US2023092015A1PendingUtilityA1

Securing communication of devices in the internet of things

Assignee: PCMS HOLDINGS INCPriority: Feb 6, 2017Filed: Nov 21, 2022Published: Mar 23, 2023
Est. expiryFeb 6, 2037(~10.6 yrs left)· nominal 20-yr term from priority
Inventors:Andreas Schmidt
H04W 12/66H04W 12/069H04L 63/0876H04L 63/20H04L 63/0884H04W 4/70H04L 12/66H04L 63/10
70
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

It is recognized herein that current messaging protocols for internet of things (IoT) architectures are often weak from a security perspective, and are often poorly suited for resource-constrained devices. An example IoT system described herein combines device authentication and application-layer key establishment using facilities of IoT messaging protocols. The IoT system may include a Trust Broker, which acts as a registration point for devices, and an edge gateway, which manages communication between a given device and the trust broker (and IoT servers). The edge gateway may acquire a trusted role, such that it may be a secure intermediary for device-server messaging, and such that it can facilitate authentication of devices to services.

Claims

exact text as granted — not AI-modified
What is claimed: 
     
         1 . A wireless transmit/receive unit (WTRU) comprising one or more processors and memory storing instructions that, when executed by the one or more processors, cause the WTRU to:
 send, to a gateway node of a communications network, a connection request, wherein the connection request indicates an identity associated with the WTRU; and   receive, via the gateway node and based on the identity associated with the WTRU, a message from a trust broker node,   wherein subsequent to receiving the message from the trust broker node, outbound messages from the WTRU are prevented from being routed to network nodes other than the trust broker node.   
     
     
         2 . The WTRU of  claim 1 , wherein the message received from the trust broker node comprises an authentication challenge message, and wherein the instructions, when executed by the one or more processors, further cause the WTRU to send to the trust broker node an authentication response message. 
     
     
         3 . The WTRU of  claim 2 , wherein the instructions, when executed by the one or more processors, further cause the WTRU to:
 receive, from the trust broker node and based on sending the authentication response message, a trust message comprising one or more credentials for use by the WTRU in communicating with an information node of the communications network.   
     
     
         4 . The WTRU of  claim 3 , wherein the one or more credentials comprise one or more of:
 a certificate;   a key;   a token; or   a digitally signed message.   
     
     
         5 . The WTRU of  claim 3 , wherein the instructions, when executed by the one or more processors, further cause the WTRU to send, to the gateway node, a second connection request comprising an identifier of the information node. 
     
     
         6 . The WTRU of  claim 3 , wherein after receiving the trust message from the trust broker node, outbound messages from the device are not prevented from being routed to network nodes other than the trust broker node. 
     
     
         7 . The WTRU of  claim 1 , wherein the message received from the trust broker node comprises an indication that the connection request is denied, and wherein the instructions, when executed by the one or more processors, further cause the WTRU to:
 send, to the trust broker node, a subscribe message, wherein the subscribe message comprises a topic;   receive, from the trust broker node, a publish message comprising an authentication challenge from the trust broker node; and   send, to the trust broker node, an authentication response message.   
     
     
         8 . The WTRU of  claim 1 , wherein subsequent to receiving the message from the trust broker node, the WTRU receives inbound messages only from the trust broker node. 
     
     
         9 . The WTRU of  claim 1 , wherein the connection request comprises an identifier of an information node of the communications network. 
     
     
         10 . A method implemented by a wireless transmit/receive unit (WTRU) for communications with a network, the method comprising:
 sending, by the WTRU and to a gateway node of the network, a connection request, wherein the connection request indicates an identity associated with the WTRU; and   receiving, via the gateway node and based on the identity associated with the WTRU, a message from a trust broker node,   wherein subsequent to receiving the message from the trust broker node, outbound messages from the WTRU are prevented from being routed to network nodes other than the trust broker node.   
     
     
         11 . The method of  claim 10 , wherein the message received from the trust broker node comprises an authentication challenge message, and wherein the method further comprises sending to the trust broker node an authentication response message. 
     
     
         12 . The method of  claim 11 , further comprising:
 receiving, from the trust broker node and based on sending the authentication response message, a trust message comprising one or more credentials for use by the WTRU in communicating with an information node of the communications network.   
     
     
         13 . The method of  claim 12 , wherein the one or more credentials comprise one or more of:
 a certificate;   a key;   a token; or   a digitally signed message.   
     
     
         14 . The method of  claim 12 , further comprising sending, to the gateway node, a second connection request comprising an identifier of the information node. 
     
     
         15 . The method of  claim 12 , wherein after receiving the trust message from the trust broker node, outbound messages from the device are not prevented from being routed to network nodes other than the trust broker node. 
     
     
         16 . The method of  claim 10 , wherein the message received from the trust broker node comprises an indication that the connection request is denied, and wherein the method further comprises:
 sending, to the trust broker node, a subscribe message, wherein the subscribe message comprises a topic;   receiving, from the trust broker node, a publish message comprising an authentication challenge from the trust broker node; and   sending, to the trust broker node, an authentication response message.   
     
     
         17 . The method of  claim 10 , wherein subsequent to receiving the message from the trust broker node, the WTRU receives inbound messages only from the trust broker node. 
     
     
         18 . The method of  claim 10 , wherein the connection request comprises an identifier of an information node of the communications network.

Join the waitlist — get patent alerts

Track US2023092015A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.