Router based securing of internet of things devices on local area networks

US 9,565,192 B2
Filed: 06/23/2015
Issued: 02/07/2017
Est. Priority Date: 06/23/2015
Status: Active Grant

First Claim

Patent Images

1. A method implemented on a backend server computer for securing internet of things (IoT) devices on a plurality of local area networks, each one of the plurality of the local area networks comprising a router and multiple computing devices, the method comprising:

receiving, by the backend server computer from the routers of the multiple ones of the plurality of local area networks, information concerning monitored activities of multiple IoT devices on the multiple ones of the plurality of local area networks;

amalgamating, by the backend server computer, information concerning monitored activities of multiple IoT devices received from the routers of the multiple ones of the plurality of local area networks over time;

calculating, by the backend server computer for each specific IoT device for which information concerning monitored activities is received, a dynamic reputation score quantifying trustworthiness of the specific IoT device, based on at least amalgamated information concerning monitored activities of the specific IoT device;

determining, by the backend server computer for each specific IoT device for which information concerning monitored activities is received, activities the specific IoT device performs in order to execute authorized functionality, based on at least amalgamated information concerning monitored activities of the specific IoT device;

creating a constraint profile for each specific IoT device for which information concerning monitored activities is received, based on at least a corresponding reputation score and corresponding determined activities, by the backend server computer, each constraint profile comprising local area network level directives specifying how to enable the corresponding IoT device to execute authorized functionality while maintaining local area network level security;

wherein creatine a constraint profile for a specific IoT device based on at least a corresponding reputation score and corresponding determined activities further comprises;

testing the specific IoT device for security vulnerabilities; and

configuring the constraint profile to protect against at least one discovered security vulnerability; and

transmitting the created constraint profiles to the routers of the plurality of local area networks, by the backend server computer.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

IoT devices are secured on multiple local area networks. Each local network contains a router which monitors activities of IoT devices, and transmits corresponding information to a backend server. The backend amalgamates this information, calculates dynamic reputation scores, and determines expected authorized activities for specific IoT devices. Based thereon, the backend creates a constraint profile for each IoT device, and transits the constraint profiles to the routers for enforcement. Enforcing a constraint profile can include creating multiples VLANs with varying levels of restricted privileges on a given local area network, and isolating various IoT devices in specific VLANs based on their reputation scores. Constraint profiles can specify to enforce specific firewall rules, and/or to limit an IoT device'"'"'s communication to specific domains and ports, and/or to specific content. The backend continues to receive monitored information concerning IoT devices from multiple routers over time, and periodically updates constraint profiles.

39 Citations

View as Search Results

19 Claims

1. A method implemented on a backend server computer for securing internet of things (IoT) devices on a plurality of local area networks, each one of the plurality of the local area networks comprising a router and multiple computing devices, the method comprising:
- receiving, by the backend server computer from the routers of the multiple ones of the plurality of local area networks, information concerning monitored activities of multiple IoT devices on the multiple ones of the plurality of local area networks;
  
  amalgamating, by the backend server computer, information concerning monitored activities of multiple IoT devices received from the routers of the multiple ones of the plurality of local area networks over time;
  
  calculating, by the backend server computer for each specific IoT device for which information concerning monitored activities is received, a dynamic reputation score quantifying trustworthiness of the specific IoT device, based on at least amalgamated information concerning monitored activities of the specific IoT device;
  
  determining, by the backend server computer for each specific IoT device for which information concerning monitored activities is received, activities the specific IoT device performs in order to execute authorized functionality, based on at least amalgamated information concerning monitored activities of the specific IoT device;
  
  creating a constraint profile for each specific IoT device for which information concerning monitored activities is received, based on at least a corresponding reputation score and corresponding determined activities, by the backend server computer, each constraint profile comprising local area network level directives specifying how to enable the corresponding IoT device to execute authorized functionality while maintaining local area network level security;
  
  wherein creatine a constraint profile for a specific IoT device based on at least a corresponding reputation score and corresponding determined activities further comprises;
  
  testing the specific IoT device for security vulnerabilities; and
  
  configuring the constraint profile to protect against at least one discovered security vulnerability; and
  
  transmitting the created constraint profiles to the routers of the plurality of local area networks, by the backend server computer.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprising:
    - periodically calculating updated reputation scores concerning specific IoT devices by the backend server computer, based on at least additional information concerning monitored activities of multiple IoT devices, subsequently received from routers of multiple ones of the plurality of local area networks;
      
      periodically updating, by the backend server computer, determined activities which specific IoT devices perform in order to execute their authorized functionality, based on at least additional information concerning monitored activities of multiple IoT devices, subsequently received from routers of multiple ones of the plurality of local area networks;
      
      periodically updating constraint profiles for specific IoT devices by the backend server, based on corresponding updated reputation scores and updated determined activities; and
      
      transmitting by the backend server computer, updated constraint profiles to the routers of the plurality of local area networks.
  - 3. The method of claim 1 further comprising:
    - maintaining, by the backend server computer, a database of records concerning known IoT devices, each record comprising at least a reputation score and a constraint profile.
  - 4. The method of claim 1 further comprising:
    - receiving, by the backend server computer from routers of multiple ones of the plurality of local area networks, identifying information concerning IoT devices discovered by the routers on the multiple ones of the plurality of local area networks; and
      
      in response to receiving identifying information concerning a specific IoT device discovered by a specific router on a specific local area network, determining whether a record concerning the specific discovered IoT device is present in the database.
  - 5. The method of claim 4 further comprising:
    - in response to determining that a record concerning the specific discovered device is present in the database, transmitting a constraint profile concerning the specific discovered device to the router component.
  - 6. The method of claim 4 further comprising:
    - in response to determining that a record concerning the specific discovered device is not present in the database, creating a record concerning the specific discovered device in the database, the created record containing a default constraint profile for unknown devices, and instructing the specific router to enforce the default constraint profile for the specific discovered device on the specific local area network.

7. A method implemented on a router on a local area network for securing internet of things (IoT) devices, the method comprising:
- monitoring activities of at least one IoT device on the local area network;
  
  transmitting information concerning monitored activities of the at least one IoT device to a backend server computer that receives information concerning monitored activities of multiple IoT devices from multiple local area networks;
  
  for the at least one IoT device on the local area network, receiving, from the backend server computer, a corresponding constraint profile comprising local area network level directives specifying how to enable the corresponding IoT device to execute authorized functionality while maintaining local area network level security;
  
  wherein the constraint profile for the at least one specific IoT device was created by the backend server computer based on at least a corresponding reputation score and corresponding determined activities, and wherein creating the constraint profile for the at least one specific IoT device further comprises;
  
  testing the specific IoT device for security vulnerabilities; and
  
  configuring the constraint profile to protect against at least one discovered security vulnerability; and
  
  for the at least one IoT device on the local area network, enforcing a corresponding constraint profile.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 8. The method of claim 7 wherein enforcing a constraint profile further comprises:
    - creating a virtual local area network (VLAN) with restricted privileges on the local area network;
      
      isolating an IoT device corresponding to the constraint profile being enforced in the created VLAN, such that the privileges of the IoT device are restricted.
  - 9. The method of claim 7 wherein enforcing a constraint profile further comprises:
    - creating a plurality of VLANs with varying levels of restricted privileges on the local area network;
      
      isolating specific ones of a plurality of IoT devices in specific ones of the plurality of created VLANs based on reputation scores concerning the specific IoT devices, such that the privileges of IoT devices with varying reputation scores are subject to varying levels of restriction.
  - 10. The method of claim 7 wherein enforcing a constraint profile further comprises:
    - enforcing specific firewall rules for an IoT device corresponding to the constraint profile.
  - 11. The method of claim 7 wherein enforcing a constraint profile further comprises:
    - limiting an IoT device'"'"'s communication to specific domains and ports.
  - 12. The method of claim 7 wherein enforcing a constraint profile further comprises:
    - limiting an IoT device'"'"'s communication to specific content.
  - 13. The method of claim 7 further comprising:
    - discovering an IoT device on the local area network;
      
      gleaning identifying information concerning the discovered IoT device;
      
      transmitting gleaned identifying information concerning the discovered IoT device to the backend server computer;
      
      receiving a constraint profile concerning the discovered IoT device from the backend server computer; and
      
      enforcing the received constraint profile on the local area network for the discovered device.
  - 14. The method of claim 13 wherein enforcing the received constraint profile on the local area network for the discovered device further comprises:
    - responsive to instructions received from the backend server computer, enforcing a default constraint profile for unknown IoT devices for the discovered device on the local area network.
  - 15. The method of claim 13 wherein gleaning identifying information concerning the discovered IoT device further comprises:
    - interrogating the discovered IoT device.
  - 16. The method of claim 13 wherein gleaning identifying information concerning the discovered IoT device further comprises:
    - monitoring activities of the discovered device; and
      
      gleaning identifying information from the monitored activities.
  - 17. The method of claim 7 further comprising:
    - periodically receiving updated constraint profiles concerning specific IoT devices from the backend server computer; and
      
      enforcing received updated constraint profiles for specific IoT devices on the local area network.
  - 18. The method of claim 7 further comprising:
    - testing an IoT device on the local area network for security vulnerabilities; and
      
      transmitting information concerning at least one discovered security vulnerability to the backend server computer.

19. A method implemented on a router on a local area network for securing internet of things (IoT) devices, the At least one non-transitory computer readable medium for securing internet of things (IoT) devices on a plurality of local area networks, by a backend server computer, each one of the plurality of the local area networks comprising a router and multiple computing devices, the at least one non-transitory computer readable medium storing computer executable instructions that, when loaded into computer memory and executed by at least one processor of at least one computing device, cause the at least one computing device to perform the following steps:
- receiving, by the backend server computer from the routers of the multiple ones of the plurality of local area networks, information concerning monitored activities of multiple IoT devices on the multiple ones of the plurality of local area networks;
  
  amalgamating, by the backend server computer, information concerning monitored activities of multiple IoT devices received from the routers of the multiple ones of the plurality of local area networks over time;
  
  calculating, by the backend server computer for each specific IoT device for which information concerning monitored activities is received, a dynamic reputation score quantifying trustworthiness of the specific IoT device, based on at least amalgamated information concerning monitored activities of the specific IoT device;
  
  determining, by the backend server computer for each specific IoT device for which information concerning monitored activities is received, activities the specific IoT device performs in order to execute authorized functionality, based on at least amalgamated information concerning monitored activities of the specific IoT device;
  
  creating a constraint profile for each specific IoT device for which information concerning monitored activities is received, based on at least a corresponding reputation score and corresponding determined activities, by the backend server computer, each constraint profile comprising local area network level directives specifying how to enable the corresponding IoT device to execute authorized functionality while maintaining local area network level security;
  
  wherein creating a constraint profile for a specific IoT device based on at least a corresponding reputation score and corresponding determined activities further comprises;
  
  testing the specific IoT device for security vulnerabilities; and
  
  configuring the constraint profile to protect against at least one discovered security vulnerability; and
  
  transmitting the created constraint profiles to the routers of the plurality of local area networks, by the backend server computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NortonLifeLock Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Chillappa, Srinivas, McCorkendale, Bruce
Primary Examiner(s)
Gelagay, Shewaye
Assistant Examiner(s)
LE, KHOI V

Application Number

US14/747,896
Publication Number

US 20160381030A1
Time in Patent Office

595 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04W 12/08   Access security

H04W 12/33   using wearable devices, e.g...

H04W 12/67   Risk-dependent, e.g. select...

H04W 4/38   for collecting sensor infor...

H04W 4/70   Services for machine-to-mac...

Router based securing of internet of things devices on local area networks

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Router based securing of internet of things devices on local area networks

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links