Method and apparatus for enabling machine to machine communication

US 9,826,335 B2
Filed: 01/21/2009
Issued: 11/21/2017
Est. Priority Date: 01/18/2008
Status: Active Grant

First Claim

Patent Images

1. In a system comprising a visited network operator (VNO), a registration operator (RO), and a machine-to-machine equipment (M2ME) having a trusted environment (TRE), wherein the VNO, RO, and M2ME communicate via a network, a method performed by the M2ME, the method comprising:

transmitting, to the VNO, a network attach request message comprising a temporary private identifier;

authenticating with the VNO using the temporary private identifier, the temporary private identifier being a provisional connectivity identification (PCID) valid for a validity period;

generating, by the TRE, security-critical executable code and sending the security-critical executable code to a platform verification authority;

receiving authentication vectors if the platform verification authority validates an integrity, using the security-critical executable code, of the TRE that is within the M2ME;

after the M2ME is authenticated with the VNO and after the TRE is validated by the platform verification authority, establishing IP connectivity with the RO via the VNO;

receiving a manageable identity (MID) from the RO;

provisioning the MID on the M2ME and reporting a success message to the RO; and

when the validity period expires, removing the PCID such that another M2ME can use the PCID.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for performing secure Machine-to-Machine (M2M) provisioning and communication is disclosed. In particular a temporary private identifier, or provisional connectivity identification (PCID), for uniquely identifying machine-to-machine equipment (M2ME) is also disclosed. Additionally, methods and apparatus for use in validating, authenticating and provisioning a M2ME is also disclosed. The validation procedures disclosed include an autonomous, semi-autonomous, and remote validation are disclosed. The provisioning procedures include methods for re-provisioning the M2ME. Procedures for updating software, and detecting tampering with the M2ME are also disclosed.

Citations

16 Claims

1. In a system comprising a visited network operator (VNO), a registration operator (RO), and a machine-to-machine equipment (M2ME) having a trusted environment (TRE), wherein the VNO, RO, and M2ME communicate via a network, a method performed by the M2ME, the method comprising:
- transmitting, to the VNO, a network attach request message comprising a temporary private identifier;
  
  authenticating with the VNO using the temporary private identifier, the temporary private identifier being a provisional connectivity identification (PCID) valid for a validity period;
  
  generating, by the TRE, security-critical executable code and sending the security-critical executable code to a platform verification authority;
  
  receiving authentication vectors if the platform verification authority validates an integrity, using the security-critical executable code, of the TRE that is within the M2ME;
  
  after the M2ME is authenticated with the VNO and after the TRE is validated by the platform verification authority, establishing IP connectivity with the RO via the VNO;
  
  receiving a manageable identity (MID) from the RO;
  
  provisioning the MID on the M2ME and reporting a success message to the RO; and
  
  when the validity period expires, removing the PCID such that another M2ME can use the PCID.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, the method further comprising:
    - validating the M2ME; and
      
      based on the validation of the M2ME, sending a validation success message or a validation failure message to the platform verification authority via the VNO.
  - 3. The method of claim 2, wherein the validation of the M2ME is at least partially determined based on a validation procedure performed by the trusted environment (TRE) within the M2ME.
  - 4. The method of claim 3, wherein the validation procedure is performed autonomously within the M2ME.
  - 5. The method of claim 3, where in the validation procedure is performed semi-autonomously by the M2ME.
  - 6. The method of claim 1, wherein the MID comprises at least one of a universal mobile telecommunications (UMTS) subscriber identity module (USIM) function, credentials, or configuration information which enable the M2ME to authenticate with a selected home operator (SHO).
  - 7. The method of claim 1, wherein the RO comprises an initial connectivity function (ICF), a discovery and registration function (DRF), and a download and provisioning function (DPF).
  - 8. The method of claim 7, wherein the initial connectivity function (ICF), the discovery and registration function (DRF), and the download and provisioning function (DPF) are separate entities in the network.

9. A machine-to-machine equipment (M2ME) configured to communicate, via a network, with a visited network operator (VNO) and a registration operator (RO), the M2ME having a trusted environment (TRE), the M2ME comprising:
- a memory comprising executable instructions; and
  
  a processor in communication with the memory, the instructions, when executed by the processor, cause the processor to effectuate operations comprising;
  
  transmitting, to the VNO, a network attach request message comprising a temporary private identifier;
  
  authenticating with the VNO using the temporary private identifier, the temporary private identifier being a provisional connectivity identification (PCID) valid for a validity period;
  
  generating, by TRE, security-critical executable code and sending the security-critical executable code to a platform verification authority;
  
  receiving authentication vectors if the platform verification authority validates an integrity, using the security-critical executable code, of the TRE that is within the M2ME;
  
  after the M2ME is authenticated with the VNO and after the TRE is validated by the platform verification authority, establishing IP connectivity with the RO via the VNO;
  
  receiving a manageable identity (MID) from the RO;
  
  provisioning the MID on the M2ME and reporting a success message to the RO; and
  
  when the validity period expires, removing the PCID such that another M2ME can use the PCID.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The M2ME of claim 9, wherein the processor is further configured to execute the instructions to perform operations comprising:
    - validating the M2ME; and
      
      based on the validation of the M2ME, sending a validation success message or a validation failure message to platform verification authority via the VNO.
  - 11. The M2ME of claim 10, wherein the validation of the M2ME is at least partially determined based on a validation procedure performed by the trusted environment (TRE) within the M2ME.
  - 12. The M2ME of claim 11, wherein the validation procedure is performed autonomously within the M2ME.
  - 13. The M2ME of claim 11, where in the validation procedure is performed semi-autonomously by the M2ME.
  - 14. The M2ME of claim 9, wherein the MID comprises at least one of a universal mobile telecommunications (UMTS) subscriber identity module (USIM) function, credentials, or configuration information which enable the M2ME to authenticate with a selected home operator (SHO).
  - 15. The M2ME of claim 9, wherein the RO comprises an initial connectivity function (ICF), a discovery and registration function (DRF), and a download and provisioning function (DPF).
  - 16. The M2ME of claim 15, wherein the initial connectivity function (ICF), the discovery and registration function (DRF), and the download and provisioning function (DPF) are separate entities in the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Original Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Inventors
Cha, Inhyok, Shah, Yogendra C., Schmidt, Andreas U., Meyerstein, Michael V.
Primary Examiner(s)
TRAN, ELLEN C

Application Number

US12/863,009
Publication Number

US 20110265158A1
Time in Patent Office

3,226 Days
Field of Search

726 2, 726 3, 726 6
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2151   Time stamp

G06F 2221/2153   Using hardware token as a s...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

H04L 67/125   involving control of end-de...

H04L 9/08   Key distribution or managem...

H04L 9/3234   involving additional secure...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/10   Integrity

H04W 12/35   Protecting application or s...

H04W 12/75   Temporary identity

H04W 24/00   Supervisory, monitoring or ...

H04W 4/00 : Services specially adapted ...

H04W 4/50 : Service provisioning or rec...

H04W 4/70 : Services for machine-to-mac...

H04W 8/06 : Registration at serving net...

H04W 84/22 : with access to wired networks

View All

Method and apparatus for enabling machine to machine communication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for enabling machine to machine communication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links