Network provisioning system and method for collection of endpoints

US 10,104,549 B2
Filed: 09/30/2016
Issued: 10/16/2018
Est. Priority Date: 09/30/2016
Status: Active Grant

First Claim

Patent Images

1. A method for provisioning multiple devices, comprising:

accepting, via a commissioning device, user-input network credentials of a wireless network;

searching, via the commissioning device, for one or more endpoints unconnected to the wireless network;

verifying, via the commissioning device, ownership of the one or more endpoints to a server;

securely transmitting, via the commissioning device, a network-credential communication that includes the user-input wireless network credentials from the commissioning device to the one or more endpoints in response to an affirmative verification of ownership;

verifying, via the one or more endpoints, the integrity and authenticity of the network-credential communication; and

accessing, via the one or more endpoints, the wireless network based on the wireless network credentials in response to an affirmative verification of the network-credential communication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for provisioning multiple devices including a commissioning device, one or more endpoints, and a server. The system and method includes the following. The commissioning device accepts user-input network credentials of a wireless network from a user. The commissioning device searches for one or more endpoints unconnected to the wireless network. The commissioning device then verifies the ownership of the one or more endpoints. In response to a positive verification, the commissioning device securely the network credentials to the one or more endpoints. After receiving the network credentials, the one or more endpoints verify the integrity and authenticity of the communication from the commissioning device. After the one or more endpoints verifies the communication, the one or more endpoints access the wireless network based on the securely transferred wireless credentials.

18 Citations

View as Search Results

24 Claims

1. A method for provisioning multiple devices, comprising:
- accepting, via a commissioning device, user-input network credentials of a wireless network;
  
  searching, via the commissioning device, for one or more endpoints unconnected to the wireless network;
  
  verifying, via the commissioning device, ownership of the one or more endpoints to a server;
  
  securely transmitting, via the commissioning device, a network-credential communication that includes the user-input wireless network credentials from the commissioning device to the one or more endpoints in response to an affirmative verification of ownership;
  
  verifying, via the one or more endpoints, the integrity and authenticity of the network-credential communication; and
  
  accessing, via the one or more endpoints, the wireless network based on the wireless network credentials in response to an affirmative verification of the network-credential communication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 22)
- - 2. The method according to claim 1, wherein the one or more endpoints are respectively attached to one or more electronic devices unconnected to the wireless network.
  - 3. The method according to claim 1, further comprisingprompting a user to input network credentials into the commissioning device.
  - 4. The method according to claim 1, wherein the verifying of the ownership of the one or more endpoints to a server further comprisessending, via the one or more endpoints, at least one pre-stored universally unique identifier from the one or more endpoints to the commissioning devices;
    - determining whether the server includes the pre-stored universally unique identifier of the one or more endpoints; and
      
      confirming the ownership of the one or more endpoints in response to an affirmative determination that the server includes the pre-stored universally unique identifier of the one or more endpoints.
  - 5. The method according to claim 4, wherein the verifying of the ownership of the one or more endpoints to a server further comprisesdetermining whether the pre-stored universally unique identifier has been previously registered with the server;
    - andsending a randomized value from the commissioning device to the one or more endpoints via a personal area network in response to an affirmative determination that the pre-stored universally unique identifier is previously registered with the server;
      
      sending the randomized value from the commissioning device to the server in order to confirm the co-location of the one or more endpoints;
      
      determining whether the randomized value is associated with the universally unique identifier previously registered in the server; and
      
      confirming the co-location of the one or more endpoints and the commissioning device in response to an affirmative determination that the randomized value is associated with the universally unique identifier.
  - 6. The method according to claim 1, wherein the securely transmitting of the network-credential communication further comprisesgenerating, via the server, one or more unique encryption keys based on both unique data of the one or more endpoints and a pre-shared master key included in the server;
    - encrypting the network-credential communication based on a session key as encrypted network credentials; and
      
      transmitting, via the commissioning device, the encrypted network credentials to the one or more endpoints;
      
      recalculating, via the one or more endpoints, the session key; and
      
      decrypting, via the one or more endpoints, the encrypted network credentials received from the commissioning device.
  - 7. The method according to claim 6, wherein the unique encryption key is the session key in the securely transmitting of the network-credential communication.
  - 8. The method according to claim 6, wherein the securely transmitting of the network-credential communication further comprisesderiving, via the server, a randomized session key based on the unique encryption key and randomized plaintext, whereinthe randomized session key is the session key.
  - 9. The method according to claim 1, where the verifying of the integrity of the network-credential communication further comprisescalculating a first checksum for one or more secret data payloads, which include the user-input wireless network credentials;
    - combining the first checksum with the user-input wireless network credentials into the each of the one or more secret data payloads;
      
      transmitting each of the one or more secret data payloads in the network-credential communication to the one or more endpoints, respectively;
      
      independently calculating a second checksum via the one or more endpoints;
      
      comparing the second checksum to the first checksum of the one or more secret data payloads;
      
      confirming the integrity of the network-credential communication in response to an affirmative determination that the first checksum matches the second checksum; and
      
      granting access to the one or more secret data payloads in response to the integrity of the network-credential communication being confirmed.
  - 10. The method according to claim 1, wherein the verifying of the integrity of the network-credential communication further comprisescreating, via a server, one or more unique encryption keys based on a universally unique identifier of each of the one or more endpoints and a pre-shared master key included in the server;
    - creating a randomized session key based on the unique encryption key and randomized plain text;
      
      encrypting the user-input wireless network credentials using the randomized session key as encrypted wireless credentials;
      
      transferring the encrypted wireless credentials to the one or more endpoints attached to the one or more electronic devices unconnected to the wireless network;
      
      independently calculating, via the one or more endpoints, a session key different from the randomized session key;
      
      decrypting, via the one or more endpoints, the network-credential communication; and
      
      calculating, via the one or more endpoints, a checksum;
      
      comparing the checksum and the randomized plain text;
      
      confirming the integrity of the network-credential communication in response to the checksum matching the randomized plain text; and
      
      granting access to the wireless network credentials in response to the integrity of the network-credential communication being confirmed.
  - 11. The method according to claim 10, wherein the creating of one or more unique encryption key further comprisescombining, via the server, the universally unique identifier of the one or more endpoints and the pre-shared master key located on the server to create each of the one or more unique encryption keys.
  - 12. The method according to claim 10, whereinthe creating of the randomized session key, the encrypting of the user-input wireless network credentials, and the transferring of the encrypted wireless credentials to the one or more endpoints occurs via the server.
  - 13. The method according to claim 10, whereinthe creating of the randomized session key, encrypting of the user-input wireless network credentials, and the transferring of the encrypted wireless credentials to the one or more endpoints occurs via the commissioning device.
  - 14. The method according to claim 1, wherein the searching, via the commissioning device, for the at least one endpoint occurs over range-limited wireless communication.
  - 15. The method according to claim 2, whereinthe one or more electronic devices are one or more split-type indoor units of an air conditioning apparatus, andthe one or more endpoint are wireless-network adapters that connect the split-type indoor units to the wireless work.
  - 16. The method for provisioning multiple devices according to claim 1, whereinthe one or more endpoints are a plurality of endpoints, andthe accepting of the network credentials into the commissioning device occurs only once for a plurality of endpoints.
  - 17. The method according to claim 1, wherein the verifying of the integrity of the network-credential communication confirms the authenticity of the network-credential communication.
  - 22. The method for provisioning multiple devices according to claim 6, whereinthe universally unique identifier includes all, or some of, a serial number of the one or more endpoints, andthe unique data in the generating of the unique encryption keys from the unique data and the pre-shared master key includes all, or some of, the serial number of the one or more endpoints.

18. A device provisioning system, comprising:
- one or more endpoints unconnected to a wireless network configured toverify the integrity and authenticity of a network-credential communication that includes user-input wireless-network credentials, andaccess the wireless network based on the wireless network credentials in response to an affirmative verification of the network-credential communication; and
  
  a commissioning device configured toaccept user-input network credentials of a wireless network,search, via a wireless personal area network, for the one or more endpoints respectively attached to one or more electronic devices unconnected to the wireless network,verify the ownership of the one or more endpoints to a server, andsecurely transmit, via the wireless personal area network, a network-credential communication that includes the user-input wireless network credentials to the one or more endpoints in response to an affirmative verification of ownership.
- View Dependent Claims (19, 20, 23)
- - 19. The device provisioning system according to claim 18, wherein the one or more endpoint devices are attachable to one or more electronic devices, respectively, and provide wireless connectivity to the one or more electronic devices.
  - 20. The device provisioning system according to claim 18, wherein the one or more electronic devices are one or more split-type indoor units of an air conditioning apparatus.
  - 23. The device provisioning system according to claim 18, whereinthe one or more endpoints are configured to send a universally unique identifier that includes all, or some of, a serial number of the one or more endpoints to the commissioning device, andthe commissioning device is configured to send to the one or more end points one or more unique encryption keys generated by the server based on the universally unique identifier of each of the one or more endpoints and a pre-shared master key included in the server.

21. A method for provisioning multiple devices, comprising:
- verifying, via a commissioning device, a co-location of one or more endpoints and the commissioning device to a server, the co-location being a predetermined spatial proximity between the one or more endpoints and the commissioning device;
  
  generating, via the server, a unique encryption key based on universally unique identifiers of each of the one or more endpoints and a pre-shared master key included in the server;
  
  securely transmitting, via the commissioning device, a network-credential communication from the commissioning device to the one or more endpoints in response to an affirmative verification of the co-location between the one or more endpoints and the commissioning device, the network-credential communication includes a user-input wireless network credentials and is based on the unique encryption key;
  
  verifying, via the one or more endpoints, the integrity and authenticity of the network-credential communication; and
  
  accessing, via the one or more endpoints, the wireless network based on the wireless network credentials in response to an affirmative verification of the network-credential communication.
- View Dependent Claims (24)
- - 24. The method for provisioning multiple devices according to claim 21, whereinthe universally unique identifier includes all, or some of, a serial number of the one or more endpoints.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mitsubishi Electric Corporation
Original Assignee
Mitsubishi Electric Corporation
Inventors
Fogle-Weekley, Lebbeous, Smithson, Matthew
Primary Examiner(s)
Sam, Phirin

Application Number

US15/281,358
Publication Number

US 20180098218A1
Time in Patent Office

746 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 2463/061   applying further key deriva...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/123   received data contents, e.g...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/10   Integrity

H04W 12/35   Protecting application or s...

H04W 88/02   Terminal devices

Network provisioning system and method for collection of endpoints

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Network provisioning system and method for collection of endpoints

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links