Apparatus and method for establishing secure communication channels in an internet of things (IoT) system
First Claim
1. A computer-implemented method comprising:
- establishing communication between an Internet of Things (IoT) service and an IoT device through an IoT hub;
generating, by the IoT service, a first packet comprising an IoT service serial number and an IoT service public key, and signing the first packet using a factory private key of a factory public/private key pair implemented by a manufacturer of the IoT service and/or the IoT device;
transmitting the signed first packet from the IoT service to the IoT device;
verifying, by the IoT device, the signed first packet using a factory public key of the factory public/private key pair;
generating, by the IoT device, a second packet comprising an IoT device serial number and an IoT device public key, and signing the second packet using the factory private key;
transmitting the signed second packet from the IoT device to the IoT service; and
verifying, by the IoT service, the signed second packet using the factory public key.
0 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method are described for secure communication between IoT devices and an IoT service. For example, one embodiment of a system comprises: an Internet of Things (IoT) service to establish communication with an IoT device through an IoT hub or a mobile user device; a first encryption engine on the IoT service comprising key generation logic to generate a service public key and a service private key; a second encryption engine on the IoT device comprising key generation logic to generate a device public key and a device private key; the first encryption engine to transmit the service public key to the second encryption engine and the second encryption engine to transmit the device public key to the first encryption engine; the first encryption engine to use the device public key and the service private key to generate a secret; the second encryption engine to use the service public key and the device private key to generate the same secret; and wherein once the secret is generated, the first encryption engine and the second encryption engine encrypt and decrypt data packets transmitted between the first encryption engine and the second encryption engine using the secret or using a data structure derived from the secret.
173 Citations
10 Claims
-
1. A computer-implemented method comprising:
-
establishing communication between an Internet of Things (IoT) service and an IoT device through an IoT hub; generating, by the IoT service, a first packet comprising an IoT service serial number and an IoT service public key, and signing the first packet using a factory private key of a factory public/private key pair implemented by a manufacturer of the IoT service and/or the IoT device; transmitting the signed first packet from the IoT service to the IoT device; verifying, by the IoT device, the signed first packet using a factory public key of the factory public/private key pair; generating, by the IoT device, a second packet comprising an IoT device serial number and an IoT device public key, and signing the second packet using the factory private key; transmitting the signed second packet from the IoT device to the IoT service; and verifying, by the IoT service, the signed second packet using the factory public key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification