In-field smart device updates

US 9,130,910 B1
Filed: 12/16/2014
Issued: 09/08/2015
Est. Priority Date: 11/05/2014
Status: Active Grant

First Claim

Patent Images

1. An electronic device comprising:

a processor;

a network interface for communicatively coupling the electronic device to another electronic device over a local area network; and

a memory configured to store instructions configured to cause the processor to;

send a message to a remote server indicating that the electronic device lacks provisioning information, the provisioning information being required by the electronic device to facilitate at least some communications between the electronic device and the another electronic device over the local area network, the remote server being remote from the electronic device, the another electronic device, and the local area network;

in response to sending the message to the remote server indicating that the electronic device lacks provisioning information, receive encrypted provisioning information from the remote server;

in response to receiving the encrypted provisioning information from the remote server, decrypt the encrypted provisioning information resulting in decrypted provisioning information;

determine whether the decrypted provisioning information is valid, wherein determining that the decrypted provisioning information is valid comprises;

decoding a certificate having a public key;

verifying that a device ID of the electronic device matches an ID in the certificate;

verifying that a private key in the provisioning information matches the public key of the certificate; and

verifying that a pairing code includes a valid check digit;

upon determining that the decrypted provisioning information is valid, store the decrypted provisioning information in the memory; and

communicate with the another electronic device over the local area network via the network interface using the stored provisioning information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for causing a device to join a network or fabric. A joining device sends an indication that the electronic device is not connected to a network type and receives a device ID for an assisting device to assist the electronic device in joining a network of the network type. Moreover, the assisting device resides on the network. The joining device then authenticates to the assisting device from the assisting device and receives network credentials for the network. Furthermore, the joining device joins the network using the network credentials.

Citations

17 Claims

1. An electronic device comprising:
- a processor;
  
  a network interface for communicatively coupling the electronic device to another electronic device over a local area network; and
  
  a memory configured to store instructions configured to cause the processor to;
  
  send a message to a remote server indicating that the electronic device lacks provisioning information, the provisioning information being required by the electronic device to facilitate at least some communications between the electronic device and the another electronic device over the local area network, the remote server being remote from the electronic device, the another electronic device, and the local area network;
  
  in response to sending the message to the remote server indicating that the electronic device lacks provisioning information, receive encrypted provisioning information from the remote server;
  
  in response to receiving the encrypted provisioning information from the remote server, decrypt the encrypted provisioning information resulting in decrypted provisioning information;
  
  determine whether the decrypted provisioning information is valid, wherein determining that the decrypted provisioning information is valid comprises;
  
  decoding a certificate having a public key;
  
  verifying that a device ID of the electronic device matches an ID in the certificate;
  
  verifying that a private key in the provisioning information matches the public key of the certificate; and
  
  verifying that a pairing code includes a valid check digit;
  
  upon determining that the decrypted provisioning information is valid, store the decrypted provisioning information in the memory; and
  
  communicate with the another electronic device over the local area network via the network interface using the stored provisioning information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The electronic device of claim 1, wherein the instructions are configured to cause the processor to:
    - determine whether the memory contains the certificate for the electronic device, wherein the certificate is a certificate for the electronic device to be used for authenticating;
      
      determine whether the memory contains a private key that corresponds to the public key in the certificate; and
      
      determine whether the memory contains the pairing code for the electronic device.
  - 3. The electronic device of claim 2, wherein the instructions are configured to cause the processor to send the message to the remote server after the processor has determined that the memory does not contain the certificate having the public key, after the processor has determined that the memory does not contain the private key that corresponds to the public key in the certificate, or the processor has determined that the memory does not contain the pairing code.
  - 4. The electronic device of claim 1, wherein sending the message indicating a lack of provisioning information comprising sending the message via the network interface to the remote server, wherein the message comprises headers that include the device ID header containing a device ID for the electronic device and a provisioning state header indicating a state of provisioning for the electronic device.
  - 5. The electronic device of claim 4, wherein the provisioning state header comprises a provisioned state indicating that the electronic device has the provisioning information, a not-provisioned state indicating that the electronic device does not have all provisioning information, or a last provisioning failed state indicating that a previous attempt to transfer provisioning information to the electronic device failed.
  - 6. The electronic device of claim 1, wherein decrypting the provisioning information comprises decrypting the provisioning information using a device-specific secret stored in the electronic device that is unknown by the remote server and the another electronic device, wherein an encrypted format of the provisioning information blocks the remote server from decoding the provisioning information.
  - 7. The electronic device of claim 1, wherein, if the processor fails to verify that the device ID matches a certificate ID of the certificate, fails to verify that the private key matches the public key of the certificate, or fails to identify a valid check digit in the pairing code, the instructions are configured to cause the processor to:
    - discard the provisioning information, wherein discarding comprises removing impartial updates; and
      
      update a provisioning status to a last provisioning failed status for the electronic device.
  - 8. The electronic device of claim 1, wherein the received provisioning information comprises:
    - the certificate for the electronic device to authenticate the electronic device to other devices;
      
      the private key corresponding to the public key of the certificate; and
      
      the pairing code for the electronic device to be used to identify that the electronic device is the electronic device to which other devices are connected.

9. A non-transitory, computer-readable medium having instructions stored thereon, wherein the instructions, when executed, are configured to cause a processor to:
- send a message to a remote server indicating that an electronic device lacks provisioning information, the provisioning information being required by the electronic device to facilitate at least some communications between the electronic device and another electronic device over a local area network using a network interface of the electronic device, the remote server being remote from the electronic device, the another electronic device, and the local area network;
  
  in response to sending the message to the remote server indicating that the electronic device lacks provisioning information, receive encrypted provisioning information from the remote server;
  
  in response to receiving the encrypted provisioning information from the remote server, decrypt the encrypted provisioning information resulting in decrypted provisioning information;
  
  determine whether the decrypted provisioning information is valid, wherein determining that the decrypted provisioning information is valid comprises;
  
  decoding a certificate having a public key;
  
  verifying that a device ID of the electronic device matches an ID in the certificate;
  
  verifying that a private key in the provisioning information matches the public key of the certificate; and
  
  verifying that a pairing code includes a valid check digit;
  
  upon determining that the decrypted provisioning information is valid, store the decrypted provisioning information in memory; and
  
  communicate with the another electronic device over the local area network via the network interface using the stored provisioning information.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The non-transitory, computer-readable medium of claim 9, wherein sending the message comprises:
    - encoding a device ID for the sending electronic device into a header of the message to enable to remote server to access unique provisioning information for the electronic device; and
      
      encoding a provisioning state into the header that indicates whether the electronic device has the provisioning information, does not have the provisioning information, or has previously failed a provisioning attempt.
  - 11. The non-transitory, computer-readable medium of claim 9, wherein, if the processor fails to verify that the device ID of the certificate corresponds to the electronic device, fails to verify that the certificate has the public key that corresponds to the private key of the certificate, or fails to verify that the pairing code contains the valid check digit, the instructions are configured to cause the processor to update a provisioning state header to indicate that a previous provisioning attempt has failed.
  - 12. The non-transitory, computer-readable medium of claim 9, wherein the instructions are configured to cause the electronic device to receive an update to communication protocols with the remote server, wherein the updated communication protocols are configured to cause the electronic device to send device ID and provisioning state headers in normal communications with the remote server, wherein the device ID and provisioning state headers are configured to indicate to the remote server that the electronic device is currently capable of receiving and using the provisioning information.
  - 13. The non-transitory, computer-readable medium of claim 9, wherein the at least some communications comprises communications via:
    - a wireless network type using an 802.15.4 protocol; and
      
      a fabric connection which enables devices within the fabric to pass data to each other through one or more network protocols securely using fabric security information in addition to the underlying security of the one or more network protocols.
  - 14. The non-transitory, computer-readable medium of claim 9, wherein the instructions are configured to cause the processor to update a provisioning state header to indicate that the electronic device has been provisioned upon verifying that the device ID of the certificate corresponds to the electronic device, verifying that the certificate has the public key that corresponds to the private key of the certificate, and verifying that the pairing code contains the valid check digit and storing the provisioning information.

15. A method for obtaining provisioning information:
- sending a message to a remote server indicating that an electronic device lacks provisioning information, the provisioning information being required by the electronic device to facilitate at least some communications between the electronic device and another electronic device over the local area network using a network interface of the electronic device, the remote server being remote from the electronic device, the another electronic device, and the local area network;
  
  in response to sending the message to the remote server indicating that the electronic device lacks provisioning information, receiving encrypted provisioning information from the remote server;
  
  in response to receiving the encrypted provisioning information from the remote server, decrypting the encrypted provisioning information resulting in decrypted provisioning information;
  
  determining whether the decrypted provisioning information is valid, wherein determining whether the decrypted provisioning information is valid comprises;
  
  determining whether the provisioning information has a certificate for the electronic device to be used for authenticating, and the certificate includes a device ID that matches the electronic device and a public key;
  
  determining whether the provisioning information contains a private key that corresponds to the public key in the certificate; and
  
  determining whether the provisioning information contains a pairing code includes a valid check digit;
  
  upon determining that the decrypted provisioning information is valid, storing the decrypted provisioning information in memory; and
  
  communicating with the another electronic device over the local area network via the network interface using the stored provisioning information.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, comprising:
    - receiving an update to communication protocols with the remote server, wherein the updated communication protocols are configured to cause the electronic device to send device ID and provisioning state headers in normal communications with the remote server to enable the remote server to locate proper provisioning information in a provisioning database, wherein the device ID and provisioning state headers are configured to indicate to the remote server that the electronic device is currently capable of receiving and using the provisioning information.
  - 17. The method of claim 15, comprising:
    - if the device ID of the certificate does not correspond to the electronic device, the certificate does not have a public key that corresponds to a private key of the certificate, or the pairing code lacks a valid check digit, updating the provisioning state headers to indicate that a previous provisioning attempt has failed; and
      
      if the device ID of the certificate corresponds to the electronic device, the certificate has the public key that corresponds to the private key of the certificate, or the pairing code lacks the valid check digit, updating the provisioning state header to indicate that the electronic device has been provisioned.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Logue, Jay D.
Primary Examiner(s)
Lewis, Lisa
Assistant Examiner(s)
LWIN, MAUNG T

Application Number

US14/572,546
Time in Patent Office

266 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/33   using certificates

G06F 2212/1052   Security improvement

H04L 12/2816   Controlling appliance servi...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 9/14   using a plurality of keys o...

In-field smart device updates

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

In-field smart device updates

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links