SYSTEM AND METHOD FOR SECURING MACHINE-TO-MACHINE COMMUNICATIONS
First Claim
1. A method for securing machine-to-machine communications between a M2M consumer application and a M2M resource provider wherein when an access request is initiated:
- sending a securities credentials request from the M2M consumer application to a M2M authorization server,receiving from the M2M authorization server to the consumer application generated securities credentials which comprises an access token, session encryption keys and an authentication key,transmitting from the M2M consumer application the access token and an authentication message to the M2M resource provider for authenticating the consumer application,transmitting the access request from the M2M consumer application to the M2M resource provider, said access request comprising request parameter encrypted with the session keys to access or control resources,authenticating by the M2M resource provider the M2M consumer application as an authorized one from the authentication message and the content of the access token,retrieving by the M2M resource provider the session keys from the content of the access token,decrypting by the M2M resource provider the encrypted request parameter with the session keys, andsending, from the M2M resource provider, the encrypted response of the request parameter to the M2M consumer application.
3 Assignments
0 Petitions
Accused Products
Abstract
This invention concerns the implementation of end-to-end security for the communication between objects in the domain of the Internet of Things (or Internet of Objects). The purpose of the patent is dealing with the setup of secure authorized information channel between data source (M2M device) and data consumers (consumer entity). According to the present invention, the access to a M2M device by a consumer entity (consumer application) is controlled by a M2M authorization server. The M2M authorization server is the entity in charge of managing access rights for the M2M device and makes the decision regarding the access to the resource by the consumer entity (consumer application). The M2M server is an entity that enforces the decision and enables the access to the M2M device. When a consumer application needs to communicate with a M2M device, the present invention proposes a method for authorizing a consumer application to access a M2M device and for encrypting the communication between the consumer application and the M2M device. The M2M authorization server computes security credentials which are sent to the consumer application.
-
Citations
20 Claims
-
1. A method for securing machine-to-machine communications between a M2M consumer application and a M2M resource provider wherein when an access request is initiated:
-
sending a securities credentials request from the M2M consumer application to a M2M authorization server, receiving from the M2M authorization server to the consumer application generated securities credentials which comprises an access token, session encryption keys and an authentication key, transmitting from the M2M consumer application the access token and an authentication message to the M2M resource provider for authenticating the consumer application, transmitting the access request from the M2M consumer application to the M2M resource provider, said access request comprising request parameter encrypted with the session keys to access or control resources, authenticating by the M2M resource provider the M2M consumer application as an authorized one from the authentication message and the content of the access token, retrieving by the M2M resource provider the session keys from the content of the access token, decrypting by the M2M resource provider the encrypted request parameter with the session keys, and sending, from the M2M resource provider, the encrypted response of the request parameter to the M2M consumer application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A M2M communications system, comprising a consumer application, said consumer application being configured to communicate with a M2M resource provider across an access network, wherein access request messages transiting between the consumer application and the M2M device during this communication are secured by a M2M authorization server wherein:
-
the M2M consumer application is programmed to send a securities credentials request from the M2M consumer application to a M2M authorization server, the M2M consumer application is programmed to receive from the M2M authorization server generated securities credentials which comprises an access token, session encryption keys and an authentication key, the M2M consumer application is programmed to transmit from the M2M consumer application the access token and an authentication message to the M2M resource provider for authenticating the consumer application, the M2M consumer application is programmed to transmit the access request from the M2M consumer application to the M2M resource provider, said access request comprising request parameter encrypted with the session keys to access or control resources, the M2M resource provider is programmed to authenticate the M2M consumer application as an authorized one from the authentication message and the content of the access token, the M2M resource provider is programmed to retrieve the session keys from the content of the access token, the M2M resource provider is programmed to decrypt the encrypted request parameter with the session keys, and the M2M resource provider is programmed to send the encrypted response of the request parameter to the M2M consumer application. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification