Systems and Methods for "Machine-to-Machine" (M2M) Communications Between Modules, Servers, and an Application using Public Key Infrastructure (PKI)
First Claim
1. A method for supporting machine-to-machine communications, the method performed by a server, the method comprising:
- authenticating a first message, wherein the first message includes a first module public key and a module identity;
receiving a module instruction and the module identity from an application server;
waiting to receive a second message that includes the module identity before sending the module instruction in a server encrypted data;
receiving the second message, wherein the second message includes a module encrypted data and a source Internet protocol address and port (IP;
port) number;
sending a response to the source IP;
port number, wherein the response includes the server encrypted data, wherein the server encrypted data is ciphered using the first module public key, and wherein the server encrypted data includes the module instruction and a security token; and
,authenticating a third message using the first module public key, wherein the third message includes a second module public key and the module identity.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.
125 Citations
24 Claims
-
1. A method for supporting machine-to-machine communications, the method performed by a server, the method comprising:
-
authenticating a first message, wherein the first message includes a first module public key and a module identity; receiving a module instruction and the module identity from an application server; waiting to receive a second message that includes the module identity before sending the module instruction in a server encrypted data; receiving the second message, wherein the second message includes a module encrypted data and a source Internet protocol address and port (IP;
port) number;sending a response to the source IP;
port number, wherein the response includes the server encrypted data, wherein the server encrypted data is ciphered using the first module public key, and wherein the server encrypted data includes the module instruction and a security token; and
,authenticating a third message using the first module public key, wherein the third message includes a second module public key and the module identity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for supporting machine-to-machine communications, the method performed by a server, the method comprising:
-
authenticating a first message, wherein the first message includes a first module public key and a module identity; receiving a second message, wherein the second message includes the module identity and a module encrypted data, wherein the module encrypted data includes a sensor measurement and a security token; reading the sensor measurement by decrypting the module encrypted data using a first server private key; using a secure connection and a second server private key to send the sensor measurement and the module identity to an application server; and
,authenticating a third message;
wherein the third message includes a second module public key and the module identity; - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for supporting machine-to-machine communications, the system comprising:
-
a set of cryptographic algorithms for using (i) a first server private key with a first set of parameters and (ii) a second server private key with a second set of parameters, and for authenticating a first message, wherein the first message includes a module public key and a module identity; a module controller for sending a server digital signature processed using the first server private key, for receiving a module encrypted data and the module identity, wherein the module encrypted data includes a sensor measurement and a security token, for using a symmetric key to decrypt the module encrypted data, for using the module public key and the first set of parameters to verify a module digital signature, for sending a module instruction within a server encrypted data, and for waiting until after (a) receiving a second message which includes the module identity and a source Internet protocol address and port (IP;
port) number before (b) sending the module instruction to the source IP;
port number; and
,a server program for establishing a secure connection with an application using the second server private key and the second set of parameters, for sending the sensor measurement and the module identity to the application via the secure connection, and for receiving the module instruction from the application; - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
Specification