Carrier network security interface for fielded devices

US 9,270,653 B2
Filed: 05/11/2011
Issued: 02/23/2016
Est. Priority Date: 05/11/2011
Status: Active Grant

First Claim

Patent Images

1. A network device, comprising:

a processor; and

a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising;

receiving service information that facilitates communication between a field device and a service device via a communication link at a second security level associated with a second security service, wherein the service device is not associated with a network operator identity associated with the network device;

receiving field device information associated with the field device for use in connection with operating the communication link using the network device;

determining identification information associated with the field device from the field device information;

selecting a first security service based on the identification information to facilitate communication with the field device via the communication link at a first security level associated with the first security service;

in response to selecting the first security service associated with permissive use of the network device for the communication link with the field device, receiving security information related to the field device accessing the second security service via the network device based on the service information without authentication of the field device via the service device;

adapting the communication link to convey data at the second security level after the communication link is determined to be successfully established at the first security level, wherein the adapting comprises encrypting the data to be unreadable by network devices associated with the network operator identity; and

conveying the data at the second security level between the field device and the service device, as endpoint devices of the communication link, via the network device for decryption at one of the endpoint devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed subject matter provides carrier-side security services for fielded devices. In contrast to conventional authentication systems for fielded devices, wherein an end-to-end communications pathway is typically established for authentication of a fielded device by a back-end service provider, authentication and security services can be moved into the carrier network. A security service monitor component can be at the carrier network and can authenticate field components without establishing a communications pathway to the back-end service provider. Further, security service monitor component can provide security services for communications with an authenticated field component. In an aspect, this can allow for centralization of security elements from the periphery of back-end service providers into the carrier network. In a further aspect, security service monitor component can host a security services platform for back-end service providers.

66 Citations

View as Search Results

20 Claims

1. A network device, comprising:
- a processor; and
  
  a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising;
  
  receiving service information that facilitates communication between a field device and a service device via a communication link at a second security level associated with a second security service, wherein the service device is not associated with a network operator identity associated with the network device;
  
  receiving field device information associated with the field device for use in connection with operating the communication link using the network device;
  
  determining identification information associated with the field device from the field device information;
  
  selecting a first security service based on the identification information to facilitate communication with the field device via the communication link at a first security level associated with the first security service;
  
  in response to selecting the first security service associated with permissive use of the network device for the communication link with the field device, receiving security information related to the field device accessing the second security service via the network device based on the service information without authentication of the field device via the service device;
  
  adapting the communication link to convey data at the second security level after the communication link is determined to be successfully established at the first security level, wherein the adapting comprises encrypting the data to be unreadable by network devices associated with the network operator identity; and
  
  conveying the data at the second security level between the field device and the service device, as endpoint devices of the communication link, via the network device for decryption at one of the endpoint devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The network device of claim 1, wherein the determining the identification information further facilitates an authentication of the field device to the network device based on the identification information.
  - 3. The network device of claim 1, wherein the receiving the security information comprises receiving the security information from a data store co-located with the network device.
  - 4. The network device of claim 1, wherein the receiving the security information comprises receiving the security information from a data store remotely located from the network device.
  - 5. The network device of claim 1, wherein the security information related to accessing the second security service is received based on programming input to the service device.
  - 6. The network device of claim 1, further comprising authenticating the communication via the network device based on the field device information, the service information and the second security service.
  - 7. The network device of claim 1, wherein the receiving the service information comprises receiving the service information from a device associated with a public utility provider identity and the receiving the field device information comprises receiving the field device information from a metering device associated with the public utility provider identity.
  - 8. The network device of claim 1, further comprising a wireless interface that interfaces to the field device.
  - 9. The network device of claim 8, further comprising a femtocell device.
  - 10. The network device of claim 8, wherein the field component is a vehicle computer device.
  - 11. The network device of claim 8, wherein the field component is a metering device.
  - 12. The network device of claim 8, wherein the field component is a traffic light controller device.
  - 13. The network device of claim 8, wherein the field component is an electric vehicle charging station device.
  - 14. The network device of claim 8, further comprising an access point device.

15. A method, comprising:
- receiving, by a network device comprising a processor, service information associated with a service device, wherein the service device is not one of the network devices and wherein the service information is stored by the network device as stored service information to enable communication between a field device and the service device via a service authentication protocol;
  
  receiving, by the network device, an indication of the service authentication protocol associated with the service device, wherein the indication of the service authentication protocol is stored by the network device as stored service authentication protocol information;
  
  receiving, by the network device, first identification information from an unauthenticated field device;
  
  authenticating, by the network device, the unauthenticated field device to a network devices of a network comprising the network device based on the first identification information;
  
  in response to authenticating the field device to the network devices of the network, authenticating, by the network device, the field device to the service device based on the stored service information and the stored service authentication protocol information without authenticating the field device via the service device; and
  
  carrying, by the network device, encrypted data via a communication link between the field device and the service device comprising the network device, wherein the encrypted data is encrypted in accordance with the service authentication protocol and is decryptable by the field device.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, wherein the encrypted data is decryptable by the service device.
  - 17. The method of claim 15, wherein the receiving the indication of the service authentication protocol comprises receiving the indication of the service authentication protocol from a data store accessible by the service device.

18. A non-transitory machine-readable storage medium, comprising executable instructions that, when executed by a processor, facilitate performance of operations, comprising:
- receiving an identifier associated with a field device accessing the network device, wherein the network device is one of a set of network devices of a network;
  
  authenticating, by the network device, the field device according to a first security profile related to accessing the network device based on the identifier;
  
  authenticating, by the network device in response to determining that the field device is authenticated to the network device in accordance with the first security profile, the field device according to a second security profile stored by the network device, without authentication of the field device via the service device, based on the identifier, wherein the second security profile is associated with a service device and the set of network devices does not comprise the service device;
  
  establishing a communication link based on the second security profile, wherein the communication link facilitates encryption of communication between the field device and the service device; and
  
  conveying data encrypted in accordance with the second security profile between the field device and the service device, as endpoint devices of the communication link, via the network device for decryption at one of the endpoint devices, wherein the data is unreadable by the set of network devices.
- View Dependent Claims (19, 20)
- - 19. The non-transitory computer readable medium of claim 18, wherein the first security profile is generated by the set of network devices and the second security profile is not generated by the set of network devices.
  - 20. The computer readable storage medium of claim 18, further comprising, receiving and storing, at the network device, security information related to authenticating the field device according to the second security profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Mobility II LLC (AT&T, Inc.)
Original Assignee
AT&T Mobility II LLC (AT&T, Inc.)
Inventors
Maria, Arturo
Primary Examiner(s)
TURCHEN, JAMES R

Application Number

US13/105,836
Publication Number

US 20120291124A1
Time in Patent Office

1,749 Days
Field of Search

726/2, 726/3, 726/28
US Class Current

1/1
CPC Class Codes

H04L 12/06   Answer-back mechanisms or c...

H04L 12/14   Charging , metering or bill...

H04L 12/1403   Architecture for metering, ...

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/0869   for achieving mutual authen...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04W 12/088   using filters or firewalls

Carrier network security interface for fielded devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

66 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Carrier network security interface for fielded devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links