Search

US-12627637-B2 - Secure device to device communication channel

US12627637B2US 12627637 B2US12627637 B2US 12627637B2US-12627637-B2

Abstract

One embodiment provides a data processing system on a communal electronic device, the data processing system comprising a memory device to store instructions; one or more processors to execute the instructions stored on the memory device, the instructions to cause the one or more processors to provide a virtual assistant to receive commands at the communal electronic device, wherein the virtual assistant, via the one or more processors, is to receive a command at the communal electronic device; determine whether the command is to access personal data of a user associated with the communal electronic device; and in response to a determination that the command is to access personal data of the user, send a request to a personal electronic device of the user to process at least a portion of the command.

Inventors

  • Bob Bradley
  • Marc J. Krochmal

Assignees

  • APPLE INC.

Dates

Publication Date
20260512
Application Date
20180928

Claims (20)

  1. 1 . A data processing system comprising: a memory device to store instructions; one or more processors to execute the instructions stored on the memory device, the instructions to cause the one or more processors to enable an encrypted data channel between electronic devices, the one or more processors to: receive, from an account server, a list of devices that are registered to a family of associated cloud services accounts, wherein a first electronic device is registered to a first account of the family of associated cloud services accounts, a second electronic device of user is registered to a second account of the family of associated cloud services accounts, the first electronic device and the second electronic device each includes a virtual assistant; determine that a communication session is to be established between the first electronic device and the second electronic device based on the list of devices; establish a peer-to-peer data connection between the first electronic device and the second electronic device; verify a trust relationship between the first electronic device and the second electronic device; establish an encrypted communication session between the first electronic device and the second electronic device after verification of the trust relationship; and exchange data between the first electronic device and the second electronic device over the encrypted communication session.
  2. 2 . The data processing system as in claim 1 , the one or more processors to establish the peer-to-peer data connection over a direct wireless connection between the first electronic device and the second electronic device.
  3. 3 . The data processing system as in claim 1 , the one or more processors to establish the encrypted communication session via a network layer protocol over a wireless network connection, wherein to establish the encrypted communication session, the first electronic device is to compare a persistent identifier of the first electronic device with a persistent identifier of the second electronic device and initiate the connection with the second electronic device in response to a determination that the persistent identifier of the first electronic device is lower than the persistent identifier of the second electronic device.
  4. 4 . The data processing system as in claim 1 , wherein to verify the trust relationship between the first electronic device and the second electronic device includes to verify a previously established trust relationship.
  5. 5 . The data processing system as in claim 4 , the previously established trust relationship established via one or more of: an exchange of credentials between the first electronic device and the second electronic device over a short-range wireless connection; and an exchange of credentials via the cloud services account to which the first electronic device and the second electronic device are registered, the credentials to enable mutual authentication between the first electronic device and the second electronic device.
  6. 6 . The data processing system as in claim 1 , the one or more processors additionally to: determine that the communication session is to be established between the first electronic device and the second electronic device in response to discovery of the second electronic device at the first electronic device via a device discovery protocol; and establish the peer-to-peer data connection between the first electronic device and the second electronic device after discovery of the second electronic device.
  7. 7 . The data processing system as in claim 1 , the one or more processors additionally to: discover the second electronic device at the first electronic device via a device discovery protocol; establish the peer-to-peer data connection between the first electronic device and the second electronic device after discovering the second electronic device; and exchange data between the virtual assistant of the first electronic device and the virtual assistant of the second electronic device via the encrypted communication session.
  8. 8 . The data processing system as in claim 1 , one or more processors additionally to: discover the second electronic device at the first electronic device via a device discovery protocol; and establish the peer-to-peer data connection between the first electronic device and the second electronic device after discovering the second electronic device.
  9. 9 . The data processing system as in claim 1 , the first electronic device to establish a trust relationship with the second electronic device before the first electronic device is enabled to send a request for a data exchange to the second electronic device.
  10. 10 . A non-transitory machine-readable medium storing instructions to cause one or more processors to perform operations comprising: receiving, from an account server, a list of devices that are registered to a family of cloud services accounts, wherein a first electronic device is registered to a first account of the family of cloud services accounts, or a second electronic device is registered to a second account of the family of cloud services accounts, the first electronic device and the second electronic device each including a virtual assistant; determining that a communication session is to be established between the first electronic device and the second electronic device based on the list of devices; establishing a peer-to-peer data connection between the first electronic device and the second electronic device; verifying a trust relationship between the first electronic device and the second electronic device; establishing an encrypted communication session between the first electronic device and the second electronic device after verifying the trust relationship; and exchanging data between the first electronic device and the second electronic device over the encrypted communication session.
  11. 11 . The non-transitory machine-readable medium as in claim 10 , the operations additionally comprising establishing the peer-to-peer data connection over a direct wireless connection between the first electronic device and the second electronic device.
  12. 12 . The non-transitory machine-readable medium as in claim 10 , the operations additionally comprising establishing the encrypted communication session via a network layer protocol over a wireless network connection, wherein to establish the encrypted communication session, the first electronic device is to compare a persistent identifier of the first electronic device with a persistent identifier of the second electronic device and initiate the connection with the second electronic device in response to a determination that the persistent identifier of the first electronic device is lower than the persistent identifier of the second electronic device.
  13. 13 . The non-transitory machine-readable medium as in claim 10 , wherein verifying the trust relationship between the first electronic device and the second electronic device includes verifying a previously established trust relationship.
  14. 14 . The non-transitory machine-readable medium as in claim 13 , the previously established trust relationship established via operations including one or more of: exchanging credentials between the first electronic device and the second electronic device over a short-range wireless connection; and exchanging credentials via the cloud services account to which the first electronic device and the second electronic device are registered, the credentials to enable mutual authentication between the first electronic device and the second electronic device.
  15. 15 . The non-transitory machine-readable medium as in claim 10 , the operations additionally comprising: determining that the communication session is to be established between the first electronic device and the second electronic device in response to discovery the second electronic device at the first electronic device via a device discovery protocol; and establishing the peer-to-peer data connection between the first electronic device and the second electronic device after discovering the second electronic device.
  16. 16 . The non-transitory machine-readable medium as in claim 10 , the operations additionally comprising: discovering the second electronic device at the first electronic device via a device discovery protocol; establishing the peer-to-peer data connection between the first electronic device and the second electronic device after discovering the second electronic device; and exchanging data between the virtual assistant of the first electronic device and the virtual assistant of the second electronic device via the encrypted communication session.
  17. 17 . The non-transitory machine-readable medium as in claim 10 , the operations additionally comprising: discovering the second electronic device at the first electronic device via a device discovery protocol; and establishing the peer-to-peer data connection between the first electronic device and the second electronic device after discovering the second electronic device.
  18. 18 . The non-transitory machine-readable medium as in claim 10 , the first electronic device to establish a trust relationship with the second electronic device before the first electronic device is enabled to send a request for a data exchange to the second electronic device.
  19. 19 . A method comprising: receiving, from an account server a list of devices that are registered to a family of associated cloud services accounts to which at least one of a first electronic device of a user or a second electronic device are registered to a cloud services account of the family of associated cloud services accounts, the first electronic device and the second electronic device each including a virtual assistant, the first electronic device being a communal electronic device associated with a plurality of users; determining that a communication session is to be established between the first electronic device and the second electronic device based on the list of devices; establishing a peer-to-peer data connection between the first electronic device and the second electronic device via a wireless radio device; verifying a trust relationship between the first electronic device and the second electronic device, wherein verifying the trust relationship between the first electronic device and the second electronic device includes verifying a previously established trust relationship; establishing an encrypted communication session between the first electronic device and the second electronic device via a network layer protocol over a wireless network connection, the encrypted communication session established after verifying the trust relationship; and exchanging data between the first electronic device and the second electronic device over the encrypted communication session to synchronize device data between the first electronic device and the second electronic device, the device data associated with the cloud services account.
  20. 20 . The method as in claim 19 , additionally comprising: discovering the second electronic device at the first electronic device via a device discovery protocol; and establishing the peer-to-peer data connection between the first electronic device and the second electronic device after discovering the second electronic device.

Description

This application claims priority to U.S. Provisional Patent Application No. 62/575,373 filed Oct. 21, 2017, which is hereby incorporated herein by reference. BACKGROUND OF THE DISCLOSURE Electronic devices known in the art can include an intelligent automated assistant system that can engage with a user of an electronic device. Generally, intelligent automated assistant systems provide a digital or virtual assistant that can perform actions on the electronic device or provide the user with requested information. These automated assistants can control many operations and functions of an electronic device, such as to dial a telephone number, send a text message, set reminders, add events to a calendar, and perform various other operations on behalf of a user. The automated assistant systems can receive spoken, natural language commands from a user and can speak responses to the user that are generated using a speech synthesis engine. The services and operations for the automated assistants can be classified into various domains that describe an area of service for the automated assistant. Enabling complete functionality within certain domains may require access to personal or private data associated with, or specific to a user of the electronic device. Such data may be stored on the personal user device or stored in a remote location that is accessible to the user device. However, some implementations of an automated assistant can be included on communal devices that may be used by more than one user. For privacy purposes, it may be beneficial to avoid storing personal or private user information on communal devices. Accordingly, automated assistant services that require access to personal information for a user may not be available on communal devices. SUMMARY OF THE DESCRIPTION Embodiments described herein provide a communication mechanism that enables a communal electronic device, such as a smart speaker device or another smart home device, to relay or redirect virtual assistant requests involving personal user data to a personal user device for processing. The communication mechanism can also be used as a general-purpose communication mechanism that enables smart home device to exchange data, including configuration data. One embodiment provides for a data processing system on an electronic device, the data processing system comprising a memory device to store instructions and one or more processors to execute the instructions stored on the memory device. The instructions, when executed, cause the one or more processors to enable an encrypted data channel between electronic devices. To enable the encrypted data channel, the one or more processors are configured to determine that a communication session is to be established between a first electronic device and a second electronic device, wherein the first electronic device and the second electronic device are each associated with a cloud services account. The one or more processors can be further configured to establish a peer-to-peer data connection between the first electronic device and the second electronic device, verify a trust relationship between the first electronic device and the second electronic device, and establish an encrypted communication session between the first electronic device and the second electronic device after verifying the trust relationship. The encrypted communication session can then be used to exchange data between the first electronic device and the second electronic device over the encrypted communication session. One embodiment provides for a non-transitory machine-readable medium storing instructions to cause one or more processors to perform operations comprising determining that a communication session is to be established between a first electronic device and a second electronic device, where the first electronic device and the second electronic device are each associated with a cloud services account. The instructions can additionally cause the one or more processors to perform additional operations that include establishing a peer-to-peer data connection between the first electronic device and the second electronic device, verifying a trust relationship between the first electronic device and the second electronic device, establishing an encrypted communication session between the first electronic device and the second electronic device after verifying the trust relationship, and exchanging data between the first electronic device and the second electronic device over the encrypted communication session. One embodiment provides for a method to be executed on a computing device or data processing system described herein. The method comprises determining that a communication session is to be established between a first electronic device and a second electronic device, where the first electronic device and the second electronic device are each associated with a cloud services account, establishing a peer-to-peer data