END-TO-END AUTHENTICATION AT THE SERVICE LAYER USING PUBLIC KEYING MECHANISMS
First Claim
1. An apparatus comprising a processor, a memory, and communication circuitry, the apparatus being connected to a communications network via its communication circuitry, the apparatus further comprising computer-executable instructions stored in the memory of the apparatus which, when executed by the processor of the apparatus, cause the apparatus to:
- a. receive a multi-hop transmission of a message from a message originator, where the transmission is received by way of a first intermediate entity, and where the multi-hop transmission comprises a digital signature of the message generated by the message originator; and
b. authenticate the message originator using a public key of the message originator and the digital signature of the message generated by the message originator.
1 Assignment
0 Petitions
Accused Products
Abstract
In a machine-to-machine/Internet-of-things environment, end-to-end authentication of devices separated by multiple hops is achieved via direct or delegated/intermediated negotiations using pre-provisioned hop-by-hop credentials, uniquely generated hop-by-hop credentials, and-or public key certificates, whereby remote resources and services may be discovered via single-hop communications, and then secure communications with the remote resources may be established using secure protocols appropriate to the resources and services and capabilities of end devices, and communication thereafter conducted directly without the overhead or risks engendered hop-by-hop translation.
82 Citations
20 Claims
-
1. An apparatus comprising a processor, a memory, and communication circuitry, the apparatus being connected to a communications network via its communication circuitry, the apparatus further comprising computer-executable instructions stored in the memory of the apparatus which, when executed by the processor of the apparatus, cause the apparatus to:
-
a. receive a multi-hop transmission of a message from a message originator, where the transmission is received by way of a first intermediate entity, and where the multi-hop transmission comprises a digital signature of the message generated by the message originator; and b. authenticate the message originator using a public key of the message originator and the digital signature of the message generated by the message originator. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method, comprising:
-
a. receiving a multi-hop transmission from a message originator by way of a first intermediate entity, where the multi-hop transmission comprises a digital signature generated by the message originator; and b. authenticating the message originator using a public key of the message originator and the digital signature generated by the message originator. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus comprising a processor, a memory, and communication circuitry, the apparatus being connected to a communications network via its communication circuitry, the apparatus further comprising computer-executable instructions stored in the memory of the apparatus which, when executed by the processor of the apparatus, cause the apparatus to:
-
a. register and store a first set of security processing capability parameters, the first set of security processing capability parameters corresponding to a first network entity, where the first entity is separate from the apparatus; and b. provide the first set of security processing capability parameters to a second network entity upon request, where the first entity is separate from the apparatus. - View Dependent Claims (18, 19, 20)
-
Specification