Blockchain-assisted public key infrastructure for internet of things applications

US 10,382,485 B2
Filed: 02/13/2017
Issued: 08/13/2019
Est. Priority Date: 12/23/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of registering a device to a computer system, the computer system comprising a blockchain and a name/value storage (NVS), wherein the NVS is an add-on database to the blockchain, wherein name and value pairs in the NVS can be modified using a modify operation and deleted using a delete operation, the method comprising:

receiving, from the device, an identifier (ID) and a hash of a public key, wherein the device generates the ID, the public key, and a private key; and

generating a first blockchain transaction, wherein the first blockchain transaction adds the received ID and hash of the public key to a first block, and adds the first block to a blockchain, wherein the received ID and hash of the public key located within the first block cannot be altered retrospectively, and further wherein the first blockchain transaction adds the received ID and hash of the public key as a name and value pair in the NVS.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is disclosed for registering and authenticating Internet of things (IoT) devices. In one embodiment, an installation device receives, from an IoT device, an identifier (ID) and a hash of a public key, where the IoT device itself generates the ID, the public key, and a private key. To register the IoT device, a blockchain wallet in the installation devices generates a blockchain transaction which adds the received ID and hash of the public key as a name and value pair in a name/value storage (NVS). The hash of the public key may then be retrieved from the NVS and used in authentication of the IoT device to other IoT devices or servers, among other things.

18 Citations

View as Search Results

22 Claims

1. A computer-implemented method of registering a device to a computer system, the computer system comprising a blockchain and a name/value storage (NVS), wherein the NVS is an add-on database to the blockchain, wherein name and value pairs in the NVS can be modified using a modify operation and deleted using a delete operation, the method comprising:
- receiving, from the device, an identifier (ID) and a hash of a public key, wherein the device generates the ID, the public key, and a private key; and
  
  generating a first blockchain transaction, wherein the first blockchain transaction adds the received ID and hash of the public key to a first block, and adds the first block to a blockchain, wherein the received ID and hash of the public key located within the first block cannot be altered retrospectively, and further wherein the first blockchain transaction adds the received ID and hash of the public key as a name and value pair in the NVS.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - transmitting, to the device, a blockchain wallet public key;
      
      receiving, from the device, a first message indicating whether the device successfully stored the blockchain wallet public key in a non-volatile memory; and
      
      if the first message indicates that the device did not successfully store the blockchain wallet public key in the non-volatile memory, re-transmitting the blockchain wallet public key to the device.
  - 3. The method of claim 2, further comprising:
    - transmitting, to the device, a second message instructing the device to generate a new public key and a new private key, wherein the second message includes a signature signed with a private key of the blockchain wallet, and wherein the device verifies the signature using the blockchain wallet public key stored in the non-volatile memory;
      
      receiving a hash of the new public key from the device; and
      
      generating a second blockchain transaction which updates the value associated with the ID of the device to be the hash of the new public key.
  - 4. The method of claim 1, further comprising, generating a third blockchain transaction which changes a status of the ID and the hash of the public key in the NVS to revoked, wherein, in the revoked status, a blockchain wallet private key cannot be used to modify or delete the status, the ID, the hash of the public key, or an associated expiration date in the NVS.
  - 5. The method of claim 4, wherein the ID and the hash of the public key in the NVS that are revoked are maintained in the NVS until the expiration date.
  - 6. The method of claim 1, wherein, subsequent to the first blockchain transaction which adds the received ID and hash of the public key in the name/value storage (NVS), the device is authenticated to another computing device by:
    - transmitting, by the device to the other computing device, either information including the ID and the public key, or the ID and a self-signed certificate;
      
      determining, by the other computer device based on the ID, whether the device is a registered device; and
      
      if the device is a registered device;
      
      determining, by the other computing device, a hash of the public key,comparing, by the other computing device, the determined hash of the public key with a hash of the public key retrieved from the NVS, andif the determined hash of the public key equals the hash of the public key retrieved from the NVS;
      
      running, by the other computing device, a challenge-response test to verify that the device has the private key; and
      
      if the device passes the challenge-response test, authenticating, by the other computing device, the device.
  - 7. The method of claim 6, wherein the NVS from which the public key is retrieved is an NVS of a public blockchain wallet.
  - 8. The method of claim 1, wherein:
    - the ID is a random value; and
      
      the device generates the ID, the public key, and the private key during installation of the device or in response to a press of a button on the device.
  - 9. The method of claim 1, wherein the first blockchain transaction specifies as an input address a first owner'"'"'s wallet public key and as an output address a second owner'"'"'s wallet public key.
  - 10. The method of claim 1, wherein the device is one of a sensor, a camera, an actuator, a battery, a smart meter, a smart lock, a light, a parking sensor, or a light.
  - 11. The computer-implement method of claim 1, wherein each name-value pair in the NVS is unique.

12. A non-transitory computer-readable medium comprising instructions executable by a computer, the computer having one or more physical central processing units (CPUs), wherein the instructions, when executed, cause the computer to perform operations for registering a device to a computer system, the computer system comprising a blockchain and a name/value storage (NVS), wherein the NVS is an add-on database to the blockchain, wherein name and value pairs in the NVS can be modified using a modify operation and deleted using a delete operation, the operations comprising:
- receiving, from the device, an identifier (ID) and a hash of a public key, wherein the device generates the ID, the public key, and a private key; and
  
  generating a first blockchain transaction, wherein the first blockchain transaction adds the received ID and hash of the public key to a first block, and adds the first block to a blockchain, wherein the received ID and hash of the public key located within the first block cannot be altered retrospectively, and further wherein the first blockchain transaction adds the received ID and hash of the public key as a name and value pair in the NVS.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The computer-readable medium of claim 12, the operations further comprising:
    - transmitting, to the device, a blockchain wallet public key;
      
      receiving, from the device, a first message indicating whether the device successfully stored the blockchain wallet public key in a non-volatile memory; and
      
      if the first message indicates that the device did not successfully store the blockchain wallet public key in the non-volatile memory, re-transmitting the blockchain wallet public key to the device.
  - 14. The computer-readable medium of claim 12, the operations further comprising:
    - transmitting, to the device, a second message instructing the device to generate a new public key and a new private key, wherein the second message includes a signature signed with a private key of the blockchain wallet, and wherein the device verifies the signature using the blockchain wallet public key stored in the non-volatile memory;
      
      receiving a hash of the new public key from the device; and
      
      generating a second blockchain transaction which updates the value associated with the ID of the device to be the hash of the new public key.
  - 15. The computer-readable medium of claim 12, the operations further comprising, generating a third blockchain transaction which changes a status of the ID and the hash of the public key in the NVS to revoked, wherein, in the revoked status, a blockchain wallet private key cannot be used to modify or delete the status, the ID, the hash of the public key, or an associated expiration date in the NVS.
  - 16. The computer-readable medium of claim 15, wherein the ID and the hash of the public key in the NVS that are revoked are maintained in the NVS until the expiration date.
  - 17. The computer-readable medium of claim 12, wherein, subsequent to the first blockchain transaction which adds the received ID and hash of the public key in the name/value storage (NVS), the device is authenticated to another computing device by:
    - transmitting, by the device to the other computing device, either information including the ID and the public key, or the ID and a self-signed certificate;
      
      determining, by the other computer device based on the ID, whether the device is a registered device; and
      
      if the device is a registered device;
      
      determining, by the other computing device, a hash of the public key,comparing, by the other computing device, the determined hash of the public key with a hash of the public key retrieved from the NVS, andif the determined hash of the public key equals the hash of the public key retrieved from the NVS;
      
      running, by the other computing device, a challenge-response test to verify that the device has the private key; and
      
      if the device passes the challenge-response test, authenticating, by the other computing device, the device.
  - 18. The computer-readable medium of claim 17, wherein the NVS from which the public key is retrieved is an NVS of a public blockchain wallet.
  - 19. The computer-readable medium of claim 12, wherein:
    - the ID is a random value; and
      
      the device generates the ID, the public key, and the private key during installation of the device or in response to a press of a button on the device.
  - 20. The computer-readable medium of claim 12, wherein the first blockchain transaction specifies as an input address a first owner'"'"'s wallet public key and as an output address a second owner'"'"'s wallet public key.

21. A computer system comprising:
- a blockchain;
  
  a name/value storage (NVS), wherein the NVS is an add-on database to the blockchain, wherein name and value pairs in the NVS can be modified using a modify operation and deleted using a delete operation;
  
  a processor, wherein the processor is programmed to carry out a method of registering a device to the computer system, the method comprising;
  
  receiving, from the device, an identifier (ID) and a hash of a public key, wherein the device generates the ID, the public key, and a private key; and
  
  generating a first blockchain transaction, wherein the first blockchain transaction adds the received ID and hash of the public key to a first block, and adds the first block to a blockchain, wherein the received ID and hash of the public key located within the first block cannot be altered retrospectively, and further wherein the first blockchain transaction adds the received ID and hash of the public key as a name and value pair in the NVS.
- View Dependent Claims (22)
- - 22. The computer system of claim 21, the method further comprising:
    - transmitting, to the device, a blockchain wallet public key;
      
      receiving, from the device, a first message indicating whether the device successfully stored the blockchain wallet public key in a non-volatile memory; and
      
      if the first message indicates that the device did not successfully store the blockchain wallet public key in the non-volatile memory, re-transmitting the blockchain wallet public key to the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
Won, Jong Ho, Bollella, Gregory
Primary Examiner(s)
Gergiso, Techane

Application Number

US15/431,138
Publication Number

US 20180183587A1
Time in Patent Office

911 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 2221/2103   Challenge-response

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/64   Self-signed certificates

H04L 63/166   at the transport layer

H04L 9/0891   Revocation or update of sec...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

H04L 9/50   using hash chains, e.g. blo...

H04W 12/0433   Key management protocols

H04W 4/70   Services for machine-to-mac...

Y04S 40/20   Information technology spec...

Blockchain-assisted public key infrastructure for internet of things applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Blockchain-assisted public key infrastructure for internet of things applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links