FACILITATING SECURE COMMUNICATION BETWEEN UTILITY DEVICES
First Claim
1. Apparatus for facilitating communication between a plurality of servers and a plurality of local devices, comprising a first network interface for communicating with said servers, a second network interface for communicating with said local devices, and a microcontroller having a processor, memory, a cryptographic engine for carrying out cryptographic calculations, and a tamper-resistance element configured to resist tampering with said apparatus,wherein a plurality of programs, each comprising instructions and data, are stored in said memory, and said processor is configured to:
- for a first local device, identify a first program which is associated with said first local device, andusing said first program, provide a secure communications channel between said first local device and a first server, whereinsaid processor is unable to accept commands from any other of said programs to access or change said first program, andsaid processor is unable to route messages over said secure communications channel that are not from or to said first local device and said first server.
0 Assignments
0 Petitions
Accused Products
Abstract
Communication is facilitated between a plurality of servers (101,102,103) and a plurality of local devices (204,206,207,208,210). An apparatus comprises a first network interface for communicating with the servers, a second network interface for communicating with the local devices, and a microcontroller having a processor, memory, a cryptographic engine for carrying out cryptographic calculations, and a tamper-resistance element configured to resist tampering with the apparatus. A plurality of programs, each comprising instructions and data, are stored in the memory. The processor is configured to, for a first local device, identify a first program which is associated with the first local device, and using the first program, provide a secure communications channel between the first local device and a first server. The processor is unable to accept commands from any other of the programs to access or change the first program, and the processor is unable to route messages over the secure communications channel that are not from or to the first local device and the first server.
130 Citations
30 Claims
-
1. Apparatus for facilitating communication between a plurality of servers and a plurality of local devices, comprising a first network interface for communicating with said servers, a second network interface for communicating with said local devices, and a microcontroller having a processor, memory, a cryptographic engine for carrying out cryptographic calculations, and a tamper-resistance element configured to resist tampering with said apparatus,
wherein a plurality of programs, each comprising instructions and data, are stored in said memory, and said processor is configured to: -
for a first local device, identify a first program which is associated with said first local device, and using said first program, provide a secure communications channel between said first local device and a first server, wherein said processor is unable to accept commands from any other of said programs to access or change said first program, and said processor is unable to route messages over said secure communications channel that are not from or to said first local device and said first server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A method of locating a device within a network having a plurality of nodes, wherein said device has a unique identifier, comprising the steps of:
-
at said device, broadcasting a message that is malformed and that includes encrypted data representing said unique identifier and location data;
at one of said nodes, receiving said message, rejecting it as being malformed, and recording it;at said node, receiving a message including a cryptographic key; attempting to decrypt said encrypted data; and if said decryption is successful, using said location data to locate said device. - View Dependent Claims (27, 28, 29)
-
-
30. A method of locating a device within a network having a plurality of nodes, wherein said device has a unique identifier, comprising the steps of:
-
at said device, storing a plurality of location data, wherein each of said location data indicates a location with respect to one of said nodes; at one of said nodes, receiving a message including said unique identifier; at said node, broadcasting a signal to said unique identifier, receiving a reply from said device and receiving said location data from said device.
-
Specification