Provisioning of electronic devices

US 9,674,879 B2
Filed: 08/12/2014
Issued: 06/06/2017
Est. Priority Date: 12/22/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

transmitting a first communication from an automation device to a remotely located provisioning service, the first communication including a device identifier encrypted using a public key, the device identifier and the public key stored in a memory of the automation device, the first communication transmitted after a message originated by a computing device is received by the provisioning service, the message including the device identifier, the provisioning service having access to a database configured to store a plurality of device identifiers and corresponding private-public key pairs, each device identifier and corresponding private-public key pair associated with an automation device; and

receiving a second communication at the automation device from the provisioning service, the second communication including a private key corresponding to the public key, the private key identified by the provisioning service among the plurality of private-public key pairs based upon one or more attempts to decrypt the first communication using other private keys, the second communication received in response to the encrypted device identifier of the first communication matching the device identifier of the message.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for provisioning electronic devices. In some embodiments, a method may include receiving a first message at a provisioning server, the first message originated by a computing device, the first message including a device identifier associated with an automation device. The method may also include receiving a second message at the provisioning server, the second message originated by the automation device and including at least a device identifier portion. In response to the device identifier portion of the second message matching the device identifier of the first message and/or in response to the automation device not being associated with a provisioning account, the method may then include providing configuration information to the automation device.

Citations

20 Claims

1. A method, comprising:
- transmitting a first communication from an automation device to a remotely located provisioning service, the first communication including a device identifier encrypted using a public key, the device identifier and the public key stored in a memory of the automation device, the first communication transmitted after a message originated by a computing device is received by the provisioning service, the message including the device identifier, the provisioning service having access to a database configured to store a plurality of device identifiers and corresponding private-public key pairs, each device identifier and corresponding private-public key pair associated with an automation device; and
  
  receiving a second communication at the automation device from the provisioning service, the second communication including a private key corresponding to the public key, the private key identified by the provisioning service among the plurality of private-public key pairs based upon one or more attempts to decrypt the first communication using other private keys, the second communication received in response to the encrypted device identifier of the first communication matching the device identifier of the message.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the message is received by the provisioning server while the automation device is powered off, and wherein the message is encrypted independently of the public key.
  - 3. The method of claim 1, wherein the private key is identified by the provisioning service among a subset of the plurality of private-public key pairs, and wherein the subset of the plurality of private-public key pairs is selected based upon a difference between a time of the first communication and a time of the message.
  - 4. The method of claim 1, wherein the private key is identified by the provisioning service among a subset of the plurality of private-public key pairs, and wherein the subset of the plurality of private-public key pairs is selected based upon a relationship between an Internet Protocol (IP) address of the first communication and an IP address of the message.
  - 5. The method of claim 1, wherein the second communication is received in response to a determination that the IP address of the computing device is not within a network where the automation device is prohibited from being deployed.
  - 6. The method of claim 1, wherein the second communication is received in response to a determination that the physical location of the computing device is not outside of geographical region where the automation device is prohibited from being deployed.

7. A method, comprising:
- obtaining, by a computing device, a device identifier associated with an automation device; and
  
  transmitting, from the computing device to a provisioning server, a first message including the device identifier, the provisioning server having access to a database configured to store a plurality of device identifiers and corresponding private-public key pairs, each device identifier and corresponding private-public key pair associated with a different automation device, the provisioning server configured to receive a second message originated by the automation device, the second message including at least the device identifier encrypted using a public key, the public key stored in the automation device during manufacturing of the automation device, the provisioning service configured to decrypt the device identifier of the second message into a decrypted device identifier using a private key corresponding to the public key, the provisioning service configured to, in response to the decrypted device identifier matching the device identifier of the first message, transmit the private key to the automation device, the automation device configured to use the private key in a subsequent communication.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7, further comprising scanning a graphical code or text associated with the automation device, or reading an electromagnetic signal produced by a tag or chip associated with the automation device.
  - 9. The method of claim 7, further comprising obtaining authentication information from a user authorized to provision the automation device.
  - 10. The method of claim 7, further comprising including an Internet Protocol (IP) address of the computing device within the first message, the provisioning service configured to transmit the private key to the automation device in response to the IP address belonging to a network where the automation device is allowed to be deployed.
  - 11. The method of claim 7, further comprising including Global Positioning Satellite (GPS) coordinates of the computing device within the first message, the provisioning service configured to transmit the private key to the automation device in response to the GPS coordinates being within a geographic region where the automation device is allowed to be deployed.

12. A non-transitory computer-readable storage medium having program instructions stored thereon that, upon execution by a processor of an automation device, cause the automation device to:
- transmit a first communication from an automation device to a remotely located provisioning service, the first communication including a device identifier encrypted using a public key, the device identifier and the public key stored in the automation device, the first communication transmitted after a message originated by a computing device is received by the provisioning service, the message including the device identifier, the provisioning service having access to a database configured to store a plurality of device identifiers and corresponding private-public key pairs, each device identifier and corresponding private-public key pair associated with an automation device; and
  
  receive a second communication at the automation device from the provisioning service, the second communication including a private key corresponding to the public key, the private key identified by the provisioning service among the plurality of private-public key pairs based upon one or more attempts to decrypt the first communication using other private keys, the second communication received in response to the encrypted device identifier of the first communication matching the device identifier of the message.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The non-transitory computer-readable storage medium of claim 12, wherein the message is received by the provisioning server while the automation device is powered off, and wherein the message is encrypted independently of the public key.
  - 14. The non-transitory computer-readable storage medium of claim 12, wherein the private key is identified by the provisioning service among a subset of the plurality of private-public key pairs, and wherein the subset of the plurality of private-public key pairs is selected based upon a difference between a time of the first communication and a time of the message.
  - 15. The non-transitory computer-readable storage medium of claim 12, wherein the private key is identified by the provisioning service among a subset of the plurality of private-public key pairs, and wherein the subset of the plurality of private-public key pairs is selected based upon a relationship between an Internet Protocol (IP) address of the first communication and an IP address of the message.
  - 16. The non-transitory computer-readable storage medium of claim 12, wherein the second communication is received in response to a determination that the IP address of the computing device is not within a network where the automation device is prohibited from being deployed or in response to a determination that the physical location of the computing device is not outside of geographical region where the automation device is prohibited from being deployed.

17. A computing device having a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the computing device to:
- obtain a device identifier associated with an automation device; and
  
  transmit a first message to a provisioning server, the first message including the device identifier, the provisioning server having access to a database configured to store a plurality of device identifiers and corresponding private-public key pairs, each device identifier and corresponding private-public key pair associated with a different automation device, the provisioning server configured to receive a second message originated by the automation device, the second message including at least the device identifier encrypted using a public key, the public key stored in the automation device during manufacturing of the automation device, the provisioning service configured to decrypt the device identifier of the second message into a decrypted device identifier using a private key corresponding to the public key, the provisioning service configured to, in response to the decrypted device identifier matching the device identifier of the first message, transmit the private key to the automation device, the automation device configured to use the private key in a subsequent communication.
- View Dependent Claims (18, 19, 20)
- - 18. The computing device of claim 17, wherein to obtain the device identifier, the program instructions, upon execution, cause the computing device scan a graphical code or text associated with the automation device, or read an electromagnetic signal produced by a tag or chip associated with the automation device.
  - 19. The computing device of claim 17, wherein to obtain the device identifier, the program instructions, upon execution, cause the computing device to obtain authentication information from a user authorized to provision the automation device.
  - 20. The computing device of claim 17, wherein the program instructions, upon execution, further cause the computing device to include Global Positioning Satellite (GPS) coordinates of the computing device within the first message, the provisioning service configured to transmit the private key to the automation device in response to the GPS coordinates being within a geographic region where the automation device is allowed to be deployed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Arm Cloud Technology, Inc. (SoftBank Group Corp.)
Original Assignee
WigWag, Inc. (SoftBank Group Corp.)
Inventors
Hemphill, Thomas E., Trinon, Jean-Marc
Primary Examiner(s)
Lai, Andrew
Assistant Examiner(s)
ANDREWS, HOYET H

Application Number

US14/457,810
Publication Number

US 20150063164A1
Time in Patent Office

1,029 Days
Field of Search

709221, 709238, 709223, 709224, 709202, 709242, 709203, 709239, 709205, 709218, 709220, 709249, 709251
US Class Current
CPC Class Codes

H04L 67/34   involving the movement of s...

H04L 9/0819   Key transport or distributi...

H04W 76/11   Allocation or use of connec...

H04W 8/26   Network addressing or numbe...

Provisioning of electronic devices

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Provisioning of electronic devices

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links