US2018139090A1PendingUtilityA1

Method for secure enrollment of devices in the industrial internet of things

44
Assignee: GEIGER JOHNPriority: Nov 15, 2016Filed: Nov 15, 2017Published: May 17, 2018
Est. expiryNov 15, 2036(~10.3 yrs left)· nominal 20-yr term from priority
G06F 17/30368H04L 41/085H04W 4/008H04L 41/0889H04W 4/70H04L 67/12H04L 41/0869G06F 21/44H04L 41/0806G06F 2221/2101G06F 16/2358H04W 4/80
44
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

The present invention provides a system and method for remote configuration and management of internet of thing devices, whereby applications do not need to explicitly participate in a particular configuration scheme and the application configuration and management can be performed securely and remotely while the Secure Remote Management engine is architecturally decoupled from the bearing protocols used by the remote enterprise to configure and manage the device or devices.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A system that uploads a selected configuration to a user device, the system in the form of a tangibly embodied computer, the computer including a processor portion and system machine readable instructions on a tangibly embodied computer memory, and the selected configuration being in the form of application machine readable instructions to perform a task on the user device, the system comprising:
 a communication portion that communicates with the user device;   the processor portion performing processing, based on system machine readable instructions, including:
 inputting a request including request attributes, from the user device, via the communication portion, for a configuration, the configuration constituting a selected configuration; 
 identifying the selected configuration, in the tangibly embodied computer memory, based on the request attributes; 
 interfacing with the user device, via the communication portion, to input user device attributes of the user device; 
 retrieving upload data, from the tangibly embodied computer memory, based on the user device attributes; 
 interfacing with the user device to initiate an upload transaction; 
 generating staged changes to upload the selected configuration, including the application machine readable instructions, to the user device; 
 confirming that the staged changes satisfy predetermined criteria, the predetermined criteria disposed in the database; 
 committing to the staged changes; and 
 executing the staged changes so as to upload the selected configuration, including the application machine readable instructions, to the user device, wherein the user device is provided with the selected configuration. 
   
     
     
         2 . The system of  claim 1 , the selected configuration is constituted by a configuration set. 
     
     
         3 . The system of  claim 1 , the tangibly embodied computer memory is a non-volatile storage. 
     
     
         4 . The system of  claim 1 , the tangibly embodied computer memory is a database. 
     
     
         5 . The system of  claim 4 , the selected configuration is constituted by a configuration set and the configuration set is disposed in a SQL database of the database. 
     
     
         6 . The system of  claim 4 , the selected configuration is constituted by a configuration set and the configuration set is disposed in a global registry of the database. 
     
     
         7 . The system of  claim 2 , the processor portion performing a scan of the user device. 
     
     
         8 . The system of  claim 7 , the scan, of the user device, identifying user device configuration sets that are present in the user device. 
     
     
         9 . The system of  claim 1 , the selected configuration is constituted by a plurality of configuration sets, whereby an application, in the user device, draws upon the plurality of configuration sets. 
     
     
         10 . The system of  claim 9 , the processor portion forming a global configuration abstraction. 
     
     
         11 . The system of  claim 10 , wherein the processor portion forming a global configuration abstraction includes the processor portion indexing location and access method for each of a plurality of configuration elements discovered, by the processor portion, within the system. 
     
     
         12 . The system of  claim 11 , the global configuration abstraction is in the form of a tree, the tree including a plurality of nodes. 
     
     
         13 . The system of  claim 12 , wherein, in the tree, each node is indexed in a way that references the access mechanism for an underlying configuration element, and the position of the node in the tree fixes an unambiguous reference to that configuration element. 
     
     
         14 . The system of  claim 11 , the processor portion annotating the global configuration abstraction with a security policy. 
     
     
         15 . The system of  claim 14 , the security policy dictates roles and operations allowed on elements within the global configuration abstraction. 
     
     
         16 . The system of  claim 1 , the processor portion including a security component, the security component performing validation related processing for the selected configuration. 
     
     
         17 . The system of  claim 16 , the security component performing validation related processing for the selected configuration including application of a security policy. 
     
     
         18 . The system of  claim 18 , the security policy dictates roles and operations allowed. 
     
     
         19 . The system of  claim 1 , the user device is constituted by a smart phone. 
     
     
         20 . The system of  claim 1 , the communication portion communicating with the user device over a network. 
     
     
         21 . A method to upload a selected configuration to a user device, the method implemented by a system in the form of a tangibly embodied computer, the computer including a processor portion and system machine readable instructions on a tangibly embodied computer memory, and the selected configuration being in the form of application machine readable instructions to perform a task on the user device, the method comprising:
 inputting, by the processor portion, a request including request attributes, from the user device, via the communication portion, for a configuration, the configuration constituting a selected configuration;   identifying, by the processor portion, the selected configuration, in the tangibly embodied computer memory, based on the request attributes;   interfacing, by the processor portion, with the user device, via the communication portion, to input user device attributes of the user device;   retrieving, by the processor portion, upload data, from the tangibly embodied computer memory, based on the user device attributes;   interfacing with the user device to initiate an upload transaction;   generating, by the processor portion, staged changes to upload the selected configuration, including the application machine readable instructions, to the user device;   confirming, by the processor portion, that the staged changes satisfy predetermined criteria, the predetermined criteria disposed in the tangibly embodied computer memory;   committing, by the processor portion, to the staged changes; and   executing, by the processor portion, the staged changes so as to upload the selected configuration, including the application machine readable instructions, to the user device, wherein the user device is provided with the selected configuration.   
     
     
         22 . The method of  claim 21 , validating, by a security component associated with the processor portion, the selected configuration. 
     
     
         23 . The method of  claim 22 , wherein the validation includes applying a security policy. 
     
     
         24 . The method of  claim 23 , wherein the application of a security policy dictates roles and operations allowed.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.