Secure gateways for connected dispensing machines
First Claim
1. A dispenser controller comprising:
- a dispenser web service client configured to construct a web service message comprising a header and a body, wherein the body contains telemetry data of a dispenser machine;
a dispenser web service gateway configured to;
intercept the web service message from the dispenser web service client in a manner transparent to the dispenser web service client before the web service message is sent over a computer network to an administrator controller;
determine the web service message is different than a heartbeat message;
create a digital signature by signing at least a part of the telemetry data in the web service message with a private key associated with the dispenser controller based on the determination that the web service message is different than the heartbeat message;
insert the digital signature into the header of the web service message;
encrypt at least a part of the telemetry data in the body of the web service message; and
transmit the web service message, after inserting the digital signature into the header of the web service message and encrypting the at least a part of the telemetry data in the body of the web service message, to the administrator over the computer network.
1 Assignment
0 Petitions
Accused Products
Abstract
The present disclosure is directed to systems and methods for securely providing telemetry data of a dispenser machine to an administrator system via an exposed web service over a computer network. To secure the exposed web service, the systems and methods of the present disclosure provide secure gateways at the dispenser machine and the administrator system that can provide one or more of message integrity, authentication, authorization, and confidentiality. The secure gateways are implemented separate from the applications creating web service request and response messages at the dispenser machine and the administrator system, respectively. Because the secure gateways are implemented separate from the applications creating the web service request and response messages, the applications creating the web service request and response messages can be created and modified without consideration to message security, which is handled transparently by the secure gateways.
15 Citations
21 Claims
-
1. A dispenser controller comprising:
-
a dispenser web service client configured to construct a web service message comprising a header and a body, wherein the body contains telemetry data of a dispenser machine; a dispenser web service gateway configured to; intercept the web service message from the dispenser web service client in a manner transparent to the dispenser web service client before the web service message is sent over a computer network to an administrator controller; determine the web service message is different than a heartbeat message; create a digital signature by signing at least a part of the telemetry data in the web service message with a private key associated with the dispenser controller based on the determination that the web service message is different than the heartbeat message; insert the digital signature into the header of the web service message; encrypt at least a part of the telemetry data in the body of the web service message; and transmit the web service message, after inserting the digital signature into the header of the web service message and encrypting the at least a part of the telemetry data in the body of the web service message, to the administrator over the computer network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An administrator controller comprising:
-
an administrator web service gateway configured to; receive a web service message comprising a header and a body over a computer network, wherein the header contains a digital signature and the body contains encrypted telemetry data of a dispenser machine, determine the web service message is different than a heartbeat message; authenticate the web service message using a public key associated with the dispenser machine; authorize a request in the web service message based on an identity of the dispenser machine, and decrypt the encrypted telemetry data in the body of the web service message based on the determination that the web service message is different than the heartbeat message; and an administrator web service provider configured to process the web service message based on the request and the decrypted telemetry data after the web service message has been authenticated and the request authorized by the administrator web service gateway, wherein the administrator web service gateway provides the web service message to the administrator web service provider in a manner transparent to the administrator web service provider. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A method comprising:
-
constructing, by a web service client, a web service message comprising a header and a body, wherein the body contains telemetry data of a dispenser machine; intercepting the web service message from the web service client in a manner transparent to the web service client before the web service message is sent over the internet to an administrator controller; determine the web service message is different than a heartbeat message; creating a digital signature by signing at least a part of the telemetry data in the web service message with a private key associated with the dispenser controller based on the determination that the web service message is different than the heartbeat message; inserting the digital signature into the header of the web service message; encrypting at least a part of the telemetry data in the body of the web service message; and transmitting the web service message, after inserting the digital signature into the header of the web service message and encrypting the at least a part of the telemetry data in the body of the web service message, to the administrator over the internet. - View Dependent Claims (19, 20, 21)
-
Specification