阅读说明：本技术 用于验证用户意图以及安全配置计算设备的技术 (Techniques for verifying user intent and securely configuring a computing device ) 是由 J·S·科金 D·C·克林格勒 K·C·博格 J·P·施密特 E·A·阿兰曼奇 T·阿尔西 于 2018-01-25 设计创作，主要内容包括：本公开实施方案阐述了一种用于使计算设备能够安全配置外围计算设备的技术。根据一些实施方案,该方法能够包括以下步骤：(1)批准从外围计算设备接收的请求以参与外围计算设备的设置过程,(2)从外围计算设备接收：(i)编码密码和定时信息的音频信号,和(ii)光信号。另外,该方法可涉及响应于识别到定时信息与光信号相关而：(3)从音频信号中提取密码；以及(4)基于密码来与外围计算设备建立通信链路。继而,该方法可涉及(5)经由通信链路向外围计算设备提供配置信息。(The disclosed embodiments set forth a technique for enabling a computing device to securely configure a peripheral computing device. According to some embodiments, the method can comprise the steps of: (1) approving the request received from the peripheral computing device to participate in a setup process of the peripheral computing device, (2) receiving from the peripheral computing device: (i) an audio signal encoding the cipher and timing information, and (ii) an optical signal. Additionally, the method may involve, in response to identifying that the timing information is related to the optical signal: (3) extracting a password from the audio signal; and (4) establish a communication link with the peripheral computing device based on the password. In turn, the method may involve (5) providing the configuration information to the peripheral computing device via the communication link.)

1. A method for enabling a computing device to securely configure a peripheral computing device, the method comprising, at the computing device:

approving the request received from the peripheral computing device to participate in a setup process of the peripheral computing device;

receiving, from the peripheral computing device:

(1) an audio signal encoding (i) a cipher and (ii) timing information, and

(2) an optical signal; and

in response to identifying that the timing information is related to the optical signal:

extracting the password from the audio signal, an

Establishing a communication link with the peripheral computing device based on the password.

2. The method of claim 1, further comprising, prior to approving the request:

displaying a notification indicating that the peripheral computing device is requesting the setup process, wherein the notification includes an option to accept the request or to ignore the request; and

in response to receiving a selection of the option to accept the request: indicating approval of the request to the peripheral computing device.

3. The method of claim 2, wherein the notification comprises at least one of: an image of the peripheral computing device, a description of the peripheral computing device, instructional information associated with the setup process, an animation, a video, or a sound.

4. The method of claim 2, wherein the request and the approval are transmitted using a WiFi, bluetooth, or NFC protocol.

5. The method of claim 1, further comprising:

providing configuration information to the peripheral computing device over the communication link, wherein the configuration information includes at least one of: WiFi network credentials, user account credentials, and an encryption key set.

6. The method of claim 1, wherein the light signal is generated by at least one light source included on the peripheral computing device and the light signal is received at the computing device using a camera included on the computing device.

7. The method of claim 6, further comprising, prior to establishing the communication link with the peripheral computing device:

obtaining at least one image of the peripheral computing device using the camera; and

verifying that the peripheral computing device is included in the at least one image.

8. The method of claim 1, wherein the audio signal is produced by at least one speaker included on the peripheral computing device and the audio signal is received at the computing device using a microphone on the computing device.

9. At least one non-transitory computer-readable storage medium configured to store instructions that, when executed by at least one processor included in a computing device, cause the computing device to securely configure a peripheral computing device by performing steps comprising:

approving the request received from the peripheral computing device to participate in a setup process of the peripheral computing device;

receiving, from the peripheral computing device:

(1) an audio signal encoding (i) a cipher and (ii) timing information, and

(2) an optical signal; and

in response to identifying that the timing information is related to the optical signal:

extracting the password from the audio signal, an

Establishing a communication link with the peripheral computing device based on the password.

10. The at least one non-transitory computer-readable storage medium of claim 9, wherein the steps further comprise, prior to approving the request:

displaying a notification indicating that the peripheral computing device is requesting the setup process, wherein the notification includes an option to accept the request or to ignore the request; and

in response to receiving a selection of the option to accept the request: indicating approval of the request to the peripheral computing device.

11. The at least one non-transitory computer-readable storage medium of claim 10, wherein the notification comprises at least one of: an image of the peripheral computing device, a description of the peripheral computing device, instructional information associated with the setup process, an animation, a video, or a sound.

12. The at least one non-transitory computer-readable storage medium of claim 10, wherein the request and the approval are transmitted using a WiFi, bluetooth, or NFC protocol.

13. The at least one non-transitory computer-readable storage medium of claim 9, wherein the steps further comprise:

providing configuration information to the peripheral computing device over the communication link, wherein the configuration information includes at least one of: WiFi network credentials, user account credentials, and an encryption key set.

14. The at least one non-transitory computer-readable storage medium of claim 9, wherein the light signal is generated by at least one light source included on the peripheral computing device and the light signal is received at the computing device using a camera included on the computing device.

15. The at least one non-transitory computer-readable storage medium of claim 14, wherein the steps further comprise, prior to establishing the communication link with the peripheral computing device:

obtaining at least one image of the peripheral computing device using the camera; and

verifying that the peripheral computing device is included in the at least one image.

16. The at least one non-transitory computer-readable storage medium of claim 9, wherein the audio signal is produced by at least one speaker included on the peripheral computing device and the audio signal is received at the computing device using a microphone on the computing device.

17. A computing device configured to securely configure a peripheral computing device, the computing device comprising:

at least one processor; and

at least one memory storing instructions that, when executed by the at least one processor, cause the computing device to:

approving the request received from the peripheral computing device to participate in a setup process of the peripheral computing device;

receiving, from the peripheral computing device:

(1) an audio signal encoding (i) a cipher and (ii) timing information, and

(2) an optical signal; and

in response to identifying that the timing information is related to the optical signal:

extracting the password from the audio signal, an

Establishing a communication link with the peripheral computing device based on the password.

18. The computing device of claim 17, wherein the at least one processor further causes the computing device to, prior to approving the request:

displaying a notification indicating that the peripheral computing device is requesting the setup process, wherein the notification includes an option to accept the request or to ignore the request; and

in response to receiving a selection of the option to accept the request: indicating approval of the request to the peripheral computing device.

