Multimedia streaming and device onboarding
The discovery broker system addresses inefficiencies in hospitality device onboarding by managing connectivity and security, enabling seamless access to authorized devices through QR codes and network management, enhancing guest experience while maintaining network security.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- APPLE INC
- Filing Date
- 2024-06-02
- Publication Date
- 2026-06-23
Smart Images

Figure 2026520512000001_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of communication networks, and more particularly, to multimedia streaming and device onboarding in such communication networks.
[0002] (Cross - Reference to Related Applications) This application claims the benefit of U.S. Provisional Patent Application No. 63 / 470,742, filed on June 2, 2023, and U.S. Patent Application No. 18 / 680,817, filed on May 31, 2024, which are hereby incorporated by reference in their entirety for all purposes.
Background Art
[0003] Device onboarding is the process of introducing a device onto an existing infrastructure such as a computing network. The infrastructure can verify the device and configure the device to be compatible with the infrastructure. Once the device is connected to the infrastructure, the device can communicate with other devices connected to the infrastructure, receive services from the infrastructure, and / or provide services to the infrastructure.
Summary of the Invention
[0004] A system of one or more computers can be configured to perform certain operations or actions by installing software, firmware, hardware, and / or combinations thereof that cause the system to perform actions during operation. One or more computer programs can be configured to perform certain operations or actions by comprising instructions that cause the device to perform an operation when executed by a data processing device.
[0005] One general embodiment may include a computer implementation method. The computer implementation method may include receiving an identifier for one accessory device among several accessory devices and a request to connect to that accessory device. The request may be received by a computing system via a first network. Connectivity between a user device and several accessory devices via the first network may be restricted by a security mechanism on a second network. The computing system may configure the security mechanism to allow connectivity between the user device and the accessory devices, at least partially based on the request and the identity of the accessory device, by sending a message to the management system of the managed network. The computing system may allow connectivity between the user device and the accessory devices upon identifying that the management system has changed the configuration of the security mechanism. The computing system may send connectivity information to the user device and the accessory devices to establish connectivity between the user device and the accessory devices.
[0006] Another common embodiment may include a computing system comprising: memory configured to store computer executable instructions; and a processor configured to access the memory, execute computer executable instructions, and perform computer implementation methods.
[0007] Another common embodiment may include a non-temporary computer-readable medium containing computer-executable instructions that, when executed by one or more processors of a computing system, cause the computing system to perform a computer implementation method. [Brief explanation of the drawing]
[0008] [Figure 1] This is a diagram illustrating an exemplary configuration for device onboarding according to one or more embodiments.
[0009] [Figure 2] This is a diagram illustrating an exemplary management system according to one or more embodiments.
[0010] [Figure 3] This is a diagram of an exemplary discovery broker server according to one or more embodiments.
[0011] [Figure 4] This is a diagram illustrating an exemplary security mechanism for a discovery broker, according to one or more embodiments.
[0012] [Figure 5] This is a signaling diagram for exemplary discovery broker activation according to one or more embodiments.
[0013] [Figure 6] This is a signaling diagram of an exemplary process for device onboarding, according to one or more embodiments.
[0014] [Figure 7] This is a signaling diagram of an exemplary process for device onboarding, according to one or more embodiments.
[0015] [Figure 8] This is a signaling diagram of an exemplary process for disabling connectivity, according to one or more embodiments.
[0016] [Figure 9] This is a signaling diagram of an exemplary process for disabling connectivity, according to one or more embodiments.
[0017] [Figure 10] This is a diagram illustrating onboarding using a captive portal token, according to one or more embodiments.
[0018] [Figure 11] A diagram of onboarding using a captive portal token according to one or more embodiments.
[0019] [Figure 12] A signaling diagram for onboarding using a captive portal token according to one or more embodiments.
[0020] [Figure 13] A process flow for device onboarding according to one or more embodiments.
[0021] [Figure 14] A diagram showing accessibility for a user device according to one or more embodiments.
[0022] [Figure 15] A signaling diagram for onboarding using a captive portal token according to one or more embodiments.
[0023] [Figure 16] A diagram of a process for key exchange according to one or more embodiments.
[0024] [Figure 17] A diagram of a process for key exchange according to one or more embodiments.
[0025] [Figure 18] A diagram of a process for key exchange according to one or more embodiments.
[0026] [Figure 19] A diagram of a process for key exchange according to one or more embodiments.
[0027] [Figure 20] A diagram of a process for key exchange according to one or more embodiments.
[0028] [Figure 21] This is a diagram illustrating a process for replacing a key, according to one or more embodiments.
[0029] [Figure 22] This is a diagram illustrating a process for communication between devices, according to one or more embodiments.
[0030] [Figure 23] This is a signaling diagram for initial key replacement according to one or more embodiments.
[0031] [Figure 24] This is a signaling diagram for connecting to an accessory device, according to one or more embodiments.
[0032] [Figure 25] This document illustrates an exemplary architecture or environment configured to implement the technologies described herein, according to one or more embodiments. [Modes for carrying out the invention]
[0033] Various embodiments are described below. For illustrative purposes and to enhance understanding of these embodiments, specific configurations and details are provided. However, it will be apparent to those skilled in the art that these embodiments may be practiced without specific details. Furthermore, well-known features may be omitted or simplified in order to avoid obscuring the embodiments described.
[0034] Onboarding can include connecting a device to a network. A network can include a set of devices configured to exchange information with each other. The onboarding process can help ensure that a device is properly authenticated, which can include verifying the device's identity before granting access to the network.
[0035] A network can verify the identity of a device requesting access to the network. To prevent unauthorized access, the network can use various authentication mechanisms, such as secure passwords or digital certificates. When the network verifies a device's identity, it can use security policies to determine the device's access privileges, specifying which network resources the device may have access to. Security policies can be configured during network configuration and may include configuring encryption algorithms and security mechanisms such as firewalls, as well as other appropriate security mechanisms.
[0036] Devices that can present appropriate security credentials, such as a secure password, may be granted access to the network. Once connected to the network, the device can communicate with other network devices and receive services over the network.
[0037] In a typical onboarding scenario, a user can enter their home, and their user device can discover a wireless network. For example, a home can include a local area network (LAN), such as a home Wi-Fi network. In some examples, the home Wi-Fi network may be password-protected. In these examples, the user device can discover the network, and the user may be prompted to enter a password. The user can enter the password on their user device, and the network can verify the password. Based on the password verification, the network can grant the user device access to the home Wi-Fi network. The user device can then access one or more services through the home Wi-Fi network. The user device may also store the password in local memory for reconnecting to the home Wi-Fi network. For example, if the user leaves home and then returns, the user device can reuse the password to reconnect without any additional manual input from the user.
[0038] The device onboarding process may differ in commercial settings such as hospitality settings (e.g., hotels, motels, hostels, cruise ships, short-term rentals (e.g., for owner-occupied rentals), or other hospitality settings). For example, a hotel may provide rooms for travelers or large spaces for special events such as conferences or weddings. A hotel may include devices in each space to enhance the quality of the experience. In some examples, these devices are smart devices that users can connect to their own user devices. For example, a user can connect their user device to a smart device to stream music or video (e.g., from a streaming service or local memory).
[0039] However, hospitality owners may want to provide access only to specific user devices (for example, while the user is a guest). Unlike home scenarios where network devices are owned / managed by the user, network devices in a hotel room may be provided by the hotel for guest use. Furthermore, owners may want to provide users with access to specific devices located on the premises while restricting access to other devices located on the premises. For example, a hotel may want to allow a user access to devices located in their hotel room, but restrict access to other devices located in other guests' hotel rooms.
[0040] Furthermore, in some cases, an owner may offer their guests multiple networks. Hospitality guests may have access to two or more of these networks. The owner may want to enable a system that allows guests to switch between available networks without having to manually enter credentials to switch from one network to another.
[0041] Owners may further desire to enable systems that allow guests to connect to the network without requiring them to enter personally identifiable information. For example, it is common for guests attempting to connect to the network to be routed to a captive portal page. Guests may be required to enter their name and room number to connect to the network. Owners may want to create a guest experience where guests can connect to the network without entering personally identifiable information.
[0042] In addition, the owner may provide two or more accessory devices in the room. Furthermore, the owner may want to provide a good guest experience, including minimizing the effort required for guests to connect accessory devices in the room. Sometimes, guests may want to leave the room for a short period of time and then return. Furthermore, before leaving the room, the guest may have been engaged in a streaming session using an accessory device. It may be beneficial to suggest that the guest re-engage with the accessory device to continue the streaming session. Therefore, the owner may want to have a system that can determine when a guest has left the room for a while and returned. The user device can determine when the guest has returned and can provide the guest with a prompt to re-engage with the accessory device. In some examples, it should be understood that the user device can provide a prompt with a suggestion to engage with the accessory device after the user device first scans a QR code®.
[0043] Embodiments described herein address the above-mentioned problems by providing a technology for onboarding devices onto a network in a commercial environment. A discovery broker can be introduced that can manage connectivity between a specific device and any accessory devices provided for user use. The discovery broker can verify a user device requesting connectivity to an accessory device. The discovery broker can further send a request to a network management system to reconfigure security mechanisms to allow the user device to connect to the accessory device. The discovery broker can further verify the authorization of the user device's request to connect to the accessory device.
[0044] In addition, embodiments described herein provide techniques for supporting guests switching between different networks. When a guest is connected to one of a group of networks provided by the owner, the guest's device can switch to another network without having to manually re-engage the connection process. In addition, embodiments described herein provide techniques for enabling in-room accessory devices to communicate pairing information with each other. Thus, once a guest's device connects to one accessory device, the guest's device can connect to another accessory device in the room without having to go through a manual connection process. Furthermore, embodiments described herein provide techniques for a guest device to determine that the device has been taken out of the room and then returned to the room. The device can further determine whether the device was previously paired with an accessory device. If the guest's device was previously connected to an accessory device, the guest's device can generate a suggestion for the guest to reconnect the device with the accessory device. In some examples, it should be understood that after the guest's device first scans a QR code (registered trademark), the guest's device may provide a prompt with a suggestion to engage with an accessory device.
[0045] Figure 100 is an exemplary setup for device onboarding according to one or more embodiments. User 102 may be located in an environment that includes one or more devices capable of receiving data from user device 104 and presenting content. As illustrated, user 102 may be in a defined space, such as a room 106 in a hotel booked by the user. Room 106 may include a first accessory device 108, such as a smart TV, and a second accessory device 110, such as a tablet provided by the hotel. Both the first accessory device 108 and the second accessory device 110 may be owned by the hotel and assigned to room 106.
[0046] Room 106 may further include networking devices such as an in-room access point 112 for providing wireless services to user 102. Access points in commercial settings may differ from those in residential settings. In a residential environment, an access point can generally provide wireless services to all or a significant portion of the house. In commercial settings such as a hospitality setting, access point 112 may be configured to provide more restricted access to the service. For example, a hotel may include a management system that uses a private network to implement security features for controlling connectivity to hotel devices (e.g., a first accessory device 108 and a second accessory device 110). Security features may include providing separate networks for guest devices and hotel devices.
[0047] As shown in Figure 1, the network management system can use access point 112 to provide a public network for user device 104 and a private network for first accessory device 108 and second accessory device 110. The private network can restrict incoming traffic from user device 104 to first accessory device 108 and second accessory device 110. The private network can further restrict outgoing traffic from first accessory device 108 and second accessory device 110 to user device 104. For example, the private network may include a firewall to restrict communication between user device 104 and first accessory device 108 and second accessory device 110.
[0048] As further illustrated, room 106 is separated from adjacent room 114 by a shared wall. Both room 106 and adjacent room 114 may be owned by the same entity, such as a hotel. Adjacent room 114 can be equipped with an adjacent room device 116, and access to the adjacent room device 116 can also be managed by a network management system.
[0049] In some examples, user device 104 can communicate with one or more devices and route streaming content to those devices for presentation. For example, a device with Apple AirPlay® can use the AirPlay® wireless communication protocol to communicate with another device and share content such as videos, photos, and music. In an exemplary scenario, a user may have a user device (e.g., an iPhone®) and a smart TV at home. The user can stream content from the user device to the smart TV using a user device feature such as AirPlay®. This is often referred to as "mirroring," where the content of the user device is mirrored to another device. Thus, the user can watch TV programs on the smart TV rather than on their own user device display. In this scenario, both the user device and the smart TV can communicate over the same public network provided by a wireless router, and the public network cannot impose restrictions on the user device and the smart TV.
[0050] However, as mentioned above, in some settings, such as hospitality settings, communication with devices provided by the hotel is managed by the network management system. The hotel can manage communication between user devices and devices provided to guests to help manage the guest experience. For example, user 102 can reserve room 106, and based on that reservation, user 102 should be able to use the first accessory device 108 and the second accessory device 110. However, if user 102 has not reserved the adjacent room 114, user 102 may be restricted from using the adjacent room device 116.
[0051] For example, a user has booked room 106, but has not booked the adjacent room 114. Furthermore, in this example, another party unrelated to user 102 has booked the adjacent room 114. User device 104 may have the ability to communicate with other devices such as a first accessory device 108, a second accessory device 110, and the adjacent room device 116. Furthermore, each of the first accessory device 108, the second accessory device 110, and the adjacent room device 116 has the ability to receive and present content from user device 104. In this example, if the network management system restricts communication between user device 104 and the first and second accessory devices 108 and 110 throughout the user's stay, the user's guest experience may be diminished. Furthermore, if the network management system allows user device 104 to communicate with the adjacent room device 116 and stream content, the guest experience of the other party may be diminished.
[0052] Therefore, the network management system can be configured to allow user devices to communicate with the first accessory device 108 and the second accessory device 110, but not with the device 116 in the adjacent room. In particular, the management system can implement a security policy that uses one or more security mechanisms to restrict communication between devices communicating over the public network and both the first accessory device 108 and the second accessory device 110. The security mechanism may include a firewall that filters unauthorized communication between the first accessory device 108 and the second accessory device 110.
[0053] At some point while the user is in room 106, the user may want to present content using, for example, a first accessory device 108. User 102 can use user device 104 to communicate with the network management system via access point 112 and send a request to connect to the first accessory device 108. For example, if the first accessory device 108 is a smart TV, the user may want to stream video content on the smart TV.
[0054] Each of the first accessory device 108 and the second accessory device 110 can provide the user device 104 with information used for connectivity purposes. For example, the first accessory device 108 and the second accessory device 110 can be configured to display a QR code® that provides connectivity information including a Wi-Fi identifier, Wi-Fi password, accessory device identifier, and accessory device pairing code. As described herein, the user device 104 can receive information through the QR code®. However, it should be understood that the user device 104 can receive the same or similar information from various sources other than the QR code®. For example, the user device 104 can receive information using near-field communication (NFC) technology, data payloads included in transmissions from another device, barcodes, optical-based signals, and audio signals, or other suitable technologies for delivering information.
[0055] In some embodiments, the user may choose to use the user device 104 to scan either the first QR code® or the second QR code®. Each of the first and second QR codes® may include information that (1) enables the user device 104 to connect to the first network (e.g., the QR code® includes a public Wi-Fi network password), and (2) enables the user device 104 to pair with the first accessory device 108 and the second accessory device 110 (e.g., the QR code® includes pairing information for pairing with the accessory devices). The first QR code® may be presented to the user device 104 via the home screen of a smart TV (e.g., the first accessory device 108). The first QR code (registered trademark) can provide information that allows user device 104 to connect to a first network and pair with the first accessory device 108 and the second accessory device 110, but does not necessarily require connection to the first accessory device 108 and the second accessory device 110. The second QR code (registered trademark) may be a screen on a device associated with, for example, Apple AirPlay (registered trademark), a casting service, or other features for presenting content on an accessory device, and may be presented to user device 104 on a screen "curtain". The second QR code (registered trademark) can provide information that allows user device 104 to connect to a first network, pair with the first accessory device 108 and the second accessory device 110, and connect to the first accessory device 108 and the second accessory device 110.
[0056] For example, user device 104 can scan a QR code® displayed on the home screen of the first accessory device 108. If user device 104 is not yet connected to Wi-Fi, user device 104 can use the Wi-Fi password embedded in the QR code® to connect to the public Wi-Fi network provided to room 106 via access point 112. User device 104 can connect to the public Wi-Fi network in the background without manual input from user 102. User device 104 can also send a request to discover the management system and connect to the first accessory device 108. As described herein, the accessory devices (e.g., the first accessory device 108 and the second accessory device 110) can be any devices that can connect to user device 104. This request may include a first accessory device identifier, which the management system can use to verify the first accessory device 108. For example, the management system can verify that the first accessory device identifier is associated with an authorized accessory device. The management system can further verify that the first accessory device identifier is associated with an accessory device assigned to room 106. In some examples, the first accessory device 108 and the second accessory device 110 are part of an accessory device group. In these examples, the QR code® may include the accessory device PIN and token (e.g., a discovery broker token). The user device can present the QR code® information to the management system. The management system can provide the accessory device group to the user device 104.
[0057] Based on the verification, the management system can adjust one or more security configurations to allow user device 104 to communicate with the first accessory device 108. In some embodiments, the management system can further adjust one or more security configurations to allow user device 104 to communicate with both the first accessory device 108 and the second accessory device 110. For example, the management system can modify the firewall configuration to allow user device 104 to connect with the first accessory device 108. The management system can send a permission request back to user device 104. Upon receiving permission, user device 104 connects with the first accessory device 108 using a pairing code. User 102 can then use user device 104 to stream video content on the first accessory device 108.
[0058] As described above, the user device 104 can transmit a first accessory device identifier along with the connection request, and the QR code (registered trademark) can provide pairing information for the first accessory device 108. Therefore, the management system can configure a security mechanism to allow the user device 104 to communicate with the first accessory device 108 while maintaining any restrictions on communication with accessory devices in other rooms, such as the device 116 in the adjacent room 114.
[0059] Figure 200 shows an exemplary management system according to one or more embodiments. The management system 202 may include a Recipient Management System (RMS) 204 containing information for managing each accessory device on the premises. Whenever an enterprise (e.g., a hotel) acquires an accessory device, the device can be registered with the RMS 204. The RMS 204 can enable the enterprise to perform management of the entire fleet of all devices (e.g., pushing software updates, managing usage). The RMS 204 may further include information indicating the location of each accessory device. For example, if the setting is a hotel, the RMS 204 may include a database containing information about each device, including an accessory device identifier and information indicating the room to which the accessory device is assigned. In some examples, a room may include multiple accessory devices, such as a suite that may have different televisions in different rooms. Some hotels may even provide personal computers, laptops, or tablets along with the rooms. In these examples, the accessory devices may belong to groups assigned to rooms, and the database may include accessory device group identifiers.
[0060] The management system 202 may further include a network management system (NMS) 206 for implementing security policies for the network. For example, the NMS 206 may configure the network to include security mechanisms for segmenting the network into multiple networks. The NMS 206 may further include security mechanisms for one or more of the multiple networks to prevent an unauthorized user device connected to one network from communicating with an accessory device connected to another network. The NMS 206 may further configure the network to allow communication between authorized devices.
[0061] The management system 202 may further include a discovery broker 208 that can act as an intermediary between the RMS 204, the NMS 206, and user devices requesting network connectivity and connectivity to other accessory devices. The discovery broker 208 can communicate with the RMS 204 using the RMS interface 210. For example, the RMS interface 210 may include an application programming interface (API) that includes a set of definitions and protocols for communication between the discovery broker 208 and the RMS 204. The discovery broker 208 can communicate with the NMS 206 using the NMS interface 212. The NMS interface 212 may also include another API that includes a set of definitions and protocols for communication between the discovery broker 208 and the NMS 206. The discovery broker 208 can further register with the RMS 204 and the NMS 206, respectively, using both the RMS interface 210 and the NMS interface 212.
[0062] The discovery broker 208 can further broadcast identification information to be received by a user device (e.g., user device 214) on the first network 216. When user device 214 is connected to the first network 216, it can discover the discovery broker 208 based on the broadcasted information. The discovery broker 208 can receive communications from user device 214 in order to connect to an accessory device. For example, user device 214 could be user device 104 from Figure 1, and accessory device 218 could be the first accessory device 108. User device 214 can send a request over the first network 216 (e.g., a public Wi-Fi network). The request from user device 214 may include an identifier for accessory device 218. Because the accessory device communicates over a second network 220 segmented from the first network 216, user device 214 may not be able to connect to accessory device 218. Furthermore, the NMS206 can configure the second network 220 to have a security mechanism 222 (e.g., a firewall) that prevents user devices connected to the first network 216 (e.g., user device 214) from communicating with accessory devices connected to the second network 220 (e.g., accessory device 218).
[0063] The discovery broker 208 can verify the user device 214 that sends the request. For example, the discovery broker can determine whether the user device request was received in the correct format, whether the user device that sent the accessory device identifier is in the correct format, and whether the user device is requesting connectivity to an accessory device associated with the room from which the user device request is being sent.
[0064] Based on verifying user device 214, discovery broker 208 can send a request to NMS 206 allowing user device 214 to connect with accessory device 218. NMS 206 can trust discovery broker 208 because it has previously registered with NMS 206. NMS 206 can modify the network configuration to allow user device 214 to connect with accessory device 218. For example, NMS 206 can reconfigure security mechanism 222 to allow user device 214 to connect with accessory device 218. As described above, in some cases several rooms may contain two or more accessory devices, such as within an accessory device group. In these examples, NMS 206 can modify the configuration of network security mechanism 222 to allow user device 214 to connect with each accessory device. It should be understood that user device 214 may still need to obtain the pairing code of each accessory device to establish a connection. However, the user device 214 can obtain the pairing code of each accessory device 218 before or after the NMS 206 reconfigures the security mechanism for connectivity with the accessory devices.
