SYSTEM AND METHODS FOR ACHIEVING END-TO-END SECURITY FOR HOP-BY-HOP SERVICES
First Claim
1. An apparatus comprising a processor and a memory, the apparatus further including computer-executable instructions stored in the memory of the apparatus which, when executed by the processor of the apparatus, cause the apparatus to:
- receive a security level value for a hop-by-hop service layer connection; and
set up security for a service layer connection hop using the security level value, wherein the security level value is coordinated with security level values for other hops to ensure that a certain level of end-to-end hop-by-hop security is achieved.
1 Assignment
0 Petitions
Accused Products
Abstract
An IoT E2E Service Layer Security Management system supports methods/procedures to allow an application to establish, use, and teardown an IoT SL communication session that has application specified E2E security preferences and that targets one or more SL addressable targets (e.g. an IoT application, device, or gateway SL addressable resource). E2E SL Session based methods/procedures achieve a required overall E2E security level, by allowing IoT SL instances to influence and coordinate hop security for a multi-hop communication path spanning across multiple intermediary nodes. Methods/procedures reduce overhead, simplify and obviate the need for E2E service level nodes (initiation/termination nodes) from having to perform security service negotiation, in order to establish secure hop-by-hop security associations aligned with an E2E security requirement.
12 Citations
21 Claims
-
1. An apparatus comprising a processor and a memory, the apparatus further including computer-executable instructions stored in the memory of the apparatus which, when executed by the processor of the apparatus, cause the apparatus to:
-
receive a security level value for a hop-by-hop service layer connection; and set up security for a service layer connection hop using the security level value, wherein the security level value is coordinated with security level values for other hops to ensure that a certain level of end-to-end hop-by-hop security is achieved. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus comprising a processor and a memory, the apparatus further including computer-executable instructions stored in the memory of the apparatus which, when executed by the processor of the apparatus, cause the apparatus to:
-
determine a security level for a shared hop for multiple service layer connections by selecting a highest security layer value of the multiple service layer connections; and set up security for the shared hop using the determined security level value. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A method for use by an apparatus, wherein the apparatus comprises a processor and memory, and wherein the apparatus further includes computer-executable instructions stored in the memory which, when executed by the processor, perform functions of a method comprising:
-
receiving a security level value for a hop-by-hop service layer connection; and setting up security for a service layer connection hop using the security level value, wherein the security level value is coordinated with security level values for other hops to ensure that a certain level of end-to-end hop-by-hop security is achieved. - View Dependent Claims (13, 14, 15, 15, 16)
-
-
17. A method for use by an apparatus, wherein the apparatus comprises a processor and memory, and wherein the apparatus further includes computer-executable instructions stored in the memory which, when executed by the processor, perform functions of a method comprising:
-
determining a security level for a shared hop for multiple service layer connections by selecting a highest security layer value of the multiple service layer connections; and setting up security for the shared hop using the determined security level value. - View Dependent Claims (18, 19, 20, 21)
-
Specification
-
- Resources
-
Current AssigneeConvida Wireless LLC
-
Original AssigneeConvida Wireless LLC
-
InventorsSHAH, Yogendra C., CHOYI, VInod Kumar, SEED, IV, Dale N., STARSINIC, Michael F., FLYNN, IV, William Robert, CHEN, Zhuo
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current
-
CPC Class CodesH04L 63/0464 using hop-by-hop encryption...H04L 63/105 Multiple levels of securityH04L 63/20 for managing network securi...H04L 63/205 involving negotiation or de...