19. The computing device of claim 18, wherein the notification comprises at least one of: an image of the peripheral computing device, a description of the peripheral computing device, instructional information associated with the setup process, an animation, a video, or a sound.

20. The computing device of claim 18, wherein the request and the approval are transmitted using a WiFi, bluetooth, or NFC protocol.

21. The computing device of claim 17, further comprising:

providing configuration information to the peripheral computing device over the communication link, wherein the configuration information includes at least one of: WiFi network credentials, user account credentials, and an encryption key set.

22. The computing device of claim 17, wherein the light signal is generated by at least one light source included on the peripheral computing device and the light signal is received at the computing device using a camera included on the computing device.

23. The computing device of claim 22, wherein the at least one processor further causes the computing device to, prior to establishing the communication link with the peripheral computing device:

obtaining at least one image of the peripheral computing device using the camera; and

verifying that the peripheral computing device is included in the at least one image.

24. A method for performing a setup process at a peripheral computing device, the method comprising, at the peripheral computing device:

periodically transmitting a request to participate in the setup process to a nearby computing device;

receiving approval from a computing device of the nearby computing devices to participate in the setup process;

issuing to the computing device:

(1) an audio signal encoding (i) a cipher and (ii) timing information, and

(2) an optical signal, the optical signal being related to the timing information; and

in response to verifying that the computing device has the password:

establishing a communication link with the computing device based on the password.

25. The method of claim 24, wherein the request and the approval are transmitted using WiFi, bluetooth, or NFC protocols.

26. The method of claim 24, further comprising:

installing configuration information received from the computing device over the communication link, wherein the configuration information comprises at least one of: WiFi network credentials, user account credentials, and an encryption key set.

27. The method of claim 24, wherein the light signal is generated using at least one light source included on the peripheral computing device.

28. The method of claim 24, wherein the audio signal is generated using at least one speaker included on the peripheral computing device.

29. At least one non-transitory computer-readable storage medium configured to store instructions that, when executed by at least one processor included in a peripheral computing device, cause the peripheral computing device to perform a setup process by performing steps comprising:

periodically transmitting a request to participate in the setup process to a nearby computing device;

receiving approval from a computing device of the nearby computing devices to participate in the setup process;

issuing to the computing device:

(1) an audio signal encoding (i) a cipher and (ii) timing information, and

(2) an optical signal, the optical signal being related to the timing information; and

in response to verifying that the computing device has the password:

establishing a communication link with the computing device based on the password.

30. The at least one non-transitory computer-readable storage medium of claim 29, wherein the request and the approval are transmitted using a WiFi, bluetooth, or NFC protocol.

31. The at least one non-transitory computer-readable storage medium of claim 29, wherein the steps further comprise:

installing configuration information received from the computing device over the communication link, wherein the configuration information comprises at least one of: WiFi network credentials, user account credentials, and an encryption key set.

32. The at least one non-transitory computer-readable storage medium of claim 29, wherein the light signal is generated using at least one light source included on the peripheral computing device.

33. The at least one non-transitory computer-readable storage medium of claim 29, wherein the audio signal is generated using at least one speaker included on the peripheral computing device.

34. A peripheral computing device configured to perform a setup process, the peripheral computing device comprising:

at least one processor; and

at least one memory storing instructions that, when executed by the at least one processor, cause the peripheral computing device to:

periodically transmitting a request to participate in the setup process to a nearby computing device;

receiving approval from a computing device of the nearby computing device to participate in the setup process;

issuing to the computing device:

(1) an audio signal encoding (i) a cipher and (ii) timing information, and

(2) an optical signal, the optical signal being related to the timing information; and

in response to verifying that the computing device has the password:

establishing a communication link with the computing device based on the password.

35. The peripheral computing device of claim 34, wherein the request and the approval are transmitted using a WiFi, bluetooth, or NFC protocol.

36. The peripheral computing device of claim 34, wherein the at least one processor further causes the peripheral computing device to:

installing configuration information received from the computing device over the communication link, wherein the configuration information comprises at least one of: WiFi network credentials, user account credentials, and an encryption key set.

37. The peripheral computing device of claim 34, wherein the light signal is generated using at least one light source included on the peripheral computing device.

38. The peripheral computing device of claim 34, wherein the audio signal is generated using at least one speaker included on the peripheral computing device.

Technical Field

The described embodiments relate generally to computing devices configured to communicate and be configured with one another. More particularly, the embodiments relate to verifying a user's intent to engage their computing device when a nearby peripheral computing device requests assistance to perform a setup process.

Background

In recent years, the average number and types of peripheral computing devices owned by individuals has proliferated. For example, it is common for an individual to own a wearable device (e.g., a fitness tracker), a set of headphones, a set-top box, a wireless speaker, and so forth. Notably, having these peripheral computing devices can provide a rich user experience, as each device can provide specialized functionality to meet a given user's needs throughout the day. However, many of these peripheral computing devices lack user interfaces (e.g., speakers, wearable devices, etc.) that enable users to efficiently establish complex configurations of the device (e.g., WiFi passwords, user account information, etc.), such as when they require an "out-of-box" setup process. In some cases, more advanced computing devices (e.g., smartphones, tablets, etc.) may be used to pair with peripheral computing devices and assist the peripheral computing devices through a setup process. Unfortunately, this approach is prone to unsolved security issues. For example, a nearby malicious computing device can mimic the peripheral computing device and fool the user into pairing/sending sensitive information with the malicious computing device. Accordingly, there is a need for a more secure and reliable method to enable a computing device to participate in a peripheral computing device setup process.

Disclosure of Invention

To address the foregoing deficiencies, the representative embodiments described herein disclose various techniques for a reliable method to verify a user's intent to engage their computing device when a nearby peripheral computing device requests help to perform a setup process.

According to some embodiments, a method for enabling a computing device to securely configure a peripheral computing device is disclosed. According to some embodiments, the method can comprise the steps of: (1) approving the request received from the peripheral computing device to participate in a setup process of the peripheral computing device, (2) receiving from the peripheral computing device: (i) an audio signal encoding the cipher and timing information, and (ii) an optical signal. Additionally, the method may involve, in response to identifying that the timing information is related to the optical signal: (3) extracting a password from the audio signal; and (4) establish a communication link with the peripheral computing device based on the password. In turn, the method may involve (5) providing the configuration information to the peripheral computing device via the communication link.

According to some embodiments, another method for enabling a peripheral computing device to perform a setup process is disclosed. According to some embodiments, the method can comprise the steps of: (1) receiving approval from a computing device of a nearby computing device to participate in a setup process; (2) issuing to a computing device: (i) an audio signal encoding the password and the timing information; and (ii) an optical signal associated with the timing information. Additionally, the method can involve, in response to verifying that the computing device has a password: (3) a communication link is established with the computing device based on the password. In turn, the method can additionally involve (4) installing the configuration information received from the computing device over the communication link.

Other embodiments include a non-transitory computer-readable storage medium configured to store instructions that, when executed by a processor included in a computing device, cause the computing device to perform the steps of any of the methods described above. Further embodiments include a computing device configured to perform various steps of any of the foregoing methods.

Other aspects and advantages of the invention will become apparent from the following detailed description, taken in conjunction with the accompanying drawings, illustrating by way of example the principles of the embodiments.

Drawings

The present disclosure will be readily understood by the following detailed description in conjunction with the accompanying drawings, wherein like reference numerals designate like structural elements.

Fig. 1 illustrates a block diagram of different computing devices that may be configured to implement different aspects of the various techniques described herein, according to some embodiments.

Fig. 2A-2G illustrate conceptual diagrams of an exemplary scenario in which a peripheral computing device seeks assistance from a nearby computing device to perform a setup/configuration process, according to some embodiments.

Fig. 3 illustrates a method for enabling a computing device to securely configure a peripheral computing device, according to some embodiments.

Fig. 4 illustrates a method for performing a setup process at a peripheral computing device, in accordance with some embodiments.

Fig. 5 illustrates a conceptual diagram of an exemplary user interface that may be implemented at a computing device participating in a setup/configuration process of a peripheral computing device, according to some embodiments.

Fig. 6 illustrates a detailed view of a computing device that may represent the computing device of fig. 1 for implementing various techniques described herein, in accordance with some embodiments.

Detailed Description

Representative applications of the apparatus and methods according to the described embodiments of the invention are provided in this section. These examples are provided merely to add context and aid in the understanding of the described embodiments. It will thus be apparent to one skilled in the art that the presently described embodiments may be practiced without some or all of these specific details. In other instances, well known process steps have not been described in detail in order to avoid unnecessarily obscuring the presently described embodiments. Other applications are possible, such that the following examples should not be considered limiting.

The embodiments described herein set forth techniques for reliably verifying a user's intent to pair their computing device with a peripheral computing device, e.g., a computing device with minimal user interface components (e.g., a set-top box, a speaker, a pair of wireless headphones, a fitness tracker, a wearable, etc.). For example, the user's intent may correspond to an acceptance to engage with a particular peripheral computing device in some manner, e.g., to configure the peripheral computing device to operate when the peripheral computing device is operating in a setup mode. According to some embodiments, the peripheral computing device can enter a setup mode at an appropriate time, e.g., when powered "out of box" for the first time, when configuration information on the peripheral computing device is damaged or lost, etc. According to some embodiments, a peripheral computing device can periodically broadcast setting requests (e.g., via bluetooth) in a setting mode to nearby computing devices configured to listen for and respond to setting requests. For example, when one of the nearby computing devices detects a setup request, the computing device can display a User Interface (UI) notification indicating (i.e., to a user of the computing device) that the peripheral computing device is operating in a setup mode and needs help. In turn, the computing device can indicate (e.g., upon receiving approval from the user) that the computing device is to engage with the peripheral computing device to assist in performing the setup process.

Upon receiving the approval, the peripheral computing device can encode the password into (1) at least one audio signal that is generated by the peripheral computing device (e.g., using one or more speakers) and (2) that is explicitly designated for reception by the nearby device. Additionally, timing information (e.g., a timestamp) can be encoded into the audio signal, where the timing information is related to at least one light signal that is also generated by the peripheral computing device (e.g., using one or more light sources) along with the audio signal. In this way, the user's intent to engage with the peripheral computing device can be reliably verified, as the user will need to position the computing device in a particular manner relative to the peripheral computing device to enable the computing device to efficiently process and verify audio and light signals. In particular, the computing device should be positioned relative to the peripheral computing device such that the computing device is able to efficiently (1) detect audio signals (e.g., via a microphone), and (2) detect optical signals (e.g., via a camera, sensor, etc.). In turn, the computing device may verify that the light signal is associated with timing information included in the audio signal, thereby establishing a reliable confidence that the user wishes the computing device to be paired with the peripheral computing device. In other words, when the computing device receives an audio signal (e.g., from a malicious peripheral computing device), but cannot verify the light signal (or vice versa), the computing device may abort the pairing process.

The computing device and the peripheral computing device can then establish a secure communication link (e.g., using an encoded password included in the audio signal) over which the setup process can be performed. For example, the encoded password may be decoded and used at least as a basis for establishing one or more symmetric keys that are shared by the computing device and the peripheral computing device and used to establish the secure communication link. In turn, the computing device can provide various configuration information owned by the computing device, such as WiFi information (e.g., Service Set Identifier (SSID)/password/encryption key), user account information (e.g., cloud account login/password/encryption key), encryption key sets, user preferences (e.g., language environment, configuration settings, etc.), and so forth, to the peripheral computing device. The peripheral computing device may then assimilate the configuration information and reconfigure itself as needed, and exit the setup mode upon verifying that the desired level of operation (e.g., internet connection, account access, etc.) has been achieved. Subsequently, the computing device and the peripheral computing device can remain paired with each other to perform additional functions (e.g., the computing device can stream music to the peripheral computing device). Alternatively, the computing device and the peripheral computing device can be disconnected and operate in a separate manner.

A more detailed discussion of these techniques is shown below and described in conjunction with fig. 1, 2A-2G, and 3-6, which illustrate detailed diagrams of systems and methods that may be used to implement these techniques.