[0065] In some embodiments, the NMS206 can be configured to allow a user device to connect to two or more networks. For example, the NMS206 can help manage a passpoint network, which includes a protocol for allowing a user device to connect to different networks without undergoing an authentication process each time the user device switches networks. Groups of networks can be associated, and a user device can connect to each network that is part of the association without having to go through an authentication process. In these examples, if the NMS206 decides to change the security mechanism for one network, the NMS206 will change the security mechanism for each associated network.
[0066] The user device 214 can be any device (e.g., a smartphone, tablet, or smartwatch) that can be connected to the accessory device 218, as described herein. The user device 214 can stream audio and video media on another device (e.g., the user device 214 may use Apple AirPlay®). For example, a user can access a video sharing service on the user device 214. The user device 214 can further route the streaming data to the accessory device and stream the video sharing service content on the accessory device 218.
[0067] User device 214 can connect to management system 202 using first network 216 and receive services from it. Continuing the hotel example above, a hotel guest may enter the hotel with their device, and the guest may want to use their user device 214 to connect to the internet and stream content. User device 214 can discover first network 216 (e.g., the hotel's Wi-Fi network). User device 214 can send a request to the management system to connect to first network 216. Management system 202 can grant the request, and the guest can use their user device 214 to browse the internet and search for content.
[0068] The accessory device 218 can be any device that can connect to the accessory device 218 as described herein (e.g., smart TVs, tablets, smart home appliances, and smart speakers). The accessory device 218 can be a device owned by a company operating under the management system 202 (e.g., a hospitality company such as a hotel) and provided to the user to improve the user experience. For example, the accessory device 218 can be the first accessory device 108 or the second accessory device 110 in Figure 1. The accessory device 218 can connect to the management system 202 using a second network 220. The second network 220 may be a private network such that additional permission may be required to connect to the second network 220 even if the user device 214 is connected to the first network 216. In each example where a new accessory device is added to the second network 220, the accessory device 218 can be registered with the management system 202, including RMS 204 and NMS 206. By registering with RMS204, RMS204 has an accurate account for each accessory device, each accessory device identifier, and each accessory device location within the premises. By registering with NMS206, NMS206 can provide any security mechanisms necessary to secure the accessory devices.
[0069] Figure 2 shows that the first network 216 is segmented from the second network 220. Furthermore, it can be seen that the security mechanism 22 can function as a barrier between the user device 214 and the accessory device 218. There may be practical reasons for a company to use a segmented network. Consider a hotel that provides smart devices in guest rooms to improve the guest experience. Guests should be able to access the devices in their own rooms, but should be restricted from accessing devices in other guests' rooms. In addition to devices provided for guest convenience, the hotel may include other computing devices that guests cannot access, such as reservation system servers, building infrastructure management servers, and database servers. The discovery broker 208 allows the company to maintain security for the second network 220, while allowing the user to connect to the accessory device 218 using the user device 214.
[0070] The accessory device 218 may include a display for displaying a QR code® 224. The QR code® 224 may include various information such as a first network identifier, a first network passcode, and an accessory device identifier. The QR code® 224 may further include a rotating pin code to establish that the user device 214 is in visual proximity to the accessory device 218. The rotating pin code may change periodically (for example, the pin code changes every 90 seconds). Therefore, even if the user devices 214 have each other's QR code® information, the user device 214 cannot connect to the accessory device without the rotating pin. In some embodiments, the rotating pin can be associated with a service such as Apple AirPlay®, which allows the user to stream content from the user device 214 onto the accessory device 218.
[0071] During operation, user device 214 can scan QR code® 224 from accessory device display. QR code® 224 can be displayed on the home screen of accessory device display, or accessory device 218 can receive input causing accessory device 218 to display QR code® 224. User device 214 can discover one or more networks and identify the first network using a first network identifier. User device 214 can further request connection to the first network 216 and present a first network passcode.
[0072] In some embodiments, the accessory device 218 can be configured to display a QR code® 224, which can provide information for connecting to a first network 216 and pairing with the accessory device 218. In some embodiments, the QR code® 224 may include a standard-based QR code® that can be displayed on the accessory device 218's display. The QR code® 224 may include first network connection information (e.g., service set identifier (SSID), network, Wi-Fi network password, and other appropriate information), information for connecting to the discovery broker 208 (e.g., discovery broker token), and information for pairing with the accessory device 218 (e.g., accessory device PIN). In some embodiments, the QR code® 224 may further include a captive portal token that can indicate that the user is associated with a room. As described below, this allows the user device 214 to connect to the network without requiring the user to enter personally identifiable information such as a name or room number.
[0073] Upon connecting to the first network 216, the user device 214 can discover the discovery broker 208 and send a request to connect to the accessory device 218. The request may include an accessory device identifier and a rotation pin. The discovery broker 208 can use the accessory device identifier to verify the accessory device 218 and determine whether there are additional accessory devices in the room. For example, the discovery broker 208 can communicate with the RMS 204 to determine whether the accessory device belongs to a group of accessory devices in the room. If there are additional accessory devices, the discovery broker may provide access to the additional accessory devices.
[0074] As described above, the discovery broker 208 can send a request to the NMS 206 to reconfigure the security mechanism 222 to allow the user device 214 to connect with the accessory device 218. The NMS 206 can reply with a message indicating that the security mechanism has been modified to allow connectivity between the user device 214 and the accessory device 218. Upon identifying the indication that the security mechanism 222 has been reconfigured, the discovery broker 208 can send a request permission to the user device 214. The user device 214 receives the request permission and can then connect with the accessory device 218 using the pairing code provided in the QR code (registered trademark) 224. The user can then use their user device 214 to stream content on the accessory device 218 while staying on the premises.
[0075] RMS202 can further control access to accessory devices. For example, RMS202 can access information about room reservations, including the end of a user's booked stay within the company. When RMS202 detects that a user's reservation has ended, it can send a notification to NMS206, the discovery broker 208, and the accessory device 218 that the reservation has ended. NMS206 can then reconfigure the security mechanism 222 to prevent the user device 214 from connecting to the accessory device 218. Furthermore, connection information can be changed; for example, the pairing code can be changed, and the QR code (registered trademark) 224 can be modified to include the new pairing code. This prevents guests from gaining unauthorized access to the accessory device.
[0076] Figure 3 is a diagram of an exemplary discovery broker server according to one or more embodiments. The discovery broker server 302 may include a first server 304 used to access a first set of APIs 306 and a second server 308 used to access a second set of APIs 310. The discovery broker server may be implemented as a web application (e.g., a Flask application) including a web framework 312 designed to integrate with the owner's system (e.g., a hotel system) and support the development of a web application including services, resources, and APIs by the owner. Each discovery broker server may use a Web Server Gateway Interface (WSGI) server 314 that implements a protocol for sending requests from the web servers (e.g., the first server 304 and the second server 308) to a backend framework such as the web framework 312. The WSGI server 314 can further return responses from the backend framework to the discovery broker server.
[0077] Communication between the discovery broker server and the web framework 312 can be managed by a proxy server that can store data in a cache, provide load balancing services, provide additional security barriers to the web framework 312, enable secure communication between accessory devices and the second server 308, and provide other appropriate functions.
[0078] As shown in the figure, the accessory device 318 can communicate with the second server 308 via the Transport Layer Security (TLS) Pre-Shared Key (PSK) proxy server 320. The TLS-PSK proxy server 320 can implement a set of cryptographic protocols based on a set of pre-shared keys. In particular, the TLS-PSK proxy server 320 can perform a handshake process with the accessory device to exchange cryptographic keys and authenticate each other.
[0079] Figure 400 shows an exemplary security mechanism for a discovery broker according to one or more embodiments. As shown, a user device 402 can communicate with a first server 404 using a secure communication protocol. For example, the user device 402 and the first server 404 can communicate using Hypertext Transfer Protocol Secure (HTTPS), where data is encrypted using the Transport Layer Security (TLS) protocol 406. In TLS, the connection between the user device 402 and the first server 404 is initiated by a TLS handshake. The user device 402 can send the first server 404 the identity of the TLS version that the user device 402 will use, a list of supported cipher suites (e.g., a set of encryption algorithms), and other TLS information. The first server 404 can use the TLS protocol version, select cipher suites, and send a certificate to the user device 402. The certificate may be issued by a company (e.g., a hotel) and signed by a certificate authority known to the user device 402. The user device 402 can authenticate the certificate based on the certificate authority signature. Based on certificate authentication, user device 402 and first server 404 can exchange cryptographic keys to be used to encrypt communications. User device 402 and first server 404 can establish a secure tunnel for communications, and data is encoded and decoded using the encryption algorithm and cryptographic key.
[0080] As further illustrated, the accessory device 408 can also communicate with the second server 410 using a secure communication protocol. For example, the accessory device 408 can communicate using Hypertext Transfer Protocol Secure (HTTPS), where data is encrypted using the TLS-PSK protocol 412. In the TLS-PSK protocol 412, both the accessory device 408 and the second server 410 know the session key used during the secure session. The session key can be derived from an encryption key that is pre-shared between both the accessory device 408 and the second server 410. To establish a secure communication session, the accessory device 408 can send a communication request to the second server 410. The second server 410 can send a response message that indicates which pre-shared key is stored in the second server 410. The accessory device 408 can verify that it has the same shared key, use the shared key to derive the session key, and send back an encrypted message using the session key, along with an indication of the shared key, to the second server 410. The second server 410 can receive the encrypted message and read the shared key based on the indication. The second server 410 can then derive the session key and decrypt the message from the accessory device 408. The accessory device 408 and the second server 410 can then establish a secure tunnel and communicate using encrypted messaging.
[0081] Figure 5 is a signaling diagram for exemplary discovery broker invocation in one or more embodiments. As shown, the discovery broker 502 can communicate with RMS 504 and NMS 506. Although the operation of process 500 is described as being performed by a general-purpose computer, it should be understood that any suitable device may be used to perform one or more operations of these processes. Process 500 (described below) is shown as a logical flow diagram, and each operation thereof represents a sequence of operations that may be implemented by hardware, computer instructions, or a combination thereof. In relation to computer instructions, these operations represent computer executable instructions stored in one or more computer-readable storage media, which, when executed by one or more processors, perform the enumerated operations. Typically, computer executable instructions include routines, programs, objects, components, data structures, etc., that perform a particular function or implement a particular data type. The order in which the actions are described is not intended to be interpreted as a restriction, and any number of the described actions can be combined in any order and / or in parallel to implement the process.
[0082] The discovery broker 502 can be started and initialized to begin operation. In 508, the discovery broker 502 can register with the RMS 504. The registration process may include the discovery broker 502 performing the necessary actions to communicate with the RMS 504.
[0083] In 510, the discovery broker 502 can register and check in with the NMS 506. The registration process may include the discovery broker 502 performing actions necessary for the NMS to configure a security mechanism that enables user devices to communicate with accessory devices.
[0084] In 512, the discovery broker 502 can send requests to the RMS 504 for a list of accessory devices, accessory groups, and each accessory device within each accessory group.
