Systems and methods for “machine-to-machine” (M2M) communications between modules, servers, and an application using public key infrastructure (PKI)
First Claim
1. A system for supporting secure machine-to-machine communications, comprising:
- (1) one or more processors; and
(2) non-transitory computer-readable memory operatively connected to the one or more processors, the non-transitory computer-readable memory having stored thereon machine-readable instructions that, when executed by the one or more processors cause the one or more processors to perform a method comprising;
(a) receiving, at the system, a first message from a user module, the first message including;
(i) a module identity string associated with the user module; and
(ii) a temporary module public key that was generated at the user module along with a corresponding temporary module private key;
(b) generating, by the system, a first common derived shared secret key using Diffie-Hellman based on at least;
(i) the temporary module public key; and
(ii) a server private key;
wherein the first common derived shared secret key is generated using Diffie-Hellman by the module based on at least;
(1) the temporary module private key associated with the temporary module public key; and
(2) a server public key associated with the server private key;
(c) receiving, by the system, a second message from the user module, wherein the second message includes a module identity, which is associated with, but different from the module identity string, and wherein the module identity is decrypted with the first common derived shared secret key;
(d) authenticating, by the system, the user module based at least on the module identity;
(e) receiving, from the user module at the system, a token with first encrypted data using a second common derived shared secret key;
(f) generating, by the system, the second common derived shared secret key; and
(g) decrypting the first encrypted data using the second common derived shared secret key.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.
236 Citations
9 Claims
-
1. A system for supporting secure machine-to-machine communications, comprising:
-
(1) one or more processors; and (2) non-transitory computer-readable memory operatively connected to the one or more processors, the non-transitory computer-readable memory having stored thereon machine-readable instructions that, when executed by the one or more processors cause the one or more processors to perform a method comprising; (a) receiving, at the system, a first message from a user module, the first message including; (i) a module identity string associated with the user module; and (ii) a temporary module public key that was generated at the user module along with a corresponding temporary module private key; (b) generating, by the system, a first common derived shared secret key using Diffie-Hellman based on at least; (i) the temporary module public key; and (ii) a server private key; wherein the first common derived shared secret key is generated using Diffie-Hellman by the module based on at least; (1) the temporary module private key associated with the temporary module public key; and (2) a server public key associated with the server private key; (c) receiving, by the system, a second message from the user module, wherein the second message includes a module identity, which is associated with, but different from the module identity string, and wherein the module identity is decrypted with the first common derived shared secret key; (d) authenticating, by the system, the user module based at least on the module identity; (e) receiving, from the user module at the system, a token with first encrypted data using a second common derived shared secret key; (f) generating, by the system, the second common derived shared secret key; and (g) decrypting the first encrypted data using the second common derived shared secret key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification