CN-122002252-A - Bluetooth equipment identification system and process thereof

Abstract

A computing system and process for identifying the type of computing device communicating via a wireless Bluetooth protocol. The computing system is directed to custom or non-custom computing systems configured to send queries over all protocols described in the Bluetooth specification as well as vendor-specific protocols. The computing system analyzes the raw data, behavioral data, and real data about known devices to establish a device identification of any computing device communicating via bluetooth. In the absence of real data, the device identity is inferred by integrating all acquired data, with associated confidence.

Inventors

• Xino Kovach

Assignees

• 暗影导师有限责任公司

Dates

Publication Date

20260508

Application Date

20251023

Priority Date

20241106

Claims (20)

1. 1. A bluetooth Device Identification System (DIS) comprising: A memory storing a program for running the steps of the flow; A database storing data received from a device to be identified (DTI); One or more bluetooth chip processors configured with a transceiver capable of discovering Bluetooth Low Energy (BLE) and basic rate/enhanced data rate (BR/EDR) types of devices to be identified in a vicinity; an acquisition channel connected to each of the one or more bluetooth chip processors to acquire data received from the discovered device to be identified; A main processor configured to perform the steps of the flow comprising: a known packet type is selected for the target protocol/profile received from the discovered device to be identified, Transmitting each individual packet type to the outside to collect information from the discovered device to be identified, and Receiving a response of each transmitted data packet type from the device to be identified, including a protocol/profile layer, and storing the received response in the database; Determining whether the received protocol/profile layer has an action that can be used to determine a Device Identification (DID); selecting a known device distinguishing behavior for each of the received protocol/profile layers; performing a behavior evaluation on the device to be identified, and The collected data is formatted for storage in the database.
2. 2. A bluetooth Device Identification System (DIS) comprising: a memory storing a program, the program comprising a set of instructions, each of the instructions corresponding to one or more process steps; A database stored in the memory for storing and/or tracking response data values from bluetooth devices to be identified (DTI), the response data values being generated by sending query data packets to one or more devices to be identified, and storing actual response data packet values if a response data packet is received; one or more bluetooth chip processors configured with a transceiver capable of discovering Bluetooth Low Energy (BLE) and basic rate/enhanced data rate (BR/EDR) types of bluetooth devices to be identified within an area; An acquisition channel connected to each of the one or more bluetooth chip processors for acquiring data received from the discovered device to be identified; at least one processor configured to execute the program to perform the process steps comprising: One or more known query packet types are selected for one or more target protocols and/or profiles received from the discovered devices to be identified, Transmitting each selected query packet type to at least one of the discovered devices to be identified to generate a response packet from the discovered device to be identified; Receiving one or more response data packets from the device to be identified in response to each of the query packet types, including protocol and/or profile information, and storing the corresponding response data values in the database, and The collected data is formatted for storage in the database.
3. 3. The bluetooth Device Identification System (DIS) according to claim 2, wherein the database further stores corresponding non-responsive data packet values if no responsive data packet is received in response to any given inquiry data packet.
4. 4. The bluetooth Device Identification System (DIS) according to claim 2, wherein the flow steps further comprise: determining whether any of the received protocol/profile layers has an action that can be used to determine a Device Identification (DID); selecting a known device distinguishing behavior for each protocol/profile in the received protocol/profile layer having such behaviors, and Performing behavior evaluation on the device to be identified to collect additional response data values.
5. 5. The bluetooth Device Identification System (DIS) according to claim 2, wherein if no response packet is received in response to any given inquiry packet, the database is further operable to store a corresponding non-response packet value, and wherein the flow steps further comprise: determining whether the received protocol/profile layer has an action that can be used to determine a Device Identification (DID); Selecting a known device distinguishing behavior for each of the received protocol/profile layers, and Performing behavior evaluation on the device to be identified to collect additional response data values.
6. 6. The bluetooth Device Identification System (DIS) according to claim 5, wherein the flow steps further comprise: determining whether a response packet in response to any given query packet was not received due to a packet loss in transmission, a response error by the given device to be identified, or due to the given device to be identified not having a corresponding response value for the given query packet; Determining known device distinguishing behavior of each of the received protocol/profile layers using the determination of the previous step as a factor, and The known device distinguishing behavior determined in the previous step is used as part of the device behavior evaluation to be identified to collect additional response data values.
7. 7. The bluetooth Device Identification System (DIS) according to claim 2, wherein at least one of the inquiry packet types has a plurality of possible valid configurations, and wherein the flow steps further comprise: transmitting at least one of the query data packets in at least two valid configurations to obtain a first response data packet having a first response data value and a second response data packet having a second response data value; Comparing the first response data value and the second response data value, generating a discrimination value, and using the discrimination value as a factor to determine known device discrimination behavior for each of the received protocol/profile layers, and The known device distinguishing behavior determined in the previous step is used as part of the device behavior evaluation to be identified to collect additional response data values.
8. 8. The bluetooth Device Identification System (DIS) according to claim 2, wherein the bluetooth chip processor is further capable of passively detecting one or more individual data packets transmitted by bluetooth devices to be identified within the area, each individual data packet having an individual data value, and storing the individual data packet values in the database.
9. 9. The bluetooth Device Identification System (DIS) according to claim 4, wherein the bluetooth chip processor is further capable of passively detecting one or more individual data packets transmitted by bluetooth devices to be identified within the area, each individual data packet having an individual data value, the bluetooth chip processor being capable of storing the individual data packet values in the database and the individual data packet values being capable of acting as a second factor in determining the known device distinguishing behavior of a given device to be identified.
10. 10. A bluetooth Device Identification System (DIS) according to claim 2, wherein the bluetooth DIS is operable to transmit one or more invalid inquiry packets, which are deliberately configured to be non-compliant with one or more valid bluetooth protocols and/or bluetooth standards, and wherein a response packet sent by a given device to be identified in response to an invalid inquiry packet generates an invalid inquiry response data value, which may be stored in the database.
11. 11. The bluetooth Device Identification System (DIS) according to claim 4, wherein the bluetooth device identification system is operable to transmit one or more invalid inquiry packets, the invalid inquiry packets being deliberately configured to be non-compliant with one or more valid bluetooth protocols and/or bluetooth standards, and wherein a response packet transmitted by a given device to be identified in response to an invalid inquiry packet generates an invalid inquiry response data value which is operable as a second factor in determining a known device distinguishing behaviour of the given device to be identified.
12. 12. The bluetooth Device Identification System (DIS) according to claim 2, wherein at least one of the query packet types is a state machine query packet, the state machine query data may affect a complete state machine configuration of a given device to be identified, the complete state machine configuration of the given device to be identified in response to receiving the given state machine query packet may be determined by the device identification system and a complete state machine response value may be generated, and the complete state machine response value may be stored in the database.
13. 13. The bluetooth Device Identification System (DIS) according to claim 4, wherein at least one of the query packet types is a state machine query packet that may affect a complete state machine configuration of a given device to be identified, the complete state machine configuration of the given device to be identified in response to receiving the given state machine query packet may be determined by the device identification system and a complete state machine response value may be generated, and the complete state machine response value may be used as a second factor in determining a device distinguishing behavior known to the given device to be identified.
14. 14. The bluetooth Device Identification System (DIS) according to claim 12, wherein the device identification system stores or dynamically generates a Minimum Distinguishing Packet Sequence (MDPS) that can be used to determine a series of inquiry packets, distinguishing between two or more devices to be identified having a complete state machine configuration within any similarity range.
15. 15. The bluetooth Device Identification System (DIS) according to claim 13, wherein the device identification system stores or dynamically generates a Minimum Distinguishing Packet Sequence (MDPS) that can be used to determine a series of inquiry packets, distinguishing between two or more devices to be identified having a complete state machine configuration within any similarity range.
16. 16. The bluetooth Device Identification System (DIS) according to claim 2, wherein the flow steps further comprise: it is determined whether any given device to be identified has transmitted and/or will transmit a response data packet comprising at least one device-specific actual value, and if so, the device-specific actual value is masked off when storing the corresponding response data value in the database.
17. 17. The bluetooth Device Identification System (DIS) according to claim 4, wherein the flow steps further comprise: Determining whether any given device to be identified has transmitted and/or will transmit a response data packet comprising at least one device-specific actual value, and if so, masking said device-specific actual value when storing said corresponding response data value in said database, and One or more attributes of at least one of the response data values, including the masked device-specific actual value, including, but not limited to, whether any of the response data values contain these masked data values, are used as a second factor in determining the known device distinguishing behavior of the given device to be identified.
18. 18. Bluetooth Device Identification System (DIS) according to claim 2, wherein the processor, the memory and at least one bluetooth chip processor and/or a field programmable gate array capable of receiving and interpreting bluetooth signals are part of a single integrated circuit.
19. 19. A bluetooth Device Identification System (DIS) according to claim 4, wherein the processor, the memory and at least one bluetooth chip processor and/or a field programmable gate array capable of receiving and interpreting bluetooth signals are part of a single integrated circuit.
20. 20. The bluetooth Device Identification System (DIS) according to claim 12, wherein at least two of the complete state machine configurations that may be present on a given device to be identified are identical on edge but have different internal sub-state configurations, such that the given device to be identified may be more accurately identified by determining the actual sub-state configuration of the device to be identified in response to the given state machine querying data.

Description

Bluetooth equipment identification system and process thereof Statement regarding federally sponsored research or development Is not applicable. Copyright statement A portion of this disclosure contains material that is subject to copyright protection. The copyright holder has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the patent office file or records, but reserves all copyright rights whatsoever. Technical Field The present invention relates to a bluetooth device identification computing system and a process thereof, and more particularly, to a computing system and a process thereof for bluetooth device identification by using multiple bluetooth protocols and other bluetooth related data. Background The bluetooth wireless protocol for information transfer was defined 1999. Subsequent updates introduced Bluetooth enhanced data rates (Bluetooth ENHANCED DATA RATE, EDR) in 2004 and traced the name of the previous Bluetooth wireless protocol back to Basic Rate (BR). These protocols are collectively referred to as bluetooth BR/EDR. Bluetooth low energy (Bluetooth Low Energy protocol, BLE) was defined in 2009 and many new technologies and protocols incompatible with BR/EDR were added. These techniques and protocols are collectively referred to herein as BLE. Bluetooth describes "configuration files" as a document of "functions and features required for various layers in Bluetooth System" (Bluetooth core Specification 6.0 (2024) https:// www.bluetooth.com/specifications/core-specification-6-0 /). It is noted in the document that the configuration file defines the vertical interactions between the layers and the point-to-point interactions between the devices for a particular layer. Thus, the bluetooth profile may be considered an additional specification to the bluetooth core specification. They contain additional data and behavior that the device chooses to conform to for interoperability. The configuration file may be public and standardized or private and vendor specific. Research efforts previously used for bluetooth device identification fall into four categories. Class 1 bluetooth device identification systems refer to those systems that attempt to identify a single device over a period of time, regardless of the type of device. One of the common application scenarios of such systems is to perform access control, grant access to a single grant device, and prevent other devices from masquerading as grant devices to access. U.S. patent No. 2022/312507A1 to Wang et al and U.S. patent No. 2021/058393A1 to Alpert et al are examples of such systems. Another common application scenario is that although the design of Bluetooth device address (Bluetooth DEVICE ADDRESS, BDADDR) is initially to track a single device over time, this makes tracking more difficult. U.S. patent No. 2020/236004A1 to Tavares et al is one example of such a technique. Unlike the systems disclosed herein, these systems are not concerned with distinguishing and identifying specific devices, such as Apple iPhone from Samsung TV. Class 2 bluetooth device identification systems refer to those systems that attempt to create a fingerprint for a particular device based on device-specific wireless characteristics. This class generally overlaps with class 1 (e.g., wang et al, U.S. Pat. No. 4,202/312507 A1 and Alpert et al, U.S. Pat. No. 4,2021/058393 A1 employ these techniques). While the disclosed system may also use such a fingerprint recognition system as another complementary source of multi-source information as described herein, such information is not a preferential source of data. This is because the primary role of such information is to identify individual devices (i.e., device #1 and device # 2) over time, but not significantly contribute to determining the type of device. In other words, it is not a powerful signal distinguishing that device #1 is an iPhone and device #2 is a TV. The fingerprint identification of the physical layer features can reflect the features of the radio hardware of the bluetooth chip, so that the fingerprint identification method is mainly suitable for distinguishing that the device #1 uses the bluetooth chip manufacturer #1 and the device #2 uses the bluetooth chip manufacturer #2. However, this is only one aspect of overall device identification implemented by the system of the present invention. Class 3 bluetooth device identification systems refer to those systems that use a single data source to create a Device ID (DID) "fingerprint" for the device to be identified (DTI). Examples include "Automatic Fingerprinting of Vulnerable BLE IoT Devices with Static UUIDs from Mobile Apps"（2019）（https://web.archive.org/web/20191124060800/https://web.cse.ohio-state.edu/~lin.3021/file/CCS19a.pdf） by Zuo et al and "Fingerprinting Bluetooth-Low-Energy Devices Based on the Generic Attribute Profile"（2021）（https://inria.hal.science/hal-02359914/file/pa