Apparatus and method for establishing secure communication channels in an internet of things (IOT) system

US 9,729,528 B2
Filed: 07/03/2015
Issued: 08/08/2017
Est. Priority Date: 07/03/2015
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

an Internet of Things (IoT) service to establish communication with an IoT device through an IoT hub or a mobile user device;

first encryption circuitry on the IoT service comprising key generation logic to generate a service public key and a service private key;

second encryption circuitry on the IoT device comprising key generation logic to generate a device public key and a device private key;

the first encryption circuitry to transmit the service public key to the second encryption circuitry and the second encryption circuitry to transmit the device public key to the first encryption circuitry;

the first encryption circuitry to use the device public key and the service private key to generate a secret;

the second encryption circuitry to use the service public key and the device private key to generate the same secret;

wherein once the secret is generated, the first encryption circuitry and the second encryption circuitry encrypt and decrypt data packets transmitted between the first encryption circuitry and the second encryption circuitry using data structures derived from the secret, wherein the data structures derived from the secret comprise a first key stream generated by the first encryption circuitry and a second key stream generated by the second encryption circuitry; and

a first counter associated with the first encryption circuitry and a second counter associated with the second encryption circuitry, the first encryption circuitry incrementing the first counter responsive to each data packet transmitted to the second encryption circuitry and the second encryption circuitry incrementing the second counter responsive to each data packet transmitted to the first encryption circuitry.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for secure communication. An IoT service establishes communication with an IoT device through an IoT hub or a mobile user device. The IoT service and IoT device each generate public/private keys and exchange the public keys. The IoT service and device use their own private key and the public key received from the IoT device and service, respectively to independently generate a secret. The secret or a data structure derived from the secret is then used to encrypt and decrypt data packets transmitted between the IoT service and the IoT device.

Citations

16 Claims

1. A system comprising:
- an Internet of Things (IoT) service to establish communication with an IoT device through an IoT hub or a mobile user device;
  
  first encryption circuitry on the IoT service comprising key generation logic to generate a service public key and a service private key;
  
  second encryption circuitry on the IoT device comprising key generation logic to generate a device public key and a device private key;
  
  the first encryption circuitry to transmit the service public key to the second encryption circuitry and the second encryption circuitry to transmit the device public key to the first encryption circuitry;
  
  the first encryption circuitry to use the device public key and the service private key to generate a secret;
  
  the second encryption circuitry to use the service public key and the device private key to generate the same secret;
  
  wherein once the secret is generated, the first encryption circuitry and the second encryption circuitry encrypt and decrypt data packets transmitted between the first encryption circuitry and the second encryption circuitry using data structures derived from the secret, wherein the data structures derived from the secret comprise a first key stream generated by the first encryption circuitry and a second key stream generated by the second encryption circuitry; and
  
  a first counter associated with the first encryption circuitry and a second counter associated with the second encryption circuitry, the first encryption circuitry incrementing the first counter responsive to each data packet transmitted to the second encryption circuitry and the second encryption circuitry incrementing the second counter responsive to each data packet transmitted to the first encryption circuitry.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system as in claim 1 wherein the key generation logic comprises a hardware security module (HSM).
  - 3. The system as in claim 1 wherein the first encryption circuitry generates the first key stream using a current counter value of the first counter and the secret and the second encryption circuitry generates the second key stream using a current counter value of the second counter and the secret.
  - 4. The system as in claim 3 wherein the first encryption circuitry comprises an elliptic curve method (ECM) module to generate the first key stream using the first counter value and the secret and the second encryption circuitry comprises an ECM module to generate the second key stream using the first counter value and the first secret.
  - 5. The system as in claim 3 wherein the first encryption circuitry encrypts a first data packet using the first key stream to generate a first encrypted data packet and transmits the first encrypted data packet to the second encryption circuitry along with a current counter value of the first counter.
  - 6. The system as in claim 5 wherein the second encryption circuitry uses the current counter value of the first counter and the secret to generate the first key stream and uses the first key stream to decrypt the encrypted data packet.
  - 7. The system as in claim 5 wherein encrypting the first data packet comprises XORing the first key stream with the first data packet to generate the first encrypted data packet.
  - 8. The system as in claim 6 wherein the IoT device comprises a Bluetooth Low Energy (BTLE) communication interface to communicatively couple the IoT device to the IoT hub or the mobile user device, the IoT hub or the mobile user device communicatively coupled to the IoT service over the Internet.

9. A computer-implemented method comprising:
- establishing communication between an Internet of Things (IoT) service and an IoT device through an IoT hub or a mobile user device;
  
  generating a service public key and a service private key by key generation logic of a first encryption circuitry on the IoT service;
  
  generating a device public key and a device private key by key generation logic of a second encryption circuitry on the IoT device;
  
  transmitting the service public key from the first encryption circuitry to the second encryption circuitry and transmitting the device public key from the second encryption circuitry to the first encryption circuitry;
  
  generating a secret using the device public key and the service private key;
  
  generating the same secret using the service public key and the device private key; and
  
  encrypting and decrypting data packets transmitted between the first encryption circuitry and the second encryption circuitry using data structures derived from the secret, wherein the data structures derived from the secret comprise a first key stream generated by the first encryption circuitry and a second key stream generated by the second encryption circuitry; and
  
  wherein a first counter is associated with the first encryption circuitry and a second counter is associated with the second encryption circuitry, the first encryption circuitry incrementing the first counter responsive to each data packet transmitted to the second encryption circuitry and the second encryption circuitry incrementing the second counter responsive to each data packet transmitted to the first encryption circuitry.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method as in claim 9 wherein the key generation logic comprises a hardware security module (HSM).
  - 11. The method as in claim 9, wherein the first encryption circuitry generates the first key stream using a current counter value of the first counter and the secret and the second encryption circuitry generates the second key stream using a current counter value of the second counter and the secret.
  - 12. The method as in claim 11 wherein the first encryption circuitry comprises an elliptic curve method (ECM) module to generate the first key stream using the first counter value and the secret and the second encryption circuitry comprises an ECM module to generate the second key stream using the first counter value and the first secret.
  - 13. The method as in claim 11 wherein the first encryption circuitry encrypts a first data packet using the first key stream to generate a first encrypted data packet and transmits the first encrypted data packet to the second encryption circuitry along with a current counter value of the first counter.
  - 14. The method as in claim 13 wherein the second encryption circuitry uses the current counter value of the first counter and the secret to generate the first key stream and uses the first key stream to decrypt the encrypted data packet.
  - 15. The method as in claim 13 wherein encrypting the first data packet comprises XORing the first key stream with the first data packet to generate the first encrypted data packet.
  - 16. The method as in claim 14 wherein the IoT device comprises a Bluetooth Low Energy (BTLE) communication interface to communicatively couple the IoT device to the IoT hub or the mobile user device, the IoT hub or the mobile user device communicatively coupled to the IoT service over the Internet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Afero, Inc.
Original Assignee
Afero, Inc.
Inventors
Zakaria, Omar, Britt, Joe, Zimmerman, Scott
Primary Examiner(s)
RAHIM, MONJUR

Application Number

US14/791,371
Publication Number

US 20170006003A1
Time in Patent Office

767 Days
Field of Search

380283
US Class Current
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/0492   by using a location-limited...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/0861   Generation of secret inform...

H04L 9/0877   using additional device, e....

Apparatus and method for establishing secure communication channels in an internet of things (IOT) system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for establishing secure communication channels in an internet of things (IOT) system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links