Use of SNMP for management of small footprint devices

US 9,032,058 B2
Filed: 06/08/2009
Issued: 05/12/2015
Est. Priority Date: 03/13/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

generating a Simple Network Management Protocol (SNMP) command message at a manager, the SNMP command message comprising an object identifier, the object identifier comprising a variable identification portion and a command information portion, wherein the object identifier of the SNMP command message comprises a sequence of bytes having at least two commands therein, and wherein the at least two commands are directed toward a common variable in the managed device and cause a single component of the managed device to execute two different operations; and

transmitting the SNMP command message to a managed device, the managed device including at least one of an Integrated Circuit Card (ICC), a smart card, a Subscriber Identity Module (SIM) card, a Security Authentication Module (SAM) card, and a protocol converter.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, devices, and systems are provided for managing and controlling small footprint devices with a lightweight control protocol, such as SNMP. Relatively small control messages are employed that have a compact command portion included in an object identifier portion, thereby circumventing the need for a separate command portion as well as a data body. Also, methods, devices, and systems for improving the security and privacy of processing SNMP messages on SNMP-managed devices by moving this processing together with the sensitive data that the process employ such a cryptographic keys inside the tamper-resistant and tamper-evident boundary of an integrated circuit card.

147 Citations

25 Claims

1. A method, comprising:
- generating a Simple Network Management Protocol (SNMP) command message at a manager, the SNMP command message comprising an object identifier, the object identifier comprising a variable identification portion and a command information portion, wherein the object identifier of the SNMP command message comprises a sequence of bytes having at least two commands therein, and wherein the at least two commands are directed toward a common variable in the managed device and cause a single component of the managed device to execute two different operations; and
  
  transmitting the SNMP command message to a managed device, the managed device including at least one of an Integrated Circuit Card (ICC), a smart card, a Subscriber Identity Module (SIM) card, a Security Authentication Module (SAM) card, and a protocol converter.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the managed device is the ICC.
  - 3. The method of claim 1, wherein the managed device is the SIM card.
  - 4. The method of claim 1, further comprising:
    - receiving the command message at the managed device;
      
      utilizing the command information portion to determine the command to be executed and the parameters to be used during execution of the command; and
      
      executing the command with the parameters at the managed device.
  - 5. The method of claim 4, further comprising:
    - receiving the command at an SNMP agent contained within the managed device;
      
      analyzing the command with the SNMP agent to determine whether the command is directed toward a sensitive or non-sensitive variable;
      
      determining, by the SNMP agent, that the command is directed toward a sensitive variable; and
      
      passing the command from the SNMP agent to a component associated with the sensitive variable for processing by the component, wherein the command is executed by the component within a secure area of the managed device.
  - 6. The method of claim 1, further comprising:
    - encapsulating the command message in at least one of a TCP and UDP packet; and
      
      causing the at least one of a TCP and UDP packet to be transmitted from the manager to the managed device.
  - 7. The method of claim 1, wherein the at least two commands are executed according to order of appearance in the object identifier.
  - 8. The method of claim 1, wherein a first of the at least two commands is executed prior to a second of the at least two commands because the first of the at least two commands is directed toward a sensitive variable that is managed inside a tamper-resistant and tamper-evident boundary and the second of the at least two commands is directed toward a non-sensitive variable that is not managed inside the tamper-resistant and tamper-evident boundary.
  - 9. The method of claim 1, wherein SNMP data associated with the object identifier in a Protocol Data Unit (PDU) is set to NULL.
  - 10. The method of claim 1, wherein the managed device comprises a tamper-evident and tamper-resistant boundary and wherein the single component of the managed device is associated with the common variable and resides within the tamper-evident and tamper-resistant boundary such that it is not open to discovery.
  - 11. The method of claim 10, wherein the single component is removable from the managed device.
  - 12. The method of claim 10, wherein the single component is integral to the managed device.
  - 13. The method of claim 1, wherein the managed device comprises a Management Information Base containing at least one variable and processing capabilities for the at least one variable, wherein the at least one variable and the processing capabilities for the at least one variable are protected with at least one SNMP key.
  - 14. The method of claim 13, wherein the manager comprises information regarding the at least one SNMP key.

15. A Simple Network Management Protocol (SNMP) system, comprising:
- a manager to control devices with SNMP command message, the SNMP command messages comprising an object identifier with a variable identification portion and a command information portion, wherein the object identification portion comprises a sequence of bytes having at least two commands therein and wherein the at least two commands are directed toward a common variable in a managed device and cause a single component of the managed device to execute two different operations; and
  
  a small footprint device operating as the managed device and to receive and process SNMP command messages transmitted by the manager, wherein the small footprint device comprises at least one of an Integrated Circuit Card (ICC), a smart card, a Subscriber Identity Module (SIM) card, a Security Authentication Module (SAM) card and a protocol converter.
- View Dependent Claims (16, 17)
- - 16. The system of claim 15, wherein the small footprint device operates as part of an access control device.
  - 17. The system of claim 15, wherein at least some of the SNMP command messages are transmitted from the manager to the small footprint device via at least one of a TCP and UDP packet.

18. A small footprint device to receive and process Simple Network Management Protocol (SNMP) command messages, the SNMP command messages comprising an object identifier with a variable identification portion and a command information portion, wherein the object identification portion comprises a sequence of bytes having at least two commands therein and wherein the at least two commands are directed toward a common variable in a managed device and cause a single component of the managed device to execute two different operations;
- and wherein the small footprint device comprises at least one of an Integrated Circuit Card (ICC), a smart card, a Subscriber Identity Module (SIM) card, a Security Authentication Module (SAM) card and a protocol converter.

19. A non-transitory computer readable medium comprising processor executable instructions stored thereon that include an object identifier, the object identifier comprising a variable identification portion and a command information portion that comprises a sequence of bytes having at least two commands therein, wherein the at least two commands are directed toward a common variable in a managed device, wherein the at least two commands cause the common variable to execute a two different operations based on the at least two commands in the command information portion of the object identifier, the managed device being or being included in at least one of an Integrated Circuit Card (ICC), a smart card, a Subscriber Identity Module (SIM) card, a Security Authentication Module (SAM) card, and a protocol converter.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The computer readable medium of claim 19, wherein the executable instructions are in the form of a message.
  - 21. The computer readable medium of claim 20, wherein the medium comprises a wire.
  - 22. The computer readable medium of claim 19, wherein the medium comprises memory residing on a network device.
  - 23. The computer readable medium of claim 19, wherein the medium comprises memory of the managed device.

24. A method, comprising:
- generating a Simple Network Management Protocol (SNMP) command message at a manager, the SNMP command message comprising an object identifier, the object identifier comprising a variable identification portion and a command information portion, wherein the object identifier of the SNMP command message comprises a sequence of bytes having at least two commands therein, and wherein the at least two commands are directed toward different variables in the managed device and cause different components of the managed device to execute different operations; and
  
  transmitting the SNMP command message to a managed device, the managed device including at least one of an Integrated Circuit Card (ICC), a smart card, a Subscriber Identity Module (SIM) card, a Security Authentication Module (SAM) card, and a protocol converter.

25. A small footprint device to receive and process Simple Network Management Protocol (SNMP) command messages, the SNMP command messages comprising an object identifier that includesa variable identification portion identifies two different variables in the small footprint device that are managed by the SNMP command message, and wherein the command information portion comprises a sequence of bytes having at least two commands therein that identify different management actions that are performed by the two different variables in the small footprint device;
- andwherein the small footprint device comprises at least one of an Integrated Circuit Card (ICC), a smart card, a Subscriber Identity Module (SIM) card, a Security Authentication Module (SAM) card and a protocol converter.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Guthery, Scott B.
Primary Examiner(s)
Tiv, Backhean

Application Number

US12/480,505
Publication Number

US 20100235487A1
Time in Patent Office

2,164 Days
Field of Search

709/221, 709/222, 709/224
US Class Current

709/223
CPC Class Codes

H04L 41/0213 Standardised network manage...

H04L 63/0853 using an additional device,...

Use of SNMP for management of small footprint devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

147 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Use of SNMP for management of small footprint devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

147 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links