Processing

Please wait...

PATENTSCOPE will be unavailable a few hours for maintenance reason on Sunday 05.04.2020 at 10:00 AM CEST
Settings

Settings

1. WO2019222319 - A HOSTED DYNAMIC PROVISIONING PROTOCOL WITH SERVERS AND A NETWORKED RESPONDER

Publication Number WO/2019/222319
Publication Date 21.11.2019
International Application No. PCT/US2019/032371
International Filing Date 15.05.2019
IPC
G06F 21/30 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
30Authentication, i.e. establishing the identity or authorisation of security principals
G06F 21/62 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
62Protecting access to data via a platform, e.g. using keys or access control rules
CPC
H04L 2209/80
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
2209Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
80Wireless
H04L 2209/805
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
2209Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
80Wireless
805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
H04L 2463/061
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
2463Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
061applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
H04L 41/0809
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
41Arrangements for maintenance or administration or management of packet switching networks
08Configuration management of network or network elements
0803Configuration setting of network or network elements
0806for initial configuration or provisioning
0809Plug-and-play configuration
H04L 63/0435
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
04for providing a confidential data exchange among entities communicating through data packet networks
0428wherein the data content is protected, e.g. by encrypting or encapsulating the payload
0435wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
H04L 63/062
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
06for supporting key management in a packet data network
062for key distribution, e.g. centrally by trusted party
Applicants
  • IoT AND M2M TECHNOLOGIES, LLC [US/US]; 807 Davis Street, Unit 2207 Evanston, IL 60201-7104, US
Inventors
  • NIX, John, A.; US
Agents
  • THOMSON, Kirsten, L.; US
Priority Data
62/672,97717.05.2018US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) A HOSTED DYNAMIC PROVISIONING PROTOCOL WITH SERVERS AND A NETWORKED RESPONDER
(FR) PROTOCOLE HÉBERGÉ DYNAMIQUE DE FOURNITURE DE SERVEURS ET UN ACCEPTEUR MIS EN RÉSEAU
Abstract
(EN)
A network can operate a WiFi access point with credentials. An unconfigured device can support a Device Provisioning Protocol (DPP), and record bootstrap public keys and initiator private keys. The network can record bootstrap public and responder private keys and operate a DPP server. A responder proxy can establish a secure and mutually authenticated connection with the network. The network can (i) derive responder ephemeral public and private keys, (ii) record the initiator bootstrap public key, and (iii) select a responder mode for the responder. The network can derive a shared secret with at least the (i) recorded the initiator bootstrap public key and (ii) derived responder ephemeral private key. The network can encrypt credentials using at least the derived shared secret and send the encrypted credentials through the responder proxy to the initiator, which can forward the encrypted credentials to the device, thereby supporting a device configuration.
(FR)
L'invention concerne un réseau pouvant exploiter un point d'accès WiFi à l'aide de justificatifs d'identité. Un dispositif non configuré peut prendre en charge un protocole de fourniture de dispositif (DPP) et enregistrer des clés publiques d'amorçage et des clés privées d'initiateur. Le réseau peut enregistrer des clés publiques d'amorçage et des clés privées d'accepteur et exploiter un serveur DPP. Un mandataire d'accepteur peut établir une connexion sécurisée et mutuellement authentifiée avec le réseau. Le réseau peut (i) dériver des clés publiques et privées éphémères d'accepteur, (ii) enregistrer la clé publique d'amorçage d'initiateur, et (iii) sélectionner un mode accepteur pour l'accepteur. Le réseau peut dériver un secret partagé au moins grâce (i) à la clé publique d'amorçage d'initiateur enregistrée et la clé privée éphémère d'accepteur dérivée (ii). Le réseau peut chiffrer des justificatifs d'identité au moins grâce au secret partagé dérivé et envoyer les justificatifs d'identité chiffrés par l'intermédiaire du mandataire d'accepteur à l'initiateur qui peut transmettre les justificatifs d'identité chiffrés au dispositif, ce qui permet de prendre en charge une configuration de dispositif.
Latest bibliographic data on file with the International Bureau