Systems and methods for “machine-to-machine” (M2M) communications between modules, servers, and an application using public key infrastructure (PKI)
First Claim
Patent Images
1. A method for supporting secure machine-to-machine communications, comprising:
- (a) receiving, at a server, a first message from a user module, the first message including;
(i) a module identity string associated with the user module, and(ii) a temporary module public key that was generated at the user module along with a temporary module private key;
(b) providing a server public key corresponding to a server private key;
(c) generating, by the server, a first common derived shared secret key using Diffie-Hellman based on at least;
(i) the temporary module public key;
(ii) the server private key;
wherein the first common derived shared secret key can be generated using Diffie-Hellman by the module based on at least;
(i) the temporary module private key associated with the temporary module public key; and
(ii) the server public key associated with the server private key;
(d) receiving, at the server, a second message from the user module, wherein the second message includes a module identity, which is associated with but different from the module identity string, and wherein the module identity is decrypted with the first common derived shared secret key;
(e) authenticating, at the server, the user module based at least on the module identity;
(f) receiving, from the user module at the server, a token with first encrypted data using a second common derived shared secret key;
(g) generating, at the server, the second common derived shared secret key; and
(h) decrypting the first encrypted data using the second common derived shared secret key.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.
190 Citations
9 Claims
-
1. A method for supporting secure machine-to-machine communications, comprising:
-
(a) receiving, at a server, a first message from a user module, the first message including; (i) a module identity string associated with the user module, and (ii) a temporary module public key that was generated at the user module along with a temporary module private key; (b) providing a server public key corresponding to a server private key; (c) generating, by the server, a first common derived shared secret key using Diffie-Hellman based on at least; (i) the temporary module public key; (ii) the server private key; wherein the first common derived shared secret key can be generated using Diffie-Hellman by the module based on at least; (i) the temporary module private key associated with the temporary module public key; and (ii) the server public key associated with the server private key; (d) receiving, at the server, a second message from the user module, wherein the second message includes a module identity, which is associated with but different from the module identity string, and wherein the module identity is decrypted with the first common derived shared secret key; (e) authenticating, at the server, the user module based at least on the module identity; (f) receiving, from the user module at the server, a token with first encrypted data using a second common derived shared secret key; (g) generating, at the server, the second common derived shared secret key; and (h) decrypting the first encrypted data using the second common derived shared secret key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeJohn A. Nix
-
Original AssigneeNetwork-1 Technologies, Inc.
-
InventorsNix, John A.
-
Primary Examiner(s)Pearson, David J
-
Application NumberUS15/583,968Publication NumberTime in Patent Office477 DaysField of Search713156US Class CurrentCPC Class CodesG06F 21/35 communicating wirelesslyG06F 21/445 by mutual authentication, e...G06F 2221/2105 Dual mode as a secondary as...G06F 2221/2107 File encryptionG06F 2221/2115 Third partyH04J 11/00 Orthogonal multiplex system...H04L 12/2854 Wide area networks, e.g. pu...H04L 2209/24 Key scheduling, i.e. genera...H04L 2209/72 Signcrypting, i.e. digital ...H04L 2209/805 Lightweight hardware, e.g. ...H04L 63/0272 Virtual private networksH04L 63/0435 wherein the sending and rec...H04L 63/0442 wherein the sending and rec...H04L 63/045 wherein the sending and rec...H04L 63/0464 using hop-by-hop encryption...H04L 63/061 for key exchange, e.g. in p...H04L 63/0807 using tickets, e.g. Kerbero...H04L 63/123 received data contents, e.g...H04L 63/166 at the transport layerH04L 67/04 specially adapted for termi...View All
