Firewall based prevention of the malicious information flows in smart home

US 9,560,013 B2
Filed: 11/04/2014
Issued: 01/31/2017
Est. Priority Date: 11/04/2014
Status: Expired due to Fees

First Claim

Patent Images

1. A gateway in a home network comprising a plurality of devices which are communicatively coupled to each other and to the gateway, comprising:

a controller; and

a storage,wherein the controller is configured to;

compare information flows which comprise a message transferred between the plurality of devices with a list of legitimate information flows stored in the storage,block at least one information flow that is not in the list of the legitimate information flows from among the information flows, based on the comparison, andperform a learning phase for building the list of the legitimate information flows,wherein performing the learning phase comprises creating a predetermined list of legitimate information flows based on a typical message exchange for the home network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for preventing malicious attacks on a device in a Smart Home network comprises logical circuitry suitable to compare information flows in said network with legal information flows stored in memory means.

Citations

14 Claims

1. A gateway in a home network comprising a plurality of devices which are communicatively coupled to each other and to the gateway, comprising:
- a controller; and
  
  a storage,wherein the controller is configured to;
  
  compare information flows which comprise a message transferred between the plurality of devices with a list of legitimate information flows stored in the storage,block at least one information flow that is not in the list of the legitimate information flows from among the information flows, based on the comparison, andperform a learning phase for building the list of the legitimate information flows,wherein performing the learning phase comprises creating a predetermined list of legitimate information flows based on a typical message exchange for the home network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The gateway according to claim 1, wherein performing the learning phase comprises using network sniffer capability which is capable to see messages which are sent in the home network.
  - 3. The gateway according to claim 1, wherein performing the learning phase comprises:
    - calling each of the plurality of devices;
      
      recording all messages which are sent as a result of the calling;
      
      triggering all possible events for each the plurality of devices; and
      
      storing all messages as a result of the triggering in the storage.
  - 4. The gateway according to claim 1, wherein performing the learning phase comprises analyzing codes of the gateway and codes of the plurality of devices to find out peers associated with each of the plurality of devices.
  - 5. The gateway according to claim 1, wherein the predetermined list of legitimate information flows includes negative rules which explicitly prohibit message exchange between specific devices.
  - 6. The gateway according to claim 1, wherein the controller is further configured to relay the message to an intended device if the message is legitimate.
  - 7. The gateway according to claim 1, wherein all messages between the plurality of the devices are sent through the gateway and not sent to another device directly.

8. A method for preventing malicious attack in a home network comprising a gateway and a plurality of devices which are communicatively coupled to each other and to the gateway, wherein the gateway comprises a controller and a storage, the method comprising:
- comparing, by the controller, information flows which comprise a message transferred between the plurality of devices with a list of legitimate information flows stored in the storage;
  
  blocking, by the controller, at least one information flow that is not in the list of the legitimate information flows from among the information flows, based on the comparison; and
  
  performing, by the controller, a learning phase for building the list of the legitimate information flows,wherein performing the learning phase comprises creating a predetermined list of legitimate information flows based on a typical message exchange for the home network.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method according to claim 8, wherein performing the learning phase comprises using network sniffer capability which is capable to see messages which are sent in the home network.
  - 10. The method according to claim 8, wherein performing the learning phase comprises:
    - calling each of the plurality of devices;
      
      recording all messages which are sent as a result of the calling;
      
      triggering all possible events for each the plurality of devices; and
      
      storing all messages as a result of the triggering in the storage.
  - 11. The method according to claim 8, wherein performing the learning phase comprises analyzing codes of the gateway and codes of the plurality of devices to find out peers associated with each of the plurality of devices.
  - 12. The method according to claim 8, wherein the predetermined list of legitimate information flows includes negative rules which explicitly prohibit message exchange between specific devices.
  - 13. The method according to claim 8, further comprising relaying, by the controller, the message to an intended device if the message is legitimate.
  - 14. The method according to claim 8, wherein all messages between the plurality of the devices are sent through the gateway and not sent to another device directly.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Hoch, Yaacov, Beskrovny, Evgeny
Primary Examiner(s)
SHEHNI, GHAZAL B

Application Number

US14/532,335
Publication Number

US 20160127315A1
Time in Patent Office

819 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 12/2803   Home automation networks

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/101   Access control lists [ACL]

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

Firewall based prevention of the malicious information flows in smart home

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Firewall based prevention of the malicious information flows in smart home

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links