Blockchain-Assisted Public Key Infrastructure for Internet of Things Applications
First Claim
1. A computer-implemented method of registering a device, comprising:
- receiving, from the device, an identifier (ID) and a hash of a public key, wherein the device generates the ID, the public key, and a private key; and
generating a first blockchain transaction which adds the received ID and hash of the public key as a name and value pair in a name/value storage (NVS).
2 Assignments
0 Petitions
Accused Products
Abstract
An approach is disclosed for registering and authenticating Internet of things (IoT) devices. In one embodiment, an installation device receives, from an IoT device, an identifier (ID) and a hash of a public key, where the IoT device itself generates the ID, the public key, and a private key. To register the IoT device, a blockchain wallet in the installation devices generates a blockchain transaction which adds the received ID and hash of the public key as a name and value pair in a name/value storage (NVS). The hash of the public key may then be retrieved from the NVS and used in authentication of the IoT device to other IoT devices or servers, among other things.
113 Citations
21 Claims
-
1. A computer-implemented method of registering a device, comprising:
-
receiving, from the device, an identifier (ID) and a hash of a public key, wherein the device generates the ID, the public key, and a private key; and generating a first blockchain transaction which adds the received ID and hash of the public key as a name and value pair in a name/value storage (NVS). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer-readable medium comprising instructions executable by a computer, the computer having one or more physical central processing units (CPUs), wherein the instructions, when executed, cause the computer to perform operations for registering a device, the operations comprising:
-
receiving, from the device, an identifier (ID) and a hash of a public key, wherein the device generates the ID, the public key, and a private key; and generating a first blockchain transaction which adds the received ID and hash of the public key as a name and value pair in a name/value storage (NVS). - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer-implemented method of authenticating a device, comprising:
-
receiving, from the device, either information including a device ID and public key, or the device ID and a self-signed certificate; determining, based on the device ID, whether the device is a registered device; and if the device is a registered device; determining a hash of the public key, comparing the determined hash of the public key with a hash of the public key retrieved from a name/value storage (NVS), and if the determined hash of the public key equals the hash of the public key retrieved from the NVS; running a challenge-response test to verify that the device has a private key corresponding to the public key; and if the device passes the challenge-response test, authenticating the device.
-
-
21. The method of claim 21, wherein the information is received during a Transport Layer Security (TLS) or Secure Sockets Layer (SSL) handshake and includes the self-signed certificate including information about a blockchain used to register the device ID and the hash of the public key, the method further comprising:
determining whether a certificate received during the TLS or SSL handshake is a certificate authority issued certificate or the self-signed certificate.
Specification