Set of Servers for "Machine-to-Machine" Communications Using Public Key Infrastructure
First Claim
1. A method for supporting machine-to-machine communications, the method performed by a set of servers using at least one computer processor, the method comprising:
- recording a first server private key in a nonvolatile memory, wherein the first server private key is used to establish a secure connection with an application server;
receiving a message through at least one local area network (LAN) interface, wherein the message includes a module identity and a module digital signature, wherein the module digital signature is verified using a first module public key, and wherein the message includes a first source Internet protocol address and port (IP;
port) number;
transmitting a response to the first source IP;
port number, wherein the response includes a server digital signature processed using a second server private key;
using the module identity to select from a module database a set of cryptographic parameters for processing a second module public key;
transmitting the set of cryptographic parameters;
receiving the second module public key and the module identity, wherein at least one member of the set of servers processes the second module public key using (i) the module identity and (ii) at least a portion of the set of cryptographic parameters, wherein the second module public key is verified using the first module public key, wherein the second module public key is used to decrypt a module encrypted data, and wherein the module encrypted data includes a sensor data; and
transmitting the sensor data and the module identity to the application server using the secure connection.
4 Assignments
0 Petitions
Accused Products
Abstract
A set of servers can support secure and efficient “Machine to Machine” communications using an application interface and a module controller. The set of servers can record data for a plurality of modules in a shared module database. The set of servers can (i) access the Internet to communicate with a module using a module identity, (i) receive server instructions, and (iii) send module instructions. Data can be encrypted and decrypted using a set of cryptographic algorithms and a set of cryptographic parameters. The set of servers can (i) receive a module public key with a module identity, (ii) authenticate the module public key, and (iii) receive a subsequent series of module public keys derived by the module with a module identity. The application interface can use a first server private key and the module controller can use a second server private key.
-
Citations
27 Claims
-
1. A method for supporting machine-to-machine communications, the method performed by a set of servers using at least one computer processor, the method comprising:
-
recording a first server private key in a nonvolatile memory, wherein the first server private key is used to establish a secure connection with an application server; receiving a message through at least one local area network (LAN) interface, wherein the message includes a module identity and a module digital signature, wherein the module digital signature is verified using a first module public key, and wherein the message includes a first source Internet protocol address and port (IP;
port) number;transmitting a response to the first source IP;
port number, wherein the response includes a server digital signature processed using a second server private key;using the module identity to select from a module database a set of cryptographic parameters for processing a second module public key; transmitting the set of cryptographic parameters; receiving the second module public key and the module identity, wherein at least one member of the set of servers processes the second module public key using (i) the module identity and (ii) at least a portion of the set of cryptographic parameters, wherein the second module public key is verified using the first module public key, wherein the second module public key is used to decrypt a module encrypted data, and wherein the module encrypted data includes a sensor data; and transmitting the sensor data and the module identity to the application server using the secure connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for supporting machine-to-machine communications, the system comprising:
-
a module controller for; monitoring a destination Internet protocol address and port (IP;
port) number,receiving, from a module behind a firewall, a first message comprising a module identity of the module and a first source IP;
port number of the module, wherein the module identity is verified using a first module public key,sending to the module at the first source IP;
port number a set of cryptographic parameters for deriving a public and private key pair,receiving, from the module, a second message comprising a second module public key and the module identity, the second module public key being of a public and private key pair derived from the cryptographic parameters, wherein the second message is verified using the first module public key, receiving, from the module reconnected from behind the firewall, a third message comprising the module identity of the module and a second source IP;
port number of the module, wherein the first and second source IP;
port numbers are different, andsending a response to the third message from the destination IP;
port number to the module at the second source IP;
port number, wherein the response includes an encrypted module instruction, wherein the encrypted module instruction is ciphered using the second module public key, and wherein the module controller sends the response after receiving the second message;an application interface for using a first server private key to receive the module instruction; a module database for recording the module identity and the set of cryptographic parameters, and for sending the set of cryptographic parameters to the module controller in response to a query including the module identity; and
,a processor for using a second server private key and the set of cryptographic parameters to calculate a server digital signature, wherein the server digital signature is sent from the destination IP;
port number. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A method for supporting machine-to-machine communications, the method performed by a set of servers using at least one computer processor, the method comprising:
-
receiving, from a module, a first message that includes a module identity of the module and a first source Internet protocol address and port (IP;
port) number associated with the module, wherein the module identity is verified using a first module public key;transmitting a query to a module database and receiving a response from the module database, wherein the query includes the module identity, and wherein the response includes at least a set of cryptographic parameters for deriving a public and private key pair; transmitting a response to the module at the first source IP;
port number, wherein the response includes at least a portion of the set of cryptographic parameters;receiving, from the module, a second message which includes a second module public key and the module identity, the second module public key being of a public and private key pair derived from the cryptographic parameters, wherein the second message is verified using the first module public key; receiving, from an application server, via a secure connection, a module instruction and the module identity; receiving, from the module, a third message, wherein the third message includes (i) a second source IP;
port number associated with the module and (ii) the module identity; andtransmitting the module instruction within a server encrypted data to the module at the second source IP;
port number, wherein the server encrypted data is ciphered using the second module public key, and wherein the first and second source IP;
port numbers are different. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
-
Specification