Device configuration for secure communication

US 9,401,895 B2
Filed: 04/30/2014
Issued: 07/26/2016
Est. Priority Date: 04/30/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

in response to an enrollment message received at a provider server, generating, by the provider server, a mapping, the enrollment message being received from a customer device and including a device identification number (device ID) of the customer device, the mapping including a one-time password (OTP) that is encrypted using the device ID;

generating, by the provider server, a quick response (QR) code, the QR code including a uniform resource locator (URL), a provider certificate (CRT), the OTP encrypted using the device ID, and certificate signing request (CSR) content;

receiving, from the customer device, a confirmation message at a website that is identified by the URL, the confirmation message including a generated public key, a CSR, and a decrypted OTP;

verifying, by the provider server, the decrypted OTP against the mapping;

communicating, by the provider server, one or more application configuration settings; and

securely communicating information, by the provider server, using the one or more application configuration settings, a provider public key, a provider private key, the generated public key, and a generated private key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method including generating a mapping in response to an enrollment message received from a customer device. The enrollment message includes a device identification number (device ID) of the customer device. The mapping includes a one-time password (OTP) encrypted using the device ID. The method includes generating a quick response (QR) code including a uniform resource locator (URL), a provider certificate (CRT), and certificate signing request (CSR) content. The method includes receiving a confirmation message at a website identified by the URL. The confirmation message includes a generated public key, a CSR, and a decrypted OTP. The method includes verifying the decrypted OTP against the mapping and communicating one or more application configuration settings. The method includes securely communicating information using the one or more application configuration settings, a provider public key, a provider private key, the generated public key, and a generated private key.

6 Citations

View as Search Results

22 Claims

1. A method comprising:
- in response to an enrollment message received at a provider server, generating, by the provider server, a mapping, the enrollment message being received from a customer device and including a device identification number (device ID) of the customer device, the mapping including a one-time password (OTP) that is encrypted using the device ID;
  
  generating, by the provider server, a quick response (QR) code, the QR code including a uniform resource locator (URL), a provider certificate (CRT), the OTP encrypted using the device ID, and certificate signing request (CSR) content;
  
  receiving, from the customer device, a confirmation message at a website that is identified by the URL, the confirmation message including a generated public key, a CSR, and a decrypted OTP;
  
  verifying, by the provider server, the decrypted OTP against the mapping;
  
  communicating, by the provider server, one or more application configuration settings; and
  
  securely communicating information, by the provider server, using the one or more application configuration settings, a provider public key, a provider private key, the generated public key, and a generated private key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein:
    - the customer device includes a demand response (DR) customer device including a DR application configured to communicate information related to energy use of a residential site or a small and medium-sized business (SMB) site,the CSR includes a customer device CSR of the DR customer device, andthe provider server includes a DR server,the method further comprising;
      
      communicating the customer device CSR to a certificate authority (CA);
      
      receiving a signed customer device CSR and a customer device CRT from the CA; and
      
      communicating the customer device CRT to the DR customer device.
  - 3. The method of claim 2, wherein the one or more application configuration settings and the customer device CRT are encrypted.
  - 4. The method of claim 1, wherein:
    - the generated public key includes a gateway device public key generated with a gateway device private key; and
      
      the securely communicating information includes securely communicating information with a demand response (DR) gateway device that is configured to communicate information related to energy use of at least one appliance in a residential site or a small and medium-sized business (SMB) site.
  - 5. The method of claim 1, wherein:
    - the generated public key includes a customer device public key that is generated with a customer device private key; and
      
      the securely communicating information includes securely communicating information with a demand response (DR) customer device that includes a DR application configured to communicate information related to energy use of a residential site or small and medium-sized business (SMB) site.
  - 6. The method of claim 1, wherein the confirmation message is communicated according to a transport layer security (TLS) cryptographic protocol.
  - 7. The method of claim 1, wherein the OTP is rate-limited.

8. A non-transitory computer-readable medium having encoded therein programming code executable by one or more processors to perform operations, the operations comprising:
- in response to an enrollment message received at a provider server, generating, by the provider server, a mapping, the enrollment message being received from a customer device and including a device identification number (device ID) of the customer device, the mapping including a one-time password (OTP) encrypted using the device ID;
  
  generating, by the provider server, a quick response (QR) code, the QR code including a uniform resource locator (URL), a provider certificate (CRT), the OTP encrypted using the device ID, and certificate signing request (CSR) content;
  
  receiving, from the customer device, a confirmation message at a website that is identified by the URL, the confirmation message including a generated public key, a CSR, and a decrypted OTP;
  
  verifying, by the provider server, the decrypted OTP against the mapping;
  
  communicating, by the provider server, one or more application configuration settings; and
  
  securely communicating information, by the provider server, using the one or more application configuration settings, a provider public key, a provider private key, the generated public key, and a generated private key.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The non-transitory computer-readable medium of claim 8, wherein:
    - the customer device includes a demand response (DR) customer device including a DR application configured to communicate information related to energy use of a residential site or a small and medium-sized business (SMB) site,the CSR includes a customer device CSR of the DR customer device,the provider server includes a DR server, andthe operations further comprise;
      
      communicating the customer device CSR to a certificate authority (CA);
      
      receiving a signed customer device CSR and a customer device CRT from the CA; and
      
      communicating the customer device CRT to the DR customer device.
  - 10. The non-transitory computer-readable medium of claim 9, wherein the one or more application configuration settings and the customer device CRT are encrypted.
  - 11. The non-transitory computer-readable medium of claim 8, wherein:
    - the generated public key includes a gateway device public key generated with a gateway device private key; and
      
      the securely communicating information includes securely communicating information with a demand response (DR) gateway device that is configured to communicate information related to energy use of at least one appliance in a residential site or a small and medium-sized business (SMB) site.
  - 12. The non-transitory computer-readable medium of claim 8, wherein:
    - the generated public key includes a customer device public key that is generated with a customer device private key; and
      
      the securely communicating information includes securely communicating information with a demand response (DR) customer device that includes a DR application configured to communicate information related to energy use of a residential site or small and medium-sized business (SMB) site.

13. A method comprising:
- receiving, at a customer device, a read image of a quick response (QR) code, the QR code including a one-time password (OTP) encrypted using a device identification number (device ID), a uniform resource locator (URL), a provider certificate (CRT), and certificate signing request (CSR) content;
  
  decrypting, by the customer device, the OTP using the device ID;
  
  transmitting, to a provider server by the customer device, a confirmation message to the URL included in the QR code, the confirmation message including a generated public key, a CSR, and a decrypted OTP; and
  
  receiving, from the provider server, one or more application configuration settings, the application configuration settings including information used to configure a customer device or a gateway device for secure communication with a provider server.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13, further comprising:
    - communicating, to the provider server, an enrollment message including the device ID via an out of band (OOB) network;
      
      generating, by the customer device, a customer device public key, a customer device private key, and a customer device CSR;
      
      applying the one or more application configuration settings, wherein the application configuration settings configure a demand response (DR) application for communication of information related to energy usage of a residential site or a small and medium-sized business (SMB) site; and
      
      securely communicating information, with the provider server, using the one or more application configuration settings, a provider public key, a provider private key, the generated customer device public key, and the generated customer device private key.
  - 15. The method of claim 14, further comprising:
    - communicating, by the customer device, the customer device CSR to a certificate authority (CA); and
      
      receiving a signed customer device CSR and a customer device CRT from the CA.
  - 16. The method of claim 13, wherein the one or more application configuration settings are encrypted, and the method further comprises decrypting, by the customer device, the one or more application configuration settings.
  - 17. The method of claim 13, further comprising:
    - querying, by the customer device, a demand response (DR) gateway device for a gateway device public key and for a gateway device CSR, wherein the gateway device CSR is generated at the DR gateway device, and wherein the DR gateway device is configured to communicate of information related to energy usage of at least one appliance of a residential site or a small and medium-sized (SMB) site;
      
      receiving, at the customer device, the gateway device public key and the gateway device CSR;
      
      forwarding, by the customer device, the gateway device public key and the gateway device CSR to the provider server;
      
      receiving, by the customer device, a gateway device CRT from the provider server; and
      
      forwarding, by the customer device, the one or more application configuration settings and the gateway device CRT to the DR gateway device.
  - 18. The method of claim 13, wherein the confirmation message is communicated according to a transport layer security (TLS) cryptographic protocol.

19. A method comprising:
- in response to an enrollment message received from a customer device at a provider server, generating, by the provider server, a mapping including a one-time password (OTP) encrypted using a device identification number (device ID) of the customer device that is included in a received enrollment message;
  
  generating, by the provider server, a quick response (QR) code, the QR code including a uniform resource locator (URL), a provider certificate (CRT), the OTP encrypted using the device ID, and certificate signing request (CSR) content;
  
  receiving, by the customer device, a read image of the QR code;
  
  decrypting, by the customer device, the OTP using the device ID;
  
  transmitting, by the customer device, a confirmation message including a generated public key, a CSR, and a decrypted OTP to the URL included in the QR code;
  
  receiving, by the provider server, the confirmation message at a website identified by the URL;
  
  verifying, by the provider server, the decrypted OTP against the mapping;
  
  communicating, by the provider server, one or more application configuration settings, the application configuration settings including information used to configure the customer device or a gateway device for secure communication with the provider server;
  
  receiving, by the customer device, the one or more application configuration settings; and
  
  securely communicating information between the provider server and the customer device or the gateway device using the one or more application configuration settings, a provider public key, a provider private key, the generated public key, and a generated private key.
- View Dependent Claims (20, 21, 22)
- - 20. The method of claim 19, further comprising:
    - querying, by the customer device, a demand response (DR) gateway device for a gateway device public key and for a gateway device CSR, wherein the DR gateway device is configured to communicate information related to energy usage of at least one appliance of a residential site or a small and medium-sized (SMB) site;
      
      receiving, by the customer device, the gateway device public key and the gateway device CSR from the DR gateway device;
      
      forwarding, by the customer device, the gateway device public key and the gateway device CSR to the provider server;
      
      receiving, by the customer device, a gateway device CRT from the provider server; and
      
      forwarding, by the customer device, the one or more application configuration settings and the gateway device CRT to the DR gateway device,wherein the securely communicating information includes securely communicating of the information related to energy usage of at least one appliance with the DR gateway device.
  - 21. The method of claim 19, further comprising:
    - communicating, by the customer device, the enrollment message via an out of band (OOB) network;
      
      generating, by the customer device, a customer device public key, a customer device private key, and a customer device CSR; and
      
      applying, by the customer device, the one or more application configuration settings, wherein the one or more application configuration settings configure a demand response (DR) application for communication of information related to energy usage of a residential site or a small and medium-sized business (SMB) site,wherein the securely communicating information includes securely communicating the information related to energy usage with the customer device.
  - 22. The method of claim 19, wherein the customer device includes a demand response (DR) customer device including a DR application configured to communicate information related to energy use of a residential site or a small and medium-sized business (SMB) site, and wherein the CSR includes a customer device CSR of the DR customer device, the method further comprising:
    - communicating, by the provider server, the customer device CSR to a certificate authority (CA);
      
      receiving, by the provider server, a signed customer device CSR and a customer device CRT from the CA; and
      
      communicating, by the provider server, the customer device CRT to the DR customer device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Herberg, Ulrich, Mashima, Daisuke
Primary Examiner(s)
TRAIL, ALLYSON NEEL

Application Number

US14/266,418
Publication Number

US 20150319142A1
Time in Patent Office

818 Days
Field of Search

235/379, 705/7.23, 713/156, 713/171
US Class Current

1/1
CPC Class Codes

G06F 21/42   using separate channels for...

G06F 21/606   by securing the transmissio...

G06F 2221/2117   User registration

G06Q 10/04   Forecasting or optimisation...

G06Q 10/06   Resources, workflows, human...

G06Q 50/06   Energy or water supply

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/0838   using one-time-passwords

H04L 63/168   above the transport layer

H04L 63/18   using different networks or...

H04L 9/0866   involving user or device id...

H04L 9/3215   using a plurality of channe...

H04L 9/3228   One-time or temporary data,...

H04L 9/3263   involving certificates, e.g...

H04W 12/77   Graphical identity

Device configuration for secure communication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

6 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Device configuration for secure communication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links