Hardware identification-based security authentication service for IoT devices

US 10,499,246 B2
Filed: 05/17/2017
Issued: 12/03/2019
Est. Priority Date: 05/17/2017
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

storing, by an Internet of Things (IoT) device, a hardware identifier that uniquely identifies the IoT device;

performing, by the IoT device, an attachment procedure with a wireless network, wherein the attachment procedure includes authenticating the IoT device by a core network of the wireless network, establishing control-plane signaling between the IoT device and the core network, maintaining a device context in the core network, and establishing a default bearer connection with a first network device of the core network via an access network of the wireless network;

establishing, by the IoT device, a secure channel via the bearer connection with an authentication device, in response to successfully completing the attachment procedure, wherein the first network device is configured to route-restrict the IoT device to the authentication device that provides only an authentication service before allowing the IoT device to communicate with any network device of an external network;

transmitting, by the IoT device via the secure channel to the authentication device, a first request to authenticate the IoT device, wherein the first request includes the hardware identifier;

receiving, by the IoT device via the secure channel from the authentication device, a first response that indicates whether the IoT device is authenticated;

determining, by the IoT device, whether the IoT device is authenticated based on the first response;

transmitting, by the IoT device via the secure channel to the authentication device, a second request for a key in response to determining that the IoT device is authenticated based on the first response; and

receiving, by the IoT device from the wireless network, a message pertaining to a tearing down of the default bearer connection based on determining that the IoT device is not authenticated and the first response.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, a device, and a non-transitory storage medium are provided to store a hardware identifier that uniquely identifies the IoT device; perform an attachment procedure with a wireless network, wherein the attachment procedure includes authenticating the IoT device by the wireless network and establishing a bearer connection; establish a secure channel with a first network device via the bearer connection, in response to successfully completing the attachment procedure; transmit, to the first network device, a first request to authenticate the IoT device, wherein the first request includes the hardware identifier; receive, from the first network device, a first response that indicates whether the IoT device is authenticated; determine that the IoT device is authenticated based on the first response; and transmit, to the first network device, a second request for a key in response to a determination that the IoT device is authenticated.

21 Citations

View as Search Results

20 Claims

1. A method comprising:
- storing, by an Internet of Things (IoT) device, a hardware identifier that uniquely identifies the IoT device;
  
  performing, by the IoT device, an attachment procedure with a wireless network, wherein the attachment procedure includes authenticating the IoT device by a core network of the wireless network, establishing control-plane signaling between the IoT device and the core network, maintaining a device context in the core network, and establishing a default bearer connection with a first network device of the core network via an access network of the wireless network;
  
  establishing, by the IoT device, a secure channel via the bearer connection with an authentication device, in response to successfully completing the attachment procedure, wherein the first network device is configured to route-restrict the IoT device to the authentication device that provides only an authentication service before allowing the IoT device to communicate with any network device of an external network;
  
  transmitting, by the IoT device via the secure channel to the authentication device, a first request to authenticate the IoT device, wherein the first request includes the hardware identifier;
  
  receiving, by the IoT device via the secure channel from the authentication device, a first response that indicates whether the IoT device is authenticated;
  
  determining, by the IoT device, whether the IoT device is authenticated based on the first response;
  
  transmitting, by the IoT device via the secure channel to the authentication device, a second request for a key in response to determining that the IoT device is authenticated based on the first response; and
  
  receiving, by the IoT device from the wireless network, a message pertaining to a tearing down of the default bearer connection based on determining that the IoT device is not authenticated and the first response.
- View Dependent Claims (2, 3, 4, 5, 6, 15, 16)
- - 2. The method of claim 1, further comprising:
    - receiving, by the IoT device via the secure channel from the authentication device, a second response that includes the key and a token, and is responsive to the second request.
  - 3. The method of claim 2, wherein the key includes at least one of a public key or a private key, and wherein the first network device is a packet data network gateway.
  - 4. The method of claim 2, further comprising:
    - obtaining, by the IoT device from a second network device, a digital certificate based on the key and in response to receiving the second response.
  - 5. The method of claim 4, further comprising:
    - generating IoT data pertaining to an IoT service;
      
      establishing, by the IoT device to a third network device, a communication session using the digital certificate and the token; and
      
      transmitting, by the IoT device to the third network device, the IoT data.
  - 6. The method of claim 1, wherein the hardware identifier is an identifier that is different from an identifier used to authenticate the IoT device by the wireless network.
  - 15. The method of claim 1, wherein the hardware identifier is a media access control address or an International Mobile Equipment Identity.
  - 16. The method of claim 1, wherein the wireless network is a Long Term Evolution (LTE) network, an LTE-Advanced network, or a Fifth Generation network.

7. An Internet of Things (IoT) device comprising:
- a communication interface;
  
  a memory, wherein the memory stores instructions; and
  
  a processor, wherein the processor executes the instructions to;
  
  store a hardware identifier that uniquely identifies the IoT device;
  
  perform, via the communication interface, an attachment procedure with a wireless network, wherein the attachment procedure includes authenticating the IoT device by a core network of the wireless network, establishing control-plane signaling between the IoT device and the core network, and establishing a default bearer connection with a first network device of the core network via an access network of the wireless network;
  
  establish, via the communication interface, a secure channel via the bearer connection with an authentication device, in response to successfully completing the attachment procedure, wherein the first network device is configured to route-restrict the IoT device to the authentication device that provides only an authentication service before allowing the IoT device to communicate with any network device of an external network;
  
  transmit, via the communication interface and the secure channel to the authentication device, a first request to authenticate the IoT device, wherein the first request includes the hardware identifier;
  
  receive, via the communication interface and the secure channel from the authentication device, a first response that indicates whether the IoT device is authenticated;
  
  determine whether the IoT device is authenticated based on the first response;
  
  transmit, via the communication interface via the secure channel to the authentication device, a second request for a key in response to a determination that the IoT device is authenticated based on the first response; and
  
  receive, via the communication interface from the wireless network, a message pertaining to a tearing down of the default bearer connection based on determining that the IoT device is not authenticated and the first response.
- View Dependent Claims (8, 9, 10, 11, 17, 18)
- - 8. The IoT device of claim 7, wherein the processor further executes the instructions to:
    - receive, via the communication interface via the secure channel from the authentication device, a second response that includes the key and a token, and is responsive to the second request.
  - 9. The IoT device of claim 8, wherein the key includes at least one of a public key or a private key, and wherein the first network device is a packet data network gateway.
  - 10. The IoT device of claim 8, wherein the processor further executes the instructions to:
    - obtain, via the communication interface from a second network device, a digital certificate based on the key and in response to receipt of the second response.
  - 11. The IoT device of claim 10, wherein the processor further executes the instructions to:
    - generate IoT data pertaining to an IoT service;
      
      establish, via the communication interface to a third network device, a communication session using the digital certificate and the token; and
      
      transmit, via the communication interface to the third network device, the IoT data.
  - 17. The IoT device of claim 7, wherein the hardware identifier is a media access control address or an International Mobile Equipment Identity.
  - 18. The IoT device of claim 7, wherein the wireless network is a Long Term Evolution (LTE) network, an LTE-Advanced network, or a Fifth Generation network.

12. A non-transitory, computer-readable storage medium storing instructions executable by a processor of an Internet of Things (IoT) device, which when executed cause the IoT device to:
- store a hardware identifier that uniquely identifies the IoT device;
  
  perform an attachment procedure with a wireless network, wherein the attachment procedure includes authenticating the IoT device by a core network of the wireless network, establishing control-plane signaling between the IoT device and the core network, and establishing a default bearer connection with a first network device of the core network via an access network of the wireless network;
  
  establish a secure channel via the bearer connection with an authentication device, in response to successfully completing the attachment procedure, wherein the first network device is configured to route-restrict the IoT device to the authentication device that provides only an authentication service before allowing the IoT device to communicate with any network device of an external network;
  
  transmit, via the secure channel to the authentication device, a first request to authenticate the IoT device, wherein the first request includes the hardware identifier;
  
  receive, via the secure channel from the authentication device, a first response that indicates whether the IoT device is authenticated;
  
  determine whether the IoT device is authenticated based on the first response;
  
  transmit, via the secure channel to the authentication device, a second request for a key in response to a determination that the IoT device is authenticated based on the first response; and
  
  receive, from the wireless network, a message pertaining to a tearing down of the default bearer connection based on determining that the IoT device is not authenticated and the first response.
- View Dependent Claims (13, 14, 19, 20)
- - 13. The non-transitory, computer-readable storage medium of claim 12, further storing instructions executable by the processor of the IoT device, which when executed cause the IoT device to:
    - receive, via the secure channel from the authentication device, a second response that includes the key and a token, and is responsive to the second request; and
      
      obtain, from a second network device, a digital certificate based on the key and in response to receipt of the second response.
  - 14. The non-transitory, computer-readable storage medium of claim 13, further storing instructions executable by the processor of the IoT device, which when executed cause the IoT device to:
    - generate IoT data pertaining to an IoT service;
      
      establish a communication session with a third network device using the digital certificate and the token; and
      
      transmit, to the third network device, the IoT data.
  - 19. The non-transitory, computer-readable storage medium of claim 12, wherein the hardware identifier is a media access control address or an International Mobile Equipment Identity.
  - 20. The non-transitory, computer-readable storage medium of claim 12, wherein the wireless network is a Long Term Evolution (LTE) network, an LTE-Advanced network, or a Fifth Generation network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Li, Feng, Ren, Dahai, Chen, Ming
Primary Examiner(s)
Shen, Qun

Application Number

US15/597,243
Publication Number

US 20180338242A1
Time in Patent Office

930 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 63/1466   Active attacks involving in...

H04L 63/166   at the transport layer

H04L 67/12   specially adapted for propr...

H04W 12/041   Key generation or derivation

H04W 12/043   using a trusted network nod...

H04W 12/062   Pre-authentication

H04W 12/069   using certificates or pre-s...

H04W 12/71   Hardware identity

H04W 4/70   Services for machine-to-mac...

H04W 76/12   Setup of transport tunnels

Hardware identification-based security authentication service for IoT devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Hardware identification-based security authentication service for IoT devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others