System and method for recording device lifecycle transactions as versioned blocks in a blockchain network using a transaction connector and broker service

US 10,657,261 B2
Filed: 11/05/2018
Issued: 05/19/2020
Est. Priority Date: 11/30/2017
Status: Active Grant

First Claim

Patent Images

1. A method of updating a device, that has been authenticated with an immutable device unique identifier generated using device attributes discovered by an update client on the device, an update service in a supply chain network of providers and publishers, orchestration rules, a local ledger, and a blockchain broker service, the method comprising:

authenticating, by the update service, the device using a device unique registration issued by the update service associated with the immutable device unique identifier;

sending, by the update client on the device, a device request for an update package for the device from the update service in the supply chain network, wherein the device request from the authenticated device includes a device manifest and discovered device attributes, and wherein the discovered device attributes comprises of static factory configured settings and dynamically configured properties;

receiving, by the update service, the device request;

processing, by the update service, the received device request using the orchestration rules to prepare update packages, initially signed and encrypted by providers in the supply chain, for the device based on the device manifest and device attributes;

preparing, by the update service, by re-signing and re-encrypting the update package, as the publisher in the supply chain, based on the orchestration rules established for a network service of the supply chain network;

sending, by the update service, the doubly signed and reencrypted update package to the device; and

recording, by the update service, a request log for the device as an entry in the local ledger, and distributing blocks of transaction records to the blockchain broker service to maintain a distributed ledger to reproduce history of update packages sent to a plurality of devices by a plurality of publishers in the supply chain.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of building a device historian, across a supply chain of device manufactures and managers, by a plurality of device management services comprising an enrollment service, an update service, a policy service, and an analytics service, a transaction connector, a blockchain broker service participating as a node in a blockchain network, and transaction filters. The method comprises sending, by the plurality of device management services a transaction record over the transaction connector to the blockchain broker service, receiving, by the blockchain broker service, the transaction record, filtering, by the blockchain broker service, information in the transaction record based on the transaction filters, preparing, by the blockchain broker service, a versioned block based on the filtered information from the transaction record, and adding, by the blockchain broker service, the versioned block to the blockchain network.

40 Citations

View as Search Results

7 Claims

1. A method of updating a device, that has been authenticated with an immutable device unique identifier generated using device attributes discovered by an update client on the device, an update service in a supply chain network of providers and publishers, orchestration rules, a local ledger, and a blockchain broker service, the method comprising:
- authenticating, by the update service, the device using a device unique registration issued by the update service associated with the immutable device unique identifier;
  
  sending, by the update client on the device, a device request for an update package for the device from the update service in the supply chain network, wherein the device request from the authenticated device includes a device manifest and discovered device attributes, and wherein the discovered device attributes comprises of static factory configured settings and dynamically configured properties;
  
  receiving, by the update service, the device request;
  
  processing, by the update service, the received device request using the orchestration rules to prepare update packages, initially signed and encrypted by providers in the supply chain, for the device based on the device manifest and device attributes;
  
  preparing, by the update service, by re-signing and re-encrypting the update package, as the publisher in the supply chain, based on the orchestration rules established for a network service of the supply chain network;
  
  sending, by the update service, the doubly signed and reencrypted update package to the device; and
  
  recording, by the update service, a request log for the device as an entry in the local ledger, and distributing blocks of transaction records to the blockchain broker service to maintain a distributed ledger to reproduce history of update packages sent to a plurality of devices by a plurality of publishers in the supply chain.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the request log for the device is doubly signed and reencrypted and includes at least a request counter, request operation data, a request nonce, a device request signature, a request hash, a device signature, a device certificate identifier, a publisher signature, a publisher certificate identifier, a publisher package identifier, a device identifier based on the discovered dynamic device attributes and a publisher identifier.
  - 3. The method of claim 2, wherein the distributed ledger in the blockchain broker service has adequate transaction records to reproduce a history of device updates and service transactions for cross domain traceability to the supply chain network of providers and publishers.

4. A method of updating a device, that has been authenticated with an immutable device unique identifier generated using dynamic device attributes discovered by an update client on the device, a plurality of providers of update packages, an update service of a plurality of publishers in a supply chain network of providers and publishers, orchestration rules, a local ledger, and a blockchain broker service, the method comprising:
- authenticating, by the update service, the device using a device unique registration issued by the update service associated with the immutable device unique identifier;
  
  sending, by the update client on the device, a device request for an update package for the device from the update service in the supply chain network, wherein the device request from the authenticated device includes a device manifest and discovered device attributes, and wherein the discovered device attributes comprises of static factory configured settings and dynamically configured properties;
  
  receiving, by the update service, the device request;
  
  processing, by the update service, the received device request using the orchestration rules to prepare update packages, initially signed and encrypted by providers in the supply chain, for the device based on the device manifest and device attributes;
  
  preparing, by the update service, by re-signing and re-encrypting the update package, as the publisher in the supply chain, based on the orchestration rules established for a network service of the supply chain network;
  
  sending, by the update service, the doubly signed and reencrypted update package to the device; and
  
  recording, by the update service, a request log for the device as an entry in the local ledger, and distributing blocks of transaction records to the blockchain broker service to maintain a distributed ledger to reproduce history of provider packages sent to a plurality of authenticated devices by a plurality of providers and publishers in the supply chain.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4, wherein the request log for the device is doubly signed and reencrypted and includes at least a request counter, request operation data, a request nonce, a device request signature, a request hash, a device signature, a device certificate identifier, a publisher signature, a publisher certificate identifier, a publisher package identifier, a device identifier based on the discovered dynamic device attributes, a publisher identifier, and a provider package identifier.
  - 6. The method of claim 5, wherein the distributed ledger in the blockchain broker service has adequate transaction records to reproduce a history of device updates and service transactions for cross domain traceability to a supply chain of update package providers.

7. A method of updating a device, that has been authenticated with an immutable device unique identifier generating using device attributes discovered by an update client on the device, an update service in a supply chain network of providers and publishers, orchestration rules, a local ledger, and a blockchain broker service, the method comprising:
- authenticating, by the update service, the device using a device unique registration issued by the update service associated with the immutable device unique identifier;
  
  sending, by the update client, a device request for an update package for the device from the update service in the supply chain network, wherein the device request from the authenticated device includes a device manifest and discovered device attributes comprising static factory configured settings and dynamically configured properties;
  
  receiving, by the update service, the device request and authenticating the device;
  
  processing, by the update service, the received device request using the orchestration rules to prepare update packages, initially signed and encrypted by providers in the supply chain, for the device based on the device manifest and device attributes;
  
  preparing, by the update service, by re-signing and re-encrypting the update package, as the publisher in the supply chain, based on the orchestration rules established for a network service of the supply chain network;
  
  sending, by the update service, the doubly signed and reencrypted update package to the device; and
  
  recording, by the update service, a request log for the device as an entry in the local ledger, and distributing blocks of transaction records to the blockchain broker service to maintain a distributed ledger to reproduce history of the device, wherein the request log includes a publisher identifier or a provider identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DigiCert Incorporated
Original Assignee
Mocana Corporation (DigiCert Incorporated)
Inventors
Kumar, Srinivas, Gupta, Atul, Ulanov, Ruslan, Uchil, Shreya
Primary Examiner(s)
Pan, Hang

Application Number

US16/180,200
Publication Number

US 20190163912A1
Time in Patent Office

561 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/1834   implemented based on peer-t...

G06F 16/27   Replication, distribution o...

G06F 21/575   Secure boot

G06F 8/65   Updates security arrangemen...

G06F 9/4401   Bootstrapping security arra...

G06F 9/445   Program loading or initiati...

H04L 12/66   Arrangements for connecting...

H04L 41/08   Configuration management of...

H04L 41/082   the condition being updates...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0877   using additional device, e....

H04L 9/0891   Revocation or update of sec...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04L 9/3297   involving time stamps, e.g....

H04L 9/50 : using hash chains, e.g. blo...

View All

System and method for recording device lifecycle transactions as versioned blocks in a blockchain network using a transaction connector and broker service

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

7 Claims

Specification

Use Cases

Quick Links

Others

System and method for recording device lifecycle transactions as versioned blocks in a blockchain network using a transaction connector and broker service

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

7 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others