Search

US-12627649-B1 - Secure information exchange

US12627649B1US 12627649 B1US12627649 B1US 12627649B1US-12627649-B1

Abstract

Systems and methods for secure information exchange are disclosed. During setup of an accessory device in association with a voice-enabled device, token data may be generated and signed using a private encryption key by the accessory device. An accessory-device system associated with the accessory device may send a request for account identification including the token data to a remote system associated with the voice-enabled device. The remote system may determine if an application associated with the accessory-device system is enabled, and if enabled, may send the account identification in an encrypted format to the accessory-device system.

Inventors

  • Akshaya Vishnu Kudlu Shanbhogue
  • Venkatesh Krishnamoorthy
  • Abraham Martin Passaglia
  • Tao Wu

Assignees

  • AMAZON TECHNOLOGIES, INC.

Dates

Publication Date
20260512
Application Date
20210816

Claims (20)

  1. 1 . A method comprising: receiving first data requesting that an application associated with an accessory device associated with a first remote system be associated with account data stored in association with a user registry of a second remote system, wherein the application associated with the accessory device associated with the first remote system is configured to enable the accessory device associated with the first remote system for use in association with another device that is associated with the account data stored in association with the user registry of the second remote system; determining that the application associated with the accessory device associated with the first remote system is not enabled for use in association with the account data stored in association with the user registry of the second remote system when the first data is received based at least in part on a token associated with the first data; sending, to a personal device associated with the account data stored in association with the user registry of the second remote system and based at least in part on the application being not enabled for use in association with the account data stored in association with the user registry of the second remote system when the first data is received, a command configured to cause display of an option to select the application to be enabled with respect to the account data stored in association with the user registry of the second remote system; receiving, from the personal device, second data indicating selection of the option; and causing, based at least in part on receiving the second data, the application to be enabled for use in association with the account data stored in association with the user registry of the second remote system.
  2. 2 . The method of claim 1 , wherein the another device is a voice-enabled device, and wherein the application associated with the accessory device is configured to enable the another device to cause the accessory device to perform an action in response to audio data representing an utterance.
  3. 3 . The method of claim 1 , further comprising: sending, based at least in part on causing the application to be enabled for use in association with the account data, identifying information about the accessory device to the first remote system; and receiving, from the first remote system, authentication data enabling use of third data representing a command received from the first remote system.
  4. 4 . The method of claim 1 , wherein the first data is received during a setup process associated with the accessory device via a user interface configured to display, on the personal device, available applications for enablement with the account data.
  5. 5 . The method of claim 1 , further comprising: determining that authentication credentials have been entered to access the application on the personal device; and based at least in part on the authentication credentials being entered, determining to refrain from requesting the authentication credentials to access functionality associated with the application.
  6. 6 . The method of claim 1 , wherein the application comprises a first application, and the method further comprises: determining a second application associated with the first application; causing display of an indicator of the second application based at least in part on the second application being associated with the first application; receiving third data requesting the second application be enabled for the account data; and causing the second application to be enabled for to the account data.
  7. 7 . The method of claim 1 , further comprising: receiving, from the first remote system and based at least in part on the application being enabled for use in association with the account data, identifying information associated with the accessory device, the identifying information including at least a naming indicator of the accessory device; and storing the identifying information in association with the account data.
  8. 8 . A system comprising: one or more processors; and non-transitory computer-readable media storing instructions that, when executed by the one or more processors, causes the one or more processors to perform operations comprising: receiving first data requesting that an application associated with an accessory device associated with a first remote system be associated with account data stored in association with a user registry of a second remote system, wherein the application associated with the accessory device associated with the first remote system is configured to enable the accessory device associated with the first remote system for use in association with another device that is associated with the account data stored in association with the user registry of the second remote system; determining that the application associated with the accessory device associated with the first remote system is not enabled for use in association with the account data stored in association with the user registry of the second remote system when the first data is received based at least in part on a token associated with the first data; sending, to a personal device associated with the account data stored in association with the user registry of the second remote system and based at least in part on the application being not enabled for use in association with the account data stored in association with the user registry of the second remote system when the first data is received, a command configured to cause a voice interface device to display an option to select the application to be enabled with respect to the account data stored in association with the user registry of the second remote system; receiving, from the personal device, second data indicating selection of the option; and causing, based at least in part on receiving the second data, the application to be enabled for use in association with the account data stored in association with the user registry of the second remote system.
  9. 9 . The system of claim 8 , wherein the another device is a voice-enabled device, and wherein the application associated with the accessory device is configured to enable the another device to cause the accessory device to perform an action in response to audio data representing an utterance.
  10. 10 . The system of claim 8 , the operations further comprising: sending, based at least in part on causing the application to be enabled with respect to the account data, identifying information about at least one of the accessory device or the voice interface device to a device associated with the application; and receiving, from the device associated with the application, authentication data enabling use of commands by the voice interface device and the accessory device.
  11. 11 . The system of claim 8 , wherein the first data is received during a setup process associated with the accessory device via a user interface configured to display, on the personal device, available applications for enablement with the account data, the available applications including the application.
  12. 12 . The system of claim 8 , the operations further comprising: determining that authentication credentials have been entered to access the application on the personal device; and based at least in part on the authentication credentials being entered, determining to refrain from requesting the authentication credentials to access functionality associated with the application.
  13. 13 . The system of claim 8 , wherein the application comprises a first application, and the operations further comprise: determining a second application associated with the first application; causing display of an indicator of the second application based at least in part on the second application being associated with the first application; receiving third data requesting enablement of the second application with respect to the account data; and causing the second application to be enabled with respect to the account data.
  14. 14 . The system of claim 8 , the operations further comprising: receiving, from a device associated with the application and based at least in part on the application being enabled with respect to the account data, identifying information associated with the accessory device, the identifying information including at least a naming indicator of the accessory device; and storing the identifying information in association with the account data.
  15. 15 . A method comprising: receiving first data requesting that an application associated with an accessory device associated with a first remote system be associated with account data stored in association with a user registry of a second remote system, wherein the application associated with the accessory device associated with the first remote system is configured to enable the accessory device associated with the first remote system for use in association with another device that is associated with the account data stored in association with the user registry of the second remote system; determining that the application associated with the accessory device associated with the first remote system is not enabled for use in association with the account data stored in association with the user registry of the second remote system when the first data is received based at least in part on a token associated with the first data; sending, to a personal device associated with the account data stored in association with the user registry of the second remote system and based at least in part on the application being not enabled for use in association with the account data stored in association with the user registry of the second remote system when the first data is received, a command configured to cause the personal device to display an option to select the application to be enabled for use in association with the account data stored in association with the user registry of the second remote system; receiving, from the personal device, second data indicating selection of the option; and causing, based at least in part on receiving the second data, the application to be enabled for use in association with the account data stored in association with the user registry of the second remote system.
  16. 16 . The method of claim 15 , wherein the another device is a voice-enabled device, and wherein the application associated with the accessory device is configured to enable the another device to cause the accessory device to perform an action in response to audio data representing an utterance.
  17. 17 . The method of claim 15 , further comprising: sending, based at least in part on causing the application to be enabled for use in association with the account data, identifying information about devices associated with the personal device to the first remote system; and receiving, from the first remote system, authentication data enabling use by the devices of third data representing a command received from the first remote system.
  18. 18 . The method of claim 15 , further comprising: determining that authentication credentials have been entered to access the application on the personal device; and based at least in part on the authentication credentials being entered, determining to refrain from requesting the authentication credentials to access functionality associated with the application.
  19. 19 . The method of claim 15 , wherein the application comprises a first application, and the method further comprises: determining a second application associated with the first application; causing display of an indicator of the second application based at least in part on the second application being associated with the first application; receiving third data requesting enablement of the second application for use in association with the account data; and causing the second application to be enabled for use in association with the account data.
  20. 20 . The method of claim 15 , further comprising: receiving, from the first remote system and based at least in part on the application being enabled for use in association with the account data, identifying information about at least one device associated with the application and the personal device; and storing the identifying information in association with the account data.

Description

RELATED APPLICATIONS This application claims priority to and is a continuation of U.S. patent application Ser. No. 16/265,670, filed on Feb. 1, 2019, the entire contents of which are incorporated herein by reference. BACKGROUND Smart-home devices have become ubiquitous. Smart-home device users and/or manufacturers may desire to communicate with systems associated with voice-enabled devices, for example. Described herein are improvements in technology and solutions to technical problems that can be used to, among other things, improve communication between smart-home systems and other systems, such as systems associated with voice-enabled devices. BRIEF DESCRIPTION OF THE DRAWINGS The detailed description is set forth below with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The use of the same reference numbers in different figures indicates similar or identical items. The systems depicted in the accompanying figures are not to scale and components within the figures may be depicted not to scale with each other. FIG. 1 illustrates a schematic diagram of an example environment for secure information exchange. FIG. 2 illustrates a conceptual diagram of example components of systems for secure information exchange. FIG. 3 illustrates a sequence diagram illustrating an example flow of interactions arranged in a time sequence for secure information exchange when an application associated with an accessory is not enabled at the time of a request for information exchange. FIG. 4 illustrates a sequence diagram illustrating an example flow of interactions arranged in a time sequence for secure information exchange when an application associated with an accessory is enabled at the time of the request for information exchange. FIG. 5 illustrates a flow diagram of an example process for secure information exchange. FIG. 6 illustrates a flow diagram of another example process for secure information exchange. FIG. 7 illustrates a conceptual diagram of components of a speech-processing system for processing audio data provided by one or more devices. FIG. 8 illustrates a conceptual diagram of components of a speech-processing system for secure information exchange. FIG. 9 illustrates a conceptual diagram of example components of a smart-home system. FIG. 10 illustrates a schematic diagram of an example environment for device discovery utilizing securely-exchanged information. DETAILED DESCRIPTION Systems and methods for secure information exchange are disclosed. Take, for example, an environment or space such as a home that may have one or more voice-enabled devices, such as an Amazon Echo-type device, smart phone, or television/settop box with a voice user interface. The voice-enabled devices may be configured, for example, to receive audio representing user utterances and generate corresponding audio data to be utilized by a remote system, for example, to cause an operation to be performed. The voice-enabled devices may be manufactured by a first entity associated with the remote system. The environment may also include, for example, one or more “smart home” devices, which are otherwise described herein as accessory devices. The accessory devices may include, for example, light bulbs, plugs, light switches, televisions, locks, alarms, cameras, doorbells, thermostats, household appliances, garage-door openers, wearable devices, clocks, etc. It should be understood that the list of example accessory devices as provided herein is not an exclusive list. Instead, this disclosure includes, as accessory devices, any computing device that may send and receive data and/or instructions and may perform operations based at least in part on the received data and/or instructions. The accessory devices, in examples, may be manufactured by a second entity that differs from the first entity and the accessory devices may be associated with a system associated with the accessory device that differs from the remote system associated with the voice-enabled devices. In examples, after purchase of an accessory device, a user goes through a process of setting up the accessory device so that it is operational. Some setup processes may involve instructing the user to perform a set of steps to setup the accessory device. For example, the user may be instructed to download and/or otherwise gain access to an application provided by the system associated with the accessory device. A user interface associated with the application may present additional instructions for setting up the accessory device. However, in examples where the environment includes a voice-enabled device, the voice-enabled device may be utilized to setup and/or otherwise configure the accessory device for operation. For example, the user may have setup the voice-enabled device at an earlier time, and setup of the voice-enabled device may have included identifyin