US-12621171-B2 - Secure communications and authenticity validation of a third-party device

Abstract

A motion tracker receives a data connection request from, or transmits the data connection request to, a computing device. The motion tracker generates a challenge according to a challenge-response authentication protocol. The challenge is at least partially associated with the data connection request or the computing device. The challenge is transmitted from the motion tracker to the computing device. The motion tracker receives a response to the challenge from the computing device. The response to the challenge is provided to the computing device by an authentication device communicatively coupled to the computing device. The motion tracker receives one or more instructions for execution by the motion tracker from the computing device. The motion tracker processes the response based on the challenge-response authentication protocol to determine that the response is authentic. The motion tracker executes the one or more instructions upon determining that the response is authentic.

Inventors

• Pedro Miguel Simões Bastos MARTINS
• José Carlos Coelho ALVES
• Pedro Miguel Moreira de SOUSA
• Pedro Fillipe Xavier Rodrigues
• Pedro Miguel Silvestre Machado
• Márcio Filipe Moutinho COLUNAS
• Virgílio António Ferro BENTO

Assignees

• SWORD HEALTH, S.A.

Dates

Publication Date

20260505

Application Date

20231122

Priority Date

20221125

Claims (20)

1. 1 . A method of authenticating communications, the method comprising: accessing, at a motion tracker, a data connection request, the data connection request being received from or transmitted to a computing device; generating, by the motion tracker, a challenge according to a challenge-response authentication protocol, wherein the challenge is at least partially associated with: (i) the data connection request or (ii) the computing device; transmitting the challenge from the motion tracker to the computing device; transmitting one or more first data packets comprising data for authentication of the computing device to an authentication device; receiving, at the computing device, one or more second data packets comprising data indicative of authentication or non-authentication of the computing device from the authentication device; transmitting, from the computing device to the authentication device, the challenge generated by the motion tracker and identification data from the motion tracker, wherein the computing device transmits the challenge generated by the motion tracker to the authentication device when the data of the one or more second data packets is indicative of authentication; receiving, by the computing device from the authentication device, a response to the challenge provided by the authentication device in response to a matching, by the authentication device, of the challenge and the identification data to a corresponding challenge and a corresponding identification that relates the challenge to the motion tracker; receiving, at the motion tracker, the response to the challenge from the computing device, the response to the challenge provided to the computing device by the authentication device communicatively coupled to the computing device; receiving one or more instructions for execution by the motion tracker from the computing device; processing, by the motion tracker, the response based on the challenge-response authentication protocol to determine that the response is authentic; and executing the one or more instructions upon determining that the response is authentic.
2. 2 . The method of claim 1 , wherein the authentication device is not communicatively coupled to the motion tracker.
3. 3 . The method of claim 1 , further comprising, after determining that the response is authentic, establishing a trusted data connection between the motion tracker and the computing device.
4. 4 . The method of claim 3 , further comprising, upon establishing the trusted data connection, transmitting one or more data packets indicative of establishment of the trusted data connection from the motion tracker to the computing device.
5. 5 . The method of claim 1 , wherein the identification data from the motion tracker comprises versioning data indicative of the challenge-response authentication protocol associated with generation of the challenge.
6. 6 . The method of claim 1 , wherein the challenge is transmitted using a wireless connection.
7. 7 . The method of claim 1 , the method further comprising: configuring the motion tracker such that, after determining that a given response is not authentic, the motion tracker starts a timer associated with a computing device associated with the given response, and does not generate any challenge associated with the computing device associated with the given response, and does not process any response received from the computing device associated with the given response for determination of whether the response is authentic, until the timer reaches a specified duration.
8. 8 . The method of claim 7 , wherein the specified duration of the timer is increased based at least in part on determination that successive responses by the computing device associated with the given response are not authentic.
9. 9 . The method of claim 1 , wherein the motion tracker comprises a set of data associated with the challenge-response authentication protocol.
10. 10 . The method of claim 9 , wherein the challenge comprises a first payload and a second payload, the first payload comprises the set of data associated with the challenge-response authentication protocol, and the second payload comprises pseudo-random data.
11. 11 . The method of claim 1 , wherein the challenge-response authentication protocol comprises at least one of asymmetric cryptography or zero-knowledge proof cryptography.
12. 12 . The method of claim 1 , further comprising: receiving, at the computing device, the identification data from the motion tracker; and identifying a correspondence between the identification data and data identifying a plurality of known devices.
13. 13 . The method of claim 12 , wherein the computing device determines that the motion tracker is legitimate based on: (I) receiving the response from the authentication device; and (II) the identification data which corresponds to a known device of the plurality of known devices.
14. 14 . The method of claim 13 , wherein the identification data comprises a digital fingerprint of: software of the motion tracker or hardware of the motion tracker.
15. 15 . A motion tracker comprising: at least one inertial measurement unit; at least one wireless communications module or at least one port for wired data connection; at least one processor; and at least one memory, wherein the at least one memory is configured, together with the at least one processor, to cause the motion tracker to perform operations comprising: accessing a data connection request, the data connection request being received from or transmitted to a computing device; generating a challenge according to a challenge-response authentication protocol, wherein the challenge is at least partially associated with: (i) the data connection request or (ii) the computing device; transmitting the challenge from the motion tracker to the computing device; causing the computing device to transmit one or more first data packets comprising data for authentication of the computing device to an authentication device; causing the computing device to receive one or more second data packets comprising data indicative of authentication or non-authentication of the computing device from the authentication device; causing the computing device to transmit, to the authentication device, the challenge generated by the motion tracker and identification data from the motion tracker, wherein the computing device transmits the challenge generated by the motion tracker to the authentication device when the data of the one or more second data packets is indicative of authentication; causing the computing device to receive, from the authentication device, a response to the challenge provided by the authentication device in response toa matching, by the authentication device, of the challenge and the identification data to a corresponding challenge and a corresponding identification that relates the challenge to the motion tracker; receiving the response to the challenge from the computing device, the response to the challenge provided to the computing device by the authentication device communicatively coupled to the computing device; receiving one or more instructions for execution by the motion tracker from the computing device; processing the response based on the challenge-response authentication protocol to determine that the response is authentic; and executing the one or more instructions upon determining that the response is authentic.
16. 16 . The motion tracker of claim 15 , the operations further comprising, after determining that the response is authentic, establishing a trusted data connection between the motion tracker and the computing device.
17. 17 . A motion tracking system comprising a motion tracker and a computing device, the motion tracker comprising a processor and a memory and being configured to perform operations comprising: accessing a data connection request, the data connection request being received from or transmitted to the computing device; generating a challenge according to a challenge-response authentication protocol, wherein the challenge is at least partially associated with: (i) the data connection request or (ii) the computing device; transmitting the challenge from the motion tracker to the computing device; transmitting one or more first data packets comprising data for authentication of the computing device to an authentication device; receiving, at the computing device, one or more second data packets comprising data indicative of authentication or non-authentication of the computing device from the authentication device; causing the computing device to transmit, to the authentication device, the challenge generated by the motion tracker and identification data from the motion tracker, wherein the computing device transmits the challenge generated by the motion tracker to the authentication device when the data of the one or more second data packets is indicative of authentication; causing the computing device to receive, from the authentication device, a response to the challenge provided by the authentication device in response to a matching, by the authentication device, of the challenge and the identification data to a corresponding challenge and a corresponding identification that relates the challenge to the motion tracker; receiving the response to the challenge from the computing device, the response to the challenge provided to the computing device by the authentication device communicatively coupled to the computing device; receiving one or more instructions for execution by the motion tracker from the computing device; processing the response based on the challenge-response authentication protocol to determine that the response is authentic; and executing the one or more instructions upon determining that the response is authentic.
18. 18 . The motion tracking system of claim 17 , further comprising the authentication device.
19. 19 . The motion tracking system of claim 17 , wherein the authentication device is not communicatively coupled to the motion tracker.
20. 20 . The motion tracking system of claim 17 , the operations further comprising, after determining that the response is authentic, establishing a trusted data connection between the motion tracker and the computing device.

