EP-4742711-A1 - SYSTEM FOR BLUETOOTH DEVICE INDENTIFICATION

Abstract

A computing system and process for performing identification of the type of computing devices communicating via wireless Bluetooth protocols. The computing system involves customized or non-customized computing systems that are configured to send queries via all protocols described in Bluetooth specifications, as well as vendor-specific protocols. The computing system analyzes raw data, in combination with behavioral data, in combination with ground-truth data about known devices, in order to establish a device identification about any computing device communicating via Bluetooth. In the absence of ground-truth data, device identification is inferred with an associated confidence level based on synthesis across all collected data.

Inventors

• KOVAH, Xeno

Assignees

• Dark Mentor LLC

Dates

Publication Date

20260513

Application Date

20251024

Claims (15)

1. A Bluetooth device identification system (DIS), comprising: a main memory (101a) to store programs configured to execute process steps; a database (D120) to store data received from Bluetooth devices to be identified (DTI) (099b-099d); one or more Bluetooth chip processors, including a Bluetooth BR/EDR processor (106) and/or a Bluetooth BLE processor (108), each configured with a transceiver to discover nearby Bluetooth communication devices to be identified (099b-099d); a collection channel connected to each of the one or more Bluetooth chip processors to collect data received from the discovered devices; a main processor (102a) configured to execute the process steps, comprising selecting known packet types for protocols and/or profiles of interest received from the discovered DTIs, transmitting each packet type externally to gather information, receiving responses including protocol and/or profile layers from the DTIs, storing the received responses in the database (D120), determining whether the received protocol/profile layers have behaviours usable to determine a device identification (DID) (D118), selecting known device-differentiating behaviours for each of the received protocol/profile layers, performing a behavioural assessment of the DTI (099b-099d), and/or formatting collected data for storage in the database (D120).
2. A Bluetooth device identification system (DIS), comprising: a main memory (101a) storing a program comprising a set of instructions corresponding to process steps; a database (D120) stored in the memory to store and/or track response data values from Bluetooth devices to be identified (099b-099d), the response data values generated by sending an inquiry packet to one or more DTIs and/or, if a response packet is received, storing an actual response packet value; one or more Bluetooth chip processors configured with a transceiver that discovers Bluetooth DTIs of type BLE (108) and/or BR/EDR (106) in an area; a collection channel connected to each of the one or more Bluetooth chip processors to collect data received from the discovered DTIs; and/or at least one main processor (102a) configured to execute the program, the process steps comprising selecting one or more known inquiry packet types for one or more protocols and/or profiles of interest received from the discovered DTIs, transmitting each selected individual inquiry packet type to at least one discovered DTI, receiving one or more response packets including protocol and/or profile information from the DTI, storing corresponding response data values in the database (D120), and formatting collected data for storage.
3. The system of claim 1 or 2, wherein the database (D120) also stores a corresponding no-response packet value if no response packet is received for an inquiry packet.
4. The system of any preceding claim, characterised in that the process steps further comprise determining whether any received protocol/profile layers have behaviours usable to determine a DID (D118), selecting known device-differentiating behaviours for each such layer, and performing a behavioural assessment of the DTI (099b-099d).
5. The system of any preceding claim, wherein the processor (102a) determines whether no response packet was received due to packet loss, error, or lack of corresponding response value, and uses this determination as a factor in selecting device-differentiating behaviours.
6. The system of any preceding claim, wherein at least one inquiry packet type has more than one valid configuration, and the system transmits at least two configurations to obtain response packets having different data values, compares the values to produce a differentiation value, and uses the differentiation value as a factor in determining device-differentiating behaviours.
7. The system of any preceding claim, wherein the Bluetooth chip processors (106, 108) can passively detect independent packets transmitted by DTIs (099b-099d) in the area, each packet having an independent data value, which is stored in the database (D120) and used as a second factor in determining device-differentiating behaviours.
8. The system of any preceding claim, wherein the DIS can transmit one or more bad inquiry packets purposefully nonconforming with valid Bluetooth protocols and/or standards, and the response packets received from DTIs (099b-099d) to such bad inquiry packets produce bad inquiry response data values stored in the database (D120) and used as a second factor in determining device-differentiating behaviours.
9. The system of any preceding claim, wherein at least one inquiry packet type is a state machine inquiry packet affecting a full state machine configuration of a DTI (099b-099d), such that the configuration in response to the packet produces a full state machine response value stored in the database (D120) and used in behavioural assessment.
10. The system of any preceding claim, wherein the DIS stores and/or dynamically generates a minimal-differentiator packet sequence (MDPS) usable to determine a sequence of inquiry packets to differentiate two or more DTIs (099b-099d) having similar full state machine configurations.
11. The system of any preceding claim, wherein the process steps further comprise determining whether any DTI (099b-099d) transmits response packets including device-specific actual values and, if so, masking out such device-specific values when stored in the database (D120), and using masked-out data properties as a factor in determining device-differentiating behaviours.
12. The system of any preceding claim, wherein the processor (102a), the main memory (101a), at least one Bluetooth chip processor (106, 108) and/or field programmable gate array (110) are part of a single integrated circuit.
13. The system of any preceding claim, wherein at least two full state machine configurations possible on a DTI (099b-099d) are identical at the edges but have different internal substate configurations, and the DTI is more accurately identified by determining its actual substate configuration in response to a given state machine inquiry packet.
14. The system of any preceding claim, wherein amplifiers (112c, 113a-113b) and high-gain antennas (114a-114c) are configured to enhance Bluetooth signal reception for improved data collection accuracy.
15. The system of any preceding claim, further comprising one or more field programmable gate arrays (110) optionally configured to perform specific packet analysis or behavioural pattern computation functions as part of the DIS.

Description

STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT COPYRIGHT NOTICE A portion of this disclosure contains material which is subject to copyright protection. The copyright owner has no objection to the photocopy reproduction by anyone of the patent document or the patent disclosure in exactly the form it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever. 37 C.F.R 1.71(d). BACKGROUND OF THE INVENTIVE CONCEPT 1. Field of the Invention The present inventive concept relates to a computing system configured for Bluetooth device identification and a process therefor, and more particularly, to a computing system configured for Bluetooth device identification that utilizes multiple Bluetooth protocols and other Bluetooth related data, and a process therefor. 2. Description of the Related Art The Bluetooth wireless protocol for information transfer was defined in 1999. Subsequent updates introduced Bluetooth Enhanced Data Rate (EDR) and were defined in 2004, and the prior Bluetooth wireless protocol was retroactively named Basic Rate (BR). These protocols are collectively referred to as Bluetooth BR/EDR. The Bluetooth Low Energy protocol was defined in 2009 and added many new technologies and protocols which were not compatible with BR/EDR. These technologies and protocols are collectively referred to herein as BLE. Bluetooth defines the notion of a "Profile" as a document describing the "required functions and features of each layer in the Bluetooth system" ("Bluetooth Core Specification 6.0", (2024) https://wwwbluetooth.com/specifications/specs/core-specification-6-0/). It also says that "[a] profile defines the vertical interactions between the layers as well as the peer-to-peer interactions of specific layers between devices." Therefore, Bluetooth Profiles can be thought of as supplemental specifications that go beyond the Bluetooth Core Specification. They contain additional data and behaviors that can optionally be conformed to by devices to achieve interoperability. Profiles can be public and standardized, or private and vendor-specific. Prior work to identify Bluetooth devices falls into 4 categories. Category 1 Bluetooth device identification systems are those which attempt to identify a single device over time, irrespective of what type of device it is. A common use case for such systems is performing access control, and granting access to a single authorized device, while preventing access to other devices which may attempt to impersonate an authorized device. US 2022/312507 A1 Wang et al. and US 2021/058393A1 Alpert et al. are examples of such systems. Another common use case is tracking a single device over time, despite the fact that the primary Bluetooth Device Address (BDADDR) is designed to change over time, to intentionally make tracking more difficult. US 2020/236004 A1 Tavares et al. is an example of this. Unlike the present system as disclosed herein, these systems are not concerned with differentiating and identifying, e.g., as an Apple® iPhone vs. a Samsung® TV. Category 2 Bluetooth device identification systems are those that seek to create a fingerprint for a specific device based on device-specific wireless characteristics. This category often overlaps with Category 1 (e.g. both US 2022/312507 A1 Wang et al. and US 2021/058393 A1 Alpert et al. use these techniques.) While the present system as disclosed herein can include such fingerprint systems as another source of the multi-source information as described herein, this information is not a prioritized data source. That is because such information primarily serves to identify individual devices (i.e. Device #1 vs. Device #2) over time, but it does not contribute as significantly to what type of device it is. I.e. it is not a strong signal to differentiate that Device #1 is an iPhone and Device #2 is a TV. Physical-layer characteristic fingerprinting is more indicative of the Bluetooth chip radio hardware, and consequently it is primarily suitable for differentiating that Device #1 uses Bluetooth Chip Vendor #1 and Device #2 uses Bluetooth Chip Vendor #2. But that is only one aspect of the overall device identification that the present inventive system as described herein achieves. Category 3 Bluetooth device identification systems are those that use a single source of data to create a Device ID (DID) "fingerprint" for a Device To Identify (DTI). Examples include "Automatic Fingerprinting of Vulnerable BLE IoT Devices with Static UUIDs from Mobile Apps" (2019) by Zuo et al. (https://web.archive.org/web/20191124060800/https://web.cse.ohio-state.edu/~lin.3021/file/CCS19a.pdf) and "Fingerprinting Bluetooth-Low-Energy Devices Based on the Generic Attribute Profile" (2021) by Celosia and Cunche (https://inria.hal.science/hal-02359914/file/paper.pdf). Both papers use a single source of data Generic Attribute Profile (GATT). GATT information comprises a hierarchy o