US2020236177A1PendingUtilityA1

System for distributed intelligent remote sensing systems

55
Assignee: fybrPriority: Aug 22, 2016Filed: Apr 9, 2020Published: Jul 23, 2020
Est. expiryAug 22, 2036(~10.1 yrs left)· nominal 20-yr term from priority
G01S 5/0263H04L 67/52G06V 20/52G06F 9/445G08G 1/0129G08G 1/142G06F 9/45558G08G 1/148H04L 67/125G08G 1/04G06Q 30/0284G08G 1/0141G08G 1/0133G06F 8/65G08G 1/147G06F 21/53G06F 2009/45579H04L 67/10H04L 63/0823G01S 2013/9314H04L 63/0428H04L 63/06H04L 2463/061G08G 1/0116G06K 9/00771G01S 13/91
55
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

An Internet of things (IoT) system, including a distributed system of virtual machines, includes at least one IoT platform system control engine, that includes a platform system control engine secure system space and a IoT platform system control engine user defined space, at least one network node device that includes a network node device secure system space and an IoT network node device user defined space, and at least one edge device that includes an edge device secure system space and an edge device user defined space, where the secure system space of the control engine, the network node device, and the edge device are each configured to be secured to prevent unauthorized access, and the user defined spaces of the platform system control engine, the network node device and the edge device each define a respective virtual machine.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . An Internet of things (IoT) platform system encryption key security system, the IoT platform system having IoT edge devices, IoT communication node devices and an IOT controller with an IoT platform engine, the encryption key security system securing encryption security between the IOT edge devices, IoT communication node devices and the IOT platform engine on the IoT controller, the IoT platform system encryption key security system comprising:
 an encryption key generation processor disposed so as to key encryption key sets onto IoT edge devices and IoT communication node devices (at fabrication), the encryption key generation processor defining an IoT device encryption key generation end of the encryption key security system;   another encryption key generation processor disposed so, or communicably coupled so, as to provide encryption key generation input providing encryption key sets to the IoT platform engine, the other encryption key generation processor defining an IoT platform engine encryption key generation end of the encryption key security system so that the IoT device encryption key generation end and the IoT platform engine encryption key generation end form substantially symmetrical key generation ends of the encryption key security system; and   a secured encryption communication link coupling the IoT device encryption key generation end and the IoT platform engine encryption key generation end.   
     
     
         2 . The IoT platform system encryption key security system of  claim 1 , wherein the secured encryption communication link defines a hierarchical encryption key set layer arrangement with encryption key sets of a superior layer generated at the IoT device encryption key generation end and the encryption key sets of the superior layer generated at the IoT platform engine encryption key generation end being based on a common encryption key set forming a principal layer of the hierarchical encryption key set layer arrangement from which the superior layer depends. 
     
     
         3 . The IoT platform system encryption key security system of  claim 1 , wherein the common encryption key set of the principal layer is separate and sealed from the IoT platform system. 
     
     
         4 . The IoT platform system encryption key security system of  claim 1 , wherein the encryption key sets of the superior layer generated at the IoT device encryption key generation end and the encryption key sets of the superior layer generated at the IOT platform engine end comprise a combination of at least one symmetric encryption key and at least one asymmetric encryption key. 
     
     
         5 . The IoT platform system encryption key security system of  claim 1 , wherein the encryption key sets generated at the IoT device encryption key generation end are based on the common encryption key set and information from an encrypted input to the IOT device encryption key generation end, the encrypted input is based on the common encryption key set and includes at least a predetermined IoT device fabrication identification characteristic and a validity operator effecting a tamper indicator of the encrypted input. 
     
     
         6 . The IoT platform system encryption key security system of  claim 5 , wherein the predetermined IoT device fabrication identification characteristic forms a basis in generation of the encryption key sets at the IoT device encryption key generation end, each of which encryption key sets is keyed onto and uniquely corresponds to a respective link card of each given IoT edge device and each given IoT communication node device at fabrication of the respective link card. 
     
     
         7 . The IoT platform system encryption key security system of  claim 5 , wherein the validity operator defines a validity window of the encrypted input, and for generation of the encryption key sets generated, based on the encrypted input at the IoT device encryption key generation end, and for keying each of the encryption sets, based on the encrypted input, onto the respective link card at fabrication thereof. 
     
     
         8 . The IoT platform system encryption key security system of  claim 5 , wherein the encrypted input is disposed on a computer readable storage media that is ported from an input generation location, where the encrypted input is disposed on the computer readable storage media, and which location is separate and remote from the IoT device encryption key generation end, to the IOT device encryption key generation end. 
     
     
         9 . The IoT platform system encryption key security system of  claim 1 , wherein each of the encryption key sets generated at the IoT platform engine encryption key generation end is based, at least in part, on a symmetric set of encryption keys to each corresponding encryption key set of the encryption key sets generated at the IoT device encryption key generation end. 
     
     
         10 . The IoT platform system encryption key security system of  claim 1 , wherein each of the encryption key sets generated at the IoT platform engine encryption key generation end includes an independently generated independent key uniquely corresponding to each respective IoT device, and at least one other key that is based, at least in part, on a symmetric set of encryption keys to each corresponding encryption key set of the encryption key sets generated at the IOT device encryption key generation end. 
     
     
         11 . The IoT platform system encryption key security system of  claim 10 , wherein the independent key defines a session key for the respective IoT device and is input to the IoT device by session key encrypted communication from the IoT platform engine, via a wide area network of the IoT platform system, the session key encrypted communication being based on the at least one other key and includes at least one validity operator providing a communication tamper indicator of the session key encrypted communication. 
     
     
         12 . The IoT platform system encryption key security system of  claim 11 , wherein the session key encrypted communication embodying the session key input to the respective IoT device is effected upon and in initial response to IoT platform engine registration of initialization of the respective IoT device within the IoT platform system. 
     
     
         13 . The IoT platform system encryption key security system of  claim 12 , wherein the initial response of the session key encrypted communication from IoT platform engine to respective IoT device and decryption of the session key from the session key encrypted communication and input in the respective IoT device effect authentication of the respective IoT device and onboarding of the respective IoT device to the IoT platform system. 
     
     
         14 . The IoT platform system encryption key security system of  claim 10 , wherein the independent key and the at least one other key based at least in part on the symmetric set of encryption keys define other superior key set layers of the hierarchical encryption key set layer arrangement securing end to end encryption security of communication link connecting an IoT device end and an IoT platform engine end of the IoT platform system. 
     
     
         15 . An Internet of things (IoT) platform system of multiple IoT platform edge devices communicably coupled for bidirectional communication with multiple IoT platform communication network nodes, system comprising:
 an IoT platform engine communicably coupled for bidirectional communication with the IoT platform communication network nodes, and via therewith communicably coupled for bidirectional communication with the IoT platform edge devices;   the IoT platform engine having multiple function modules, the IoT platform engine being disposed on a variably selectable number of server nodes of a server node cloud, at least one function module of the multiple function modules being a provisioning engine module configured as to selectably populate server nodes with the platform engine, and another of the multiple function modules being a secure sealed storage section that stores, sealed from each other of the multiple function modules of the platform engine outside the sealed storage section, IoT user credentials and rights as to access and affect functions of function modules of the platform engine including the provisioning engine module, the secured sealed storage section being configured to manage and enable access to user rights including authorization to initialize the provisioning engine module so as to effect secure elastic provisioning selection of the number of server nodes on which the platform engine is disposed.   
     
     
         16 . The IoT platform system of  claim 15 , wherein the secure sealed storage section is arranged so that provision of secure seal integrity is decoupled and maintained from an exterior of the IoT platform engine. 
     
     
         17 . The IoT platform system of  claim 15 , wherein the secure sealed storage section manages and enables access with multifactor user authentication. 
     
     
         18 . The IoT platform system of  claim 15 , wherein the server node cloud is disposed as infrastructure as a service (IAAS) platform, or as a private server cloud. 
     
     
         19 . The IoT platform system of  claim 15 , wherein the platform engine is configured with a distributed storage layer, and the secure sealed storage section is disposed within the distributed storage layer. 
     
     
         20 . The IoT platform system of  claim 15 , wherein the secure sealed storage section is spread across multiple of the server nodes to include at least a minimum deterministic number within the multiple server nodes so as to effect functions of the secure sealed storage section. 
     
     
         21 . The IoT platform system of  claim 15 , wherein at least one of the multiple function modules defines a centralized service discovery and monitoring function, the centralized service discovery and monitoring function module being spread across multiple of the server nodes to include at least a minimum deterministic number within the multiple server nodes so as to effect the centralized service discovery and monitoring function. 
     
     
         22 . The IoT platform system of  claim 15 , wherein the centralized service discovery and monitoring function is configured so as to register run initiation of each platform engine services on newly provisioned server nodes as populated with the provisioning module. 
     
     
         23 . The IoT platform system of  claim 15 , wherein the provisioning engine module is configured so as to effect, provisioning selection of the number of server nodes being provisioned so as to become populated with the platform engine, selection of a network topology for the number of selected provisioned server nodes, and selection of services from predetermined services of the platform engine so as to start the selected services on each of the selected server nodes being provisioned. 
     
     
         24 . The IoT platform system of  claim 15 , wherein the provisioning engine module is configured so that selection and set up of the selected services on each of the selected server nodes being provisioned is specified with but one configuration file and selection input to but one provisioning script fed to the provisioning engine module effecting substantially automatic setup of each the selected server nodes. 
     
     
         25 . The IoT platform system of  claim 15 , wherein at setup, each respective one of the selected server nodes metadata file is signed with a private key that uniquely corresponds to the respective one of the selected server nodes, the private key corresponding to the respective selected server node being sealed in the secure sealed storage section and authenticated by the secure sealed storage section on receipt of the signature at set up of the respective selected server node.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.