Network node security using short range communication

US 9,477,841 B2
Filed: 03/28/2014
Issued: 10/25/2016
Est. Priority Date: 03/28/2014
Status: Active Grant

First Claim

Patent Images

1. A method for network node security configuration, comprising:

performing operations by a mobile communication device to obtain a unique identifier for and from a network node to be installed at a customer facility via a first short range communication link, the unique identifier uniquely identifying the network node;

communicating a signal comprising the unique identifier from the mobile communication device to a remote server via a first long range communication link;

verifying by the remote server that a correct type of network node is being installed at a first location within the customer facility according to a respective work order; and

communicating security configuration information, needed to configure security functions of the network node for secure communications with other network nodes, from the remote server to the network node via the mobile communication device, without presenting the security configuration information to a user of the mobile communication device or storing the security configuration information in the mobile communication device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems (100) and methods for network node security configuration. The methods involve: performing operations by a mobile communication device (104) to obtain a unique identifier from a network node (108) to be installed at a customer facility (102) via a first short range communication link (110); communicating a signal comprising the unique identifier from the mobile communication device to a remote server (118) via a first long range communication link (112); verifying by the remote server that a correct type of network node is being installed at a first location within the customer facility according to a respective work order; and communicating security information, useful for configuring security functions of the network node, from the remote server to the network node via the mobile communication device, without presenting the security information to a user of the mobile communication device or storing the security information in the mobile communication device.

Citations

20 Claims

1. A method for network node security configuration, comprising:
- performing operations by a mobile communication device to obtain a unique identifier for and from a network node to be installed at a customer facility via a first short range communication link, the unique identifier uniquely identifying the network node;
  
  communicating a signal comprising the unique identifier from the mobile communication device to a remote server via a first long range communication link;
  
  verifying by the remote server that a correct type of network node is being installed at a first location within the customer facility according to a respective work order; and
  
  communicating security configuration information, needed to configure security functions of the network node for secure communications with other network nodes, from the remote server to the network node via the mobile communication device, without presenting the security configuration information to a user of the mobile communication device or storing the security configuration information in the mobile communication device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, further comprising identifying by the remote server what security configuration information is to be sent to the network node based at least in part on information obtained by the mobile communication device from the network node via a short range communication link.
  - 3. The method according to claim 1, further comprising retrieving the security configuration information identified by the remote server from a datastore located in a provider facility remotely located from the customer facility.
  - 4. The method according to claim 1, wherein the security configuration information is communicated from the remote server in an encrypted form.
  - 5. The method according to claim 1, further comprising storing the security configuration information in a short range communication device of the network node.
  - 6. The method according to claim 5, further comprising transferring the security configuration information from the short range communication device to a processor of the network node after the network node is turned on.
  - 7. The method according to claim 6, further comprising configuring the security functions of the network node in accordance with the security configuration information which was transferred to the processor.
  - 8. The method according to claim 7, further comprising outputting an indicator from the network node indicating successful security enablement thereof.
  - 9. The method according to claim 8, further comprising performing operations by the network node to join a network using the security functions configured in accordance with the security configuration information.

10. A method for network node security configuration, comprising:
- performing operations by a mobile communication device to obtain a unique identifier from a network node to be installed at a customer facility via a first short range communication link;
  
  communicating a signal comprising the unique identifier from the mobile communication device to a remote server via a first long range communication link;
  
  verifying by the remote server that a correct type of network node is being installed at a first location within the customer facility according to a respective work order; and
  
  communicating security information, useful for configuring security functions of the network node, from the remote server to the network node via the mobile communication device, without presenting the security information to a user of the mobile communication device or storing the security information in the mobile communication device;
  
  wherein the signal further comprises information specifying at least one of a location within the customer facility at which the network node is to be installed, a particular work order selected by a user of the mobile communication device, and a node type for the network node.

11. A system, comprising:
- at least one network node comprising a unique identifier which is communicated to a mobile communication device via a short range communication link when being installed at a customer facility, the unique identifier uniquely identifying the network node; and
  
  a remote server (1) receiving a signal comprising the unique identifier from the mobile communication device via a first long range communication link, (2) verifying that a correct type of network node is being installed at a first location within the customer facility according to a respective work order, and (3) communicating security configuration information, needed to configure security functions of the network node for secure communications with other network nodes, to the network node via the mobile communication device, without presenting the security configuration information to a user of the mobile communication device or storing the security configuration information in the mobile communication device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system according to claim 11, wherein the remote server further identifies what security configuration information is to be sent to the network node based at least in part on information obtained by the mobile communication device from the network node via a short range communication link.
  - 13. The system according to claim 11, wherein the remote server further retrieves the security configuration information which was previously identified thereby from a datastore located in a provider facility remotely located from the customer facility.
  - 14. The system according to claim 11, wherein the security configuration information is communicated from the remote server in an encrypted form.
  - 15. The system according to claim 11, wherein the network node stores the security configuration information in a short range communication device thereof.
  - 16. The system according to claim 15, wherein the security configuration information is transferred from the short range communication device to a processor of the network node after the network node is turned on.
  - 17. The system according to claim 16, wherein the security functions of the network node are configured in accordance with the security configuration information which was transferred to the processor.
  - 18. The system according to claim 17, wherein an indicator is output from the network node indicating successful security enablement thereof.
  - 19. The system according to claim 18, wherein the network node joins a network using the security functions configured in accordance with the security configuration information.

20. A system, comprising:
- at least one network node comprising a unique identifier which is communicated to a mobile communication device via a short range communication link when being installed at a customer facility; and
  
  a remote server (1) receiving a signal comprising the unique identifier from the mobile communication device via a first long range communication link, (2) verifying that a correct type of network node is being installed at a first location within the customer facility according to a respective work order, and (3) communicating security information to the network node via the mobile communication device, without presenting the security information to a user of the mobile communication device or storing the security information in the mobile communication device;
  
  wherein the signal further comprises information specifying at least one of a location within the customer facility at which the network node is to be installed, a particular work order selected by a user of the mobile communication device, and a node type for the network node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sensormatic Electronics LLC (Johnson Controls International plc)
Original Assignee
Tyco Fire & Security GmbH (Johnson Controls International plc)
Inventors
Rasband, Paul B., Mohiuddin, Mohammad, Hall, Stewart E.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
KAPLAN, BENJAMIN A

Application Number

US14/229,318
Publication Number

US 20150281280A1
Time in Patent Office

942 Days
Field of Search

726/3
US Class Current

1/1
CPC Class Codes

G06F 21/606   by securing the transmissio...

H04L 63/0492   by using a location-limited...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/04   Key management, e.g. using ...

H04W 12/35   Protecting application or s...

H04W 4/38   for collecting sensor infor...

H04W 4/50   Service provisioning or rec...

H04W 4/80   Services using short range ...

H04W 84/18   Self-organising networks, e...

H04W 88/06   adapted for operation in mu...

Network node security using short range communication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Network node security using short range communication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links