Technology (Shenzhen) Company Limited | Account Login Method, Apparatus, and System |
US9531704B2 (en) | 2013-06-25 | 2016-12-27 | Google Inc. | Efficient network layer for IPv6 protocol |
US9576172B2 (en) * | 2014-09-16 | 2017-02-21 | Facebook, Inc. | Systems and methods for simultaneously providing and reading machine-readable codes |
US9661093B2 (en) | 2014-10-08 | 2017-05-23 | Google Inc. | Device control profile for a fabric network |
US9690968B2 (en) | 2015-05-17 | 2017-06-27 | William A. Wadley | Authenticated scannable code system |
US9760501B2 (en) | 2014-11-05 | 2017-09-12 | Google Inc. | In-field smart device updates |
US9819490B2 (en) | 2005-05-04 | 2017-11-14 | Invention Science Fund I, Llc | Regional proximity for shared image device(s) |
US20170353306A1 (en) * | 2016-06-01 | 2017-12-07 | Thomson Licensing | Method, device and system for pairing a first device with a second device |
CN107682161A (en) * | 2017-11-02 | 2018-02-09 | 广州佳都数据服务有限公司 | A kind of offline authentication method and apparatus of Quick Response Code |
US9910341B2 (en) | 2005-01-31 | 2018-03-06 | The Invention Science Fund I, Llc | Shared image device designation |
US9942511B2 (en) | 2005-10-31 | 2018-04-10 | Invention Science Fund I, Llc | Preservation/degradation of video/audio aspects of a data stream |
US9978265B2 (en) | 2016-04-11 | 2018-05-22 | Tti (Macao Commercial Offshore) Limited | Modular garage door opener |
US10015898B2 (en) | 2016-04-11 | 2018-07-03 | Tti (Macao Commercial Offshore) Limited | Modular garage door opener |
US10033727B1 (en) | 2015-04-23 | 2018-07-24 | Study Social, Inc. | Account sharing detection in online education |
EP3362935A4 (en) * | 2015-10-12 | 2018-08-22 | Telefonaktiebolaget LM Ericsson (PUBL) | Methods to authorizing secondary user devices for network services and related user devices and back-end systems |
US10097756B2 (en) | 2005-06-02 | 2018-10-09 | Invention Science Fund I, Llc | Enhanced video/still image correlation |
US10200868B1 (en) * | 2014-07-24 | 2019-02-05 | Wells Fargo Bank, N.A. | Augmented reality security access |
US10250614B2 (en) * | 2017-06-30 | 2019-04-02 | Study Social, Inc. | Account sharing prevention and detection in online education |
US20190230505A1 (en) * | 2017-11-02 | 2019-07-25 | Gopro, Inc. | Pairing with image capture devices |
US10509900B1 (en) | 2015-08-06 | 2019-12-17 | Majid Shahbazi | Computer program products for user account management |
US20190394210A1 (en) * | 2017-02-21 | 2019-12-26 | Inthecore Business Platform.Ltd | System for user authentication in each area |
US10693663B2 (en) | 2017-02-14 | 2020-06-23 | Alibaba Group Holding Limited | Two dimensional code generation and recognition |
US10742634B1 (en) | 2011-12-27 | 2020-08-11 | Majid Shahbazi | Methods for single sign-on (SSO) using optical codes |
US10777017B1 (en) * | 2020-01-24 | 2020-09-15 | Vertebrae Inc. | Augmented reality presentation using a uniform resource identifier |
US10891372B1 (en) | 2017-12-01 | 2021-01-12 | Majid Shahbazi | Systems, methods, and products for user account authentication and protection |
DE102019118969A1 (en) * | 2019-07-12 | 2021-01-14 | Workaround Gmbh | Method for operating a sensor and / or information system and sensor and / or information system |
US10979413B2 (en) | 2014-03-13 | 2021-04-13 | Microsoft Technology Licensing, Llc | Authentication and pairing of devices using a machine readable code |
US11038870B2 (en) | 2017-03-09 | 2021-06-15 | Microsoft Technology Licensing, Llc | Quick response (QR) code for secure provisioning |
US11042869B1 (en) | 2014-09-30 | 2021-06-22 | Amazon Technologies, Inc. | Method, medium, and system for associating a payment amount with a physical object |
US11228438B2 (en) * | 2017-09-28 | 2022-01-18 | Samsung Electronics Co., Ltd. | Security device for providing security function for image, camera device including the same, and system on chip for controlling the camera device |
US11265711B2 (en) * | 2019-09-13 | 2022-03-01 | Microsoft Technology Licensing, Llc | Proximity-based management of a computing device |
US11343242B2 (en) * | 2019-09-25 | 2022-05-24 | Adp, Inc. | Dynamic connection across systems in real-time |
US20220232390A1 (en) * | 2019-05-01 | 2022-07-21 | Eric Fouchard | Method for secure connection to an embedded web service and corresponding device. |
US11463436B2 (en) * | 2020-04-17 | 2022-10-04 | Capital Ooe Services, LLC | Computing systems utilizing generated unique authorization identifiers for authorizing user operations and methods of use thereof |
US11470895B2 (en) | 2014-10-11 | 2022-10-18 | Workaround Gmbh | Workwear unit having a glove that fastens a control system and functional module to a user's body |
US20230121420A1 (en) * | 2021-10-14 | 2023-04-20 | Twilio Inc. | Trust relationships to share client assets among client accounts in a software as a service platform |
US20230137767A1 (en) * | 2021-10-28 | 2023-05-04 | Google Llc | Using co-located secondary devices to protect against cookie theft |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016059122A1 (en) * | 2014-10-14 | 2016-04-21 | Osr Enterprises Ag | Device, system and method for processing data |
US10178166B2 (en) * | 2014-12-08 | 2019-01-08 | Ebay Inc. | Delivering personalized content to authenticated user devices |
DE102015006751A1 (en) * | 2015-05-26 | 2016-12-01 | Giesecke & Devrient Gmbh | Method for providing a personal identification code of a security module |
CN105392210B (en) * | 2015-10-15 | 2019-03-12 | 深圳Tcl数字技术有限公司 | Wireless direct-connected connection method and device |
US10880932B2 (en) | 2017-02-15 | 2020-12-29 | Koninklijke Philips N.V. | Central priority advertisement for medical devices |
US10354058B1 (en) * | 2018-11-21 | 2019-07-16 | Capital One Services, Llc | Systems and methods for safely storing an object |
WO2020232336A1 (en) * | 2019-05-15 | 2020-11-19 | Traitware, Inc. | System and methods for using a trusted single web portal for accessing multiple web services |
WO2020231421A1 (en) * | 2019-05-15 | 2020-11-19 | Hewlett-Packard Development Company, L.P. | Machine-readable optical codes |
US11455616B2 (en) * | 2019-05-31 | 2022-09-27 | Mycashless Sapi De Cv | Method, device and system for the transfer of data |
EP3751532A1 (en) * | 2019-06-13 | 2020-12-16 | Rohde & Schwarz GmbH & Co. KG | Remote access and control system and corresponding method |
US11206696B2 (en) * | 2019-09-19 | 2021-12-21 | Rosemount Inc. | Unidirectional field device data transfer |
CN111523109B (en) * | 2020-07-03 | 2020-10-30 | 支付宝(杭州)信息技术有限公司 | Method and device for verifying electronic equipment application |
US11797794B2 (en) | 2020-10-27 | 2023-10-24 | Arris Enterprises Llc | Technologies for providing media control device quick response (QR) code functionality |
CA3223759A1 (en) | 2021-06-25 | 2022-12-29 | Capital One Services, Llc | Systems and methods for validating customer interactions |
US11222326B1 (en) | 2021-06-25 | 2022-01-11 | Capital One Services, Llc | Systems and methods for validating customer interactions |
CA3225538A1 (en) | 2021-06-25 | 2022-12-29 | Capital One Services, Llc | Systems and methods for securely generating and printing a document |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020026366A1 (en) * | 2000-08-23 | 2002-02-28 | Takahiro Ohtsuki | Management system for vending machines |
US20110055909A1 (en) * | 2009-08-31 | 2011-03-03 | At&T Mobility Ii Llc | Methods, apparatus, and computer program products for subscriber authentication and temporary code generation |
US20130124855A1 (en) * | 2011-11-14 | 2013-05-16 | Ca, Inc. | Using qr codes for authenticating users to atms and other secure machines for cardless transactions |
US20130237155A1 (en) * | 2012-03-06 | 2013-09-12 | Moon J. Kim | Mobile device digital communication and authentication methods |
US20140026204A1 (en) * | 2011-04-04 | 2014-01-23 | Luc Buntinx | Method and system for authenticating entities by means of terminals |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7124953B2 (en) * | 2003-12-29 | 2006-10-24 | Nokia Corporation | Visual encoding of a content address to facilitate data transfer in digital devices |
JP4890882B2 (en) | 2006-02-24 | 2012-03-07 | キヤノン株式会社 | Printing apparatus and printing apparatus control method |
JP5003505B2 (en) | 2007-04-10 | 2012-08-15 | ソニー株式会社 | Connection authentication system, terminal device, connection authentication server, connection authentication method, and program |
EP2306692B1 (en) * | 2009-10-02 | 2014-05-21 | BlackBerry Limited | Methods and devices for facilitating bluetooth pairing using a camera as a barcode scanner |
US20120124656A1 (en) * | 2010-11-16 | 2012-05-17 | Evolucard S/A | Method and system for mobile device based authentication |
US8405729B2 (en) * | 2011-05-11 | 2013-03-26 | Sony Corporation | System and method for pairing hand-held devices utilizing a front-facing camera |
US8903978B2 (en) | 2011-06-14 | 2014-12-02 | Sonifi Solutions, Inc. | Method and apparatus for pairing a mobile device to an output device |
US20120330707A1 (en) * | 2011-06-24 | 2012-12-27 | Michael Loucks | Web-based communication platform |
FR2978843B1 (en) * | 2011-08-04 | 2014-05-16 | Somfy Sas | DOMOTIC EQUIPMENT CONTROL SYSTEM AND METHOD FOR OPERATING A CONTROL SYSTEM |
WO2013163217A1 (en) * | 2012-04-23 | 2013-10-31 | Netspectrum Inc. | Secure and authenticated transactions with mobile devices |
US20140333509A1 (en) * | 2012-08-31 | 2014-11-13 | Game Concourse Inc. | System and method for communicating and interacting with a display screen using a remote device |
-
2013
- 2013-03-14 US US13/802,854 patent/US20140282923A1/en not_active Abandoned
-
2014
- 2014-02-21 WO PCT/US2014/017555 patent/WO2014158510A1/en active Application Filing
-
2015
- 2015-05-14 US US14/712,034 patent/US9794253B2/en active Active
-
2017
- 2017-10-17 US US15/786,336 patent/US10430568B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020026366A1 (en) * | 2000-08-23 | 2002-02-28 | Takahiro Ohtsuki | Management system for vending machines |
US20110055909A1 (en) * | 2009-08-31 | 2011-03-03 | At&T Mobility Ii Llc | Methods, apparatus, and computer program products for subscriber authentication and temporary code generation |
US20140026204A1 (en) * | 2011-04-04 | 2014-01-23 | Luc Buntinx | Method and system for authenticating entities by means of terminals |
US20130124855A1 (en) * | 2011-11-14 | 2013-05-16 | Ca, Inc. | Using qr codes for authenticating users to atms and other secure machines for cardless transactions |
US20130237155A1 (en) * | 2012-03-06 | 2013-09-12 | Moon J. Kim | Mobile device digital communication and authentication methods |
Cited By (80)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9910341B2 (en) | 2005-01-31 | 2018-03-06 | The Invention Science Fund I, Llc | Shared image device designation |
US10003762B2 (en) * | 2005-04-26 | 2018-06-19 | Invention Science Fund I, Llc | Shared image devices |
US20150304588A1 (en) * | 2005-04-26 | 2015-10-22 | Searete Llc | Shared Image Devices |
US9819490B2 (en) | 2005-05-04 | 2017-11-14 | Invention Science Fund I, Llc | Regional proximity for shared image device(s) |
US10097756B2 (en) | 2005-06-02 | 2018-10-09 | Invention Science Fund I, Llc | Enhanced video/still image correlation |
US9942511B2 (en) | 2005-10-31 | 2018-04-10 | Invention Science Fund I, Llc | Preservation/degradation of video/audio aspects of a data stream |
US10742634B1 (en) | 2011-12-27 | 2020-08-11 | Majid Shahbazi | Methods for single sign-on (SSO) using optical codes |
US9648009B2 (en) | 2013-06-25 | 2017-05-09 | Google Inc. | Efficient network layer for IPv6 protocol |
US10805200B2 (en) | 2013-06-25 | 2020-10-13 | Google Llc | Efficient communication for devices of a home network |
US9172759B2 (en) | 2013-06-25 | 2015-10-27 | Google Inc. | Fabric network |
US9451573B2 (en) | 2013-06-25 | 2016-09-20 | Google Inc. | Efficient communication for devices of a home network |
US9923801B2 (en) | 2013-06-25 | 2018-03-20 | Google Llc | Fabric network |
US9531704B2 (en) | 2013-06-25 | 2016-12-27 | Google Inc. | Efficient network layer for IPv6 protocol |
US9191209B2 (en) | 2013-06-25 | 2015-11-17 | Google Inc. | Efficient communication for devices of a home network |
US9590975B2 (en) | 2013-06-25 | 2017-03-07 | Google Inc. | Efficient network layer for IPv6 protocol |
US9629193B2 (en) | 2013-06-25 | 2017-04-18 | Google Inc. | Efficient communication for devices of a home network |
US9338810B2 (en) | 2013-06-25 | 2016-05-10 | Google Inc. | Efficient communication for devices of a home network |
US10320763B2 (en) | 2013-06-25 | 2019-06-11 | Google Inc. | Efficient communication for devices of a home network |
US9674885B2 (en) | 2013-06-25 | 2017-06-06 | Google Inc. | Efficient communication for devices of a home network |
US9313280B2 (en) | 2013-06-25 | 2016-04-12 | Google Inc. | Fabric network |
US9345058B2 (en) | 2013-06-25 | 2016-05-17 | Google Inc. | Efficient communication for devices of a home network |
US9326307B2 (en) | 2013-06-25 | 2016-04-26 | Google Inc. | Efficient communication for devices of a home network |
US10693760B2 (en) | 2013-06-25 | 2020-06-23 | Google Llc | Fabric network |
US10979413B2 (en) | 2014-03-13 | 2021-04-13 | Microsoft Technology Licensing, Llc | Authentication and pairing of devices using a machine readable code |
US10009767B2 (en) * | 2014-04-30 | 2018-06-26 | Tencent Technology (Shenzhen) Company Limited | Account login method, apparatus, and system |
US20160316369A1 (en) * | 2014-04-30 | 2016-10-27 | Tencent Technology (Shenzhen) Company Limited | Account Login Method, Apparatus, and System |
US11284260B1 (en) | 2014-07-24 | 2022-03-22 | Wells Fargo Bank, N.A. | Augmented reality security access |
US10623959B1 (en) | 2014-07-24 | 2020-04-14 | Wells Fargo Bank, N.A. | Augmented reality security access |
US10200868B1 (en) * | 2014-07-24 | 2019-02-05 | Wells Fargo Bank, N.A. | Augmented reality security access |
US20160078206A1 (en) * | 2014-09-16 | 2016-03-17 | Chiun Mai Communication Systems, Inc. | Terminal device and method for controlling access to same |
US9576172B2 (en) * | 2014-09-16 | 2017-02-21 | Facebook, Inc. | Systems and methods for simultaneously providing and reading machine-readable codes |
US11042869B1 (en) | 2014-09-30 | 2021-06-22 | Amazon Technologies, Inc. | Method, medium, and system for associating a payment amount with a physical object |
US10826947B2 (en) | 2014-10-08 | 2020-11-03 | Google Llc | Data management profile for a fabric network |
US9819638B2 (en) | 2014-10-08 | 2017-11-14 | Google Inc. | Alarm profile for a fabric network |
US9992158B2 (en) | 2014-10-08 | 2018-06-05 | Google Llc | Locale profile for a fabric network |
US9967228B2 (en) | 2014-10-08 | 2018-05-08 | Google Llc | Time variant data profile for a fabric network |
US9661093B2 (en) | 2014-10-08 | 2017-05-23 | Google Inc. | Device control profile for a fabric network |
US9716686B2 (en) | 2014-10-08 | 2017-07-25 | Google Inc. | Device description profile for a fabric network |
US10476918B2 (en) | 2014-10-08 | 2019-11-12 | Google Llc | Locale profile for a fabric network |
US10440068B2 (en) | 2014-10-08 | 2019-10-08 | Google Llc | Service provisioning profile for a fabric network |
US10084745B2 (en) | 2014-10-08 | 2018-09-25 | Google Llc | Data management profile for a fabric network |
US9847964B2 (en) | 2014-10-08 | 2017-12-19 | Google Llc | Service provisioning profile for a fabric network |
US11470895B2 (en) | 2014-10-11 | 2022-10-18 | Workaround Gmbh | Workwear unit having a glove that fastens a control system and functional module to a user's body |
US9872173B2 (en) * | 2014-10-31 | 2018-01-16 | Nen-Fu Huang | Communication method of hiding privacy information and system thereof |
US20160127892A1 (en) * | 2014-10-31 | 2016-05-05 | Nen-Fu Huang | Communication method of hiding privacy information and system thereof |
US9760501B2 (en) | 2014-11-05 | 2017-09-12 | Google Inc. | In-field smart device updates |
US9706401B2 (en) | 2014-11-25 | 2017-07-11 | Microsoft Technology Licensing, Llc | User-authentication-based approval of a first device via communication with a second device |
WO2016085683A1 (en) * | 2014-11-25 | 2016-06-02 | Microsoft Technology Licensing, Llc | User-authentication-based approval of a first device via communication with a second device |
US10033727B1 (en) | 2015-04-23 | 2018-07-24 | Study Social, Inc. | Account sharing detection in online education |
US10375059B1 (en) | 2015-04-23 | 2019-08-06 | Study Social, Inc. | Account sharing prevention in online education |
US9690968B2 (en) | 2015-05-17 | 2017-06-27 | William A. Wadley | Authenticated scannable code system |
US10509900B1 (en) | 2015-08-06 | 2019-12-17 | Majid Shahbazi | Computer program products for user account management |
EP3362935A4 (en) * | 2015-10-12 | 2018-08-22 | Telefonaktiebolaget LM Ericsson (PUBL) | Methods to authorizing secondary user devices for network services and related user devices and back-end systems |
US11522861B2 (en) | 2015-10-12 | 2022-12-06 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods to authorizing secondary user devices for network services and related user devices and back-end systems |
US10798096B2 (en) | 2015-10-12 | 2020-10-06 | Telefonaktiebolaget Lm Ericsson (Publ) | Methods to authorizing secondary user devices for network services and related user devices and back-end systems |
US10127806B2 (en) | 2016-04-11 | 2018-11-13 | Tti (Macao Commercial Offshore) Limited | Methods and systems for controlling a garage door opener accessory |
US9978265B2 (en) | 2016-04-11 | 2018-05-22 | Tti (Macao Commercial Offshore) Limited | Modular garage door opener |
US10237996B2 (en) | 2016-04-11 | 2019-03-19 | Tti (Macao Commercial Offshore) Limited | Modular garage door opener |
US10015898B2 (en) | 2016-04-11 | 2018-07-03 | Tti (Macao Commercial Offshore) Limited | Modular garage door opener |
US10157538B2 (en) | 2016-04-11 | 2018-12-18 | Tti (Macao Commercial Offshore) Limited | Modular garage door opener |
US20170353306A1 (en) * | 2016-06-01 | 2017-12-07 | Thomson Licensing | Method, device and system for pairing a first device with a second device |
US10693663B2 (en) | 2017-02-14 | 2020-06-23 | Alibaba Group Holding Limited | Two dimensional code generation and recognition |
US20190394210A1 (en) * | 2017-02-21 | 2019-12-26 | Inthecore Business Platform.Ltd | System for user authentication in each area |
US11038870B2 (en) | 2017-03-09 | 2021-06-15 | Microsoft Technology Licensing, Llc | Quick response (QR) code for secure provisioning |
US10250614B2 (en) * | 2017-06-30 | 2019-04-02 | Study Social, Inc. | Account sharing prevention and detection in online education |
US11228438B2 (en) * | 2017-09-28 | 2022-01-18 | Samsung Electronics Co., Ltd. | Security device for providing security function for image, camera device including the same, and system on chip for controlling the camera device |
CN107682161A (en) * | 2017-11-02 | 2018-02-09 | 广州佳都数据服务有限公司 | A kind of offline authentication method and apparatus of Quick Response Code |
US20190230505A1 (en) * | 2017-11-02 | 2019-07-25 | Gopro, Inc. | Pairing with image capture devices |
US10891372B1 (en) | 2017-12-01 | 2021-01-12 | Majid Shahbazi | Systems, methods, and products for user account authentication and protection |
US20220232390A1 (en) * | 2019-05-01 | 2022-07-21 | Eric Fouchard | Method for secure connection to an embedded web service and corresponding device. |
US11924647B2 (en) * | 2019-05-01 | 2024-03-05 | Eric Fouchard | Method for secure connection to an embedded web service and corresponding device |
DE102019118969A1 (en) * | 2019-07-12 | 2021-01-14 | Workaround Gmbh | Method for operating a sensor and / or information system and sensor and / or information system |
