US-20260128968-A1 - SYSTEM FOR BLUETOOTH DEVICE INDENTIFICATION AND PROCESS THEREFOR

Abstract

A computing system and process for performing identification of the type of computing devices communicating via wireless Bluetooth protocols. The computing system involves customized or non-customized computing systems that are configured to send queries via all protocols described in Bluetooth specifications, as well as vendor-specific protocols. The computing system analyzes raw data, in combination with behavioral data, in combination with ground-truth data about known devices, in order to establish a device identification about any computing device communicating via Bluetooth. In the absence of ground-truth data, device identification is inferred with an associated confidence level based on synthesis across all collected data.

Inventors

• Xeno Kovah

Assignees

• Dark Mentor LLC

Dates

Publication Date

20260507

Application Date

20241106

Claims (20)

1. 1 . A Bluetooth device identification system (DIS), comprising: a memory to store programs to run process steps, a database to store received data from devices to identify (DTI), one or more Bluetooth chip processors configured with a transceiver that discovers nearby Bluetooth communication DTI of type Low Energy (BLE) and Basic Rate/Enhanced Data Rate (BR/EDR) which are in the area; a collection channel connected to each of the one or more Bluetooth chip processors to collect data received from the discovered DTIs; a main processor configured to execute process steps including: selecting known packet types for protocols/profiles of interest received from the discovered DTIs, transmitting each individual packet type externally to gather information from the discovered DTIs, and receiving responses, including protocol/profile layers, to each of the transmitted packet types from the DTIs and storing the received responses in the database; determining whether the received protocol/profile layers have behaviors which can be used to determine a device identification (DID); selecting known device-differentiating behaviors for each of the received protocol/profile layers; performing a behavioral assessment of the DTI; and formatting collected data to store in the database.
2. 2 . A Bluetooth device identification system (DIS), comprising: a memory to store a program, the program comprising a set of instructions, each of the instructions corresponding to one or more process steps; a database stored in the memory to store and/or track response data values from Bluetooth devices to be identified (DTI), the response data values generated by sending an inquiry packet to one or more DTI and, if a response packet is received, storing an actual response packet value; one or more Bluetooth chip processors configured with a transceiver that discovers Bluetooth DTI of type Low Energy (BLE) and/or Basic Rate/Enhanced Data Rate (BR/EDR) which are in an area; a collection channel connected to each of the one or more Bluetooth chip processors to collect data received from the discovered DTI; at least one processor configured to execute the program and thus the process steps, the process steps including: selecting one or more known inquiry packet types for one or more protocols and/or profiles of interest received from the discovered DTIs, transmitting each selected individual inquiry packet type to at least one of the discovered DTI to generate response packets from the discovered DTI; receiving one or more response packets, including protocol and/or profile information, from the DTI in response to each of the inquiry packet types and storing the corresponding response data values in the database; and formatting collected data to store in the database.
3. 3 . The Bluetooth device identification system (DIS) of claim 2 , wherein the database can also store a corresponding no-response packet value if no response packet is received in response to any given inquiry packet.
4. 4 . The Bluetooth device identification system (DIS) of claim 2 , wherein the process steps further comprise: determining whether any of the received protocol/profile layers have behaviors which can be used to determine a device identification (DID); selecting known device-differentiating behaviors for each of the received protocol/profile layers which have such behaviors; and performing a behavioral assessment of the DTI to collect additional response data values.
5. 5 . The Bluetooth device identification system (DIS) of claim 2 , wherein the database can also store a corresponding no-response packet value if no response packet is received in response to any given inquiry packet, and wherein the process steps further comprise: determining whether the received protocol/profile layers have behaviors which can be used to determine a device identification (DID); selecting known device-differentiating behaviors for each of the received protocol/profile layers; and performing a behavioral assessment of the DTI to collect additional response data values.
6. 6 . The Bluetooth device identification system (DIS) of claim 5 , wherein the process steps further comprise: determining whether it is more likely that no response packet was received in response to a given inquiry packet due to packet loss in transmission, or due to an error of response by a given DTI, or due to the given DTI not having a corresponding response value for the given inquiry packet; using the determination of the previous step as a factor in determining known device-differentiating behaviors for each of the received protocol/profile layers; and including the known device-differentiating behaviors determined in the previous step as part of the behavioral assessment of the DTI to collect additional response data values.
7. 7 . The Bluetooth device identification system (DIS) of claim 2 , wherein at least one of the inquiry packet types has more than one possible valid configuration, and wherein the process steps further comprise: sending at least one of the inquiry packets in at least two valid configurations to obtain a first response packet having a first response data value and a second response packet having a second response data value; comparing the first response data value and the second response data value to produce a differentiation value and using the differentiation value as a factor in determining known device-differentiating behaviors for each of the received protocol/profile layers; and including the known device-differentiating behaviors determined in the previous step as part of the behavioral assessment of the DTI to collect additional response data values.
8. 8 . The Bluetooth device identification system (DIS) of claim 2 , wherein the Bluetooth chip processors can also passively detect one or more independent packets transmitted by Bluetooth DTI in the area, each independent packet having an independent data value, and can store the independent data packet values in the database.
9. 9 . The Bluetooth device identification system (DIS) of claim 4 , wherein the Bluetooth chip processors can also passively detect one or more independent packets transmitted by Bluetooth DTI in the area, each independent packet having an independent data value, the Bluetooth chip processors can store the independent data packet values in the database, and the independent data packet values can be used as a second factor in determining known device-differentiating behaviors for a given DTI.
10. 10 . The Bluetooth device identification system (DIS) of claim 2 , wherein the Bluetooth DIS can transmit one or more bad inquiry packets, the bad inquiry packets being purposefully configured to be nonconforming with one or more otherwise valid Bluetooth protocols and/or Bluetooth standards, and wherein the response packets sent by a given DTI in response to a bad inquiry packet produce bad inquiry response data values which can be stored in the database.
11. 11 . The Bluetooth device identification system (DIS) of claim 4 , wherein the Bluetooth DIS can transmit one or more bad inquiry packets, the bad inquiry packets being purposefully configured to be nonconforming with one or more otherwise valid Bluetooth protocols and/or Bluetooth standards, and wherein the response packets sent by a given DTI in response to a bad inquiry packet produce bad inquiry response data values which can be used as a second factor in determining known device-differentiating behaviors for a given DTI.
12. 12 . The Bluetooth device identification system (DIS) of claim 2 , wherein at least one of the inquiry packet types is a state machine inquiry packet that can affect a full state machine configuration of a given DTI, wherein the full state machine configuration of the given DTI in response to receiving a given state machine inquiry packet can be determined by the DIS to produce a full state machine response value, and wherein the full state machine response value can be stored in the database.
13. 13 . The Bluetooth device identification system (DIS) of claim 4 , wherein at least one of the inquiry packet types is a state machine inquiry packet that can affect a full state machine configuration of a given DTI, wherein the full state machine configuration of the given DTI in response to receiving a given state machine inquiry packet can be determined by the DIS to produce a full state machine response value, and wherein the full state machine response value can be used as a second factor in determining known device-differentiating behaviors for the given DTI.
14. 14 . The Bluetooth device identification system (DIS) of claim 12 , wherein the DIS either stores or dynamically generates a minimal-differentiator packet sequence (MDPS) which can be used to determine a sequence of inquiry packets which will differentiate two or more DTI which have full state machine configurations which are within an arbitrary degree of similarity.
15. 15 . The Bluetooth device identification system (DIS) of claim 13 , wherein the DIS either stores or dynamically generates a minimal-differentiator packet sequence (MDPS) which can be used to determine a sequence of inquiry packets which will differentiate two or more DTI which have full state machine configurations which are within an arbitrary degree of similarity.
16. 16 . The Bluetooth device identification system (DIS) of claim 2 , wherein the process steps further comprise: determining whether any given DTI has and/or will transmit(ted) any response packets which include at least one device-specific actual value and if so masking out the device-specific actual value when the corresponding response data value is stored in the database.
17. 17 . The Bluetooth device identification system (DIS) of claim 4 , wherein the process steps further comprise: determining whether any given DTI has and/or will transmit(ted) any response packets which include at least one device-specific actual value and if so masking out the device-specific actual value when the corresponding response data value is stored in the database; and using one or more properties of at least one of the response data values including a masked-out device-specific actual value, including but not limited to whether any of the response data values include such masked-out data values at all, as a second factor in determining known device-differentiating behaviors for the given DTL.
18. 18 . The Bluetooth device identification system (DIS) of claim 2 wherein the processor, the memory, and at least one Bluetooth chip processor and/or a field programmable gate array which can receive and interpret Bluetooth signals are part of a single integrated circuit.
19. 19 . The Bluetooth device identification system (DIS) of claim 4 wherein the processor, the memory, and at least one Bluetooth chip processor and/or field programmable gate array which can receive and interpret Bluetooth signals are part of a single integrated circuit.
20. 20 . The Bluetooth device identification system (DIS) of claim 12 wherein at least two of the full state machine configurations possible to be present on a given DTI are identical on the edges, but have different internal substate configurations, such that the given DTI can be more accurately identified by determining its actual substate configuration in response to a given state machine inquiry packet.

Description

STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT Not applicable. COPYRIGHT NOTICE A portion of this disclosure contains material which is subject to copyright protection. The copyright owner has no objection to the photocopy reproduction by anyone of the patent document or the patent disclosure in exactly the form it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever. 37 C.F.R 1.71(d). BACKGROUND OF THE INVENTIVE CONCEPT 1. Field of the Invention The present inventive concept relates to a computing system configured for Bluetooth device identification and a process therefor, and more particularly, to a computing system configured for Bluetooth device identification that utilizes multiple Bluetooth protocols and other Bluetooth related data, and a process therefor. 2. Description of the Related Art The Bluetooth wireless protocol for information transfer was defined in 1999. Subsequent updates introduced Bluetooth Enhanced Data Rate (EDR) and were defined in 2004, and the prior Bluetooth wireless protocol was retroactively named Basic Rate (BR). These protocols are collectively referred to as Bluetooth BR/EDR. The Bluetooth Low Energy protocol was defined in 2009 and added many new technologies and protocols which were not compatible with BR/EDR. These technologies and protocols are collectively referred to herein as BLE. Bluetooth defines the notion of a “Profile” as a document describing the “required functions and features of each layer in the Bluetooth system” (“Bluetooth Core Specification 6.0”, (2024) https://www.bluetooth.com/specifications/specs/core-specification-6-0/). It also says that “[a] profile defines the vertical interactions between the layers as well as the peer-to-peer interactions of specific layers between devices.” Therefore, Bluetooth Profiles can be thought of as supplemental specifications that go beyond the Bluetooth Core Specification. They contain additional data and behaviors that can optionally be conformed to by devices to achieve interoperability. Profiles can be public and standardized, or private and vendor-specific. Prior work to identify Bluetooth devices falls into 4 categories. Category 1 Bluetooth device identification systems are those which attempt to identify a single device over time, irrespective of what type of device it is. A common use case for such systems is performing access control, and granting access to a single authorized device, while preventing access to other devices which may attempt to impersonate an authorized device. US 2022/312507 A1 Wang et al. and US 2021/058393A1 Alpert et al. are examples of such systems. Another common use case is tracking a single device over time, despite the fact that the primary Bluetooth Device Address (BDADDR) is designed to change over time, to intentionally make tracking more difficult. US 2020/236004 A1 Tavares et al. is an example of this. Unlike the present system as disclosed herein, these systems are not concerned with differentiating and identifying, e.g., as an Apple® iPhone vs. a Samsung® TV. Category 2 Bluetooth device identification systems are those that seek to create a fingerprint for a specific device based on device-specific wireless characteristics. This category often overlaps with Category 1 (e.g. both US 2022/312507 A1 Wang et al. and US 2021/058393 A1 Alpert et al. use these techniques.) While the present system as disclosed herein can include such fingerprint systems as another source of the multi-source information as described herein, this information is not a prioritized data source. That is because such information primarily serves to identify individual devices (i.e. Device #1 vs. Device #2) over time, but it does not contribute as significantly to what type of device it is. I.e. it is not a strong signal to differentiate that Device #1 is an iPhone and Device #2 is a TV. Physical-layer characteristic fingerprinting is more indicative of the Bluetooth chip radio hardware, and consequently it is primarily suitable for differentiating that Device #1 uses Bluetooth Chip Vendor #1 and Device #2 uses Bluetooth Chip Vendor #2. But that is only one aspect of the overall device identification that the present inventive system as described herein achieves. Category 3 Bluetooth device identification systems are those that use a single source of data to create a Device ID (DID) “fingerprint” for a Device To Identify (DTI). Examples include “Automatic Fingerprinting of Vulnerable BLE IoT Devices with Static UUIDs from Mobile Apps” (2019) by Zuo et al. (https://web.archive.org/web/20191124060800/https://web.cse.ohio-state.edu/˜lin.3021/file/CCS19a.pdf) and “Fingerprinting Bluetooth-Low-Energy Devices Based on the Generic Attribute Profile” (2021) by Celosia and Cunche (https://inria.hal.science/hal-02359914/file/paper.pdf). Both papers use a single source of data Generic Attribute Profile (GATT). GATT information compri