[0085] In 514, RMS504 can send a response message to discovery broker502 that includes a list of accessory devices, accessory groups, and each accessory device within each accessory group. Naturally, when accessory devices are added, removed, or moved throughout the premises, RMS504 can modify accessory groups to add or remove accessory devices. For example, each time a device is added to a second network, the accessory device registers with RMS504. Based on the information received during the accessory device registration process, RMS504 can add the accessory device to the accessory group. If RMS detects that an accessory device is no longer part of an accessory group, RMS can remove that accessory from the list for that accessory group. In 514, RMS
[0086] Figure 6 is a signaling diagram 600 of an exemplary process for device onboarding according to one or more embodiments. As shown, the accessory device 602 can communicate with the user device 694, the discovery broker 606, and the NMS 608. In 602, the user device 604 can scan a QR code® displayed on the accessory device 602. The QR code® may include information for connecting to a first network (e.g., a first network identifier and network passcode), an accessory device identifier, and accessory device pairing information.
[0087] In 612, user device 604 can connect to a first network, such as a Wi-Fi network, if it is not already connected. User device 604 can further discover discovery broker 606. Discovery broker 606 may be configured to broadcast information indicating its presence over the first network. When user device 604 connects to the first network, it receives the broadcast and can discover discovery broker 606.
[0088] In 614, the user device 604 can send a request to the discovery broker 606 to connect to the accessory device 602. This request may include an accessory device identifier and a user device identifier.
[0089] In 616, the discovery broker 606 can verify accessory device 602 and user device 604 using accessory device identifiers and user device identifiers. For example, the discovery broker 606 may have a list of accessory devices, each containing an accessory device identifier. The discovery broker 606 can verify an accessory device by comparing a received accessory device identifier with the list of accessory device identifiers. The discovery broker 606 can also verify user device 604 based on the manner in which the user device presented the request. For example, the discovery broker 606 can determine whether the request is properly formatted, whether any irrelevant information is included in the request, whether any information is missing from the request, and other appropriate considerations.
[0090] In 618, the discovery broker 606 can send a request to the NMS 608 to configure a security mechanism to allow the user device 604 to connect with the accessory device 602. The security mechanism, such as a firewall, prevents communication between the user device 604 and the accessory device.
[0091] In 620, the NMS608 can reconfigure the security mechanism to allow the user device 604 to connect to the accessory device 602.
[0092] In 622, the NMS608 can send a message to the discovery broker606. The message may include an indication that the NMS608 has modified the security mechanism configuration to allow connectivity between the user device604 and the accessory device602.
[0093] At 624, the discovery broker 606 can send permission to the user device 604 to connect to the accessory device 602.
[0094] In 626, the user device 604 can establish a connection with the accessory device 602 using accessory device pairing information from a QR code (registered trademark). The accessory device information may include pairing pins for pairing with the accessory device 602.
[0095] Figure 7 is a signaling diagram 700 of an exemplary process for device onboarding according to one or more embodiments. As shown, the user device 702 can communicate with the discovery broker 704 and RMS 706. In some examples, the accessory device does not need to display a QR code® that provides connectivity information. In these examples, the discovery broker 704 can still facilitate the connection between the user device 702 and the accessory device.
[0096] In 708, RMS706 may send an accessory device group token to the discovery broker704. The token may be a universally unique identifier (UUID) specific to a particular user (e.g., a hotel guest) and may be valid for a predetermined period (e.g., the length of a hotel reservation). The token may be used to provide access to accessory devices for presenting streaming content from the user device702. The token may also allow the user device702 to display a list of available accessory devices that the user can select.
[0097] In step 710, the discovery broker 704 can send a token to the user device 702. In step 712, the user device 702 can use the token to connect to a first network, such as a Wi-Fi network, if it is not already connected. For example, the user device 702 sends a request to connect to the first network. The request may include a token. The request may be received by a server on the first network, and the server can authenticate the request based on the token.
[0098] At 714, the user device 702 can send the token back to the discovery broker 704 and request a list of accessory devices.
[0099] In 716, the discovery broker 704 can send a list of accessory devices to the user device 702. For example, the discovery broker 704 can use a token to authenticate the request for the list of accessory devices. Based on the authentication, the discovery broker can provide the list. The list of accessory devices is obtained based on the user device that submitted the request. For example, if the user device is a hotel guest's device, the list may include accessory devices in the guest's hotel room.
[0100] In 718, the user device 718 can display a list of accessory devices. The display may include inputs that allow the user to select which accessory device they want to use to present content.
[0101] In step 720, the user device 702 can transmit the identity of the selected accessory device to the discovery broker 704. In some embodiments, the selection may cause the user to be presented with a PIN code user interface (UI) on the accessory device's display. In other embodiments, the PIN code UI may be scannable, such as a scannable QR code®. The process may then proceed to step 610 in Figure 6.
[0102] In some cases, a user may wish to switch from using a selected accessory device to another accessory device shown in the list of accessory devices. In these cases, the user can select another accessory device from the list of accessory devices and send the selection to the discovery broker 704. Instead of having the newly selected accessory device display a QR code (registered trademark) and proceeding to step 610 in Figure 6, the discovery broker 704 may send a request to the NMS to reconfigure the security mechanism to allow the user device 702 to connect to the newly selected accessory device. The NMS may then reconfigure the security mechanism to allow the user device 702 to connect to the newly selected accessory device. The user device 702 and the newly selected accessory device can then establish a connection.
[0103] In some cases, the user device (e.g., user device 104) may further provide recommendations for using accessory devices. This may occur when the user device receives a list of accessory devices that the user can access (e.g., a list of accessory devices in a hotel room). The user device may detect that content is being viewed or is about to be viewed on the user device. For example, a streaming service application (e.g., the Apple TV application) is being initialized on the user device. The user device may check the list of accessory devices and determine that at least one accessory device can present the content. For example, the list of accessory devices may include a television. The user device may display a prompt asking the user if they want to view the content on an accessory device. If the user indicates that they wish to view the content on an accessory device, the user device may connect to the accessory device if it is not already connected and send the content to the accessory device for presentation.
[0104] Figure 8 is a signaling diagram of an exemplary process for recommending accessory devices according to one or more embodiments. A user device 802 (e.g., user device 104) can communicate with a discovery broker 804 (e.g., discovery broker 208). In 806, user device 802 can request a list of accessory devices from streaming content 806. This may be similar to 714 in Figure 7. For example, user device 802 can connect to a first network (e.g., first network 216) and request a list of accessory devices for streaming content, similar to 712 in Figure 7.
[0105] In 808, the discovery broker 804 may send an accessory group list to the user device 802. In 806, the list may be sent in response to a request. The accessory device list may include available accessory devices (e.g., a first accessory device 108, a second accessory device 110). For example, accessory devices may include a smart speaker, a media streaming device available to the user associated with user device 802 (e.g., Apple TV).
[0106] In 810, the user device 802 can determine whether it is connected to an accessory device (e.g., a first accessory device 108). For example, the user device 802 can send an association request to the accessory device, and the accessory device can respond. In another example, the user device can ping the accessory device, wait for a response, send a data packet to the accessory device, and determine whether it can receive a data packet from the accessory device. The user device 802 may use other techniques to determine whether it is connected to an accessory device.
[0107] In 812, the user device 802 can discover a first location signature. In some examples, the location signature can be discovered while the user device 802 is connected to an accessory device. The discovery of the location signature can be performed using various techniques. For example, the user device can determine the characteristics of a nearby AP (e.g., an indoor access point 112). AP characteristics may include, for example, the received signal strength indication (RSSI) of the signal from the AP. AP characteristics may also include an AP fingerprint, such as the Service Set Identifier (SSID) associated with the AP or the Media Access Control (MAC) address associated with the AP. The user device 802 can further store the location signature in memory. For example, if the user is a hotel guest, the user device 802 can store the location signature of the guest's room in memory. The user device 802 can further store an accessory device identifier (e.g., a device identifier value or other identifier) in memory and further associate this accessory device identifier with the first location signature.
[0108] In 814, the user device 802 can detect the second location signature 814. For example, a user can take their user device 802 and move from their hotel room to another location such as the lobby, restaurant, or pool. The new location may have a different location signature. For example, the RSSI of the AP at the new location, the SSID associated with the AP at the new location, the MAC address associated with the AP at the new location, or one of any other location signature characteristics may differ from the first location signature. The user device 802 can further compare the second location signature with the first location signature. Based on the difference between the location signatures, the user device 802 can store the second location signature in memory.
[0109] In 816, the user device can detect the first location signature 816. For example, the user may have returned to their hotel room. Upon returning to the hotel room, the user device 802 can connect to the AP in the room. The user device 802 can detect the first location signature and compare it with each of the stored location signatures. Based on the comparison, the user device 802 can determine that the first location signature in 816 is the same as the first location signature in 812.
[0110] In 818, the user device can display a recommendation for using an accessory device. For example, user device 802 can determine whether any accessory device is associated with a first location signature. User device 802 can further determine that the accessory device identified in 810 is associated with the first location signature. User device 802 can display a prompt on the user device's display suggesting that the user use the accessory device. The user can choose to accept or ignore the suggestion. User device 802 can receive input indicating that the user accepts the suggestion and wants to re-establish a connection with the accessory device. User device 802 can then stream content through the accessory device. In some examples, it should be understood that user device 802 may provide a prompt with a suggestion to engage with an accessory device after user device 802 has first scanned a QR code (registered trademark).
[0111] Figure 9 is a signaling diagram 900 of an exemplary process for invalidating connectivity according to one or more embodiments. As shown, RMS 902 can communicate with discovery broker 904 and NMS 906. RMS 902 can access reservation information associated with any defined space (e.g., room) within the premises. Thus, RMS 902 can identify the expiration of each reservation, which should correspond to the loss of use of an accessory device group within the defined space. In 908, RMS 902 can send a message to discovery broker 904 to invalidate any token associated with an accessory device group. Accordingly, discovery broker 904 can invalidate any token associated with an accessory device group.
[0112] In 910, RMS902 can send a message to discovery broker904 revoking permission for any user device associated with the token to use the accessory device group. Accordingly, discovery broker904 can revoke permission for any user device associated with the expired token to use the accessory device group.
[0113] In 912, RMS902 can send a message to NMS906 to reconfigure the security mechanism to prohibit connections between user devices and accessory device groups. Accordingly, NMS906 can reconfigure the security mechanism to prohibit connections between user devices and accessory device groups. For example, NMS906 can reconfigure the firewall to prevent user devices from connecting to the network.
[0114] Figure 10 illustrates onboarding using a reservation-specific captive portal token in one or more embodiments. In some examples, a facility such as a hotel generates a captive portal, which may be a webpage that the user may be required to interact with before accessing the network. The captive portal page may be used by airports and hotels to require the user to accept terms and conditions before granting access to the network. The user may be asked to enter personally identifiable information (e.g., name or email address), presented with terms and conditions, and asked to manually enter their acceptance of the terms and conditions. For example, the user device may attempt to connect to a network, such as a hotel network. The hotel network may be required to present a webpage on the user device. The webpage may include a web-based interface for entering inputs. In some examples, the webpage may prompt for a username and room number. If a valid username (e.g., hotel guest) and the corresponding room number are entered on the webpage, the user device may be permitted to connect to the network.
[0115] As described herein, instead of entering personally identifiable information, the discovery broker can generate a reservation-specific captive portal token. The discovery broker may further include the reservation-specific captive portal token within a QR code® 1002 displayed on the accessory device 1004. The reservation-specific captive portal token may include reservation information for a specific guest, such as the date of stay. The reservation-specific captive portal token does not contain any personally identifiable information of the guest. The user device 1006 can scan a QR code® 1002 that may include information such as a network identifier, network password, and accessory device identifier in addition to the reservation-specific captive portal token. The user device 1006 can connect to the network using the network identifier, network password, and reservation-specific captive portal token.
[0116] User device 1006 can connect to accessory device 1004 as described herein (see Figure 6). User device 1006 can further stream content 1008 to accessory device 1004 as described herein. Furthermore, reservation-specific captive portal tokens can be shared by user device 1006 with other devices that the user may have access to. For example, user device 1006 is a smartphone, and the user also has a tablet. In this case, the smartphone can share reservation-specific captive portal tokens with the tablet, and the tablet can connect to the network without the user having to enter personally identifiable information into the tablet.
[0117] Figure 11 shows onboarding using a reservation-specific captive portal token in one or more embodiments. In some examples, a facility may require acceptance of contractual terms to connect to the network and access the internet. In these examples, a discovery broker may generate a reservation-specific captive portal token. The discovery broker may further include the reservation-specific captive portal token within a QR code® 1102 displayed on an accessory device 1104. A user device 1106 can scan a QR code® 1102 that may include information such as a network identifier, network password, and accessory device identifier in addition to the reservation-specific captive portal token.
[0118] User device 1106 can connect to the network using a network identifier, network password, and a reservation-specific captive portal token. The Terms of Service 1108 can be displayed on user device 1106, and the user can enter their acceptance of the Terms of Service. The Terms of Service 1108 are displayed based on the reservation-specific captive portal token, and the user should understand that they do not need to enter any personally identifiable information to have the Terms of Service 1108 displayed on user device 1106.
[0119] Next, the user device 1106 can connect to the accessory device 1104 as described herein. The user device 1106 can further stream the content 1110 to the accessory device 1104 as described herein.
[0120] Figure 12 is a signaling diagram for onboarding using a reservation-specific captive portal token according to one or more embodiments. As shown, a user device 1202 (e.g., user device 104) communicates with a captive portal system 1204. In some cases, the captive portal system 1204 may include a discovery broker. In 1206, the user device 1202 can scan a QR code® displayed on an accessory device (e.g., accessory device 108). The QR code® may provide network configuration (e.g., Wi-Fi configuration) and a reservation-specific captive portal token. Based on the information provided by the QR code®, the user device 1202 can join a network (e.g., the hotel's Wi-Fi network) and further complete Internet Protocol (IP) configuration and Domain Name Server (DNS) configuration.
[0121] In step 1208, the user device 1202 can initiate network captive discovery. The user device can send a Hypertext Transmission Protocol (HTTP) GET message to the captive portal system 1204 to access the internet.
[0122] In 1210, the captive portal system 1204 can send an HTTP response message to the user device 1202. The HTTP response message may indicate that the network is captive and that the user device 1202 is not permitted to access the internet. For example, the HTTP response message may include various response codes and header information indicating that the network is captive and that the user device 1202 is not permitted to access the internet.
[0123] In 1212, the user device 1202 can send an HTTP GET message to the captive portal system 1204. The HTTP GET message can indicate the availability of a reservation-specific captive portal token. The HTTP GET message can further indicate the intention to engage in the authentication process using the reservation-specific captive portal token. The HTTP GET message can further indicate that the authentication process is being engaged by a user device that previously obtained a reservation-specific captive portal token.
[0124] In 1214, the captive portal system 1204 can respond to an HTTP GET message from 1212. For example, the captive portal system 1204 can then send an HTTP response message indicating an authentication challenge. The HTTP response message can further provide information on how to properly engage in the authentication process using the reservation-specific captive portal token. Accordingly, the user device 1202 can send an HTTP GET message containing the reservation-specific captive portal token. The reservation-specific captive portal token may be included in the "Authorization Request" header field. In some examples, the user device 120 can send the reservation-specific captive portal token using a "bearer" authentication key. In this key, the reservation-specific captive portal token can be considered a "bearer" token. The reservation-specific captive portal token is included in the "Authorization Request" header field of the HTTP GET message. The captive portal system 1204 can authenticate a reserved-specific captive portal token based on the fact that the reserved-specific captive portal token is a valid token and is included in the appropriate part of the HTTP GET message (e.g., the "authorization" request header field).
[0125] The captive portal system 1204 can verify reservation-specific captive portal tokens. For example, the captive portal system 1204 can determine whether a reservation-specific captive portal token provided by the user device 1202 is the same reservation-specific captive portal token generated by the captive portal system 1204. The captive portal system 1204 can further record a session-stable identifier (e.g., an IP address) that can be used later in the pairing process between the user device 1202 and the accessory device.
[0126] The captive portal system 1204 can send an HTTP response message to the user device 1202. The HTTP response message may contain a new reservation-specific captive portal token. In some cases, the user device 1202 may still need to indicate acceptance of the terms of service for accessing the internet over the network. For example, if the user device 1202 has not previously indicated acceptance of the terms of service. In these cases, the user device can restart the captive portal process and display the terms of service on the user device 1202. If the user device 1202 indicates acceptance, the captive portal system 1204 can grant access to the internet over the network. If the user device 1202 does not receive an indication of acceptance of the terms of service, the captive portal system 1204 will not grant access.
[0127] In some cases, user device 1202 may need to rejoin the network after being disconnected. User device 1202 may also need to re-engage in the authentication process, which is similar to the process described above. In these examples, user device 1202 can rejoin the network and complete the IP and DNS configurations. User device 1202 can send an HTTP GET message to captive portal system 1204 to access the internet over the network. Captive portal system 1204 may respond with an HTTP response message indicating that the network is captive and that user device 1202 is not permitted to access the internet.
[0128] User device 1202 may send an HTTP GET message indicating its intention to use a reservation-specific portal token to engage in the authentication process. The HTTP GET message may further indicate that user device 1202 will only engage in the authentication process if it has previously obtained a reservation-specific portal token.
[0129] The captive portal system 1204 can then send an HTTP response message indicating an authentication challenge. The HTTP response message can further provide information on how to properly engage in the authentication process using the reservation-specific captive portal token. Accordingly, the user device 1202 can send an HTTP GET message containing the reservation-specific captive portal token. The reservation-specific captive portal token is included in the "Authorization" request header field.
[0130] The captive portal system 1204 can verify reservation-specific captive portal tokens. For example, the captive portal system 1204 can determine whether a reservation-specific captive portal token provided by the user device 1202 is the same reservation-specific captive portal token generated by the captive portal system 1204. The captive portal system can further record session-stable identifiers (e.g., IP addresses) that can be used later in the pairing process between the user device 1202 and the accessory device.
[0131] The captive portal system 1204 can send an HTTP response message to the user device 1202. The HTTP response message may be a new reservation-specific captive portal token. Since the user device 1202 has already indicated acceptance of the terms of service, the HTTP response message may further indicate acceptance. The captive portal system 1204 can grant the user device 1202 access to the internet via the network. The user device 1202 can then access the internet.
[0132] Figure 13 shows a process flow 1300 for device onboarding according to one or more embodiments. In 1302, the method may include a computing system receiving from a user device the identifier of one accessory device among a plurality of accessory devices and a request to connect to that accessory device. The request may be received by the computing system via a first network. Furthermore, a security mechanism may be configured to restrict connectivity between the user device and the plurality of accessory devices. The computing system may be a discovery broker of a management system. The user device may be, for example, a smartphone of a user who has booked a stay at a commercial facility. The user may want to use their user device to present content on the accessory device. In some cases, the computing system may verify the user device in response to receiving a request.
[0133] In 1304, the method may include the computing system sending a message to a management system of a managed network to configure a security mechanism to allow connectivity between a user device and an accessory device, at least in part on the identity of the request and the accessory device. The security mechanism may be a firewall that prevents communication between the user device and the accessory device.
[0134] In 1306, the method may include the computing system identifying that the management system has modified the configuration of the security mechanism to allow connectivity between the user device and the accessory device.
[0135] In 1308, the method may include the computing system transmitting connection information to a user device and an accessory device for establishing a connection between the user device and the identified accessory device. The user device can then establish a connection with the accessory device. The user device may further transmit content to the accessory device for presentation.
[0136] User devices may have different levels of accessibility during the processes described herein. Figure 14 provides a high-level diagram of different levels of accessibility at different stages of the process. Figure 14 is a figure 1400 showing the accessibility of a user device according to one or more embodiments. At T0, user device 1402 (e.g., user device 104) can scan a QR code (registered trademark) 1404 displayed on an accessory device (e.g., first accessory device). User device 1402 can further engage with a discovery broker (e.g., discovery broker 208) to access a network (e.g., hotel network). The process for connecting with the discovery broker is described in more detail with respect to Figure 2.
[0137] At T1, the user device 1402 can communicate with the discovery broker and the display prompt 1406 in order to connect to the network. At T1, the user device 1402 can access the discovery broker. The user can interact with prompt 1406 or ignore prompt 1406. For the purposes of Figure 14, it can be assumed that the user interacts with prompt 1406 to connect to the network.
[0138] In T2, user device 1402 may be connected to a network but may not have access to the internet. User device 1402 may be further connected to an accessory device. For example, user device 102 may connect to an accessory device displaying a QR code (registered trademark) 1404. In T2, user device 1402 may stream content on the accessory device using a streaming protocol (e.g., Apple AirPlay (registered trademark)). In T2, the user may not yet have accepted the terms and conditions 1408 and therefore may not have access to the internet.
[0139] In T3, user device 1402 may accept the terms of service 1408. For example, user device 1402 may indicate acceptance of the hotel's terms of service 1408. In T3, user device 1402 may be permitted to access the internet.
[0140] Figure 15 is a signaling diagram 1500 for onboarding using a captive portal token, according to one or more embodiments. In 1502, the user device 1502 can initiate captive discovery of the network. The user device 1502 can send a hypertext transmission protocol (HTTP) GET message to the captive portal system 1504 to access the internet.
[0141] In step 1506, the captive portal system 1504 may send an HTTP response message to the user device 1502. The HTTP response message may indicate that the network is captive and that the user device 1202 is not permitted to access the internet. For example, the HTTP response message may include various response codes and header information indicating that the network is captive and that the user device 1502 is not permitted to access the internet. Accordingly, the user device 1502 and the captive portal system 1504 may engage in steps similar to steps 1212 and 1214. The user device 1502 may further send an indication of acceptance of the terms of service.
[0142] In step 1508, the captive portal system 1504 can send an HTTP response message to the user device 1502. The HTTP response message may contain a new reservation-specific captive portal token. Since the user device 1502 has given consent, the captive portal system 1504 can grant access to the internet via the network. The captive portal system 1504 can further display a landing page on the user device 1502.
[0143] In some examples, accessory devices can be configured to communicate with each other and with user devices. In particular, user devices and accessory devices can be configured to exchange keys that enable the user device to pair with and communicate with the accessory device. Figures 16–22 help illustrate this key exchange process. The key may be used between devices to authenticate each other. The following diagrams help illustrate key exchange so that the user does not need to enter a PIN for a second accessory device after exchanging keys with a first accessory device. The first process may include a process for the initial key exchange between accessory devices. The second process may include the accessory device connecting with the accessory device after the key exchange. Figures 16–19 may relate to the first process. Figures 20–22 may relate to the second process.
[0144] Figure 16 is a diagram 1600 of a process for exchanging keys according to one or more embodiments. User device 1602 can access multiple accessory devices. For example, in a defined space such as a hotel room (e.g., room 106), the hotel may provide a first accessory device 1604 and a second accessory device 1606. If accessible, user device 1602 may be able to stream content through either accessory device. User device 1602 can scan a QR code (registered trademark) on the first accessory device 1604 to initiate the process for exchanging keys. The user device can access the first accessory device key 1608 from the first accessory device 1604, and the first accessory device 1604 can access user device key 1610 from user device 1602. At this point, the second accessory device 1606 does not have access to either the first accessory device key 1608 or user device key 1610. Both the user device 1602 and the first accessory device 1604 can store their respective keys in temporary storage (e.g., retention storage). This temporary storage may be deleted when the user checks out of the hotel.
[0145] Figure 17 is a diagram 1700 of a process for changing keys according to one or more embodiments. User device 1602 can initiate the process for changing keys using a PIN code displayed on a second accessory device 1606 (in other examples, the user device can scan a QR code®). User device 1602 can access the second accessory device key 1702 from the second accessory device 1606, and the second accessory device 1606 can access user device key 1610 from user device 1602. The second accessory device 1606 can further access the first accessory device key 1608 from user device 1602. At this point, the user device has stored the first accessory device key 1608 and the second accessory device key 1702. The first accessory device 1604 has stored user device key 1610. The second accessory device 1606 has stored user device key 1610 and the first accessory device key 1608. The second accessory device 1606 can store the first accessory device key 1608 in long-term storage (e.g., group storage). Unlike temporary memory, which is deleted after the user checks out of the hotel, long-term memory can persist even after the user has stayed at the hotel.
[0146] Figure 18 is a diagram 1800 of a process for exchanging keys according to one or more embodiments. After exchanging keys with the second accessory device 1606, the user device 1602 can communicate with the first accessory device 1604, and the first accessory device 1604 can access the second accessory device key 1702 from the user device 1602. At this point, each device has a key to the other. Figures 16-18 illustrate the initial key exchange. For example, when a hotel places the first accessory device 1604 and the second accessory device 1606 in a room, the guest can use their user device to trigger a process in which each device has a key to the other device.
[0147] Figure 19 is a diagram 1900 of a process for exchanging keys according to one or more embodiments. As shown with respect to Figure 18, the first accessory device 1604 has a second accessory device key 1702, and the second accessory device 1606 has a first accessory device key 1608. Thus, the first accessory device 1604 and the second accessory device 1606 can pair with each other and communicate using their respective keys.
[0148] Figures 20-22 relate to a scenario after the first process has been performed and the accessory devices have keys to each other. Figure 20 is a diagram of the process for exchanging keys according to one or more embodiments. Users can enter the same room as in Figures 16-19. User device 2002 can be used to scan the QR code (registered trademark) on the first accessory device 1604. User device 2002 may differ from user device 1602 in Figures 16-19. For example, user device 2002 may belong to a different guest than user device 1602. User device 2002 can access the first accessory device key 1608 from the first accessory device 1604. The first accessory device 1604 can access user device key 1610 from user device key 2004 from user device 2002. As explained with respect to Figures 16 to 19, the first accessory device 1604 may have already acquired the second accessory device key 1702, and the second accessory device 1606 may have already acquired the first accessory device key 1608.
[0149] Figure 21 is a diagram 2100 of a process for exchanging keys according to one or more embodiments. User device 2002 can communicate with first accessory device 1604 and access second accessory device key 1702. Furthermore, first accessory device 1604 can communicate with second accessory device 1606, and the second accessory device can access user device key 2004 from first accessory device 1604. Since first accessory device 1604 and second accessory device 1606 already have each other's keys, there is no need to further exchange keys between them.
[0150] Figure 22 is a diagram illustrating a process for communication between devices according to one or more embodiments. As shown, user device 2002 has a second accessory device key 1702, and second accessory device 1606 already has user device key 2004. Thus, unlike Figure 17, where user device 1602 requires a PIN code from second accessory device 1606 to exchange keys, user device 2002 can connect with second accessory device 1606 without requiring a PIN code. This allows the user to enjoy using both the first accessory device 1604 and the second accessory device 1606.
[0151] Figure 23 is a signaling diagram 2300 for initial key exchange according to one or more embodiments. Figure 23 relates to Figures 16 to 19. As shown, a user device 2302 (e.g., user device 1602) communicates with a first accessory device 2304 (e.g., first accessory device 1604) and a second accessory device 2306 (e.g., second accessory device 1606). In 2308, the user device 2302 can access the first accessory device key 2308 from the first accessory device 2304. For example, a user in a defined space (e.g., a room) can use their user device 2302 to communicate with the first accessory device 2304 and request the first accessory device key. In 2310, the first accessory device 2304 can access the user device key from the user device 2302. The user device 2302 and the first accessory device 2304 can establish a communication session in which keys are exchanged. The keys are part of the pairing information used to pair the first accessory device 2304 with the user device 2302. The communication session can be established by the user device 2302 scanning a QR code (registered trademark) displayed on the first accessory device 2304. As described above, the user device 2302 can use the information from the QR code (registered trademark) to communicate with the discovery broker to access the network and communicate with the first accessory device 2304.
[0152] In 2312, the user device 2302 can access the second accessory device key from the second accessory device 2306. In 2314, the second accessory device 2306 can access the user device key from the user device 2302. The second accessory device 2306 can further access the first accessory device key from the user device 2302. The user device 2302 and the second accessory device 2306 can establish a communication session in which keys are exchanged. As shown in Figure 17, the second accessory device can display a PIN code. The PIN code may need to be entered into the user device 2302 in order to establish a communication session. These keys are part of the pairing information used to pair the second accessory device 2306 with the user device 2302. In 2316, the first accessory device 2304 can access the second accessory device key from the user device 2302. Since the first accessory device 2304 and the second accessory device 2306 each have their own keys, the two devices can communicate with each other.
[0153] Figure 24 is a signaling diagram 2400 for connecting to an accessory device according to one or more embodiments. Figure 24 relates to Figures 20 to 22. As shown, a user device 2402 (e.g., user device 2002) communicates with a first accessory device 2304 and a second accessory device 2306. In 2404, the first accessory device can access the user device key from user device 2402. In 2406, user device 2402 can access the second accessory device key from the first accessory device 2304. A communication session can be established by user device 2402 scanning a QR code® displayed on the first accessory device 2304. As described above, user device 2402 can use the information from the QR code® to communicate with a discovery broker to access the network and communicate with the first accessory device 2404. The first accessory device 2304 can store the second accessory device key in memory based on step 2316 of Figure 23.
[0154] In step 2408, the second accessory device 2306 can access the user device key from the first accessory device 2304. The first accessory device 2304 and the second accessory device can have information to communicate with each other based on steps 2314 and 2316 of Figure 23. In step 2410, the user device can pair with the second accessory device 2306 using the second accessory device key. Unlike step 2316 of Figure 23, the user device 2402 did not need to use a PIN code to establish a connection with the second accessory device 2306. Furthermore, since both the first accessory device 2304 and the second accessory device 2306 have each other's keys, future user devices will also not need to use a PIN code.
[0155] Figure 25 shows an exemplary architecture or environment 2500 configured to implement the technologies described herein in one or more embodiments. The architecture 2500 includes a user device 2502 and a server 2504 (e.g., a hotel server). In some examples, the exemplary architecture 2500 may be further configured to allow the user device 2502 and the server 2502 to share information. In some examples, the devices may be connected via one or more networks 2506 (e.g., via a first network). In some examples, the server 2504 may be configured to implement at least some of the technologies described herein with reference to the user device 2502, and vice versa.
[0156] In some examples, network 2506 may include one or a combination of many different types of networks, such as cable networks, the Internet, wireless networks, cellular networks, satellite networks, other private and / or public networks, or any combination thereof. While the illustrated example represents a user device 2502 accessing server 2504 via network 2506, the described techniques may equally apply if user device 2502 interacts with server 2504 via a landline telephone, kiosk, or any other means. It should also be noted that the techniques described may apply to other client / server configurations (e.g., set-top boxes), as well as non-client / server configurations (e.g., locally stored applications, peer-to-peer configurations).
[0157] As described above, the user device 2502 may be, but is not limited to, any type of computing device, such as a mobile phone, smartphone, personal digital assistant (PDA), laptop computer, desktop computer, thin client device, tablet computer, or wearable device such as a smartwatch. In some examples, the user device 2502 may communicate with the server 2504 via the network 2508 or via other network connections.
[0158] In one exemplary configuration, user device 2502 may include at least one memory 2508 and one or more processing units (or processors(s)) 2516. Processors(s)
[0159] Memory 2508 can store program instructions that can be loaded and executed on the processor(s) 2510, as well as data generated during the execution of these programs. Depending on the configuration and type of user device 2506, memory 2508 may be volatile (such as random access memory (RAM)) and / or non-volatile (such as read-only memory (ROM), flash memory, etc.). User device 2502 may also include additional removable storage and / or non-removable storage 2512, including but not limited to magnetic storage, optical disks, and / or tape storage. Disk drives and associated non-temporary computer-readable media may provide the computing device with non-volatile storage for computer-readable instructions, data structures, program modules, and other data. In some implementations, memory 2508 may include several different types of memory, such as static random access memory (SRAM), dynamic random access memory (DRAM), or ROM. The volatile memory described herein may be called RAM, but it includes any volatile memory that ceases to retain stored data when it is unplugged from the host and / or power supply.
[0160] Both removable and non-removable memories 2508 and additional storage 2512 are examples of non-temporary computer-readable storage media. For example, non-temporary computer-readable storage media may include volatile or non-volatile, removable or non-removable media implemented in any way or technique for storing information such as computer-readable instructions, data structures, program modules, or other data. Both memories 2508 and additional storage 2512 are examples of non-temporary computer storage media. Additional types of computer storage media that may be present in the user device 2502 may include, but are not limited to, phase-change RAM (PRAM), SRAM, DRAM, RAM, ROM, electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, compact disc read-only memory (CD-ROM), digital video disc (DVD) or other optical storage, magnetic cassette, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other media that may be used to store desired information and may be accessed by the user device 2502. Any combination of the above should be included within the scope of non-temporary computer-readable storage media. Alternatively, computer-readable communication media may include computer-readable instructions, program modules, or other data transmitted within data signals such as carrier waves or other transmissions. However, as used herein, computer-readable storage media does not include computer-readable communication media.
