SECURITY PROFILE MANAGEMENT IN A MACHINE-TO-MACHINE MESSAGING SYSTEM

US 20160149917A1
Filed: 06/18/2015
Published: 05/26/2016
Est. Priority Date: 11/21/2014
Status: Active Grant

First Claim

Patent Images

1. A messaging system server device communicatively connected to multiple Internet of Things (IoT) devices, wherein the messaging system server device is located remotely from the multiple IoT devices and is configured to maintain one or more security profiles for one or more universally unique identifiers, the computing device comprising:

one or more data processors;

a receiver configured to receive a first registration request from a first IoT device and a second registration request from a second IoT device, wherein the first registration request includes a request to register the first IoT device with a messaging system, and wherein the second registration request includes a request to register the second IoT device with the messaging system; and

a non-transitory computer-readable storage medium of the messaging system server device containing instructions, which when executed on the one or more data processors, cause the one or more data processors to register the first IoT device and the second IoT device with the messaging system, wherein registering the first IoT device includes assigning a first universally unique identifier to the first IoT device, and wherein registering the second IoT device includes assigning a second universally unique identifier to the second IoT device;

wherein the receiver is further configured to receive a communication from the first IoT device, wherein the communication includes a request to generate a first security profile and a second security profile;

wherein the instructions which when executed on the one or more data processors, further cause the one or more data processors to generate the first security profile and the second security profile and to associate the first security profile and the second security profile with the first IoT device and the assigned first universally unique identifier, the first security profile including a first permissions record and a first set of restrictions, and the second security profile including a second permissions record and a second set of restrictions;

wherein the receiver is further configured to receive a request to assign the first security profile to the second IoT device; and

wherein the instructions which when executed on the one or more data processors, further cause the one or more data processors to assign the first security profile to the second IoT device, wherein the second IoT device is granted one or more access permissions to the first IoT device according to the first permissions record of the first security profile, and wherein the one or more access permissions are constrained by the first set of restrictions.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques and systems for managing security profiles in a machine-to-machine messaging system are provided. For example, computing device, a method, and a computer-program product may be provided for maintaining one or more security profiles, and may include registering one or more IoT devices with a messaging system, generating one or more security profiles for an IoT device, and assigning the one or more security profiles to one or more other IoT devices. A security profile includes a permissions record and one or more sets of restrictions.

23 Citations

20 Claims

1. A messaging system server device communicatively connected to multiple Internet of Things (IoT) devices, wherein the messaging system server device is located remotely from the multiple IoT devices and is configured to maintain one or more security profiles for one or more universally unique identifiers, the computing device comprising:
- one or more data processors;
  
  a receiver configured to receive a first registration request from a first IoT device and a second registration request from a second IoT device, wherein the first registration request includes a request to register the first IoT device with a messaging system, and wherein the second registration request includes a request to register the second IoT device with the messaging system; and
  
  a non-transitory computer-readable storage medium of the messaging system server device containing instructions, which when executed on the one or more data processors, cause the one or more data processors to register the first IoT device and the second IoT device with the messaging system, wherein registering the first IoT device includes assigning a first universally unique identifier to the first IoT device, and wherein registering the second IoT device includes assigning a second universally unique identifier to the second IoT device;
  
  wherein the receiver is further configured to receive a communication from the first IoT device, wherein the communication includes a request to generate a first security profile and a second security profile;
  
  wherein the instructions which when executed on the one or more data processors, further cause the one or more data processors to generate the first security profile and the second security profile and to associate the first security profile and the second security profile with the first IoT device and the assigned first universally unique identifier, the first security profile including a first permissions record and a first set of restrictions, and the second security profile including a second permissions record and a second set of restrictions;
  
  wherein the receiver is further configured to receive a request to assign the first security profile to the second IoT device; and
  
  wherein the instructions which when executed on the one or more data processors, further cause the one or more data processors to assign the first security profile to the second IoT device, wherein the second IoT device is granted one or more access permissions to the first IoT device according to the first permissions record of the first security profile, and wherein the one or more access permissions are constrained by the first set of restrictions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computing device of claim 1, further comprising:
    - wherein the receiver is configured to receive a message from the second IoT device, the message including the first universally unique identifier and a control command to control the first IoT device;
      
      wherein the instructions which when executed on the one or more data processors, further cause the one or more data processors to perform operations including;
      
      obtaining the first universally unique identifier,determining that the first universally unique identifier is assigned to the first IoT device;
      
      accessing the first security profile and the second security profile associated with the first universally unique identifier assigned to the first IoT device; and
      
      determining that the first security profile is assigned to the second IoT device; and
      
      a transmitter configured to transmit the message to the first IoT device when the first security profile is determined to be assigned to the second IoT device.
  - 3. The computing device of claim 1, wherein the first permissions record includes a send permission and a configure permission, the send permission allowing messages to be sent to the first IoT device and the configure permission allowing control of the first IoT device, and wherein assigning the first security profile to the second IoT device includes assigning the send permission and the configure permission to the second IoT device.
  - 4. The computing device of claim 1, wherein the first set of restrictions includes a restriction on a day or a time at which the second IoT device can control the first IoT device.
  - 5. The computing device of claim 1, wherein the first set of restrictions includes a message envelope restriction, the message envelope restriction limiting an amount or type of control of the first IoT device by the second IoT device.
  - 6. The computing device of claim 1, wherein the first set of restrictions includes a location restriction, the location restriction limiting access to the first IoT device by other IoT devices to one or more locations.
  - 7. The computing device of claim 1, wherein the first set of restrictions includes a path restriction, the path restriction restricting a path of universally unique identifiers that a message can take to reach to first IoT device.
  - 8. The computing device of claim 1, wherein the first universally unique identifier assigned to the first IoT device is associated with a plurality of security profiles, wherein different ones of the plurality of security profiles are assigned to different IoT devices.

9. A computer-implemented method of maintaining one or more security profiles for one or more universally unique identifiers by a messaging system server device communicatively connected to multiple Internet of Things (IoT) devices, wherein the messaging system server device is located remotely from the multiple IoT devices, the method comprising:
- receiving, by the messaging system server device, a first registration request from a first IoT device and a second registration request from a second IoT device, wherein the first registration request includes a request to register the first IoT device with a messaging system, and wherein the second registration request includes a request to register the second IoT device with the messaging system; and
  
  registering the first IoT device and the second IoT device with the messaging system, wherein registering the first IoT device includes assigning a first universally unique identifier to the first IoT device, and wherein registering the second IoT device includes assigning a second universally unique identifier to the second IoT device;
  
  receiving a communication from the first IoT device, wherein the communication includes a request to generate a first security profile and a second security profile;
  
  generating the first security profile and the second security profile, the first security profile including a first permissions record and a first set of restrictions, and the second security profile including a second permissions record and a second set of restrictions;
  
  associating the first security profile and the second security profile with the first IoT device and the assigned first universally unique identifier;
  
  receiving a request to assign the first security profile to the second IoT device; and
  
  assigning the first security profile to the second IoT device, wherein the second IoT device is granted one or more access permissions to the first IoT device according to the first permissions record of the first security profile, and wherein the one or more access permissions are constrained by the first set of restrictions.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, further comprising:
    - receiving a message from the second IoT device, the message including the first universally unique identifier and a control command to control the first IoT device;
      
      obtaining the first universally unique identifier,determining that the first universally unique identifier is assigned to the first IoT device;
      
      accessing the first security profile and the second security profile associated with the first universally unique identifier assigned to the first IoT device;
      
      determining that the first security profile is assigned to the second IoT device; and
      
      transmitting the message to the first IoT device when the first security profile is determined to be assigned to the second IoT device.
  - 11. The method of claim 9, wherein the first permissions record includes a send permission and a configure permission, the send permission allowing messages to be sent to the first IoT device and the configure permission allowing control of the first IoT device, and wherein assigning the first security profile to the second IoT device includes assigning the send permission and the configure permission to the second IoT device.
  - 12. The method of claim 9, wherein the first set of restrictions includes a restriction on a day or a time at which the second IoT device can control the first IoT device.
  - 13. The method of claim 9, wherein the first set of restrictions includes a message envelope restriction, the message envelope restriction limiting an amount or type of control of the first IoT device by the second IoT device.
  - 14. The method of claim 9, wherein the first set of restrictions includes a location restriction, the location restriction limiting access to the first IoT device by other IoT devices to one or more locations.
  - 15. The method of claim 9, wherein the first set of restrictions includes a path restriction, the path restriction restricting a path of universally unique identifiers that a message can take to reach to first IoT device.
  - 16. The method of claim 9, wherein the first universally unique identifier assigned to the first IoT device is associated with a plurality of security profiles, wherein different ones of the plurality of security profiles are assigned to different IoT devices.

17. A non-transitory machine-readable storage medium of a messaging system server device communicatively connected to multiple Internet of Things (IoT) devices, wherein the messaging system server device is located remotely from the multiple IoT devices, the non-transitory machine-readable storage medium including a computer-program product including instructions configured to cause one or more data processors to:
- receive a first registration request from a first IoT device and a second registration request from a second IoT device, wherein the first registration request includes a request to register the first IoT device with a messaging system, and wherein the second registration request includes a request to register the second IoT device with the messaging system; and
  
  register the first IoT device and the second IoT device with the messaging system, wherein registering the first IoT device includes assigning a first universally unique identifier to the first IoT device, and wherein registering the second IoT device includes assigning a second universally unique identifier to the second IoT device;
  
  receive a communication from the first IoT device, wherein the communication includes a request to generate a first security profile and a second security profile;
  
  generate the first security profile and the second security profile, the first security profile including a first permissions record and a first set of restrictions, and the second security profile including a second permissions record and a second set of restrictions;
  
  associate the first security profile and the second security profile with the first IoT device and the assigned first universally unique identifier;
  
  receive a request to assign the first security profile to the second IoT device; and
  
  assign the first security profile to the second IoT device, wherein the second IoT device is granted one or more access permissions to the first IoT device according to the first permissions record of the first security profile, and wherein the one or more access permissions are constrained by the first set of restrictions.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory machine-readable storage medium of claim 17, wherein the computer-program product further comprises configured to cause the one or more data processors to:
    - receive a message from the second IoT device, the message including the first universally unique identifier and a control command to control the first IoT device;
      
      obtain the first universally unique identifier;
      
      determine that the first universally unique identifier is assigned to the first IoT device;
      
      access the first security profile and the second security profile associated with the first universally unique identifier assigned to the first IoT device;
      
      determine that the first security profile is assigned to the second IoT device; and
      
      transmit the message to the first IoT device when the first security profile is determined to be assigned to the second IoT device.
  - 19. The non-transitory machine-readable storage medium of claim 17, wherein the first permissions record includes a send permission and a configure permission, the send permission allowing messages to be sent to the first IoT device and the configure permission allowing control of the first IoT device, and wherein assigning the first security profile to the second IoT device includes assigning the send permission and the configure permission to the second IoT device.
  - 20. The non-transitory machine-readable storage medium of claim 17, wherein the first set of restrictions includes a restriction on a day or a time at which the second IoT device can control the first IoT device, a message envelope restriction limiting an amount or type of control of the first IoT device by the second IoT device, a location restriction limiting access to the first IoT device by other IoT devices to one or more locations, or a path restriction restricting a path of universally unique identifiers that a message can take to reach to first IoT device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Matthieu, Chris, Ramleth, Geir

Granted Patent

US 9,578,033 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 67/12   specially adapted for propr...

H04W 4/70   Services for machine-to-mac...

SECURITY PROFILE MANAGEMENT IN A MACHINE-TO-MACHINE MESSAGING SYSTEM

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY PROFILE MANAGEMENT IN A MACHINE-TO-MACHINE MESSAGING SYSTEM

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links