Description

CLAIM OF PRIORITY This application claims the benefit of priority to European Patent Application No. 22398026.9, filed on Nov. 25, 2022, which is incorporated herein by reference in its entirety. TECHNICAL FIELD The present disclosure relates to the field of secure communications and authentication of devices. Examples described herein relate to the authentication of devices attempting to access a predetermined device, sometimes without having direct network access, and securing communications between the involved devices. BACKGROUND Many motion tracking systems that are adapted for the physical rehabilitation or recovery of patients include motion trackers that a person wears during physical therapy. Before a patient starts to use such a motion tracking system, and after the return of a motion tracking system by a patient that has already used it, the motion trackers may require some configuration or reconfiguration for them to be properly operative and in adequate condition for the person to use them. Such configuration/reconfiguration may require software adjustments, and sometimes also hardware revisions and maintenance tasks. With respect to the software adjustments, one or more instructions are to be run on the motion tracker itself to achieve one or several objectives. The provision of the instructions can be a daunting task, even more so when multiple motion trackers are to be revised in this fashion, not to mention that depending on the circumstances, hundreds or even more motion trackers might have to be configured/reconfigured every now and then. BRIEF DESCRIPTION OF THE DRAWINGS To complete the description and in order to provide a better understanding of the disclosure, a set of drawings is provided. Said drawings form an integral part of the description and illustrate examples of the disclosure, which should not be interpreted as restricting the scope of the disclosure, but just as examples of how the disclosure can be carried out. The drawings comprise the following figures: FIG. 1 is a diagram illustrating a method in accordance with some examples. FIG. 2 is a diagram illustrating a method in accordance with some examples. FIG. 3 is a block diagram of a motion tracker in accordance with some examples. FIG. 4 is a block diagram of a computing device in accordance with some examples. FIG. 5 is a block diagram of an authentication device in accordance with some examples. FIG. 6 is a diagram illustrating a method in accordance with some examples. DETAILED DESCRIPTION As mentioned, in the context of a motion tracking system used for physical rehabilitation or recovery of patients, the provision of instructions to one or more motion trackers can be a daunting task. Bulk configuration/reconfiguration can be a complex, time consuming process. Furthermore, the process may be prone to failure when motion trackers feature limited wireless communications capabilities, for example only Bluetooth, as there may be mutual interference caused by parallel communications. This problem may be exacerbated when the tasks are conducted in a relatively small or densely packed space like a warehouse. Wired and wireless communications may provide means for supplying the instructions. However, in order not to create a security breach that could lead to the loading of deceptive data into the motion trackers, the motion trackers need to make sure that they communicate with a legitimate and trusted third-party device, otherwise refuse the data coming from the connected device. Due to the limited connection means of motion trackers that do not enable them for, for example, downloading the instructions from a secure server on the cloud, or downloading data for authenticating third-party devices, it may be desirable or beneficial to perform authentication of third-party devices that are a priori not known to the motion tracker so that safe configuration/reconfiguration tasks may be carried out via the third-party devices. Examples described herein may provide for authentication of devices attempting to access a predetermined device, sometimes without having direct network access, and securing communications between the involved devices. A first aspect relates to a method. The method may comprise receiving, by a motion tracker from a computing device, a data connection request or transmitting, by the motion tracker to the computing device, the data connection request, the motion tracker being configured to conduct a predetermined challenge-response authentication with an authentication device not communicatively coupled with the motion tracker. The method may include generating, by the motion tracker, a challenge according to the predetermined challenge-response authentication, the challenge being at least associated with the data connection request and/or the computing device of the data connection request. The method may include transmitting, by the motion tracker to the computing device, the challenge. The method may furt