[0161] The user device 2502 may also include one or more communication connections 2514 that enable the user device 2502 to communicate with a data store, another computing device or server, a user terminal, and / or other devices via a network 2506. The user device 2502 may also include one or more I / O devices 2516 such as a keyboard, mouse, pen, voice input device, touchscreen input device, display, speaker, and printer.
[0162] Looking more closely at the contents of memory 2508, memory 1208 may include one or more application programs or services for implementing the features disclosed herein, such as the operating system 2518 and / or application 2520. At least some of the techniques described with reference to server 2504 may be performed by user device 2502, and vice versa.
[0163] Server 2504 may also be any type of computing device, including, but is not limited to, a collection of virtual or "cloud" computing resources, a remote server, a mobile phone, a smartphone, a PDA, a laptop computer, a desktop computer, a thin client device, a tablet computer, a wearable device, a server computer, or a virtual machine instance. In some examples, Server 2504 may communicate with User Device 2502 via Network 2508 or other network connections.
[0164] In one exemplary configuration, server 2504 may include at least one memory 2524 and one or more processing units (or processors) 2526. Processors 2526 may be implemented in hardware, computer-executable instructions, firmware, or a combination thereof, as required. The computer-executable instruction or firmware implementation of processors 2526 may include computer-executable or machine-executable instructions written in any suitable programming language to perform the various functions described.
[0165] Memory 2524 can store program instructions that can be loaded and executed on the processor(s) 2526, as well as data generated during the execution of these programs. Depending on the configuration and type of the service provider computer 2502, memory 2524 may be volatile (such as RAM) and / or non-volatile (such as ROM and flash memory). Server 2504 may also include additional removable storage and / or non-removable storage 2528, including but not limited to magnetic storage, optical disks, and / or tape storage. Disk drives and associated non-temporary computer-readable media may provide the computing device with non-volatile storage for computer-readable instructions, data structures, program modules, and other data. In some implementations, memory 2524 may include several different types of memory, such as SRAM, DRAM, or ROM. The volatile memory described herein is sometimes referred to as RAM, but any volatile memory that does not retain the data stored therein when it is unplugged from the host and / or power supply would be appropriate. Both the removable and non-removable memory 2542 and the additional storage 2528 are examples of additional non-temporary computer-readable storage media.
[0166] Server 2504 may also include one or more communication connections 2530 that enable Server 2504 to communicate with data stores, other computing devices or servers, user terminals, and / or other devices via the network 2508. Server 2504 may also include one or more I / O devices 2532 such as keyboards, mice, pens, voice input devices, touch input devices, displays, speakers, and printers.
[0167] More specifically, the contents of memory 2524 may include an operating system 2534 and / or one or more application programs 2536 (e.g., a discovery broker) or services for implementing the features disclosed herein.
[0168] Examples
[0169] Further exemplary embodiments are provided in the following sections.
[0170] Example 1 includes: a computing system receiving from a user device the identifier of one accessory device among a plurality of accessory devices, and a request to connect to the accessory device, the request being received by the computing system via a first network, and connectivity between the user device and the plurality of accessory devices via the first network being restricted by a security mechanism of a second network; the computing system sending a message to the management system of the second network to configure the security mechanism to allow connectivity between the user device and the accessory device, at least in part based on the request and the identity of the accessory device; the computing system receiving a message from the management system indicating that the management system has changed the configuration of the security mechanism to allow connectivity between the user device and the accessory device; and the computing system sending connection information to the user device and the accessory device to establish a connection between the user device and the identified accessory device.
[0171] Example 2 may include the method of Example 1, further including verifying the user device in response to receiving a request, and sending the message to the management system being at least partially based on the verification.
[0172] Example 3 may include the method of Example 1 or 2, and the request includes secret key information for establishing a secure connection between the user device and the computing system.
[0173] Example 4 may include the method of Example 3, where the secret key information includes a transport layer security (TLS) key and a transport layer security (TLS) key identity.
[0174] Example 5 may include any of the methods in Examples 1 to 4, and transmitting connection information includes transmitting a first Internet Protocol address and a first port of the accessory device to the user device, and transmitting a second Internet Protocol address and a second port of the accessory device to the identified accessory device.
[0175] Example 6 may include any of the methods in Examples 1 to 5, wherein the accessory device is part of an accessory device group, connectivity to each accessory device in the accessory device group is controlled by a second network, and transmitting connectivity information includes transmitting to a user device the individual Internet Protocol address and individual port of each accessory device in the accessory device group, and transmitting to each accessory device in the accessory device group the second Internet Protocol address and second port of the accessory device.
[0176] Example 7 may include any of the methods in Examples 1-6, wherein the computing system is connected to the user device via a first network separate from the second network.
[0177] Example 8 may include any of the methods in Examples 1-7, wherein the security mechanism includes a firewall configured to restrict connectivity between a user device and an identified accessory device over a first network.
[0178] Example 9 may include any of the methods in Examples 1-8, wherein the identified accessory device is a first accessory device located in the defined space, a second accessory device among a plurality of accessory devices located in the defined space, and the management system further modifies the configuration of the security mechanism to allow connectivity between the user device and the second accessory device.
[0179] Example 10 may include the method of Example 9, where the defined space is a room or set of rooms within a building.
[0180] Example 11 may include the method of Example 9, in which the access points are arranged in a defined space, and the user device communicates with the computing system via the access points.
[0181] Example 12 may include a computing system comprising one or more processors and one or more non-temporary computer-readable media that store computer-executable instructions that, when executed using one or more processors of a user device, cause one or more processors to perform any of the steps described in Examples 1 to 11.
[0182] Example 13 may include one or more non-temporary computer-readable media that store computer-executable instructions, which, when executed on one or more processors of a user device, cause a computing system to perform one of the steps of Examples 1 to 11.
[0183] While specific embodiments have been described, those skilled in the art will recognize that numerous modifications are possible. A single controller can establish pairing with any number of accessories and selectively communicate with different accessories at different times using the process described herein. Similarly, a single accessory may be controlled by multiple controllers that have established pairing. Any function of an accessory can be controlled by modeling that function as a service having one or more characteristics, and allowing a controller to interact with that service and / or its characteristics (e.g., read, modify, receive updates). Thus, the protocols and communication processes described herein are "universal," meaning they can be applied to any situation involving one or more controllers and one or more accessories, regardless of accessory function, controller form factor, or specific interface.
[0184] Therefore, although specific embodiments have been described, it should be understood that embodiments may include all modifications and equivalents within the scope of the following claims.
[0185] As described above, one aspect of the technology involves collecting and using data available from specific legitimate sources to improve the delivery of messages from one device to one or more devices. In some cases, the disclosure intends that this collected data may include personal data that uniquely identifies or can be used to identify a specific person. Such personal data may include demographic data, location-based data, online identifiers, telephone numbers, email addresses, and home addresses (for example, retrieving location information from a user-specific fitness-based application or a user-specific healthcare application for route reconstruction).
[0186] This disclosure acknowledges that such use of personal data in the technology may be for the benefit of the user. For example, personal data may be used to deliver commands from a user profile on a computing device to one or more computing devices. Furthermore, other uses of personal data that may benefit the user are also conceivable in this disclosure. For example, recommendations to improve the user's driving efficiency may be sent back from the device to the user profile.
[0187] This disclosure assumes that entities responsible for collecting, analyzing, disclosing, transferring, storing, or otherwise using such personal data will adhere to well-established privacy policies and / or privacy practices. Specifically, such entities are expected to implement and consistently apply privacy practices that are generally recognized as meeting or exceeding industry or government requirements for maintaining user privacy. Such information regarding the use of personal data should be prominent, readily accessible to users, and updated as data collection and / or use changes. Personal data from users should be collected only for legitimate use. Furthermore, such collection / sharing should be done only after obtaining user consent or on other legitimate grounds specified in applicable law. In addition, such entities should consider taking all necessary steps to protect and secure access to such personal data and to ensure that others with access to personal data faithfully adhere to those privacy policies and procedures. Furthermore, such entities may undergo third-party evaluations to demonstrate their compliance with widely accepted privacy policies and practices. In addition, policies and practices should be adapted to the specific types of personal data collected and / or accessed, and to applicable laws and standards, including jurisdiction-specific considerations that may impose higher standards. For example, in the United States, the collection or access to certain health data may be subject to federal and / or state laws, such as the Health Insurance Portability and Accountability Act (HIPAA). Health data in other countries, on the other hand, may be subject to other regulations and policies and should be addressed accordingly.
[0188] Notwithstanding the foregoing, the Disclosure also envisions embodiments that allow a user to selectively prevent the use of or access to personal data. That is, the Disclosure intends that hardware and / or software elements may be provided to prevent or prevent access to such personal data. For example, in the case of a token generation service, the technology may be configured to allow a user to choose to “opt in” or “opt out” of participating in the collection of personal data during or at any time thereafter. In addition to providing “opt-in” and “opt-out” options, the Disclosure may also envision providing notices regarding access to or use of personal data. For example, a user may be notified when downloading an app that will access their personal data, and then again immediately before the app accesses their personal data.
[0189] Exemplary techniques for using a computing device to delegate the authority to generate tokens from the owner to a shared platform, and for the shared platform to provision the tokens. Some or all of these techniques may, but are not required, be implemented at least partially by those shown in Figures 1 to 9 above. Many embodiments are described above with reference to computing devices and user devices, but it should be understood that other types of computing devices may be preferred for performing the techniques disclosed herein. Furthermore, various non-limiting embodiments have been described in the foregoing description. For illustrative purposes and to enhance understanding of those embodiments, specific configurations and details are given. However, it will also be apparent to those skilled in the art that these embodiments may be practiced without specific details. Furthermore, well-known features may be omitted or simplified so as not to obscure the embodiments described.
[0190] Various embodiments can be further implemented in a wide variety of operating environments, and in some cases, these embodiments may include one or more user computers, computing devices, or processing devices that can be used to run any of several applications. User devices or client devices may include any number of general-purpose personal computers, such as desktop or laptop computers running standard operating systems, as well as cellular devices, wireless devices, and handheld devices that run mobile software and support multiple network and messaging protocols. Such systems may also include multiple workstations running any of various commercially available operating systems and other known applications for purposes such as development and database management. These devices may also include other electronic devices, such as dummy terminals, thin clients, gaming systems, and other devices that can communicate over a network.
[0191] Most embodiments utilize at least one network well known to those skilled in the art to support communication using one of various commercially available protocols such as TCP / IP, OSI, FTP, UPnP, NFS, CIFS, and AppleTalk. For example, the network can be a local area network, a wide area network, a virtual private network, the Internet, an intranet, an extranet, a public switched telephone network, an infrared network, a wireless network, and any combination thereof.
[0192] In embodiments utilizing a network server, the network server may execute any of a variety of server applications or mid-tier applications, including HTTP servers, FTP servers, CGI servers, data servers, Java servers, and business application servers. The server(s) may also execute programs or scripts, such as by running one or more applications in response to requests from user devices. These may be implemented as one or more scripts or programs written in programming languages such as Java®, C, C#, or C++, or scripting languages such as Perl, Python, or TCL, or combinations thereof. The server(s) may also include, but are not limited to, database servers commercially available from Oracle®, Microsoft®, Sybase®, and IBM®.
[0193] The environment, as described above, can include various data stores and other memory and storage media. These can reside in various locations, such as on storage media local to (and / or residing on) one or more computers across the network, or on storage media remote to any or all of the computers. In a particular set of embodiments, information may reside in a storage area network (SAN) as is well known to those skilled in the art. Similarly, files necessary for computers, servers, or other network devices to perform functions may be stored locally and / or remotely as needed. If the system includes computerized devices, each such device may include hardware elements that can be electrically coupled via a bus, the elements including, for example, at least one central processing unit (CPU), at least one input device (e.g., mouse, keyboard, controller, touchscreen, or keypad), and at least one output device (e.g., display device, printer, or speaker). Such a system may also include one or more storage devices such as disk drives, optical memory, and semiconductor memory (such as RAM or ROM), as well as removable media devices, such as memory cards and flash cards.
[0194] Such devices may also include, as described above, computer-readable storage media readers, communication devices (e.g., modems, network cards (wireless or wired), infrared communication devices, etc.), and working memory. Computer-readable storage media readers may be connected to or configured to accept non-temporary computer-readable storage media, which represent remote, local, fixed, and / or removable storage devices, as well as storage media for temporarily and / or more permanently storing, remembering, transmitting, and retrieving computer-readable information. The system and various devices typically also include multiple software applications, modules, services, or other elements located within at least one working memory device, including operating systems and application programs (such as client applications or browsers). It should be understood that many variations from the embodiments described above may exist in alternative embodiments. For example, customized hardware may be used, and / or certain elements may be implemented in hardware, software (including highly portable software such as applets), or both. Furthermore, connections to other computing devices, such as network input / output devices, may be used.
[0195] Non-temporary and computer-readable storage media for storing code or parts of code may include any suitable media known or used in the prior art, and storage media may include, but are not limited to, volatile and non-volatile media, removable and non-removable media, including volatile and non-volatile media, removable and non-removable media, etc., implemented in any way or technique for storing information such as computer-readable instructions, data structures, program modules, or other data, such as RAM, ROM, electrically erasable and rewritable read-only memory (EEPROM), flash memory, or other memory technologies, CD-ROM, DVD, or other optical storage devices, magnetic cassettes, magnetic tapes, magnetic disk storage devices, or other magnetic storage devices, or any other media that can be used to store desired information and are accessible by system devices. A person skilled in the art will understand other methods and / or techniques for implementing various embodiments based at least in part on the disclosures and content provided herein. However, computer-readable storage media do not include temporary media such as carrier waves.
[0196] Therefore, the specification and drawings should be considered in an illustrative, not restrictive, sense. However, it should be clear that various modifications and changes may be made to them without departing from the broader intent and scope of this disclosure as expressed in the claims.
[0197] Other variations are included within the scope of the spirit of this disclosure. Thus, the disclosed technology is susceptible to various modifications and alternative structures, although specific embodiments of the disclosed technology are shown in the drawings and described in detail above. However, it should be understood that this disclosure is not intended to limit itself to one or more specific forms disclosed, but rather to encompass all modifications, alternative structures, and equivalents that fall within the spirit and scope of this disclosure as defined in the appended claims.
[0198] In connection with describing the disclosed embodiments (in particular in connection with the following claims), the use of the terms “a,” “an,” and “the” and similar references should be interpreted as encompassing both singular and plural forms unless otherwise specifically indicated herein or explicitly refuted by the context. The terms “comprising,” “having,” “including,” and “containing” should be interpreted as unrestricted terms (i.e., “including, but not limited to”) unless otherwise specified. The term “connected” should be interpreted as partially or completely included, attached, or joined together, even if something is intervening. The phrase “at least partially based on” should be understood as open-ended and not restrictive in any way, and is intended to be interpreted as “at least partially based on” or otherwise read where appropriate. The descriptions of value ranges herein are intended, unless otherwise specifically indicated herein, merely as a way to shorten the reference to the individual values contained within that range, and each individual value is incorporated herein as if it were individually described herein. All methods described herein may be performed in any suitable order unless otherwise specifically indicated herein or explicitly rejected by the context. The use of any and all examples provided herein, or the use of exemplary language (e.g., "etc.") is merely intended to better illustrate embodiments of the disclosure and does not impose any limitation on the scope of the disclosure unless specifically requested. No language herein should be construed as indicating any element not claimed to be essential to the practice of the disclosure.
[0199] Disjunctive language, such as the phrase "at least one of X, Y, or Z," is generally understood in contexts where it is used to indicate that an item, term, etc., may be any one of X, Y, or Z, or any combination thereof (e.g., X, Y, and / or Z), unless otherwise specifically stated. Therefore, such disjunctive language is not intended, and should not, to mean that a particular embodiment requires the presence of at least one of X, at least one of Y, or at least one of Z, respectively. Furthermore, conjunctions, such as the phrase "at least one of X, Y, and Z," should also be understood to mean X, Y, Z, or any combination thereof, including "X, Y, and / or Z," unless otherwise specifically stated.
[0200] Preferred embodiments of the Disclosure, including the best method known to the inventors for carrying out the Disclosure, are described herein. Variations of these preferred embodiments may become apparent to those skilled in the art when reading the foregoing description. The inventors anticipate that those skilled in the art will use such variations as needed, and the inventors intend that the Disclosure will be practiced in ways other than those specifically described herein. Accordingly, the Disclosure includes all modifications and equivalents of the subject matter described in the claims appended herein, as permitted by applicable law. Furthermore, any combination of the aforementioned elements in all possible variations of the Disclosure is encompassed by the Disclosure unless specifically indicated herein or explicitly rejected by the context.
[0201] All references cited herein, including published documents, patent applications, and patents, are incorporated herein by reference to the same extent as they would be individually and specifically indicated, and to the same extent as they would be expressed collectively herein, where each reference is incorporated by reference.
Claims
1. It is a method, The computing system receives from a user device the identifier of one accessory device among a plurality of accessory devices, and a request to connect to the accessory device, wherein the request is received by the computing system via a first network, and connectivity between the user device and the plurality of accessory devices via the first network is restricted by the security mechanism of a second network. The computing system sends a message to the second network management system for configuring the security mechanism to allow connectivity between the user device and the accessory device, based at least partially on the request and the identity of the accessory device. The computing system receives a message from the management system indicating that the management system has modified the configuration of the security mechanism to allow connectivity between the user device and the accessory device. A method comprising transmitting connection information to the user device and the accessory device via the computing system for establishing a connection between the user device and the identified accessory device.
2. The method according to claim 1, further comprising verifying the user device in response to receiving the request, and transmitting the message to the management system, at least in part, based on the verification.
3. The method according to claim 1 or 2, wherein the requirement includes secret key information for establishing a secure connection between the user device and the computing system.
4. The method according to claim 3, wherein the secret key information includes a transport layer security (TLS) key and a transport layer security (TLS) key identity.
5. The method according to any one of claims 1 to 4, wherein the computing system is connected to the user device via a first network separate from the second network.
6. The method according to any one of claims 1 to 5, wherein the security mechanism includes a firewall configured to restrict connectivity between the user device and the identified accessory device via the first network.
7. The method according to any one of claims 1 to 6, wherein the identified accessory device is a first accessory device located in a defined space, a second accessory device among the plurality of accessory devices located in the defined space, and the management system further modifies the configuration of the security mechanism to allow connectivity between the user device and the second accessory device.
8. The method according to claim 7, wherein the defined space is a room or a set of rooms within a building.
9. The method according to claim 7, wherein the access point is located within the defined space, and the user device communicates with the computing system via the access point.
10. A computing system, One or more processors, The system comprises one or more non-temporary computer-readable media for storing computer-executable instructions, wherein when the computer-executable instructions are executed by one or more processors of a user device, the one or more processors... The system receives, from the user device, the identifier of one accessory device among a plurality of accessory devices, and a request to connect to the accessory device, the request being received by the computing system via a first network, and the connectivity between the user device and the plurality of accessory devices via the first network is restricted by the security mechanism of the second network. Based at least partially on the request and the identity of the accessory device, the second network management system is instructed to send a message to configure the security mechanism to allow connectivity between the user device and the accessory device. The management system receives a message indicating that it has modified the configuration of the security mechanism to allow connectivity between the user device and the accessory device. A computing system that causes the user device and the accessory device to transmit connection information for establishing connectivity between the user device and the identified accessory device.
11. The computing system according to claim 10, wherein when the instruction is executed by one or more processors, the one or more processors further cause the user device to verify in response to receiving the request, and transmitting the message to the management system is at least partially based on the verification.
12. The computing system according to claim 10 or 11, wherein the requirement includes secret key information for establishing a secure connection between the user device and the computing system.
13. The computing system according to claim 12, wherein the secret key information includes a transport layer security (TLS) key and a transport layer security (TLS) key identity.
14. The computing system according to any one of claims 10 to 13, wherein the computing system is connected to the user device via a first network separate from the second network.
15. The computing system according to any one of claims 10 to 13, wherein the security mechanism includes a firewall configured to restrict connectivity between the user device and the identified accessory device via the first network.
16. The computing system according to any one of claims 10 to 13, wherein the identified accessory device is a first accessory device located in a defined space, a second accessory device among the plurality of accessory devices located in the defined space, and the management system further modifies the configuration of the security mechanism to allow connectivity between the user device and the second accessory device.
17. The computing system according to claim 16, wherein the defined space is a room or set of rooms within a building.
18. The computing system according to claim 16, wherein an access point is located within the defined space, and the user device communicates with the computing system via the access point.
19. One or more non-temporary computer-readable media for storing computer executable instructions, wherein the computer executable instructions, when executed by one or more processors of a user device, are transmitted to a computing system. The system receives, from the user device, the identifier of one accessory device among a plurality of accessory devices, and a request to connect to the accessory device, the request being received by the computing system via a first network, and the connectivity between the user device and the plurality of accessory devices via the first network is restricted by the security mechanism of the second network. Based at least partially on the request and the identity of the accessory device, the second network management system is instructed to send a message to configure the security mechanism to allow connectivity between the user device and the accessory device. The management system receives a message indicating that it has modified the configuration of the security mechanism to allow connectivity between the user device and the accessory device. One or more non-temporary computer-readable media that causes the user device and the accessory device to transmit connection information for establishing connectivity between the user device and the identified accessory device.
20. The instruction, when executed by the one or more processors, causes the computing system to further verify the user device in response to receiving the request, and the transmission of the message to the management system is at least partially based on the verification, one or more non-temporary computer-readable media according to claim 19.