US11558909B2 (en) | 2019-07-12 | 2023-01-17 | Workaround Gmbh | Method of operating a sensor and/or information system and sensor and/or information system |
US11265711B2 (en) * | 2019-09-13 | 2022-03-01 | Microsoft Technology Licensing, Llc | Proximity-based management of a computing device |
US11343242B2 (en) * | 2019-09-25 | 2022-05-24 | Adp, Inc. | Dynamic connection across systems in real-time |
US10997793B1 (en) | 2020-01-24 | 2021-05-04 | Vertebrae Inc. | Augmented reality presentation using a uniform resource identifier |
US10777017B1 (en) * | 2020-01-24 | 2020-09-15 | Vertebrae Inc. | Augmented reality presentation using a uniform resource identifier |
US11463436B2 (en) * | 2020-04-17 | 2022-10-04 | Capital Ooe Services, LLC | Computing systems utilizing generated unique authorization identifiers for authorizing user operations and methods of use thereof |
US20230121420A1 (en) * | 2021-10-14 | 2023-04-20 | Twilio Inc. | Trust relationships to share client assets among client accounts in a software as a service platform |
US20230137767A1 (en) * | 2021-10-28 | 2023-05-04 | Google Llc | Using co-located secondary devices to protect against cookie theft |
Also Published As
Publication number | Publication date |
---|---|
US20150244715A1 (en) | 2015-08-27 |
US9794253B2 (en) | 2017-10-17 |
US10430568B2 (en) | 2019-10-01 |
US20180077150A1 (en) | 2018-03-15 |
WO2014158510A1 (en) | 2014-10-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10430568B2 (en) | Device security utilizing continually changing QR codes | |
US9066326B2 (en) | Automatic user notification, with quick response (QR) code generation following failed NFC device pairing | |
CN110647735B (en) | Proximity unlocking and locking operations for electronic devices | |
EP3072334B1 (en) | Method, system and apparatus for automatically connecting to wlan | |
CN104636924B (en) | Secure payment method, server and system | |
US20140380419A1 (en) | Methods for authenticating device-to-device communication | |
US20140181944A1 (en) | Single sign-on for a native application and a web application on a mobile device | |
KR101743195B1 (en) | Method and apparatus for providing information, program and recording medium | |
CN109074443B (en) | Unlocking method and device | |
EP2747370A1 (en) | Method and apparatus for providing secure access to a network | |
CN103826323A (en) | Wireless network connection method, terminal and mobile terminal | |
KR20160077071A (en) | Authentication for application | |
TWI538538B (en) | Home control gateway and gateway connection method thereof | |
US9198024B1 (en) | Remote device activation | |
WO2016107124A1 (en) | Traffic sharing method and device, and terminal | |
WO2018107593A1 (en) | Method and device for sharing file between different terminals | |
WO2015143847A1 (en) | Authentication and authorization method and apparatus for wireless network and program | |
CN109544729B (en) | Gate control method and device, computer equipment and storage medium | |
US20170126586A1 (en) | Method and device for equipment control | |
US9565554B2 (en) | Method, device, and system for transmitting information and storage medium | |
US11689385B2 (en) | Home appliance, terminal device, and wireless connection method thereof | |
CN114514726A (en) | Secure key generation in wireless networks | |
CN109287139A (en) | Data transmission method and device | |
CN105187377B (en) | Data processing method and device, and data access method and device | |
TW201626755A (en) | Home control gateway and gateway control method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: MOTOROLA MOBILITY LLC, ILLINOIS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:NARAYAN, SHYAM;AERRABOTU, NAVEEN;SINHA, ROHIT R.;REEL/FRAME:030312/0545 Effective date: 20130320 |
|
AS | Assignment |
Owner name: GOOGLE TECHNOLOGY HOLDINGS LLC, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MOTOROLA MOBILITY LLC;REEL/FRAME:034237/0001 Effective date: 20141028 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |