Apparatus and method for sharing WiFi security data in an internet of things (IoT) system

US 10,149,154 B2
Filed: 12/11/2017
Issued: 12/04/2018
Est. Priority Date: 08/21/2015
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a security module to;

generate a first secret and a second secret;

encrypt a wireless key using the second secret to generate a first-encrypted key, the wireless key usable to establish a secure communication channel over a local wireless network; and

a hub/service connection logic to;

establish a secure communication channel between an Internet of Things (IoT) hub and an IoT service using the first secret;

transmit the second secret to the IoT hub;

transmit the first-encrypted key to the IoT service;

receive a twice-encrypted key from the IoT service, the twice-encrypted key generated at the IoT service by encrypting the first-encrypted key using the first secret; and

transmit the twice-encrypted key to the IoT hub;

wherein the IoT hub is to decrypt the twice-encrypted key using the first secret to generate the first-encrypted key, decrypt the first-encrypted key using the second secret to generate the wireless key, and establish a secure wireless connection with the local wireless network using the wireless key.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus for connecting an Internet of Things (IoT) hub to a wireless network, the apparatus including: 1) a security module to generate a first secret and a second secret, and to encrypt a wireless key using the second secret to generate a first-encrypted key; and 2) a connection logic to establish a secure communication channel between an IoT hub and an IoT service using the first secret, transmit the second secret to the IoT hub and the first-encrypted key to the IoT service, receive from the IoT service a twice-encrypted key generated by encrypting the first-encrypted key using the first secret, and transmit the twice-encrypted key to the IoT hub, which decrypts it using the first secret to generate the first-encrypted key, which is further decrypted using the second secret to generate the wireless key. The IoT hub using the wireless key to connect to the wireless network.

62 Citations

View as Search Results

9 Claims

1. An apparatus comprising:
- a security module to;
  
  generate a first secret and a second secret;
  
  encrypt a wireless key using the second secret to generate a first-encrypted key, the wireless key usable to establish a secure communication channel over a local wireless network; and
  
  a hub/service connection logic to;
  
  establish a secure communication channel between an Internet of Things (IoT) hub and an IoT service using the first secret;
  
  transmit the second secret to the IoT hub;
  
  transmit the first-encrypted key to the IoT service;
  
  receive a twice-encrypted key from the IoT service, the twice-encrypted key generated at the IoT service by encrypting the first-encrypted key using the first secret; and
  
  transmit the twice-encrypted key to the IoT hub;
  
  wherein the IoT hub is to decrypt the twice-encrypted key using the first secret to generate the first-encrypted key, decrypt the first-encrypted key using the second secret to generate the wireless key, and establish a secure wireless connection with the local wireless network using the wireless key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The apparatus as in claim 1, wherein to establish the secure communication channel between the IoT hub and the IoT service, the hub/service connection logic is to:
    - receive, from the IoT service, an IoT service public key of an IoT service public/private key pair generated by key generation logic of a first encryption engine at the IoT service;
      
      receive, from the IoT hub, an IoT hub public key of an IoT hub public/private key pair generated by key generation logic of a second encryption engine at the IoT hub;
      
      transmit the IoT service public key to the second encryption engine at the IoT hub, the second encryption engine to generate the first secret using the IoT service public key and the IoT hub private key;
      
      transmit the IoT hub public key to the first encryption engine at the IoT service, the first encryption engine to generate the same first secret using the IoT hub public key and the IoT service private key; and
      
      transmit data between the IoT service and the IoT hub, wherein the data is encrypted and decrypted by the IoT service and the IoT hub using the first secret or data structures derived from the first secret.
  - 3. The apparatus as in claim 2, wherein the key generation logic comprises a hardware security module (HSM).
  - 4. The apparatus as in claim 2, wherein the data structures derived from the first secret comprise a first key stream generated by the first encryption engine and a second key stream generated by the second encryption engine.
  - 5. The apparatus as in claim 4, wherein a first counter is associated with the first encryption engine and a second counter is associated with the second encryption engine, the first encryption engine incrementing the first counter responsive to each data packet transmitted to the second encryption engine and the second encryption engine incrementing the second counter responsive to each data packet transmitted to the first encryption engine.
  - 6. The apparatus as in claim 5, wherein the first encryption engine generates the first key stream using a current counter value of the first counter and the secret and the second encryption engine generates the second key stream using a current counter value of the second counter and the secret.
  - 7. The apparatus as in claim 6, wherein the first encryption engine comprises an elliptic curve method (ECM) module to generate the first key stream using the first counter value and the first secret and the second encryption engine comprises an ECM module to generate the second key stream using the first counter value and the first secret.
  - 8. The apparatus of claim 1, wherein the wireless key is provided by a user of the apparatus.
  - 9. The apparatus of claim 1, wherein the wireless key is retrieved from a secure storage on the apparatus following authentication of a user of the apparatus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Afero, Inc.
Original Assignee
Afero, Inc.
Inventors
Zimmerman, Scott, Jeng, Evan, Holland, Shannon, Liu, Clif, Aiuto, Chris
Primary Examiner(s)
Feild, Lynn D
Assistant Examiner(s)
Almamun, Abdullah

Application Number

US15/837,988
Publication Number

US 20180103371A1
Time in Patent Office

358 Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/2803   Home automation networks

H04L 2209/80   Wireless network architectu...

H04L 2463/062   applying encryption of the ...

H04L 63/0428   wherein the data content is...

H04L 63/0457   wherein the sending and rec...

H04L 9/065   Encryption by serially and ...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0827   involving distinctive inter...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/0861   Generation of secret inform...

H04L 9/0877   using additional device, e....

H04L 9/3066   involving algebraic varieti...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

H04W 12/0433   Key management protocols

H04W 4/70   Services for machine-to-mac...

H04W 76/10   Connection setup

Apparatus and method for sharing WiFi security data in an internet of things (IoT) system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

62 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for sharing WiFi security data in an internet of things (IoT) system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links