Securing IoT Devices Using an Out-Of-Band Beacon

US 20170310485A1
Filed: 04/20/2016
Published: 10/26/2017
Est. Priority Date: 04/20/2016
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

broadcasting, by a gateway, a wireless beacon that is out-of-band with respect to communications between the gateway and a plurality of devices over a network, wherein the wireless beacon includes a token;

receiving an encrypted packet at the gateway as part of the communications;

decrypting the encrypted packet into an intermediate payload by the gateway using a public key, wherein the public key corresponds to a certificate provisioned to each of the plurality of devices; and

decrypting the intermediate payload into a decrypted packet by the gateway using the token.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for securing network devices through the use of an out-of-band beacon are described. In some embodiments, a method may include broadcasting, by a gateway, a wireless beacon that is out-of-band with respect to communications between the gateway and a plurality of devices over a network, where the wireless beacon includes a token; receiving an encrypted packet at the gateway as part of the communications; decrypting the encrypted packet into an intermediate payload by the gateway using a public key, where the public key corresponds to a certificate provisioned to each of the plurality of devices; and decrypting the intermediate payload into a decrypted packet by the gateway using the token.

17 Citations

View as Search Results

20 Claims

1. A method, comprising:
- broadcasting, by a gateway, a wireless beacon that is out-of-band with respect to communications between the gateway and a plurality of devices over a network, wherein the wireless beacon includes a token;
  
  receiving an encrypted packet at the gateway as part of the communications;
  
  decrypting the encrypted packet into an intermediate payload by the gateway using a public key, wherein the public key corresponds to a certificate provisioned to each of the plurality of devices; and
  
  decrypting the intermediate payload into a decrypted packet by the gateway using the token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the communications include Internet Protocol (IP) communications, and wherein the encrypted packet includes an encrypted IP packet.
  - 3. The method of claim 1, wherein transmitting the wireless beacon includes using a Radio Frequency (RF) transceiver that is distinct from another transceiver used in the communications.
  - 4. The method of claim 1, wherein the wireless beacon has a range that is shorter than a communication range of the network.
  - 5. The method of claim 1, wherein the token is encrypted by the gateway using the public key prior to the broadcasting of the beacon.
  - 6. The method of claim 1, further comprising:
    - after a selected amount of time, broadcasting, by the gateway, another wireless beacon that is out-of-band with respect to the communications, the other wireless beacon including a different token;
      
      receiving another encrypted packet at the gateway as part of the communications;
      
      decrypting the other encrypted packet into another intermediate payload by the gateway using the public key; and
      
      decrypting the other intermediate payload into another decrypted packet by the gateway using the different token.
  - 7. The method of claim 1, further comprising:
    - after a selected amount of time, broadcasting, by the gateway, another wireless beacon that is out-of-band with respect to the communications, the other wireless beacon including a different token;
      
      receiving another encrypted packet at the gateway as part of the communications;
      
      decrypting the other encrypted packet into another intermediate payload by the gateway using the public key; and
      
      in response to being unable to decrypt the other intermediate payload with the different token, marking a source of the other encrypted packet as suspicious or blocking further communications with the source.
  - 8. The method of claim 1, further comprising:
    - transmitting, by the gateway as part of the communications over the network, packets encrypted with both the token and the public key.

9. A device, comprising:
- a processor; and
  
  a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the device to;
  
  receive a wireless beacon that is out-of-band with respect to communications between a gateway and a plurality of devices over a network, wherein the wireless beacon includes a token;
  
  encrypt an outgoing packet using the token into an intermediate payload;
  
  encrypt the intermediate payload into an encrypted packet using a private key, wherein the private key corresponds to a certificate provisioned to each of the plurality of devices; and
  
  transmit the encrypted packet to the gateway over the network.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The device of claim 9, wherein the communications include Internet Protocol (IP) communications, and wherein the encrypted packet includes an encrypted IP packet.
  - 11. The device of claim 9, wherein receiving the wireless beacon includes using a Radio Frequency (RF) transceiver that is physically distinct from another transceiver used in the communications.
  - 12. The device of claim 9, wherein the wireless beacon has a range that is shorter than a communication range of the network.
  - 13. The device of claim 9, wherein the token within the wireless beacon is encrypted with a public key corresponding to the private key, and wherein the program instructions, upon execution by the processor, further cause the device to decrypt the token with the private key.
  - 14. The device of claim 9, wherein the program instructions, upon execution by the processor, further cause the device to:
    - receive another encrypted packet from the gateway;
      
      decrypt the other encrypted packet into another intermediate payload using the private key; and
      
      decrypt the other intermediate payload into a decrypted packet using the token.
  - 15. The device of claim 9, wherein the program instructions, upon execution by the processor, further cause the device to:
    - receive another wireless beacon that is out-of-band with respect to the communications between the gateway and the plurality of devices over the network, wherein the other wireless beacon includes a different token;
      
      encrypt another outgoing packet using the different token into another intermediate payload;
      
      encrypt the other intermediate payload using the private key into another encrypted packet; and
      
      transmit the other encrypted packet to the gateway over the network.

16. A memory device having program instructions stored thereon that, upon execution by a processor of a gateway, further cause the gateway to:
- broadcast a wireless beacon that is out-of-band with respect to communications between the gateway and a plurality of devices over a network, wherein the wireless beacon includes a first token;
  
  receive an encrypted packet as part of the communications;
  
  decrypt the encrypted packet into an intermediate payload using a public key, wherein the public key corresponds to a certificate provisioned to each of the plurality of devices; and
  
  decrypt the intermediate payload into a decrypted packet using the first token.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The memory device of claim 16, wherein the program instructions, upon execution by the processor, further cause the gateway to:
    - after a predetermined amount of time, broadcast another wireless beacon that is out-of-band with respect to the communications, the other wireless beacon including a second token;
      
      receive another encrypted packet at the gateway as part of the communications; and
      
      decrypt the other encrypted packet into another intermediate payload by the gateway using the public key.
  - 18. The memory device of claim 17, wherein the program instructions, upon execution by the processor, further cause the gateway to:
    - in response to the other encrypted packet having been received within a selected time window from the predetermined amount of time, decrypt the other intermediate payload with any of the first token or the second token.
  - 19. The memory device of claim 17, wherein the program instructions, upon execution by the processor, further cause the gateway to:
    - in response to the other encrypted packet having been received outside of a selected time window from the predetermined amount of time, decrypt the other intermediate payload with the second token.
  - 20. The memory device of claim 17, wherein the program instructions, upon execution by the processor, further cause the gateway to:
    - in response to;
      
      (1) the other encrypted packet having been received outside of a selected time window from the predetermined amount of time, and (2) the other intermediate payload having been encrypted with the first token, mark a source of the other encrypted packet as suspicious or block further communications with the source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Robbins, Warren Wade, Hamlin, Daniel L., Robison, Charles D.

Granted Patent

US 10,097,358 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 2209/80   Wireless network architectu...

H04L 63/06   for supporting key manageme...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 9/006   involving public key infras...

H04L 9/14   using a plurality of keys o...

H04L 9/16   the keys or algorithms bein...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3263   involving certificates, e.g...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 4/06   Selective distribution of b...

H04W 88/16   Gateway arrangements

Securing IoT Devices Using an Out-Of-Band Beacon

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Securing IoT Devices Using an Out-Of-Band Beacon

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links