Method and apparatus for securing a sensor or device

US 10,367,794 B2
Filed: 04/24/2017
Issued: 07/30/2019
Est. Priority Date: 05/06/2016
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a. a sensor/device network system for communicating with at least one sensor/device;

b. the said sensor/device configured to store one or more encryption keys;

c. an IOT Equipment Registry (IER) database configured to store one or more encryption keys for the said sensor/device;

d. an IOT Access Node (IAN) configured to permit the said sensor/device access to the said sensor/device network;

e. the said sensor/device configured to generate a registration message encrypted with an encryption key from the pre-stored list, the said registration message containing at least a manufacturing serialized number;

f. the said IOT Access Node (IAN) configured to recognize the said message as a registration message;

g. additionally the said IOT Access Node (IAN) configured to forward said registration message to the said IOT Equipment Registry (IER) database;

h. the said IOT Equipment Register (IER) database including a decryption unit including a decryption method for the said registration message using said pre-stored encryption keys;

i. the said IOT Equipment Registry (IER) database including a validation unit to verify the said manufacturing serialized number and the said encryption key;

j. the said IOT Equipment Registry (IER) database further configured to forward a set of said stored encryption keys for the said sensor/device to the said IOT Access Node (IAN); and

k. the said IOT Equipment Registry (IER) database configured to return a registration acknowledgement message to the said sensor/device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of this invention describes a method and apparatus for the secure identification and validation of low complexity sensors or devices on a network. In addition any data transmitted between the sensors/devices to/from the network is secured by means of encryption techniques. The method as described herein is intended to protect and secure sensors/devices that might transmit limited amounts of data and have reduced levels of onboard processing power. However it could easily be adapted to other types of networks to provide comparable levels of security and protection.

A further understanding of the nature and the advantages of the particular embodiments disclosed herein may be realized by referencing the remaining portions to the specification and the attached drawings.

Citations

21 Claims

1. An apparatus comprising:
- a. a sensor/device network system for communicating with at least one sensor/device;
  
  b. the said sensor/device configured to store one or more encryption keys;
  
  c. an IOT Equipment Registry (IER) database configured to store one or more encryption keys for the said sensor/device;
  
  d. an IOT Access Node (IAN) configured to permit the said sensor/device access to the said sensor/device network;
  
  e. the said sensor/device configured to generate a registration message encrypted with an encryption key from the pre-stored list, the said registration message containing at least a manufacturing serialized number;
  
  f. the said IOT Access Node (IAN) configured to recognize the said message as a registration message;
  
  g. additionally the said IOT Access Node (IAN) configured to forward said registration message to the said IOT Equipment Registry (IER) database;
  
  h. the said IOT Equipment Register (IER) database including a decryption unit including a decryption method for the said registration message using said pre-stored encryption keys;
  
  i. the said IOT Equipment Registry (IER) database including a validation unit to verify the said manufacturing serialized number and the said encryption key;
  
  j. the said IOT Equipment Registry (IER) database further configured to forward a set of said stored encryption keys for the said sensor/device to the said IOT Access Node (IAN); and
  
  k. the said IOT Equipment Registry (IER) database configured to return a registration acknowledgement message to the said sensor/device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The communication system of claim 1, wherein the IOT Access Node (IAN) is implemented using a network centric server.
  - 3. The communication system of claim 1 wherein the IOT Equipment Registry (IER) database receives the encryption keys and serialized number data to decipher and check the sensor/device data message from sensor/device manufacturer.
  - 4. The communication system of claim 1 wherein the IOT Access Node (IAN) can decipher data messages from the sensor/device.
  - 5. The IOT Equipment Registry (IER) database of claim 1 wherein the decryption method uses a block cipher standard.
  - 6. The block cipher in claim 5 uses the Simon and Speck standard algorithm.
  - 7. The IOT Access Node (IAN) of claim 1 where the decryption method used the uses a block cipher standard.
  - 8. The block cipher in claim 7 uses the Simon and Speck standard algorithm.

9. A method comprising:
- a. a sensor/device network for communicating with at least one sensor/device having a plurality of IOT Access Nodes (IAN) coupled to an IOT Equipment Registry (IER) database;
  
  b. the said sensor/device sending a registration message encrypted with a pre-stored list of encryption keys, the said registration message including a manufacturing serialized number;
  
  c. the said IOT Access Node (IAN) recognizing the said message as the said registration message and forwarding said message to the said coupled IOT Equipment Registry (IER) database;
  
  d. the said IOT Equipment Registry (IER) database decrypting the said registration message with said one encryption key from the said pre-stored list in the database and reading the said manufacturing serialized number contained in said registration message;
  
  e. the said IOT Equipment Registry (IER) database further validating both the said manufacturing serialized number and the encryption key used to encrypt said registration message;
  
  f. the said IOT Equipment Registry (IER) database forwarding a set of said encryption keys for the said sensor/device to the said IOT Access Node (IAN) to store for use when transmitting and receiving data to the said sensor/device; and
  
  g. the said IOT Equipment Registry (IER) database sending a registration acknowledgement to the said sensor/device on successfully validating said registration message.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 10. The method in claim 9 further comprising the ability of the sensor/device to be commanded to change parts of any stored encryption key.
  - 11. The method in claim 9 further comprising the ability of the IOT Access Node (IAN) to command the sensor/device to change parts of the encryption key.
  - 12. The method in claim 11 further comprising the ability of the sensor/device to be commanded to change parts of the encryption key randomly.
  - 13. The method in claim 9 further comprising the ability of the sensor/device to randomly select the encryption key to be used for the message data transmission.
  - 14. The sensor/device in claim 9 randomly selecting the encryption key used to encrypt the message data.
  - 15. The IOT Access Node (IAN) in claim 9 determining the encryption key used to encrypt the data by using all the pre-stored encryption keys.
  - 16. The IOT Access Node (IAN) in claim 9 sending the message data to be decrypted to an external server device.
  - 17. The IOT Access Node (IAN) in claim 9 sending the encrypted acknowledgement to the sensor/device within a pre-defined time window.
  - 18. The IOT Equipment Registry (IER) database in claim 9 including the ability to log failed validation attempts to access the sensor/device network.
  - 19. The IOT Equipment Registry (IER) database in claim 18 wherein a validation failure could be caused by the use of the wrong encryption key.
  - 20. The IOT Equipment Registry (IER) database in claim 18 wherein a validation failure could be caused by the use of the wrong sensor/device manufacturing serialized number.
  - 21. The IOT Equipment Registry (IER) database in claim 18 wherein any logged data can be sent to another terminal for processing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ian L. Sayers, Paul J. Long
Original Assignee
Ian L. Sayers, Paul J. Long
Inventors
Sayers, Ian L, Long, Paul J
Primary Examiner(s)
McNally, Michael S

Application Number

US15/494,993
Publication Number

US 20190081936A1
Time in Patent Office

827 Days
Field of Search

726 3
US Class Current
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/102   Entity profiles

H04L 9/0631   Substitution permutation ne...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0819   Key transport or distributi...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04W 12/04   Key management, e.g. using ...

H04W 12/08   Access security

H04W 4/70   Services for machine-to-mac...

H04W 4/80   Services using short range ...

H04W 60/00   Affiliation to network, e.g...

H04W 60/005   Multiple registrations, e.g...

H04W 84/18   Self-organising networks, e...

Method and apparatus for securing a sensor or device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for securing a sensor or device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links