IPv6 link local secure network with biometric security to secure IOT devices

US 10,447,665 B2
Filed: 03/31/2017
Issued: 10/15/2019
Est. Priority Date: 03/31/2017
Status: Active Grant

First Claim

Patent Images

1. A method of securing a device using a link local network for transmission of data, the method comprising:

generating a private key for a user;

creating one or more public keys from the private key;

applying the one or more public keys to an Internet of Things (IOT) device as a first public key, the IOT device configured to be used by the user;

giving the private key and at least two public keys to a first host device;

starting an Internet Protocol Version 6 (IPv6) network initialization from the IOT device in an IPv6 link local network;

generating a link local IPv6 address for the IOT device from the first public key of the IOT device, the link local IPv6 address for the IOT device having an identifier derived from the first public key of the IOT device;

sending the link local IPv6 address with the identifier from the IOT device to the first host device for duplicate address detection (dad) in the link local IPv6 network;

authenticating the link local IPv6 address of the IOT device on the first host device with the private key; and

disabling link local IPv6 addresses received on the first host device from the IOT device, which do not include an identifier derived from the first public key in the link local IPv6 address of the IOT device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, a computer program product, and a multi-function peripheral are disclosed, which secures a device using a link local network for transmission of data. The method includes starting an Internet Protocol Version 6 (IPv6) network initialization from an Internet of Things (IOT) device in an IPv6 link local network; deriving an identifier for a link local IPv6 address for the IOT device from a first public key of the IOT device; sending the link local IPv6 address with the identifier from the IOT device to the first host device for double address detection (dad) in the link local IPv6 network; and authenticating the link local IPv6 address on the first host device with a private key.

Citations

20 Claims

1. A method of securing a device using a link local network for transmission of data, the method comprising:
- generating a private key for a user;
  
  creating one or more public keys from the private key;
  
  applying the one or more public keys to an Internet of Things (IOT) device as a first public key, the IOT device configured to be used by the user;
  
  giving the private key and at least two public keys to a first host device;
  
  starting an Internet Protocol Version 6 (IPv6) network initialization from the IOT device in an IPv6 link local network;
  
  generating a link local IPv6 address for the IOT device from the first public key of the IOT device, the link local IPv6 address for the IOT device having an identifier derived from the first public key of the IOT device;
  
  sending the link local IPv6 address with the identifier from the IOT device to the first host device for duplicate address detection (dad) in the link local IPv6 network;
  
  authenticating the link local IPv6 address of the IOT device on the first host device with the private key; and
  
  disabling link local IPv6 addresses received on the first host device from the IOT device, which do not include an identifier derived from the first public key in the link local IPv6 address of the IOT device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, comprising:
    - establishing connectivity between the IOT device and the first host device;
      
      sending an IPv6 packet with data from the IOT device to the first host device, the IPv6 packet including an extension option with a hash sum encrypted with the first public key; and
      
      receiving the IPv6 packet on the first host device and authenticating and decrypting the extension option with the hash sum with the private key on the first host device.
  - 3. The method claim 2, comprising:
    - executing the data on the IPv6 packet received from the IOT device on the first host device.
  - 4. The method of claim 2, comprising:
    - sending the IPv6 packet with data over a global IPv6 network to a second host device;
      
      receiving the IPv6 packet with data on the second host device and authenticating and decrypting the IPv6 packet with a second private key; and
      
      executing the data on the IPv6 packet received from the IOT device on the second host device.
  - 5. The method of claim 1, comprising:
    - establishing connectivity between the IOT device and the first host device;
      
      sending an IPv6 packet with data from the IOT device to the first host device;
      
      authenticating the IPv6 packet with data on the first host device;
      
      generating a global IPv6 packet with data from the IPv6 packet with data on the first host device;
      
      sending the global IPv6 packet with data from the first host device to a second host device over a global IPv6 network, the global IPv6 packet with data including an extension option with a hash sum encrypted with a second public key and a public key extension header;
      
      receiving the global IPv6 packet with data on the second host device and authenticating the extension option with the hash sum with a private key on the second host device; and
      
      executing the data on the global IPv6 packet received from the first host device on the second host device.
  - 6. The method of claim 5, comprising:
    - dropping any global IPv6 packets received from the first host device on the second host device, which do not include a corresponding public key.
  - 7. The method of claim 1, comprising:
    - collecting biometric data of the user; and
      
      generating the private key for the user based on the biometric data of the user.
  - 8. The method of claim 1, comprising:
    - sending a pseudo link local address packet response to the IOT device for the link local IPv6 addresses received on the first host device from the IOT device, which do not include the identifier derived from the first public key in the link local IPv6 address of the IOT device.
  - 9. The method of claim 1, wherein the IOT device is a medical device, and the second host device is a multi-function peripheral (MFP) in a medical office, and further comprising:
    - printing or storing the medical records on the MFP in the medical office.
  - 10. The method of claim 1, comprising:
    - transmitting data from the IOT device to the first host device by encrypting the data with the first public key or using IPsec.

11. A computer program product comprising a non-transitory computer usable medium having a computer readable code embodied therein, which secures a device using a link local network for transmission of data, the computer readable code when executed performs a process comprising:
- generating a private key for a user;
  
  creating one or more public keys from the private key;
  
  applying the one or more public keys to an Internet of Things (IOT) device as a first public key, the IOT device configured to be used by the user;
  
  giving the private key and at least two public keys to a first host device;
  
  starting an Internet Protocol Version 6 (IPv6 ) network initialization from the IOT device in an IPv6 link local network;
  
  generating a link local IPv6 address for the IOT device from the first public key of the IOT device, the link local IPv6 address for the IOT device having an identifier derived from the first public key of the IOT device;
  
  sending the link local IPv6 address with the identifier from the IOT device to the first host device for duplicate address detection (dad) in the link local IPv6 network;
  
  authenticating the link local IPv6 address of the IOT device on the first host device with the private key; and
  
  disabling link local IPv6 addresses received on the first host device from the IOT device, which do not include an identifier derived from the first public key in the link local IPv6 address of the IOT device.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer program product of claim 11, comprising:
    - establishing connectivity between the IOT device and the first host device;
      
      sending an IPv6 packet with data from the IOT device to the first host device, the IPv6 packet including an extension option with a hash sum encrypted with the first public key; and
      
      receiving the IPv6 packet on the first host device and authenticating and decrypting the extension option with the hash sum with the private key on the first host device.
  - 13. The computer program product of claim 12, comprising:
    - sending the IPv6 packet with data over a global IPv6 network to a second host device;
      
      receiving the IPv6 packet with data on the second host device and authenticating and decrypting the IPv6 packet with a second private key; and
      
      executing the data on the IPv6 packet received from the IOT device on the second host device.
  - 14. The computer program product of claim 11, comprising:
    - establishing connectivity between the IOT device and the first host device;
      
      sending an IPv6 packet with data from the IOT device to the first host device;
      
      authenticating the IPv6 packet with data on the first host device;
      
      generating a global IPv6 packet with data from the IPv6 packet with data on the first host device;
      
      sending the global IPv6 packet with data from the first host device to a second host device over a global IPv6 network, the global IPv6 packet with data including an extension option with a hash sum encrypted with a second public key and a public key extension header;
      
      receiving the global IPv6 packet with data on the second host device and authenticating the extension option with the hash sum with a private key on the second host device; and
      
      executing the data on the global IPv6 packet received from the first host device on the second host device.
  - 15. The computer program product of claim 14, comprising:
    - sending a pseudo link local address packet response to the IOT device for the link local IPv6 addresses received on the first host device from the IOT device, which do not include the identifier derived from the first public key in the link local IPv6 address of the IOT device; and
      
      /ordropping any global IPv6 packets received from the first host device on the second host device, which do not include a corresponding public key.

16. A multi-function peripheral (MFP), which secures a device for transmission of data using a link local network, the multi-function peripheral comprising:
- a processor configured to;
  
  receive a link local Internet Protocol Version 6 (IPv6 ) address from an Internet of Things (IOT) device for duplicate address detection (dad) in a link local IPv6 network during an IPv6 network initialization from the IOT device, the link local IPv6 address having an identifier derived from a first public key of the IOT device;
  
  authenticate the link local IPv6 address of the IOT device on the first host device with a private key corresponding to the public key of the IOT device; and
  
  disable link local IPv6 addresses received on the first host device from the IOT device, which do not include an identifier derived from the first public key in the link local IPv6 address of the IOT device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The multi-functional peripheral of claim 16, wherein the processor of the MFP is configured to:
    - establish connectivity between the IOT device and the MFP;
      
      receive an IPv6 packet with data from the IOT device, the IPv6 packet including an extension option with a hash sum encrypted with the first public key; and
      
      authenticate and decrypt the extension option with the hash sum with the private key.
  - 18. The multi-functional peripheral of claim 17, wherein the processor of the MFP is configured to:
    - execute the data on the IPv6 packet received from the IOT device.
  - 19. The multi-functional peripheral of claim 17, further comprising:
    - a host device; and
      
      wherein the processor of the MFP is configured to;
      
      send the IPv6 packet with data over a global IPv6 network to the host device; and
      
      the host device having a processor configured to;
      
      receive the IPv6 packet with data;
      
      authenticate and decrypt the IPv6 packet with data with a second private key; and
      
      execute the data from the IPv6 packet received from the MFP.
  - 20. The multi-functional peripheral of claim 17, wherein the processor of the MFP is configured to:
    - establish connectivity with the IOT device;
      
      receive an IPv6 packet with data from the IOT device;
      
      authenticate the IPv6 packet with data received from the IOT device;
      
      generate a global IPv6 packet with data from the IPv6 packet with data; and
      
      send the global IPv6 packet with data to a second host device over a global IPv6 network, the global IPv6 packet with data including an extension option with a hash sum encrypted with a second public key and a public key extension header.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Konica Minolta Laboratory U.S.A., Inc. (Konica Minolta Inc.)
Original Assignee
Konica Minolta Laboratory U.S.A., Inc. (Konica Minolta Inc.)
Inventors
Kudaraya, Richa, Perez, Maria
Primary Examiner(s)
Korsak, Oleg
Assistant Examiner(s)
Mejia, Feliciano S

Application Number

US15/475,261
Publication Number

US 20180288015A1
Time in Patent Office

928 Days
Field of Search

713168
US Class Current
CPC Class Codes

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5038   for local use, e.g. in LAN ...

H04L 61/5092   by self-assignment, e.g. pi...

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 63/126   the source of the received ...

H04L 67/12   specially adapted for propr...

H04L 9/0861   Generation of secret inform...

H04L 9/14   using a plurality of keys o...

H04L 9/3247   involving digital signatures

H04N 1/442   using a biometric data read...

H04N 2201/0039   Connection via a network

H04N 2201/0094   Multifunctional device, i.e...

IPv6 link local secure network with biometric security to secure IOT devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

IPv6 link local secure network with biometric security to secure IOT devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links