Securing communications between interconnected devices

US 10,251,063 B2
Filed: 10/06/2017
Issued: 04/02/2019
Est. Priority Date: 05/14/2015
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a device node of a network, the device node comprising;

one or more first processors; and

first memory storing first instructions that, when executed by the one or more first processors, cause the device node to;

encrypt, using a first key, a first session identifier in order to obtain a first encrypted session identifier;

a computing device used to access the device node, the computing device comprising;

one or more second processors; and

second memory storing second instructions that, when executed by the one or more second processors, cause the computing device to;

receive, from the device node, the first encrypted session identifier;

decrypt, using the first key, the first encrypted session identifier in order to obtain a first decrypted session identifier;

encrypt, using a second key, the first decrypted session identifier in order to obtain a second encrypted session identifier;

encrypt, using a third key, a message for the device node in order to obtain an encrypted message; and

transmit, to the device node, the second encrypted session identifier and the encrypted message;

wherein the first instructions, when executed, further cause the device node to, in response to receiving the second encrypted session identifier;

decrypt, using the second key, the second encrypted session identifier in order to obtain a second decrypted session identifier; and

decrypt, using the third key, the encrypted message in order to obtain the message for the device node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and devices for forming networks of interconnected devices are provided. Individual devices of the network are configured to utilize multiple wireless communication standards which may include wireless LAN communication standards, short-range wireless communication standards, and low-power wireless communication standards. User utilize access devices to monitor and control the devices of the network. Communications transmitted to devices of the network may be routed through a server located remotely relative to the network as well as through other devices of the network. The devices of the network are configured with multiple security modes having different security features resulting in different response times. The security mode a device utilizes when communicating with an access device or another device of the network is selectable by the user.

132 Citations

23 Claims

1. A system comprising:
- a device node of a network, the device node comprising;
  
  one or more first processors; and
  
  first memory storing first instructions that, when executed by the one or more first processors, cause the device node to;
  
  encrypt, using a first key, a first session identifier in order to obtain a first encrypted session identifier;
  
  a computing device used to access the device node, the computing device comprising;
  
  one or more second processors; and
  
  second memory storing second instructions that, when executed by the one or more second processors, cause the computing device to;
  
  receive, from the device node, the first encrypted session identifier;
  
  decrypt, using the first key, the first encrypted session identifier in order to obtain a first decrypted session identifier;
  
  encrypt, using a second key, the first decrypted session identifier in order to obtain a second encrypted session identifier;
  
  encrypt, using a third key, a message for the device node in order to obtain an encrypted message; and
  
  transmit, to the device node, the second encrypted session identifier and the encrypted message;
  
  wherein the first instructions, when executed, further cause the device node to, in response to receiving the second encrypted session identifier;
  
  decrypt, using the second key, the second encrypted session identifier in order to obtain a second decrypted session identifier; and
  
  decrypt, using the third key, the encrypted message in order to obtain the message for the device node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein:
    - the message comprises a command to operate the device node; and
      
      the first instructions, when executed, further cause the device node to execute the command.
  - 3. The system of claim 2, wherein:
    - the first instructions, when executed, further cause the device node to evaluate whether the second decrypted session identifier matches the first session identifier; and
      
      the device node executes the command at least in response to determining that the second decrypted session identifier matches the first session identifier.
  - 4. The system of claim 1, wherein:
    - the second instructions, when executed, further cause the computing device to retrieve, from the second memory and based on a device node identifier of the device node, the first key, the second key, and the third key; and
      
      each of the first key, the second key, and the third key are assigned to the device node during manufacture of the device node.
  - 5. The system of claim 4, wherein:
    - each of the first key, the second key, and the third key are assigned to only the device node.
  - 6. The system of claim 1, wherein the message for the device node comprises a lock command, an unlock command, an open command, a close command, an activation command, an actuation command, a status command, a measurement command, a configuration change command, or any combination thereof.
  - 7. The system of claim 1, wherein the first instructions, when executed, further cause the device node to generate the first session identifier.
  - 8. The system of claim 1, further comprising:
    - a server located remotely relative to the device node and the computing device, the server comprising;
      
      one or more third processors;
      
      a data store storing, in association with a device node identifier for the device node, the first key, the second key, and the third key; and
      
      third memory storing third instructions that, when executed by the one or more third processors, cause the server to transmit the first key, the second key, and the third key to the computing device.
  - 9. The system of claim 1, wherein the network is a wireless mesh network.

10. A method comprising:
- by a computing device used to access a device node of a network;
  
  receiving, from the device node, a first encrypted session identifier, wherein the first encrypted session identifier is encrypted with a first key associated with the device node;
  
  retrieving, from memory of the computing device and based on a device node identifier of the device node, the first key, a second key associated with the device node, and a third key associated with the device node;
  
  decrypting, using the first key, the first encrypted session identifier in order to obtain a first decrypted session identifier;
  
  encrypting, using the second key, the first decrypted session identifier in order to obtain a second encrypted session identifier;
  
  encrypting, using the third key, a message for the device node in order to obtain an encrypted message; and
  
  transmitting, to the device node, the second encrypted session identifier and the encrypted message;
  
  wherein receipt, by the device node, of the second encrypted session identifier and the encrypted message causes the device node to;
  
  decrypt, using the second key, the second encrypted session identifier in order to obtain a second decrypted session identifier; and
  
  decrypt, using the third key, the encrypted message in order to obtain the message for the device node.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, wherein the message for the device node comprises the device node identifier, a security token of the device node, an identifier of the computing device, a command for the device node to execute, a timestamp, or any combination thereof.
  - 12. The method of claim 10, further comprising:
    - by the computing device;
      
      causing authentication of a user based on access credentials received by the computing device and from the user during a device registration.
  - 13. The method of claim 10, further comprising:
    - by the computing device;
      
      outputting a list of device nodes of the network; and
      
      receiving, from a user, user input that selects the device node from the list of device nodes.
  - 14. The method of claim 13, further comprising:
    - by the computing device;
      
      in response to selection of the device node, listening for an announcement comprising the device node identifier of the device node.
  - 15. The method of claim 14, further comprising:
    - by the computing device;
      
      in response to receiving the announcement from the device node, pairing with the device node and establishing a communication session with the device node.
  - 16. The method of claim 10, wherein the computing device and the device node communicate using a low-power wireless communication standard.

17. A method comprising:
- by a device node of a network;
  
  encrypting, using a first key, a first session identifier in order to obtain a first encrypted session identifier;
  
  transmitting, to a computing device used to access the device node, the first encrypted session identifier;
  
  receiving, from the computing device, a second encrypted session identifier encrypted with a second key different from the first key;
  
  receiving, from the computing device, an encrypted message encrypted with a third key different from the first key and different from the second key wherein the encrypted message comprises a command for the device node to execute;
  
  decrypting, using the second key, the second encrypted session identifier in order to obtain a second decrypted session identifier;
  
  evaluating whether the second decrypted session identifier matches the first session identifier; and
  
  at least in response to determining that the second decrypted session identifier matches the first session identifier, decrypting, using the third key, the encrypted message in order to obtain the command and executing the command obtained.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The method of claim 17, wherein the encrypted message further comprises a device node identifier, a security token of the device node, an identifier of the computing device, a command for the device node to execute, a timestamp, or any combination thereof.
  - 19. The method of claim 17, wherein the command comprises a lock command, an unlock command, an open command, a close command, an activation command, an actuation command, a status command, a measurement command, a configuration change command, or any combination thereof.
  - 20. The method of claim 17, further comprising:
    - by the device node;
      
      generating the first session identifier.
  - 21. The method of claim 20, further comprising:
    - by the device node;
      
      prior to transmitting the first encrypted session identifier, transmitting an announcement comprising a device node identifier of the device node.
  - 22. The method of claim 21, further comprising:
    - by the device node;
      
      subsequent to transmitting the announcement and prior to transmitting the first encrypted session identifier, pairing with the computing device and establishing a communication session with the computing device.
  - 23. The method of claim 17, wherein the computing device and the device node communicate using a low-power wireless communication standard.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Delphian Systems, LLC
Original Assignee
Delphian Systems, LLC
Inventors
Myers, Gary L., Hirpara, Ashok, Veleris, John
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Le, Thanh H

Application Number

US15/726,488
Publication Number

US 20180049032A1
Time in Patent Office

543 Days
Field of Search

726 4
US Class Current
CPC Class Codes

G06F 3/0484   for the control of specific...

H04L 41/28   Restricting access to netwo...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/50   Secure pairing of devices

H04W 84/12   WLAN [Wireless Local Area N...

Y02D 30/70   in wireless communication n...

Securing communications between interconnected devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

132 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Securing communications between interconnected devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

132 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links