Method and apparatus for enabling machine to machine communication
First Claim
1. In a system comprising a visited network operator (VNO), a registration operator (RO), and a machine-to-machine equipment (M2ME) having a trusted environment (TRE), wherein the VNO, RO, and M2ME communicate via a network, a method performed by the M2ME, the method comprising:
- transmitting, to the VNO, a network attach request message comprising a temporary private identifier;
authenticating with the VNO using the temporary private identifier, the temporary private identifier being a provisional connectivity identification (PCID) valid for a validity period;
generating, by the TRE, security-critical executable code and sending the security-critical executable code to a platform verification authority;
receiving authentication vectors if the platform verification authority validates an integrity, using the security-critical executable code, of the TRE that is within the M2ME;
after the M2ME is authenticated with the VNO and after the TRE is validated by the platform verification authority, establishing IP connectivity with the RO via the VNO;
receiving a manageable identity (MID) from the RO;
provisioning the MID on the M2ME and reporting a success message to the RO; and
when the validity period expires, removing the PCID such that another M2ME can use the PCID.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for performing secure Machine-to-Machine (M2M) provisioning and communication is disclosed. In particular a temporary private identifier, or provisional connectivity identification (PCID), for uniquely identifying machine-to-machine equipment (M2ME) is also disclosed. Additionally, methods and apparatus for use in validating, authenticating and provisioning a M2ME is also disclosed. The validation procedures disclosed include an autonomous, semi-autonomous, and remote validation are disclosed. The provisioning procedures include methods for re-provisioning the M2ME. Procedures for updating software, and detecting tampering with the M2ME are also disclosed.
-
Citations
16 Claims
-
1. In a system comprising a visited network operator (VNO), a registration operator (RO), and a machine-to-machine equipment (M2ME) having a trusted environment (TRE), wherein the VNO, RO, and M2ME communicate via a network, a method performed by the M2ME, the method comprising:
-
transmitting, to the VNO, a network attach request message comprising a temporary private identifier; authenticating with the VNO using the temporary private identifier, the temporary private identifier being a provisional connectivity identification (PCID) valid for a validity period; generating, by the TRE, security-critical executable code and sending the security-critical executable code to a platform verification authority; receiving authentication vectors if the platform verification authority validates an integrity, using the security-critical executable code, of the TRE that is within the M2ME; after the M2ME is authenticated with the VNO and after the TRE is validated by the platform verification authority, establishing IP connectivity with the RO via the VNO; receiving a manageable identity (MID) from the RO; provisioning the MID on the M2ME and reporting a success message to the RO; and when the validity period expires, removing the PCID such that another M2ME can use the PCID. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A machine-to-machine equipment (M2ME) configured to communicate, via a network, with a visited network operator (VNO) and a registration operator (RO), the M2ME having a trusted environment (TRE), the M2ME comprising:
-
a memory comprising executable instructions; and a processor in communication with the memory, the instructions, when executed by the processor, cause the processor to effectuate operations comprising; transmitting, to the VNO, a network attach request message comprising a temporary private identifier; authenticating with the VNO using the temporary private identifier, the temporary private identifier being a provisional connectivity identification (PCID) valid for a validity period; generating, by TRE, security-critical executable code and sending the security-critical executable code to a platform verification authority; receiving authentication vectors if the platform verification authority validates an integrity, using the security-critical executable code, of the TRE that is within the M2ME; after the M2ME is authenticated with the VNO and after the TRE is validated by the platform verification authority, establishing IP connectivity with the RO via the VNO; receiving a manageable identity (MID) from the RO; provisioning the MID on the M2ME and reporting a success message to the RO; and when the validity period expires, removing the PCID such that another M2ME can use the PCID. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification