METHOD AND APPARATUS FOR PROVIDING SECURE COMMUNICATION AMONG CONSTRAINED DEVICES

US 20170026185A1
Filed: 07/20/2016
Published: 01/26/2017
Est. Priority Date: 07/21/2015
Status: Active Grant

First Claim

Patent Images

1. A method for secure communication between constrained devices comprising:

issuing, by an authorization server, cryptographic communication rights among a plurality of constrained devices where each of the plurality of constrained devices comprises no more than one cryptographic algorithm code module per cryptographic function;

receiving, by the authorization server, a cryptographic communication rights request associated with at least a first of the plurality of constrained devices in response to a cryptographic algorithm update request; and

providing, by the authorization server, a response comprising an identification of a subset of the plurality of constrained devices that have cryptographic communication rights with the identified first of the plurality of constrained devices.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one example, an apparatus such as an authorization server and method for secure communication between constrained devices issues cryptographic communication rights among a plurality of constrained devices. Each of the plurality of constrained devices comprises no more than one cryptographic algorithm code module per cryptographic function. The method includes receiving a cryptographic communication rights request associated with at least a first of the plurality of constrained devices in response to a cryptographic algorithm update request, and includes providing a response including an identification of a subset of the plurality of constrained devices that have cryptographic communication rights with the identified first of the plurality of constrained devices. A software update server then updates the cryptographic code modules in the sub-set of the plurality of constrained devices.

63 Citations

View as Search Results

10 Claims

1. A method for secure communication between constrained devices comprising:
- issuing, by an authorization server, cryptographic communication rights among a plurality of constrained devices where each of the plurality of constrained devices comprises no more than one cryptographic algorithm code module per cryptographic function;
  
  receiving, by the authorization server, a cryptographic communication rights request associated with at least a first of the plurality of constrained devices in response to a cryptographic algorithm update request; and
  
  providing, by the authorization server, a response comprising an identification of a subset of the plurality of constrained devices that have cryptographic communication rights with the identified first of the plurality of constrained devices.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein providing, by the authorization server, the response comprising the identification of the subset of the plurality of constrained devices that have cryptographic communication rights comprises determining which of the plurality of constrained devices have cryptographic communication rights with the identified first constrained device based on authorized communication rights authorized by the authorization server.
  - 3. The method of claim 1 comprising provisioning, by a software update server, a replacement cryptographic code module, in response to the cryptographic algorithm update request, to the subset of the plurality of constrained devices that have cryptographic communication rights with the identified first of the plurality of constrained devices, wherein the replacement cryptographic code module comprises at least one of:
    - a data encryption code module, a key encryption code module, a data signature code module, a key agreement code module and a data digest code module.
  - 4. The method of claim 1 wherein issuing, by the authorization server, cryptographic communication rights among the plurality of constrained devices comprises issuing asymmetric key based configuration certificates or symmetric key based ticket to the plurality of constrained devices wherein the configuration certificates assign communication rights to each of the plurality of constrained devices to allow the plurality of constrained devices to cryptographically exchange information between the plurality of constrained devices.
  - 5. The method of claim 1 comprising issuing the cryptographic communication rights request by a software update server in response to the software update server receiving the cryptographic algorithm update request.
  - 6. The method of claim 1 comprising issuing the cryptographic communication rights request by a network management device in response to the network management device receiving the cryptographic algorithm update request.

7. An apparatus comprising:
- logic operative to;
  
  issue cryptographic communication rights among a plurality of constrained devices where each of the plurality of constrained devices comprises no more than one cryptographic algorithm code module per cryptographic function;
  
  receive a cryptographic communication rights request associated with at least a first of the plurality of constrained devices in response to a cryptographic algorithm update request; and
  
  provide a response comprising an identification of a subset of the plurality of constrained devices that have cryptographic communication rights with the identified first of the plurality of constrained devices.
- View Dependent Claims (8, 9)
- - 8. The apparatus of claim 7 wherein the logic is operative to determine which of the plurality of constrained devices have cryptographic communication rights with the identified first constrained device based on authorized communication rights authorized by the authorization server.
  - 9. The apparatus of claim 7 wherein the logic is operative to issue asymmetric key based configuration certificates or symmetric key based tickets to the plurality of constrained devices wherein the configuration certificates assign communication rights to each of the plurality of constrained devices to allow the plurality of constrained devices to cryptographically exchange information between the plurality of constrained devices.

10. A system comprising:
- a plurality of constrained devices;
  
  an authorization server, operatively coupled to the plurality of constrained devices, comprising logic operative to;
  
  issue cryptographic communication rights among the plurality of constrained devices where each of the plurality of constrained devices comprises no more than one cryptographic algorithm code module per cryptographic function;
  
  receive a cryptographic communication rights request associated with at least a first of the plurality of constrained devices in response to a cryptographic algorithm update request; and
  
  provide a response comprising an identification of a subset of the plurality of constrained devices that have cryptographic communication rights with the identified first of the plurality of constrained devices; and
  
  a software update server, operatively coupled to the plurality of constrained devices and to the authorization server, comprising logic operative to provision a replacement cryptographic code module, in response to a cryptographic algorithm update request, to a subset of a plurality of constrained devices that have cryptographic communication rights with an identified first of the plurality of constrained devices, wherein the replacement cryptographic code module comprises at least one of;
  
  a data encryption code module, a key encryption code module, a data signature code module, a key agreement code module and a data digest code module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entrust Corp.
Original Assignee
Entrust Incorporated (Entrust Corp.)
Inventors
Moses, Timothy Edward

Granted Patent

US 10,728,043 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 9/006   involving public key infras...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/083   involving central third par...

H04L 9/0833   involving conference or gro...

H04L 9/0891   Revocation or update of sec...

H04L 9/16   the keys or algorithms bein...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

METHOD AND APPARATUS FOR PROVIDING SECURE COMMUNICATION AMONG CONSTRAINED DEVICES

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR PROVIDING SECURE COMMUNICATION AMONG CONSTRAINED DEVICES

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links