Secure PKI Communications for "Machine-to-Machine" Modules, including Key Derivation by Modules and Authenticating Public Keys
First Claim
1. A method for a module to use a public key and a private key, the method comprising the module:
- deriving the private key and the public key using a cryptographic algorithms, wherein the module records the private key in a nonvolatile memory;
reading (i) a module identity using a read-only address in the module, and (ii) a shared secret key from the nonvolatile memory;
sending a first message, wherein the first message includes the public key, a set of parameters for the public key, and the module identity, and wherein the module uses the shared secret key to authenticate the first message;
sending a second message, wherein the second message includes a module encrypted data, the module identity, and a module digital signature, wherein the module encrypted date (i) is ciphered using an asymmetric ciphering algorithm and (ii) includes a value for a symmetric key, and wherein the module digital signature is processed using the private key;
receiving a response, wherein the response includes a server encrypted data, and wherein the server encrypted data includes a module instruction, and wherein the server encrypted data is decrypted using the symmetric key;
4 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are provided for efficient and secure “Machine-to-Machine” (M2M) between modules and servers. A module can communicate with a server by accessing the Internet, and the module can include a sensor and/or actuator. The module and server can utilize public key infrastructure (PKI) such as public keys to encrypt messages. The module and server can use private keys to generate digital signatures for datagrams sent and decrypt messages received. The module can internally derive pairs of private/public keys using cryptographic algorithms and a set of parameters. A server can use a shared secret key to authenticate the submission of derived public keys with an associated module identity. For the very first submission of a public key derived the module, the shared secret key can comprise a pre-shared secret key which can be loaded into the module using a pre-shared secret key code.
-
Citations
27 Claims
-
1. A method for a module to use a public key and a private key, the method comprising the module:
-
deriving the private key and the public key using a cryptographic algorithms, wherein the module records the private key in a nonvolatile memory; reading (i) a module identity using a read-only address in the module, and (ii) a shared secret key from the nonvolatile memory; sending a first message, wherein the first message includes the public key, a set of parameters for the public key, and the module identity, and wherein the module uses the shared secret key to authenticate the first message; sending a second message, wherein the second message includes a module encrypted data, the module identity, and a module digital signature, wherein the module encrypted date (i) is ciphered using an asymmetric ciphering algorithm and (ii) includes a value for a symmetric key, and wherein the module digital signature is processed using the private key; receiving a response, wherein the response includes a server encrypted data, and wherein the server encrypted data includes a module instruction, and wherein the server encrypted data is decrypted using the symmetric key; - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for a server to receive a sensor measurement, the method comprising:
-
receiving a first message that includes a module identity, a module public key, and a set of parameters, wherein the first message is authenticated using a shared secret key; receiving a second message that includes the module identity, a module encrypted data, and a module digital signature, wherein the module encrypted data (i) includes the sensor measurement and (ii) is decrypted using a private key; using the module identity received in the second message to select the module public key, wherein the module digital signature is verified using the selected module public key; encrypting a module instruction using the selected module public key; sending a response to the second message, wherein the response includes a server encrypted data, wherein the server encrypted data includes the encrypted module instruction. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for a module to use a public key and a private key, the method comprising the module:
-
deriving the private key and the public key using a cryptographic algorithms, wherein the module records the private key in a nonvolatile memory; reading (i) a module identity using a read-only address in the module, and (ii) a shared secret key from the nonvolatile memory; sending a first message, wherein the first message includes the module identity, a set of parameters, and a first module encrypted data, wherein the first module encrypted data includes the public key, and wherein the first module encrypted data is encrypted using (a) a symmetric ciphering algorithm and (b) the shared secret key; sending a second message, wherein the second message includes a second module encrypted data and the module identity, wherein the second module encrypted data (i) includes a sensor measurement and (ii) is encrypted using a symmetric key, wherein the public key is used to process the symmetric key; receiving a response, wherein the response includes a server encrypted data, and wherein the server encrypted data includes a module instruction, and wherein the server encrypted data is decrypted using the symmetric key; - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification