Securing IoT devices using an out-of-band beacon
First Claim
1. A method, comprising:
- broadcasting, by a gateway, a wireless beacon that is out-of-band with respect to communications between the gateway and a plurality of devices over a network, wherein the wireless beacon includes a token;
receiving an encrypted packet at the gateway as part of the communications;
decrypting the encrypted packet into an intermediate payload by the gateway using a public key, wherein the public key corresponds to a certificate provisioned to each of the plurality of devices;
decrypting the intermediate payload into a decrypted packet by the gateway using the token;
after a selected amount of time, broadcasting, by the gateway, another wireless beacon that is out-of-band with respect to the communications, the other wireless beacon including a different token;
receiving another encrypted packet at the gateway as part of the communications;
decrypting the other encrypted packet into another intermediate payload by the gateway using the public key; and
in response to being unable to decrypt the other intermediate payload with the different token, marking a source of the other encrypted packet as suspicious or blocking further communications with the source.
14 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for securing network devices through the use of an out-of-band beacon are described. In some embodiments, a method may include broadcasting, by a gateway, a wireless beacon that is out-of-band with respect to communications between the gateway and a plurality of devices over a network, where the wireless beacon includes a token; receiving an encrypted packet at the gateway as part of the communications; decrypting the encrypted packet into an intermediate payload by the gateway using a public key, where the public key corresponds to a certificate provisioned to each of the plurality of devices; and decrypting the intermediate payload into a decrypted packet by the gateway using the token.
-
Citations
16 Claims
-
1. A method, comprising:
-
broadcasting, by a gateway, a wireless beacon that is out-of-band with respect to communications between the gateway and a plurality of devices over a network, wherein the wireless beacon includes a token; receiving an encrypted packet at the gateway as part of the communications; decrypting the encrypted packet into an intermediate payload by the gateway using a public key, wherein the public key corresponds to a certificate provisioned to each of the plurality of devices; decrypting the intermediate payload into a decrypted packet by the gateway using the token; after a selected amount of time, broadcasting, by the gateway, another wireless beacon that is out-of-band with respect to the communications, the other wireless beacon including a different token; receiving another encrypted packet at the gateway as part of the communications; decrypting the other encrypted packet into another intermediate payload by the gateway using the public key; and in response to being unable to decrypt the other intermediate payload with the different token, marking a source of the other encrypted packet as suspicious or blocking further communications with the source. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A device, comprising:
-
a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the device to; receive a wireless beacon that is out-of-band with respect to communications between a gateway and a plurality of devices over a network, wherein the wireless beacon includes a token; encrypt an outgoing packet using the token into an intermediate payload; encrypt the intermediate payload into an encrypted packet using a private key, wherein the private key corresponds to a certificate provisioned to each of the plurality of devices; transmit the encrypted packet to the gateway over the network; receive another wireless beacon that is out-of-band with respect to the communications between the gateway and the plurality of devices over the network, wherein the other wireless beacon includes a different token; encrypt another outgoing packet using the different token into another intermediate payload; encrypt the other intermediate payload using the private key into another encrypted packet; and transmit the other encrypted packet to the gateway over the network. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A memory device having program instructions stored thereon that, upon execution by a processor of a gateway, cause the gateway to:
-
broadcast a wireless beacon that is out-of-band with respect to communications between the gateway and a plurality of devices over a network, wherein the wireless beacon includes a first token; receive an encrypted packet as part of the communications; decrypt the encrypted packet into an intermediate payload using a public key, wherein the public key corresponds to a certificate provisioned to each of the plurality of devices; decrypt the intermediate payload into a decrypted packet using the first token; after a predetermined amount of time, broadcast another wireless beacon that is out-of-band with respect to the communications, the other wireless beacon including a second token; receive another encrypted packet at the gateway as part of the communications; decrypt the other encrypted packet into another intermediate payload by the gateway using the public key; and in response to the other encrypted packet having been received within a selected time window from the predetermined amount of time, decrypt the other intermediate payload with any of the first token or the second token. - View Dependent Claims (15, 16)
-
Specification