Feedback
Settings

Settings

Goto Application

1. WO2019209598 - A HOSTED DEVICE PROVISIONING PROTOCOL WITH SERVERS AND A NETWORKED INITIATOR

PermaLink
Publication Number WO/2019/209598
Publication Date 31.10.2019
International Application No. PCT/US2019/027968
International Filing Date 17.04.2019
IPC
H04L 9/08 2006.1
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Arrangements for secret or secure communication
08Key distribution
H04L 9/32 2006.1
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Arrangements for secret or secure communication
32including means for verifying the identity or authority of a user of the system
H04L 29/06 2006.1
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
H04W 12/06 2009.1
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
WWIRELESS COMMUNICATION NETWORKS
12Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
06Authentication
H04W 12/08 2009.1
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
WWIRELESS COMMUNICATION NETWORKS
12Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
08Access security
H04L 29/08 2006.1
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
08Transmission control procedure, e.g. data link level control procedure
CPC
G06F 21/57
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/6218
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
62Protecting access to data via a platform, e.g. using keys or access control rules
6218to a system of files or objects, e.g. local or distributed file system or database
G06K 7/1417
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
KRECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
7Methods or arrangements for sensing record carriers, ; e.g. for reading patterns;
10by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
14using light without selection of wavelength, e.g. sensing reflected white light
1404Methods for optical code recognition
1408the method being specifically adapted for the type of code
14172D bar codes
H04L 63/0428
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
04for providing a confidential data exchange among entities communicating through data packet networks
0428wherein the data content is protected, e.g. by encrypting or encapsulating the payload
H04L 63/061
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
06for supporting key management in a packet data network
061for key exchange, e.g. in peer-to-peer networks
H04L 63/068
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
06for supporting key management in a packet data network
068using time-dependent keys, e.g. periodically changing keys
Applicants
  • IOT AND M2M TECHNOLOGIES, LLC [US]/[US]
Inventors
  • NIX, John, A.
Agents
  • THOMSON, Kirsten, L.
Priority Data
62/664,05727.04.2018US
Publication Language English (en)
Filing Language English (EN)
Designated States
Title
(EN) A HOSTED DEVICE PROVISIONING PROTOCOL WITH SERVERS AND A NETWORKED INITIATOR
(FR) PROTOCOLE DE FOURNITURE DE DISPOSITIF HÉBERGÉ AVEC SERVEURS ET UN INITIATEUR RÉSEAU
front page image
Abstract
(EN) A network can operate a WiFi access point with credentials. An unconfigured device can (i) support a Device Provisioning Protocol (DPP), (ii) record responder bootstrap public and private keys, and (iii) be marked with a tag. The network can record initiator bootstrap public and private keys, as well as derived initiator ephemeral public and private keys. An initiator can (i) operate a DPP application, (ii) read the tag, (iii) establish a secure and mutually authenticated connection with the network, and (iv) send the network data within the tag. The network can record the responder bootstrap public key and derive an encryption key with the (i) recorded responder bootstrap public key and (ii) derived initiator ephemeral private key. The network can encrypt credentials using the derived encryption key and send the encrypted credentials to the initiator, which can forward the encrypted credentials to the device, thereby supporting a device configuration.
(FR) Un réseau peut faire fonctionner un point d'accès WiFi avec des justificatifs d'identité. Un dispositif non configuré peut (i) prendre en charge un protocole de fourniture de dispositif (DPP), (ii) enregistrer des clés publiques et privées d'amorce de répondeur, et (iii) être marqué avec une étiquette. Le réseau peut enregistrer des clés publiques et privées d'amorce de répondeur, ainsi que des clés publiques et privées éphémères d'initiateur dérivées. Un initiateur peut (i) faire fonctionner une application DPP, (ii) lire l'étiquette, (iii) établir une connexion sécurisée et mutuellement authentifiée avec le réseau, et (iv) envoyer les données de réseau à l'intérieur de l'étiquette. Le réseau peut enregistrer la clé publique d'amorce de répondeur et dériver une clé de chiffrement avec la clé publique d'amorce de répondeur enregistrée (i) et la clé privée éphémère d'initiateur dérivée (ii). Le réseau peut chiffrer des justificatifs d'identité à l'aide de la clé de chiffrement dérivée et envoyer les justificatifs d'identité chiffrés à l'initiateur, qui peut transmettre les justificatifs d'identité chiffrés au dispositif, ce qui permet de prendre en charge une configuration du dispositif.
Related patent documents
CA3110641
US20200226258
Latest bibliographic data on file with the International Bureau
# -