Fig. 1 illustrates a block diagram 100 of a different computing device 102 that may be configured to implement aspects of the techniques described herein, according to some embodiments. In particular, fig. 1 illustrates a high-level overview of a computing device 102, which as shown may include at least one processor 104, at least one memory 106, and at least one storage 132. According to some embodiments, the processor 104 can be configured to work in conjunction with the memory 106 and the storage 132 to enable the computing device 102 to implement the various techniques set forth in this disclosure. According to some embodiments, the storage 132 can represent a storage entity accessible to the computing device 102, such as a hard disk drive, a solid state drive, a mass storage device, a remote storage device, a storage service, and so forth. For example, the storage 132 may be configured to store an Operating System (OS) file system volume 134 installable at the computing device 102, wherein the Operating System (OS) file system volume 134 includes an OS 108 compatible with the computing device 102.

According to some embodiments, and as shown in fig. 1, the OS 108 may enable the settings manager 110 to execute on the computing device 102. It should be appreciated that the operating system 108 may also enable a variety of other processes to be executed on the computing device 102 (e.g., OS daemons, native OS applications, user applications, etc.). According to some embodiments, the settings manager 110 on the computing device 102 may be configured to interact with another settings manager 110 on the peripheral computing device 102 to perform the techniques described herein. According to some embodiments, the settings manager 110 on the computing device 102 may act as a "configurator" for the settings manager 110 on the peripheral computing device 102, for example, when the settings manager 110 on the peripheral computing device 102 broadcasts a setting request to the nearby computing devices 102 and the settings manager 110 on the computing device 102 accepts the setting request. In turn, and after performing the secure pairing techniques described herein, the setup manager 110 (on the computing device 102) may access different information associated with the computing device 102 and transmit that information to the setup manager 110 (on the peripheral computing device 102) for installation at the peripheral computing device 102. This information may include, for example, WiFi information (e.g., Service Set Identifier (SSID)/password/encryption key), user account information (e.g., cloud account login/password/encryption key), encryption key sets, etc., that enable the peripheral computing device 102 to provide a rich user experience. It should be noted that the foregoing examples are not intended to represent an exhaustive list in any way, and that any form of information may be shared between computing devices 102 where appropriate.

Additionally, although not shown in fig. 1, the settings manager 110 of a given computing device 102 may be configured to manage pairing device information that enables the settings manager 110 to identify the relevant computing device 102 with which the computing device 102 was previously paired. For example, for each other computing device 102 to which the computing device 102 was previously paired, the paired device information may include a unique Identifier (ID) associated with the computing device 102, one or more encryption keys associated with the computing device 102, and so forth. In this way, the computing device 102 can easily establish secure communication links with those other computing devices 102 (e.g., using encryption keys) and perform desired functions (e.g., publishing configuration updates, sharing content, etc.).

As shown in fig. 1, and as described in greater detail herein, the OS 108 may be configured to enable the settings manager 110 to interact with various communication components 116 included in/available to the computing device 102. The communication component 116 can include, for example, a WiFi interface 118, a Near Field Communication (NFC) interface 120, a bluetooth interface 122, at least one speaker 124, at least one microphone 126, at least one camera interface 128, and at least one light source (e.g., Light Emitting Diode (LED), laser, etc.) -such as

Fig. 1 shows an LED 130. The communication component 116 may also include components not shown in fig. 1, such as a cellular interface, an ethernet interface, a display interface, an input interface (e.g., buttons, touch surfaces, dials, etc.), and so forth. It should be noted that these examples are not intended to represent an exhaustive list in any way, and that any form of communication interface may be included in communication component 116. For example, the communication component 116 can include a Global Positioning System (GPS) interface that can enable the computing devices 102 to identify when they are in proximity to each other. For example, this may provide an additional level of security related to identifying when a user intends to utilize their computing device 102 to participate in the setup process described herein with other computing devices 102.

As described above, the setup manager 110-2/computing device 102-2 may act as a configurator for the setup manager 110-1/peripheral computing device 102-1, e.g., when the setup manager 110-1 broadcasts a setup request to nearby computing devices 102 and the setup manager 110-2/computing device 102-2 accepts the setup request. In turn, the setup manager 110-1 (on the peripheral computing device 102-1) may establish a password (e.g., a random password, a password derived from pre-existing information, etc.) and encode the password into an audio signal generated through the speaker 124-1 included in the peripheral computing device 102-1. In addition, the setup manager 110-1 may encode timing information (e.g., a timestamp) associated with the light signal generated by the LED 130-1 into the audio signal. For example, the setup manager 110-1 may cause the LEDs 130 to emit light according to a predefined pattern, a randomly generated pattern, or the like, and generate timing information related to the emitted light. Alternatively, the setup manager 110-1 may generate timing information according to the aforementioned pattern and cause the LED 130-1 to emit light according to the timing information.

In any case, the setup manager 110-2 (i.e., configurator/computing device 102-2) may instruct (e.g., via a user interface to a user) to place the computing device 102-2 in proximity to the peripheral computing device 102-1 and to point the camera 128-2 of the computing device 102-2 at the peripheral computing device 102-1. At this point, the setup manager 110-2 may obtain the audio/light signals generated by the peripheral computing device 102-1 through the microphone 126-2/speaker 124-2, respectively. In turn, the setup manager 110-2 may analyze timing information included in the audio signal relative to the light signal and extract the encoded password when verifying that the timing information is related to the light signal (e.g., within a threshold accuracy). Finally, computing device 102-2 and peripheral computing device 102-1 may establish a secure communication link (e.g., using a password) over which a setup process may be performed, as described herein.

Thus, fig. 1 illustrates a high-level overview of the different components/entities that may be included in each computing device 102 to enable the embodiments described herein to be properly implemented. As described in more detail below, these components/entities may be used to verify a user's intent to engage with their computing device when a nearby peripheral computing device requests help to perform a setup process, thereby enhancing overall security.

Fig. 2A-2G illustrate conceptual diagrams of an exemplary scenario in which a new (e.g., "out-of-box") peripheral computing device 102-1 seeks help from a nearby computing device 102-2 to perform a setup/configuration process, according to some embodiments. It should be noted, however, that the techniques described in connection with fig. 2A-2G are not limited to only provisioning new peripheral computing devices. Rather, these techniques may also be applied to existing peripheral computing devices, for example, when seeking to reconfigure a peripheral computing device, establish a new pairing with a nearby computing device, and so on. As shown in fig. 2A, a first step 210 may involve the peripheral computing device 102-1 powering up (e.g., a first time), and loading the setup manager 110-1 to cause the peripheral computing device 102-1 to (1) enter a setup mode, and (2) announce the setup mode to the nearby computing devices 102. According to some embodiments, the setup mode may be advertised via packet 212, which is advertised via bluetooth interface 122-1, NFC interface 120-1, and the like included in peripheral computing device 102-1. As shown in fig. 2A, each packet 212 may include (1) a device Identifier (ID)214 (e.g., a hardware/software identifier) associated with the peripheral computing device 102-1, and (2) an indication 216 of a setup request (e.g., a predefined code, message, etc.). In this way, the nearby computing devices 102 may listen (e.g., using their respective bluetooth interfaces 122, NFC interfaces 120, etc.) for set mode advertisements from other nearby computing devices 102 (e.g., peripheral computing device 102-1) and respond when appropriate. It should be noted that nearby computing devices 102 may be configured to listen at different times to improve energy efficiency. For example, each of the computing devices 102 may be configured to listen after a threshold window time has elapsed after exceeding an unlock event because the computing devices 102 are less likely to be involved in the setup process described herein within the aforementioned time period. As another example, each of the computing devices 102 can be configured to listen after a user launches an application associated with the setup process (e.g., a configuration application available on the computing device 102).

For example, as shown in fig. 2B, step 220 may involve computing device 102-2 detecting a packet 212 issued by peripheral computing device 102-1 and receiving approval (e.g., from a user via a user interface) after prompting whether to engage with peripheral computing device 102-1. In turn, the setup manager 110-2 may cause the computing device 102-2 to engage in a setup mode (e.g., via the accept packet 222) to configure the peripheral computing device 102-1. It should be noted that additional steps may be taken to improve the overall robustness of the pairing techniques described herein. For example, along with the computing device 102-2 participating in the setup mode, the peripheral computing device 102-1 may begin generating audio/light signals that enable the computing device 102-2 to tune its hardware components (e.g., one or more microphones 126, one or more cameras 128, other sensors, etc.) to effectively receive and process the audio/light signals. For example, the sensitivity of the microphone 126 may be actively tuned according to the decibel level of the audio signal (received by the computing device 102-2) to ensure that low-volume defects/high-volume distortions do not adversely affect the ability of the computing device 102-2 to effectively process the audio signal. As another example, various attributes associated with the camera 128 (e.g., exposure level, white balance, color balance, etc.) may be adjusted based on the light signal (as received by the computing device 102-2) to ensure that the light signal is properly received and processed.

Next, at step 230 of fig. 2C, the peripheral computing device 102-1 may generate (1) an audio signal encoding (i) the password 231 and (ii) the timing information 233, and (2) a light signal associated with the timing information. In particular, the peripheral computing device 102-1 may utilize the speaker 124-1 to generate the audio signal 232 (where the password 231/timing information 233 is encoded) and may utilize the LED 130-1 to generate the light signal 234 corresponding to the timing information 233 (as shown by the correlation 236 in fig. 2C).

Next, at step 240 of FIG. 2D, computing device 102-2 receives (1) audio signal 232 and (2) light signal 234. In particular, computing device 102-2 may receive audio signal 232 through microphone 126-2 and may receive light signal 234 through camera 128-2 (or another sensor) included in computing device 102-2. In turn, the computing device 102-2 may attempt to verify the correlation 236 between the timing information 233 (included in the audio signal 232) and the light signal 234. According to some embodiments, the computing device 102-2 may verify the correlation 236 even when slight drift is observed between the timing information and the optical signal 234 but remains within a threshold tolerance level. In any case, when the computing device 102-2 verifies the correlation 236, the computing device 102-2 may decode the encoded password 231 and retain the password 231 to establish a secure communication link (as described in further detail below). In contrast, when computing device 102-2 fails to verify relevance 236, computing device 102-2 may prompt the user to reposition computing device 102-2 to ensure that (1) computing device 102-2 is proximate to peripheral computing device 102-1, (2) camera 128-2 is pointed at peripheral computing device 102-1, and so on.

Additionally, although not shown in FIG. 2D, computing device 102-2 may also be configured to obtain images of peripheral computing device 102-1 (e.g., via camera 128-2, other sensors (e.g., depth-based sensors, infrared sensors, etc.) and perform image recognition techniques to attempt to identify whether peripheral computing device 102-1 is a genuine device/device with which the user intends to engage. For example, computing device 102-2 may maintain (or have access to) a product image/schematic that is indexed according to device ID 214 (as described above in connection with fig. 2A). In this way, computing device 102-2 may identify the type/appearance of peripheral computing device 102-1 (based on its corresponding device ID 214 received at step 210) and process images obtained via camera 128-2 to effectively identify when a malicious device is attempting to compose peripheral computing device 102-1.

Next, at step 250 of FIG. 2E, the peripheral computing device 102-1 and computing device 102-2 may establish a secure communication link 252. According to some embodiments, the secure communication link 252 may be established using the respective bluetooth interface 122 and may be based on the password 231. For example, the cipher 231 may be used as a symmetric encryption key that may be used to form the secure communication link 252 (and to protect various packets sent over the secure communication link). As another example, the password 231 may provide a basis for establishing at least one encryption key that may be used to form the secure communication link. For example, each of the peripheral computing device 102-1 and the computing device 102-2 may access an encryption algorithm that processes the password 231 to derive at least one symmetric key by which the secure communication link 252 is ultimately established. In this way, even if malicious parties somehow gain access to the password 231 during the pairing process, they may not obtain at least one symmetric key that ultimately establishes the secure communication link 252.

In any case, at step 260 of fig. 2F-after establishing secure communication link 252, computing device 102-2 may provide configuration information 262 to peripheral computing device 102-1 for installation. Likewise, the configuration information 262 information may include, for example, WiFi information (e.g., Service Set Identifier (SSID)/password/encryption key), user account information (e.g., cloud account login/password/encryption key), encryption key sets, etc., that enable the peripheral computing device 102-1 to provide a rich user experience. In turn, the peripheral computing device 102-1 may process the configuration information 262 as appropriate. For example, the peripheral computing device 102-1 may utilize WiFi information included in the configuration information 262 to connect to a corresponding WiFi network. As another example, the peripheral computing device 102-1 may utilize user account information included in the configuration information 262 to access data/services provided by the cloud service. In yet another example, the peripheral computing device 102-1 may use the set of encryption keys to trust cycles with other computing devices 102 and provide various functionality. It should be noted that the foregoing examples are merely exemplary, and that any form of information may be included in configuration information 262, and further that peripheral computing device 102-1 may process configuration information 262 in any suitable manner that enables peripheral computing device 102-1 to employ various functionalities.

Finally, at step 270 of FIG. 2G, the peripheral computing device 102-1 may install the configuration information 262 and enter an operational mode (e.g., after initial setup, repair, reconfiguration, etc.). For example, the peripheral computing device 102-1 may employ functionality that the peripheral computing device 102-1 intends to use, e.g., to play music streaming over a WiFi connection, to act as a speaker for a phone call, to gather data through various sensors, and so forth. At this point, peripheral computing device 102-1 and computing device 102-2 may optionally remain in communication with each other over secure communication link 252. For example, computing device 102-2 may stream music (e.g., stored on computing device 102-2 or accessible by computing device) to peripheral computing device 102-1 for playback through speakers 124-1 included on peripheral computing device 102-1. Alternatively, one or more of the peripheral computing device 102-1 and the computing device 102-2 may eliminate the secure communication link 252 and operate in a separate manner.

2A-2G illustrate conceptual diagrams of example scenarios in which a peripheral computing device 102-1 receives assistance from a computing device 102-2 to perform a setup process at the peripheral computing device 102-1, according to some embodiments. 3-5, described in more detail below, provide additional high-level solutions to the techniques described herein.

Fig. 3 illustrates a method 300 for enabling a computing device 102 (e.g., computing device 102-1) to securely configure a peripheral computing device 102 (e.g., peripheral computing device 102-2), according to some embodiments. As shown, the method 300 begins at step 302, where the computing device 102-1 approves a request received from the peripheral computing device 102-2 to participate in a setup process for the peripheral computing device 102-2 (e.g., as described above in connection with fig. 2A-2B). At step 304, computing device 102-1 receives from peripheral computing device 102-2: (1) an audio signal encoding the cipher and timing information (e.g., a timestamp), and (2) an optical signal (e.g., as described above in connection with fig. 2C-2D). At step 306, the computing device 102-1 identifies that the timing information is related to the optical signal (e.g., as described above in connection with fig. 2D). At step 308, computing device 102-1 extracts the password from the audio signal (e.g., as described above in connection with fig. 2D). At step 310, computing device 102-1 establishes a secure communication link with peripheral computing device 102-2 based on the password (e.g., as described above in connection with fig. 2E). At step 312, computing device 102-1 provides configuration information to peripheral computing device 102-2 over a secure communication link (e.g., as described above in connection with fig. 2F).

According to some embodiments, the peripheral computing device 102-1 may be configured to perform various checks when installing configuration information to ensure that the peripheral computing device 102-1 is functioning properly. In this way, the peripheral computing device 102-1 may notify the computing device 102-2 when a problem (e.g., a WiFi connection problem, an account login problem, etc.) occurs. In turn, the computing device 102-2 may prompt the user to re-enter information, select a different configuration, and so on to address the current issue.

Thus, the above-described steps described above in connection with FIG. 3 illustrate techniques for (1) establishing a secure connection between peripheral computing device 102-1 and computing device 102-2 and (2) performing at least initial configuration of peripheral computing device 102-1. It should be noted that additional steps may be implemented in conjunction with the above-described techniques to allow extended functionality of the peripheral computing device 102-1 to be configured and utilized.

For example, a scenario is configured in which peripheral computing device 102-1 is an audio component configured to play back audio from a variety of sources (e.g., music services, paired devices, etc.). In this scenario, method 300 may also involve prompting the user (of computing device 102-2) for login information associated with the music service with which the user is registered. Additionally, computing device 102-2 may provide trial opportunities for different online services available to and associated with computing device 102-2/peripheral computing device 102-1, particularly when the user is unable to provide the aforementioned music service login. For example, computing device 102-2 may identify the type of peripheral computing device 102-1 and then interact with the online service to identify any available free trials associated with purchasing peripheral computing device 102-1.

In some cases, computing device 102-2 may be designed to participate as a component within a smart-home environment. In this scenario, computing device 102-2 may prompt the user for different smart home configuration settings that should be applied to peripheral computing device 102-1. For example, computing device 102-2 may be configured to (1) present at least one family (e.g., "Cupertino home") previously set by the user, (2) present an option to create (i.e., establish) the at least one family when the user does not set a family, and so on. In any case, when the user selects a home, computing device 102-2 may be configured to (1) present at least one room (e.g., "living room") previously set by the user, (2) present an option to create (i.e., establish) at least one room when the user does not set any rooms (e.g., within the selected home), and so on. It should be noted that the foregoing examples are exemplary, and that any smart home attribute may be assigned to peripheral computing device 102-1 during the configuration process described herein. For example, the peripheral computing device 102-1 may be configured to participate as a single speaker in a particular speaker group (e.g., belonging to a house and/or room). As another example, peripheral computing device 102-1 may be configured to function as one of two speakers in a stereo configuration or one of many speakers in a surround sound configuration. In yet another example, the speaker may be configured to operate as a single speaker that typically roams throughout a particular household.

Thus, fig. 3 illustrates a method for enabling the computing device 102 to perform a secure and enhanced configuration process with the peripheral computing device 102. Advantageously, the configuration processes provided herein may range from simple scenarios (e.g., sharing WiFi information) to more complex scenarios (e.g., smart home configuration). In any case, the computing device 102 described herein may be configured to provide a user interface that guides a user through various setup processes associated with the peripheral computing device 102. In turn, the peripheral computing device 102 may be configured to interact with and provide various levels of feedback (e.g., operability indications, confirmation indications, etc.), the details of which are described below in connection with fig. 4.

Fig. 4 illustrates a method 400 for performing a setup process at a peripheral computing device 102 (e.g., peripheral computing device 102-1), in accordance with some embodiments. As shown, the method 400 begins at step 402, where the peripheral computing device 102-1 periodically transmits a request to the nearby computing devices 102 to participate in a setup process (e.g., as described above in connection with fig. 2A). At step 404, the peripheral computing device 102-1 receives approval from a computing device 102 (e.g., computing device 102-2) of the nearby computing devices 102 to participate in the setup process (e.g., as described above in connection with fig. 2B). At step 406, peripheral computing device 102-1 issues to computing device 102-2: (1) an audio signal encoding the password and timing information (e.g., a timestamp), and (2) a light signal associated with the timing information (e.g., as described above in connection with fig. 2C). At step 408, the peripheral computing device 102-1 verifies whether the computing device 102-2 has a password (e.g., as described above in connection with fig. 2D). For example, computing device 102-2 may indicate to peripheral computing device 102-1 that the password was successfully received. At step 410, the peripheral computing device 102-1 establishes a secure communication link with the computing device 102-2 based on the password (e.g., as described above in connection with fig. 2E). At step 412, the peripheral computing device 102-1 installs the configuration information received from the computing device 102-2 over a secure communication link (e.g., as described above in connection with fig. 2F).

Additionally, fig. 5 illustrates a conceptual diagram 500 of an exemplary user interface that may be implemented at a computing device (e.g., computing device 102-2) participating in a setup/configuration process for peripheral computing device 102 (e.g., peripheral computing device 102-1), according to some embodiments. As shown in fig. 5, computing device 102-2, and in particular, settings manager 110-2 executing on computing device 102-2, may detect that peripheral computing device 102-1 has entered a settings mode and is requesting assistance from a nearby computing device 102 (e.g., as described above in connection with fig. 2A). In turn, computing device 102-2 may display user interface 502, which informs the user of computing device 102-2 of the setup request issued by peripheral computing device 102-1. For example, user interface 502 may include images, animations, sounds, etc. that draw attention to computing device 102-2 and prompt the user whether the user wants to pair/set peripheral computing device 102-1 with computing device 102-2. As shown in fig. 5, user interface 502 may include a visual representation of peripheral computing device 102-1, e.g., based on a device ID transmitted by peripheral computing device 102-1 (e.g., as described above in connection with fig. 2A). Additionally, as shown in user interface 502 (and according to the checker scenario shown in fig. 5), the user accepts the prompt, which causes computing device 102-2 to display user interface 504. Further, user acceptance of the prompt causes computing device 102-2 to indicate acceptance of peripheral computing device 102-1, which may then begin generating the audio/light signals described herein.

As shown in FIG. 5, user interface 504 may direct the user to point camera 128-2 (on computing device 102-2) at peripheral computing device 102-1. Notably, this naturally enables the user to place computing device 102-2 in proximity to peripheral computing device 102-1, thereby enabling computing device 102-2 to detect audio signals generated by peripheral computing device 102-1 (e.g., via microphone 126-2 on computing device 102-2). In addition, this enables computing device 102-2 to detect light signals generated by peripheral computing device 102-1 that are received at computing device 102-2 (e.g., by camera 128-2 and/or some other sensor on computing device 102-2). At this point, computing device 102-2 may process the audio/light signal and move together in the process with a degree of confidence in verifying the timing information associated with the light signal described herein, such that the user really intends to pair computing device 102-2 with peripheral computing device 102-1.

In turn, and as described herein, the computing device 102-2 may (1) extract the password encoded in the audio signal, (2) utilize the password to establish a secure communication link with the peripheral computing device 102-1, and (3) provide configuration information for installation to the peripheral computing device 102-1. Although not shown in FIG. 5, it should be noted that additional user interfaces may be displayed at computing device 102-2/peripheral computing device 102-1 to assist the user in performing the setup process for peripheral computing device 102-1. For example, the user interface may take the form of a flow similar to a wizard in which the user may apply various options during the setup process, and in which the peripheral computing device 102-1 issues different notifications (e.g., sounds, light flashes, etc.) to confirm progress. For example, the user may select different configuration information (e.g., WiFi information, but not personal user account information) that the user wishes to provide to the peripheral computing device 102-1. The user may also select different configuration settings to assign to the peripheral computing device 102-1, e.g., default volume, active/inactive features, etc. In any case, at the end of the setup process, computing device 102-2 may display an indication within user interface 506 that peripheral computing device 102-1 has been properly configured (e.g., according to the user's instructions). At this point, computing device 102-2 and peripheral computing device 102-1 may remain connected (as described herein) to perform additional functions, or left alone (as also described herein).

Thus, fig. 5 illustrates a manner in which embodiments described herein may provide an effective and efficient method for verifying a user's intent to engage with their computing device when a nearby peripheral computing device requests assistance to perform a setup process.

In summary, embodiments described herein may enable a computing device to (1) establish a secure communication channel with a peripheral computing device, and (2) configure the peripheral computing device for operation. Although the embodiments illustrated herein are primarily directed to generating (1) an audio signal encoding (i) a cipher/(ii) timing information, and (2) a light signal consistent with the timing information, it should be noted that other methods may be utilized to achieve the same or similar benefits at the same time. For example, an inverse approach may be utilized, wherein the cipher/timing information is encoded into the optical signal, and wherein the audio signal is consistent with the timing information. As another example, a method may be used in which at least a first portion of a password is transmitted using an audio signal and at least a second portion of the password is transmitted using an optical signal. This example can be further extended by including additional parts of the password in the further signal. As another example, at least one encryption key may be encoded into the audio signal and an encrypted password may be encoded into the optical signal, where the at least one encryption key may be used to decrypt the encrypted password (or vice versa). In any case, these various methods may provide the same benefits as verifying the user's intent to pair their computing device with a peripheral computing device.

Additionally, it should be noted that the embodiments described herein can be modified to employ different methods to achieve the same or similar results without departing from the scope of the disclosure. For example, the light signal may be omitted from the setup/configuration process described herein such that only an audio signal is required. In particular, the computing device 102-2 may be configured to ignore any light signals generated by the peripheral computing device 102-1 when extracting cryptographic information included in the audio signal, thereby providing a more simplified approach. It should be noted that any encoding scheme may be utilized to include the cryptographic information within the audio signal without departing from the scope of the present disclosure.

Alternatively, the audio signal may be omitted from the setup/configuration process described herein, such that only a light signal is required. For example, the peripheral computing device 102-1 may be configured to encode cryptographic information into an optical signal intended to be received by the computing device 102-2. In this approach, the optical signal may employ any encoding scheme (e.g., manchester encoding) to effectively convey cryptographic information. In turn, the computing device 102-2 may obtain the optical signal and extract the cryptographic information from the optical signal according to the encoding scheme utilized. According to some embodiments, an initial handshake may be performed between peripheral computing device 102-1 and computing device 102-2 to communicate an indication of the encoding scheme to utilize. In this regard, the encoding scheme may be dynamically changed to help increase security and prevent malicious activity.

Additionally, it should be noted that various methods may be used to produce consistent audio/light signals as described herein. In particular, it should be noted that the audio signal may include timing information consistent with any aspect of the light signal. For example, when two or more light sources are included on the peripheral computing device 102-1, each light source may emit a light signal according to timing information included in the audio signal. As another example, the timing information may coincide with a spatial pattern of light signals generated by the peripheral computing device 102-1. As another example, the timing information may be consistent with a frequency, intensity, etc., associated with the optical signal. It should be noted that the above examples do not in any way represent an exhaustive list of different methods that may be used. Additionally, it should be noted that the techniques associated with these examples may be combined/modified in any manner without departing from the scope of the present disclosure.

Additionally, it should be noted that the light signals described herein may encompass any form of visual pattern animation displayed on a display device. For example, the peripheral computing device 102-1 may include a display device (e.g., an integrated Liquid Crystal Display (LCD) screen, an Organic Light Emitting Diode (OLED) screen, etc.) or communicate with an external display device (e.g., a television) capable of displaying an animation in which information may be encoded. For example, when an audio signal is employed (and cryptographic information is encoded), the animation may coincide with timing information included in the audio signal. As another example, when audio signals are not employed, or when they do not function in their entirety during pairing, the animation itself may encode the cryptographic information. In any case, computing device 102-1 may be configured to acquire and process animations (alone or in combination with audio signals) to effectively perform the pairing techniques described herein. Also, it should be noted that the above examples do not in any way represent an exhaustive list of different methods that may be used. Additionally, it should be noted that the techniques associated with these examples may be combined/modified in any manner without departing from the scope of the present disclosure.

Additionally, it should be noted that the techniques described herein may include out-of-band verification of the authenticity of the peripheral computing device 102-1. This may involve, for example, computing device 102-1 facilitating communication between peripheral computing device 102-1 and a server device (e.g., managed by a manufacturer of peripheral computing device 102-1 or a partner of the manufacturer) to enable server device/computing device 102-2 to confirm that peripheral computing device 102-1 is authentic. For example, the server device may issue an encryption-based challenge to the peripheral computing device 102-1 that may only be correctly answered by the peripheral computing device 102-1. In addition, the peripheral computing device 102-1 may provide identifier information, encryption key information, and the like as an indication of the authenticity of the peripheral computing device 102-1. In turn, the server device may indicate to computing device 102-2 whether a pairing process should be performed, thereby significantly enhancing security. Additionally, it should be noted that the peripheral computing device 102-1 may employ similar techniques to verify the authenticity of the computing device 102-2 to reduce the likelihood of participating in malicious pairings. For example, the peripheral computing device 102-1 may issue a challenge (e.g., as described above) to the computing device 102-2 to verify authenticity. Further, if an internet connection is available to the peripheral computing device 102-1, the peripheral computing device 102-1 may communicate with the server device to perform an additional level of authentication of the computing device 102-2.

Fig. 6 illustrates a detailed view of a computing device 600, which may represent the computing device of fig. 1 for implementing various techniques described herein, according to some embodiments. For example, the detailed view illustrates various components that may be included in the computing device 102 described in connection with FIG. 1. As shown in fig. 6, computing device 600 may include a processor 602 that represents a microprocessor or controller for controlling the overall operation of computing device 600. Computing device 600 may also include a user input device 608 that allows a user of computing device 600 to interact with computing device 600. For example, the user input device 608 may take a variety of forms, such as buttons, keypads, dials, touch screens, audio input interfaces, visual/image capture input interfaces, input in the form of sensor data, and so forth. Additionally, computing device 600 may include a display 610 that may be controlled by processor 602 (e.g., via graphical components) to display information to a user. The data bus 616 can facilitate data transfer between at least the storage device 640, the processor 602, and the controller 613. The controller 613 can be used to interact with and control various devices through the device control bus 614. Computing device 600 may also include a network/bus interface 611 coupled to a data link 612. In the case of a wireless connection, the network/bus interface 611 can include a wireless transceiver.

As described above, the computing device 600 also includes a storage device 640, which may comprise a single disk (e.g., a hard disk) or a collection of disks. In some embodiments, storage device 640 may include flash memory, semiconductor (solid state) memory, or the like. The computing device 600 may also include Random Access Memory (RAM)620 and Read Only Memory (ROM) 622. The ROM 622 can store programs, utilities or processes to be executed in a nonvolatile manner. The RAM 620 may provide volatile data storage and store instructions related to the operation of applications executing on the computing device 600.

Various aspects, embodiments, implementations, or features of the described embodiments may be used alone or in any combination. Various aspects of the described implementations may be implemented by software, hardware, or a combination of hardware and software. The embodiments may also be embodied as computer readable code on a computer readable medium. The computer readable medium is any data storage device that can store data which can thereafter be read by a computer system. Examples of such computer readable media include read-only memory, random-access memory, CD-ROMs, DVDs, magnetic tape, hard drives, solid-state drives, and optical data storage devices. The computer readable medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.

The foregoing description, for purposes of explanation, used specific nomenclature to provide a thorough understanding of the embodiments. It will be apparent, however, to one skilled in the art that the embodiments may be practiced without the specific details. Thus, the foregoing descriptions of specific embodiments are presented for purposes of illustration and description. The foregoing description is not intended to be exhaustive or to limit the described embodiments to the precise form disclosed. It will be apparent to those skilled in the art that many modifications and variations are possible in light of the above teaching.