SECURING COMMUNICATION WITHIN A NETWORK ENDPOINT
First Claim
1. A network endpoint device, comprising:
- a communication module configured to communicate with a network and to communicate with a first module and a second module via a bidirectional communication path, wherein the first module, the second module, and the bidirectional communication path are within the network endpoint device;
the first module;
the second module; and
the bidirectional communication path, wherein the bidirectional communication path includes a first secure paired channel between the communication module and the first module established by an exchange of a first pairing key between the communication module and the first module, and a second secure paired channel between the communication module and the second module established by an exchange of a second pairing key between the communication module and the second module, andwherein the communication module is operable to receive a communication from an external network device that includes security data and requests a secure channel to the network endpoint device, to send the security data to the first module using the first secure paired channel and the first pairing key, and to send the security data to the second module using the second secure paired channel and the second pairing key, wherein the first pairing key, the second pairing key, and the security data are distinct.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for securing communication within a network endpoint, for example, a meter. The meter may include a communication module and a metrology module where the modules are connected via a communication path that is external to both modules. The modules exchange a pairing key to establish a paired channel of communication. When the communication module receives a communication through a network for establishing a secure channel to the endpoint, the communications module sends some or all of the security data to the metrology module to establish a secure communication from a head-end system through the communication module to the metrology module.
1 Citation
20 Claims
-
1. A network endpoint device, comprising:
-
a communication module configured to communicate with a network and to communicate with a first module and a second module via a bidirectional communication path, wherein the first module, the second module, and the bidirectional communication path are within the network endpoint device; the first module; the second module; and the bidirectional communication path, wherein the bidirectional communication path includes a first secure paired channel between the communication module and the first module established by an exchange of a first pairing key between the communication module and the first module, and a second secure paired channel between the communication module and the second module established by an exchange of a second pairing key between the communication module and the second module, and wherein the communication module is operable to receive a communication from an external network device that includes security data and requests a secure channel to the network endpoint device, to send the security data to the first module using the first secure paired channel and the first pairing key, and to send the security data to the second module using the second secure paired channel and the second pairing key, wherein the first pairing key, the second pairing key, and the security data are distinct. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for securing communications within a network, wherein the network includes a plurality of endpoints and a first endpoint includes a communication module and at least one additional module, comprising:
-
receiving, by the communication module, a network communication that includes security data to establish a secure channel between a central system and the first endpoint; sending, by the communication module, the security data to a first additional module via a secure paired channel using a first pairing key, wherein the secure paired channel was previously established by an exchange of the first pairing key between the communication module and the first additional module, and the first pairing key and the security data are distinct; receiving, by the communication module, a second network communication that includes network data; determining, by the communication module, that the first additional module is a recipient for the second network communication; sending, by the communication module, the second network communication to the first additional module via the secure paired channel using the first pairing key; and verifying, by the first additional module, a key associated with the second network communication using the security data. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A network endpoint device, comprising:
-
a communication module, including a communication device for wirelessly communicating with a network device via a network; at least one additional module; and a bidirectional communication path connecting the communication module and the at least one additional module, wherein the bidirectional communication path includes a first paired channel established by an exchange of a first pairing key between the communication module and the at least one additional module, wherein the communication module is operable to receive a communication from the network device via the communication device that includes security data and that requests a secure channel to the network endpoint device, and to send the security data to the at least one additional module using the first paired channel and the first pairing key, wherein the security data and the first pairing key are distinct, and wherein the at least one additional module is operable to use the security data to decrypt data received from the network and encrypt module data sent to the network device. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification