END-TO-END AUTHENTICATION AT THE SERVICE LAYER USING PUBLIC KEYING MECHANISMS

US 20160277391A1
Filed: 03/16/2016
Published: 09/22/2016
Est. Priority Date: 03/16/2015
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising a processor, a memory, and communication circuitry, the apparatus being connected to a communications network via its communication circuitry, the apparatus further comprising computer-executable instructions stored in the memory of the apparatus which, when executed by the processor of the apparatus, cause the apparatus to:

a. receive a multi-hop transmission of a message from a message originator, where the transmission is received by way of a first intermediate entity, and where the multi-hop transmission comprises a digital signature of the message generated by the message originator; and

b. authenticate the message originator using a public key of the message originator and the digital signature of the message generated by the message originator.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a machine-to-machine/Internet-of-things environment, end-to-end authentication of devices separated by multiple hops is achieved via direct or delegated/intermediated negotiations using pre-provisioned hop-by-hop credentials, uniquely generated hop-by-hop credentials, and-or public key certificates, whereby remote resources and services may be discovered via single-hop communications, and then secure communications with the remote resources may be established using secure protocols appropriate to the resources and services and capabilities of end devices, and communication thereafter conducted directly without the overhead or risks engendered hop-by-hop translation.

82 Citations

View as Search Results

20 Claims

1. An apparatus comprising a processor, a memory, and communication circuitry, the apparatus being connected to a communications network via its communication circuitry, the apparatus further comprising computer-executable instructions stored in the memory of the apparatus which, when executed by the processor of the apparatus, cause the apparatus to:
- a. receive a multi-hop transmission of a message from a message originator, where the transmission is received by way of a first intermediate entity, and where the multi-hop transmission comprises a digital signature of the message generated by the message originator; and
  
  b. authenticate the message originator using a public key of the message originator and the digital signature of the message generated by the message originator.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, wherein the computer-executable instructions further cause the apparatus to obtain the public key of the message originator from a trusted third party.
  - 3. The apparatus of claim 1, wherein the multi-hop transmission is from a source entity separate from the message originator, and wherein multi-hop transmission does not contain a digital signature generated by the source entity.
  - 4. The apparatus of claim 1, wherein the multi-hop transmission further comprises a digital signature generated by the first intermediate entity, and wherein the computer-executable instructions further cause the apparatus to authenticate the first intermediate entity using a public key of the first intermediate entity and the signature generated by the first intermediate entity.
  - 5. The apparatus of claim 1, wherein the transmission further comprises digital signatures generated by each of a plurality of intermediate entities, and wherein the computer-executable instructions further cause the apparatus to authenticate each of the plurality of intermediate entities using the public key and the digital signatures generated by each of the plurality of intermediate entities.
  - 6. The apparatus of claim 1, wherein the computer-executable instructions further cause the apparatus to determine, based on the authentication of the message originator, whether to forward the multi-hop transmission to a destination entity.
  - 7. The apparatus of claim 6, wherein the computer-executable instructions further cause the apparatus to:
    - a. authenticate the destination entity using a public key of the destination entity; and
      
      b. determine, based on the authentication of the destination entity, whether to forward the first multi-hop transmission to a destination entity.
  - 8. The apparatus of claim 1, wherein the multi-hop transmission comprises a hop-by-hop credential, and wherein the computer-executable instructions further cause the apparatus to examine the hop-by-hop credential.

9. A method, comprising:
- a. receiving a multi-hop transmission from a message originator by way of a first intermediate entity, where the multi-hop transmission comprises a digital signature generated by the message originator; and
  
  b. authenticating the message originator using a public key of the message originator and the digital signature generated by the message originator.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, further comprising obtaining the public key of the message originator from a trusted third party.
  - 11. The method of claim 9, wherein the multi-hop transmission is from a source entity separate from the message originator, and wherein multi-hop transmission does not contain a digital signature of the source entity
  - 12. The method of claim 9, wherein the multi-hop transmission further comprises a digital signature of the message generated by the first intermediate entity, the method further comprising authenticating the first intermediate entity using a public key of the first intermediate entity and the digital signature of the message generated by the first intermediate entity.
  - 13. The method of claim 9, wherein the transmission further comprises a plurality of messages containing digital signatures generated by each of a plurality of intermediate entities, the method further comprising authenticating the plurality of intermediate entities using the public key and the digital signatures generated by each of the plurality of intermediate entities.
  - 14. The method of claim 9, further comprising determining, based on the authentication of the message originator, by way of verifying the digital signature generated by the message originator, whether to forward the multi-hop transmission to a destination entity.
  - 15. The method of claim 14, further comprising:
    - a. authenticating the destination entity using the digital signature generated by the message originator and a public key of the destination entity; and
      
      b. determining, based on the authentication of the destination entity, whether to forward the first multi-hop transmission to a destination entity.
  - 16. The method of claim 9, wherein the multi-hop transmission comprises a hop-by-hop credential, the method further comprising examining the hop-by-hop credential.

17. An apparatus comprising a processor, a memory, and communication circuitry, the apparatus being connected to a communications network via its communication circuitry, the apparatus further comprising computer-executable instructions stored in the memory of the apparatus which, when executed by the processor of the apparatus, cause the apparatus to:
- a. register and store a first set of security processing capability parameters, the first set of security processing capability parameters corresponding to a first network entity, where the first entity is separate from the apparatus; and
  
  b. provide the first set of security processing capability parameters to a second network entity upon request, where the first entity is separate from the apparatus.
- View Dependent Claims (18, 19, 20)
- - 18. The apparatus of claim 17, wherein the first set of security processing capability parameters comprises available processor power, available power, available memory, wireless bandwidth available, message integrity mechanism, authentication mechanism, non-repudiation mechanism, confidentiality mechanism, or supported security protocol.
  - 19. The apparatus of claim 17, wherein the security parameters comprise a security credential.
  - 20. The apparatus of claim 17, wherein the computer-executable instructions further cause the apparatus to inform the second entity that only end-to-end authentication is required.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Convida Wireless LLC
Original Assignee
Convida Wireless LLC
Inventors
Rahman, Shamim Akbar, Choyi, Vinod Kumar, Seed, Dale N., Shah, Yogendra C., Ly, Quang, Flynn, William Robert IV, Starsinic, Michael F., Chen, Zhuo, Li, Qing

Granted Patent

US 10,110,595 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

G06F 2221/2115   Third party

H04L 63/06   for supporting key manageme...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 67/12   specially adapted for propr...

H04L 9/3247   involving digital signatures

H04W 12/069   using certificates or pre-s...

H04W 4/70   Services for machine-to-mac...

H04W 84/18   Self-organising networks, e...

END-TO-END AUTHENTICATION AT THE SERVICE LAYER USING PUBLIC KEYING MECHANISMS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

82 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

END-TO-END AUTHENTICATION AT THE SERVICE LAYER USING PUBLIC KEYING MECHANISMS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links