Carrier network security interface for fielded devices

US 9,900,303 B2
Filed: 02/09/2017
Issued: 02/20/2018
Est. Priority Date: 05/11/2011
Status: Active Grant

First Claim

Patent Images

1. A device, comprising:

a processor; and

a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising;

in response to determining a communication link has been successfully established between a field device, that is authenticated in accord with a network security protocol to a network device associated with a network operator identity, and the network device, receiving a service security protocol from a data store remotely located from the network device to enable communication between the field device and a service device without further authentication of the field device to the service device, wherein the device is associated with the network operator identity, and wherein the service device is not associated with the network operator identity; and

facilitating encrypting data into encrypted data for transmission via a communication path between the field device and the service device to convey the encrypted data in accord with the service security protocol, wherein the communication path comprises the communication link, wherein the encrypted data is unable to be decrypted by network devices associated with the network operator identity, and wherein the encrypted data is able to be decrypted by the field device and the service device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Carrier-side security services for fielded devices is disclosed. In contrast to conventional authentication systems for fielded devices, wherein an end-to-end communications pathway is typically established for authentication of a fielded device by a back-end service provider, authentication and security services can be moved into devices associated with a carrier network. A device associated with the carrier network can authenticate field components to service components without first establishing a communications pathway to a back-end service provider. Further, the device can provide for secured communications with an authenticated field component and are not readable by carrier devices. In an aspect, this can allow for centralization of security elements from the periphery of back-end service providers into a device associated with the carrier network. In a further aspect, the device can host a security services platform for back-end service providers.

Citations

20 Claims

1. A device, comprising:
- a processor; and
  
  a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising;
  
  in response to determining a communication link has been successfully established between a field device, that is authenticated in accord with a network security protocol to a network device associated with a network operator identity, and the network device, receiving a service security protocol from a data store remotely located from the network device to enable communication between the field device and a service device without further authentication of the field device to the service device, wherein the device is associated with the network operator identity, and wherein the service device is not associated with the network operator identity; and
  
  facilitating encrypting data into encrypted data for transmission via a communication path between the field device and the service device to convey the encrypted data in accord with the service security protocol, wherein the communication path comprises the communication link, wherein the encrypted data is unable to be decrypted by network devices associated with the network operator identity, and wherein the encrypted data is able to be decrypted by the field device and the service device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 17, 18, 19, 20)
- - 2. The device of claim 1, wherein the service security protocol is updateable via programming input to the service device.
  - 3. The device of claim 1, wherein the service security protocol is updateable via programming input associated with a service operator identity related to the service device.
  - 4. The device of claim 1, wherein the service device is associated with a municipal service.
  - 5. The device of claim 1, wherein the field device is a metering device.
  - 6. The device of claim 1, wherein communications with the field device are via a wireless communications link.
  - 7. The device of claim 1, wherein a radio access network device comprises the device.
  - 8. The device of claim 1, wherein an access point device comprises the device.
  - 17. The device of claim 1, wherein the data store is located remotely from the field device.
  - 18. The device of claim 1, wherein the field device comprises the data store.
  - 19. The device of claim 1, wherein the data store is located remotely from the service device.
  - 20. The device of claim 1, wherein the service device comprises the data store.

9. A method, comprising:
- in response to determining, by a device comprising a processor and associated with a network operator identity, that a communication link has been established between a field device and a network device associated with the network operator identity, accessing a service security protocol from a data store remotely located from the network device to enable communication between the field device and a service device without further authentication of the field device to the service device, wherein the service device is not associated with the network operator identity, and wherein the field device is authenticated to the network device in accord with a network security protocol; and
  
  initiating, by the device, encryption of data into encrypted data for transmission via a communication path between the field device and the service device to convey the encrypted data in accord with the service security protocol, wherein the communication path comprises the communication link, wherein the encrypted data is not decryptable by network devices associated with the network operator identity, and wherein the encrypted data is decryptable by the field device and the service device.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein the data store is remotely located from the field device.
  - 11. The method of claim 9, wherein the field device comprises the data store.
  - 12. The method of claim 9, wherein the service device comprises the data store.

13. A field device, comprising:
- a processor; and
  
  a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising;
  
  in response to authenticating, based on a network security protocol, the field device to a network device associated with a network operator identity, receiving a service security protocol that enables communication between the field device and a service device without further authentication of the field device to the service device, wherein the service device is not associated with the network operator identity, and wherein the service security protocol is received from a data store located remotely from the network device; and
  
  communicating encrypted data between the field device and the service device, wherein the communicating the encrypted data is based on the service security protocol, wherein a communication path between the field device and the service device comprises the communication link, and wherein the encrypted data is decryptable by the field device and the service device but not decryptable by network devices associated with the network operator identity.
- View Dependent Claims (14, 15, 16)
- - 14. The field device of claim 13, wherein the data store is remotely located from the field device.
  - 15. The field device of claim 13, wherein the the data store is remotely located from the service device.
  - 16. The field device of claim 13, wherein the service device comprises the data store.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Mobility II LLC (AT&T, Inc.)
Original Assignee
AT&T Mobility II LLC (AT&T, Inc.)
Inventors
Maria, Arturo
Primary Examiner(s)
TURCHEN, JAMES R

Application Number

US15/429,157
Publication Number

US 20170155633A1
Time in Patent Office

376 Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/06   Answer-back mechanisms or c...

H04L 12/14   Charging , metering or bill...

H04L 12/1403   Architecture for metering, ...

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/0869   for achieving mutual authen...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04W 12/088   using filters or firewalls

Carrier network security interface for fielded devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Carrier network security interface for fielded devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links