Apparatus and method for establishing secure communication channels in an internet of things (IOT) system
First Claim
Patent Images
1. A system comprising:
- an Internet of Things (IoT) service to establish communication with an IoT device through an IoT hub or a mobile user device;
first encryption circuitry on the IoT service comprising key generation logic to generate a service public key and a service private key;
second encryption circuitry on the IoT device comprising key generation logic to generate a device public key and a device private key;
the first encryption circuitry to transmit the service public key to the second encryption circuitry and the second encryption circuitry to transmit the device public key to the first encryption circuitry;
the first encryption circuitry to use the device public key and the service private key to generate a secret;
the second encryption circuitry to use the service public key and the device private key to generate the same secret;
wherein once the secret is generated, the first encryption circuitry and the second encryption circuitry encrypt and decrypt data packets transmitted between the first encryption circuitry and the second encryption circuitry using data structures derived from the secret, wherein the data structures derived from the secret comprise a first key stream generated by the first encryption circuitry and a second key stream generated by the second encryption circuitry; and
a first counter associated with the first encryption circuitry and a second counter associated with the second encryption circuitry, the first encryption circuitry incrementing the first counter responsive to each data packet transmitted to the second encryption circuitry and the second encryption circuitry incrementing the second counter responsive to each data packet transmitted to the first encryption circuitry.
2 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method for secure communication. An IoT service establishes communication with an IoT device through an IoT hub or a mobile user device. The IoT service and IoT device each generate public/private keys and exchange the public keys. The IoT service and device use their own private key and the public key received from the IoT device and service, respectively to independently generate a secret. The secret or a data structure derived from the secret is then used to encrypt and decrypt data packets transmitted between the IoT service and the IoT device.
-
Citations
16 Claims
-
1. A system comprising:
-
an Internet of Things (IoT) service to establish communication with an IoT device through an IoT hub or a mobile user device; first encryption circuitry on the IoT service comprising key generation logic to generate a service public key and a service private key; second encryption circuitry on the IoT device comprising key generation logic to generate a device public key and a device private key; the first encryption circuitry to transmit the service public key to the second encryption circuitry and the second encryption circuitry to transmit the device public key to the first encryption circuitry; the first encryption circuitry to use the device public key and the service private key to generate a secret; the second encryption circuitry to use the service public key and the device private key to generate the same secret; wherein once the secret is generated, the first encryption circuitry and the second encryption circuitry encrypt and decrypt data packets transmitted between the first encryption circuitry and the second encryption circuitry using data structures derived from the secret, wherein the data structures derived from the secret comprise a first key stream generated by the first encryption circuitry and a second key stream generated by the second encryption circuitry; and a first counter associated with the first encryption circuitry and a second counter associated with the second encryption circuitry, the first encryption circuitry incrementing the first counter responsive to each data packet transmitted to the second encryption circuitry and the second encryption circuitry incrementing the second counter responsive to each data packet transmitted to the first encryption circuitry. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method comprising:
-
establishing communication between an Internet of Things (IoT) service and an IoT device through an IoT hub or a mobile user device; generating a service public key and a service private key by key generation logic of a first encryption circuitry on the IoT service; generating a device public key and a device private key by key generation logic of a second encryption circuitry on the IoT device; transmitting the service public key from the first encryption circuitry to the second encryption circuitry and transmitting the device public key from the second encryption circuitry to the first encryption circuitry; generating a secret using the device public key and the service private key; generating the same secret using the service public key and the device private key; and encrypting and decrypting data packets transmitted between the first encryption circuitry and the second encryption circuitry using data structures derived from the secret, wherein the data structures derived from the secret comprise a first key stream generated by the first encryption circuitry and a second key stream generated by the second encryption circuitry; and wherein a first counter is associated with the first encryption circuitry and a second counter is associated with the second encryption circuitry, the first encryption circuitry incrementing the first counter responsive to each data packet transmitted to the second encryption circuitry and the second encryption circuitry incrementing the second counter responsive to each data packet transmitted to the first encryption circuitry. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification