System and method for securely connecting network devices

US 9,832,173 B2
Filed: 12/18/2014
Issued: 11/28/2017
Est. Priority Date: 12/18/2014
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a hardware Internet of Things (IoT) hub comprising a network interface to couple the IoT hub to an IoT service over a wide area network (WAN), andprogramming logic of the IoT hub to program an identification device with one or more encryption keys usable to establish encrypted communication with an IoT device; and

the IoT device interfacing with the identification device following the programming of the identification device by the IoT hub;

wherein once the identification device is programmed and interfaced with the IoT device, the IoT device uses the one or more keys to establish a secure communication channel with the IoT hub and the IoT service;

wherein the programming of the identification device by the IoT hub comprises generating a public/private key pair and storing at least the private key of the public/private key pair on the identification device;

wherein the programming of the identification device further comprises storing at least the public key in a secure storage on the IoT hub;

the IoT hub securely forwarding the public key with a corresponding signature to the IoT service over the network interface and further securely forwarding an IoT hub public key with a corresponding signature associated with the IoT hub and corresponding to an IoT hub private key; and

wherein to securely transmit a command or data to the IoT device, the IoT service encrypts the command or data and generates a first signature using the public key to generate an IoT device packet and then encrypts the IoT device packet and generates a second signature using the IoT hub public key to generate an IoT hub packet.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A platform, apparatus and method for Internet of Things Implementations. For example, one embodiment of a system comprises: an Internet of Things (IoT) hub comprising a network interface to couple the IoT hub to an IoT service over a wide area network (WAN), and programming logic to program an identification device with one or more encryption keys usable to establish encrypted communication with an IoT device; and at least one IoT device interfacing with the identification device following programming of the identification device by the IoT hub; wherein once the identification device is programmed and interfaced with the IoT device, the IoT device uses the one or more keys to establish a secure communication channel with the IoT hub and/or the IoT service.

130 Citations

15 Claims

1. A system comprising:
- a hardware Internet of Things (IoT) hub comprising a network interface to couple the IoT hub to an IoT service over a wide area network (WAN), andprogramming logic of the IoT hub to program an identification device with one or more encryption keys usable to establish encrypted communication with an IoT device; and
  
  the IoT device interfacing with the identification device following the programming of the identification device by the IoT hub;
  
  wherein once the identification device is programmed and interfaced with the IoT device, the IoT device uses the one or more keys to establish a secure communication channel with the IoT hub and the IoT service;
  
  wherein the programming of the identification device by the IoT hub comprises generating a public/private key pair and storing at least the private key of the public/private key pair on the identification device;
  
  wherein the programming of the identification device further comprises storing at least the public key in a secure storage on the IoT hub;
  
  the IoT hub securely forwarding the public key with a corresponding signature to the IoT service over the network interface and further securely forwarding an IoT hub public key with a corresponding signature associated with the IoT hub and corresponding to an IoT hub private key; and
  
  wherein to securely transmit a command or data to the IoT device, the IoT service encrypts the command or data and generates a first signature using the public key to generate an IoT device packet and then encrypts the IoT device packet and generates a second signature using the IoT hub public key to generate an IoT hub packet.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system as in claim 1 wherein the identification device comprises a subscriber identity module (SIM).
  - 3. The system as in claim 1 wherein the identification device is attached to the IoT device.
  - 4. The system as in claim 1 wherein the IoT hub decrypts the IoT hub packet and validates the second signature using the IoT hub private key to generate the IoT device packet and forwards the IoT device packet to the IoT device, the IoT device using the private key to validate the first signature and decrypt the IoT device packet.
  - 5. The system as in claim 1 wherein the identification device comprises a secure key storage for storing the private key.

6. A system comprising:
- a hardware Internet of Things (IoT) hub comprising a network interface to couple the IoT hub to an IoT service over a wide area network (WAN), anda local interface on the IoT hub to receive one or more encryption keys usable to establish a secure communication channel with an IoT device;
  
  wherein once the IoT hub has received the one or more encryption keys, the IoT hub and the IoT service use the one or more encryption keys to establish the secure communication channel with the IoT device; and
  
  wherein a first public/private key pair is associated with the IoT device and wherein the IoT hub receives at least the public key of the first public/private key pair and forwards the public key to the IoT service;
  
  wherein a second public/private key pair is associated with the IoT hub, and wherein the IoT hub provides at least the public key of the second public/private key pair to the IoT device and the IoT service;
  
  wherein the IoT device uses the public key of the second public/private key pair to encrypt communications directed to the IoT hub and wherein the IoT hub and the IoT service use the public key of the first public/private key pair to encrypt communications directed to the IoT device; and
  
  wherein to securely transmit a command or data to the IoT device, the IoT service encrypts the command or data and generates a first signature using the public key to generate an IoT device packet and then encrypts the IoT device packet and generates a second signature using the IoT hub public key to generate an IoT hub packet.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The system as in claim 6 wherein the local interface comprises a barcode or QR code reader for reading a barcode or QR code identifying the one or more encryption keys.
  - 8. The system as in claim 6 wherein the IoT hub securely forwards the public keys of the first and second public/private key pairs to the IoT service.
  - 9. The system as in claim 6 wherein the IoT service generates a signature to be transmitted with each command or data using the public key of the first public/private key pair and wherein the IoT device verifies the signature using the private key of the first public/private key pair.
  - 10. The system as in claim 6 wherein the IoT service includes a sequence number or nonce with each command or data transmitted to the IoT device, the IoT device to verify the sequence number or nonce.
  - 11. The system as in claim 6 wherein the IoT hub decrypts the IoT hub packet using the private key of the second public/private key pair to generate the IoT device packet and forwards the IoT device packet to the IoT device, wherein the IoT device uses the private key of the first public/private key pair to decrypt the IoT device packet.
  - 12. The system as in claim 6 wherein the local interface comprises a BLUETOOTH Low Energy (LE) communication channel or a WIFI communication channel.

13. A method comprising:
- providing an Internet of Things (IoT) hub comprising a network interface to couple the IoT hub to an IoT service over a wide area network (WAN), andprogramming an identification device by the IoT hub to include one or more encryption keys usable to establish encrypted communication with an IoT device; and
  
  interfacing the IoT device with the identification device following the programming of the identification device by the IoT hub;
  
  wherein once the identification device is programmed and interfaced with the IoT device, the IoT device uses the one or more keys to establish a secure communication channel with the IoT hub and the IoT service;
  
  wherein the programming of the identification device by the IoT hub comprises generating a public/private key pair and storing at least the private key of the public/private key pair on the identification device;
  
  wherein the programming of the identification device further comprises storing at least the public key in a secure storage on the IoT hub;
  
  the IoT hub securely forwarding the public key with a corresponding signature to the IoT service over the network interface and further securely forwarding an IoT hub public key with a corresponding signature associated with the IoT hub and corresponding to an IoT hub private key; and
  
  wherein to securely transmit a command or data to the IoT device, the IoT service encrypts the command or data and generates a first signature using the public key to generate an IoT device packet and then encrypts the IoT device packet and generates a second signature using the IoT hub public key to generate an IoT hub packet.
- View Dependent Claims (14, 15)
- - 14. The method as in claim 13 wherein the identification device comprises a subscriber identity module (SIM).
  - 15. The method as in claim 13 wherein the identification device is attached to the IoT device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Afero, Inc.
Original Assignee
Afero, Inc.
Inventors
Britt, Joe, Matsumura, Shin, Forood, Houman, Zimmerman, Scott, Myles, Phillip, Zawicki, Sean, Kutami, Daisuke, Holland, Shannon
Primary Examiner(s)
PLECHA, THADDEUS J

Application Number

US14/575,463
Publication Number

US 20160182459A1
Time in Patent Office

1,076 Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/2809   indicating that an applianc...

H04L 12/2834   Switching of information be...

H04L 63/0428   wherein the data content is...

H04L 63/0478   applying multiple layers of...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/062   for key distribution, e.g. ...

H04L 63/18   using different networks or...

H04L 67/12   specially adapted for propr...

H04M 15/751   Card based account, e.g. sm...

H04M 17/103   using SIMs (USIMs) or calli...

H04M 2215/7209   Card based, e.g. smart card...

H04W 12/04   Key management, e.g. using ...

H04W 12/35   Protecting application or s...

H04W 12/50   Secure pairing of devices

H04W 12/77   Graphical identity

H04W 4/24   Accounting or billing

H04W 4/70   Services for machine-to-mac...

H04W 8/205   Transfer to or from user eq...

H04W 84/18   Self-organising networks, e...

System and method for securely connecting network devices

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

130 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securely connecting network devices

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

130 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links