Systems and methods for “machine-to-machine” (M2M) communications between modules, servers, and an application using public key infrastructure (PKI)
First Claim
Patent Images
1. A system for supporting secure machine-to-machine communications, comprising:
- (1) one or more processors; and
(2) non-transitory computer-readable memory operatively connected to the one or more processors, the non-transitory computer-readable memory having stored thereon machine-readable instructions that, when executed by the one or more processors cause the one or more processors to perform a method comprising;
(a) receiving, at the system, a first message from a user module, the first message including;
(i) a module identity string associated with the user module; and
(ii) a temporary module public key that was generated at the user module along with a corresponding temporary module private key;
(b) generating, by the system, a first common derived shared secret key using Diffie-Hellman based on at least;
(i) the temporary module public key; and
(ii) a server private key;
wherein the first common derived shared secret key is generated using Diffie-Hellman by the module based on at least;
(1) the temporary module private key associated with the temporary module public key; and
(2) a server public key associated with the server private key;
(c) receiving, by the system, a second message from the user module, wherein the second message includes a module identity, which is associated with, but different from the module identity string, and wherein the module identity is decrypted with the first common derived shared secret key;
(d) authenticating, by the system, the user module based at least on the module identity;
(e) receiving, from the user module at the system, a token with first encrypted data using a second common derived shared secret key;
(f) generating, by the system, the second common derived shared secret key; and
(g) decrypting the first encrypted data using the second common derived shared secret key.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.
236 Citations
9 Claims
-
1. A system for supporting secure machine-to-machine communications, comprising:
-
(1) one or more processors; and (2) non-transitory computer-readable memory operatively connected to the one or more processors, the non-transitory computer-readable memory having stored thereon machine-readable instructions that, when executed by the one or more processors cause the one or more processors to perform a method comprising; (a) receiving, at the system, a first message from a user module, the first message including; (i) a module identity string associated with the user module; and (ii) a temporary module public key that was generated at the user module along with a corresponding temporary module private key; (b) generating, by the system, a first common derived shared secret key using Diffie-Hellman based on at least; (i) the temporary module public key; and (ii) a server private key; wherein the first common derived shared secret key is generated using Diffie-Hellman by the module based on at least; (1) the temporary module private key associated with the temporary module public key; and (2) a server public key associated with the server private key; (c) receiving, by the system, a second message from the user module, wherein the second message includes a module identity, which is associated with, but different from the module identity string, and wherein the module identity is decrypted with the first common derived shared secret key; (d) authenticating, by the system, the user module based at least on the module identity; (e) receiving, from the user module at the system, a token with first encrypted data using a second common derived shared secret key; (f) generating, by the system, the second common derived shared secret key; and (g) decrypting the first encrypted data using the second common derived shared secret key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeJohn A. Nix
-
Original AssigneeNetwork-1 Technologies, Inc.
-
InventorsNix, John A.
-
Primary Examiner(s)Pearson, David J
-
Application NumberUS16/036,506Publication NumberTime in Patent Office540 DaysField of SearchUS Class CurrentCPC Class CodesG06F 21/35 communicating wirelesslyG06F 21/445 by mutual authentication, e...G06F 2221/2105 Dual mode as a secondary as...G06F 2221/2107 File encryptionG06F 2221/2115 Third partyH04J 11/00 Orthogonal multiplex system...H04L 12/2854 Wide area networks, e.g. pu...H04L 2209/24 Key scheduling, i.e. genera...H04L 2209/72 Signcrypting, i.e. digital ...H04L 2209/805 Lightweight hardware, e.g. ...H04L 63/0272 Virtual private networksH04L 63/0435 wherein the sending and rec...H04L 63/0442 wherein the sending and rec...H04L 63/045 wherein the sending and rec...H04L 63/0464 using hop-by-hop encryption...H04L 63/061 for key exchange, e.g. in p...H04L 63/0807 using tickets, e.g. Kerbero...H04L 63/123 received data contents, e.g...H04L 63/166 at the transport layerH04L 67/04 specially adapted for termi...View All
