US Patent 10382203 Associating applications with Internet-of-things (IoT) devices using three-way handshake

A three-way pairing handshake may include an internet-of-things (IoT) service sending an encrypted token to an IoT device in response to a request for a token from that IoT device. The encrypted token may store a service managed client identifier and a device identifier. The IoT device may share the encrypted token with a companion application on a mobile device. In turn, the companion application sends a pairing request to the IoT service which includes the encrypted token, along with a copy of the device identifier and the client identifier. The IoT service may validate the pairing request by decrypting the encrypted token included in the pairing request and verifying that the device identifier and the client identifier recovered from the decrypted token matches the device identifier and client identifier received in the pairing request.