Systems and methods for “machine-to-machine” (M2M) communications between modules, servers, and an application using public key infrastructure (PKI)
First Claim
1. A method for supporting secure machine-to-machine communications, comprising:
- (a) receiving, at a server, a first message from a user module, the first message including;
(i) a module identity string associated with the user module, and(ii) a temporary module public key that was generated at the user module along with a temporary module private key;
(b) providing a server public key corresponding to a server private key;
(c) generating, by the server, a first common derived shared secret key using Diffie-Hellman based on at least;
(i) the temporary module public key;
(ii) the server private key;
wherein the first common derived shared secret key can be generated using Diffie-Hellman by the module based on at least;
(i) the temporary module private key associated with the temporary module public key; and
(ii) the server public key associated with the server private key;
(d) receiving, at the server, a second message from the user module, wherein the second message includes a module identity, which is associated with but different from the module identity string, and wherein the module identity is decrypted with the first common derived shared secret key;
(e) authenticating, at the server, the user module based at least on the module identity;
(f) receiving, from the user module at the server, a token with first encrypted data using a second common derived shared secret key;
(g) generating, at the server, the second common derived shared secret key; and
(h) decrypting the first encrypted data using the second common derived shared secret key.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.
190 Citations
9 Claims
-
1. A method for supporting secure machine-to-machine communications, comprising:
-
(a) receiving, at a server, a first message from a user module, the first message including; (i) a module identity string associated with the user module, and (ii) a temporary module public key that was generated at the user module along with a temporary module private key; (b) providing a server public key corresponding to a server private key; (c) generating, by the server, a first common derived shared secret key using Diffie-Hellman based on at least; (i) the temporary module public key; (ii) the server private key; wherein the first common derived shared secret key can be generated using Diffie-Hellman by the module based on at least; (i) the temporary module private key associated with the temporary module public key; and (ii) the server public key associated with the server private key; (d) receiving, at the server, a second message from the user module, wherein the second message includes a module identity, which is associated with but different from the module identity string, and wherein the module identity is decrypted with the first common derived shared secret key; (e) authenticating, at the server, the user module based at least on the module identity; (f) receiving, from the user module at the server, a token with first encrypted data using a second common derived shared secret key; (g) generating, at the server, the second common derived shared secret key; and (h) decrypting the first encrypted data using the second common derived shared secret key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification