PatentsDB

System and method for authenticating and authorizing devices

US10313134B2 · US · B2

Patent metadata
FieldValue
Publication numberUS-10313134-B2
Application numberUS-201715796180-A
CountryUS
Kind codeB2
Filing dateOct 27, 2017
Priority dateOct 27, 2016
Publication dateJun 4, 2019
Grant dateJun 4, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

  1. Title

    What the patent document calls the invention.

  2. Abstract

    A short plain-language summary of the technical disclosure.

  3. Assignees and inventors

    Who owns or filed the patent and who is credited as inventor.

  4. Key dates

    Filing, priority, publication, and grant dates set the timeline.

  5. First independent claim

    The legal scope of protection — read this for what is actually claimed.

  6. CPC / IPC classifications

    Technology tags used to group this patent with similar filings.

  7. Citations and related patents

    Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A system and method for a distributed security model that may be used to achieve one or more of the following: authenticate system components; securely transport messages between system components; establish a secure communications channel over a constrained link; authenticate message content; authorize actions; and distribute authorizations and configuration data amongst users' system components in a device-as-a-key system.

First claim

Opening claim text (preview).

The invention claimed is: 1. A system for communicating from a first device to a second device, said system comprising: said first device configured to communicate wirelessly in an online mode with a network server, said first device configured to obtain authorization configuration information from the network server, wherein said authorization configuration information pertains to authorization for said first device to communicate with said second device, wherein said authorization configuration information includes data encrypted by a first key associated with said second device; said second device coupled to an equipment component, said second device configured to communicate with said equipment component; said second device configured to communicate wirelessly with said first device in an offline mode in which neither said first device nor said second device is able to communicate effectively with the network server; wherein said first device and said second device are configured to establish a communication link for exchanging communications, wherein prior to establishing said communication link, said second device has received no information indicating said first device has obtained said authorization configuration information pertaining to at least one of authentication of said first device and authorization of said first device with respect to said second device; and wherein said first device is configured to communicate, via said communication link, said authorization configuration information to said second device, wherein said second device, based on said authorization configuration information, authenticates an identity of said first device and determines if said first device is authorized with respect to said second device, whereby the second device is configured to determine authorization of the first device regardless of network connectivity to an external server. 2. The system of claim 1 wherein said communication link established between said first device and said second device involves a challenge-response authentication process in which said second device authenticates said identity of said first device. 3. The system of claim 1 wherein said second device authenticates said authorization configuration information issued from the network server based at least in part on decryption of said data of said authorization configuration information with a second key associated with said first key, wherein said first key is a private key and said second key is a public key. 4. The system of claim 3 wherein said private key and said public key are established between the network server and said second device prior to communications between said first device and said second device. 5. The system of claim 1 wherein said authorization configuration information includes a public key associated with said first device, wherein said first device stores a private key associated with said public key, and wherein said second device authenticates said identity of said first device based at least in part on decrypting data, received via said communication link, with said public key. 6. The system of claim 5 wherein said first device authenticates an identity of said second device based on decrypting data received from said second device via said communication link. 7. The system of claim 1 wherein said authorization configuration information includes authorization data pertaining to one or more authorizations of said first device with respect to one or more commands for said second device, wherein said authorization data is encrypted and only said second device is capable of decrypting said authorization data. 8. The system of claim 1 wherein said authorization configuration information is a layered package having a plurality of layers, wherein each layer is encrypted in accordance with one key of an asymmetric key pair. 9. The system of claim 8 wherein said authorization configuration information includes authentication information. 10. The system of claim 8 wherein a layer of said authorization configuration information includes authorization data pertaining to one or more authorizations associated with at least one of communication and operation of said second device. 11. The system of claim 10 wherein only said second device is capable of decrypting all of said plurality of layers. 12. The system of claim 10 wherein an owner encrypted layer of said plurality of layers is encrypted by an owner device associated with said second device that is established as an authority over operation of said second device, and wherein encryption of said owner encrypted layer is indicative of said owner device having authorized said authorization data included in said layer. 13. A control unit for communicating with an equipment component, said control unit comprising: a communication interface operable to communicate wirelessly with a remote device; a memory configured to store one or more encryption keys pertaining to authentication and authorization of the remote device; an equipment interface operable to communicate with the equipment component; a controller configured to establish a communication link with the remote device via the communication interface, the controller configured to receive authorization configuration information from the remote device, wherein the authorization configuration information includes authorization data that is encrypted, wherein only the controller is capable of decrypting the authorization data from the authorization configuration information; wherein, based at least in part on the authorization data, the controller is configured to authenticate an identity of the remote device and determine if the remote device is authorized, whereby the controller is configured to determine authorization of the remote device regardless of network connectivity to an external server; wherein the authorization configuration information is a layered package having a plurality of layers, wherein each layer is encrypted in accordance with one key of an asymmetric key pair; and wherein an owner encrypted layer of the plurality of layers is encrypted by an owner device associated with the control unit that is established as an authority over operation of the control unit, and wherein encryption of the owner encrypted layer is indicative of the owner device having authorized the authorization data included in the layer. 14. The control unit of claim 13 wherein said authorization configuration information includes authentication information. 15. The control unit of claim 13 wherein a layer of the authorization configuration information includes the authorization data, wherein the authorization data relates to one or more authorizations associated with at least one of communication and operation. 16. The control unit of claim 13 wherein only the control unit is capable of decrypting all of the plurality of layers. 17. A method of communicating between a first device and a second device, said method comprising: obtaining, in the first device, authorization configuration information from a network server, wherein the authorization configuration information includes data encrypted by a first key associated with the second device; establishing a communication link for exchanging communications between the first device and the second device, wherein prior to establishing the communication link, the second device has received no information indicating the first device has obtained the authorization configuration information; providing the authorization configuration informat

Assignees

Inventors

Classifications

  • H04L9/3263Primary

    involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements (network architectures or network communication protocols for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title

  • H04L9/3234

    involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title

  • H04L63/0823

    using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title

  • H04L9/3213

    using tickets or tokens, e.g. Kerberos (network architectures or network communication protocols for entities authentication using tickets in a packet data network H04L63/0807) · CPC title

  • H04W4/80

    Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication · CPC title

Patent family

Related publications grouped by family.

View patent family 62021981

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10313134B2 cover?
A system and method for a distributed security model that may be used to achieve one or more of the following: authenticate system components; securely transport messages between system components; establish a secure communications channel over a constrained link; authenticate message content; authorize actions; and distribute authorizations and configuration data amongst users' system componen…
Who is the assignee on this patent?
Denso Corp
What technology area does this patent fall under?
Primary CPC classification H04L9/3263. Mapped technology areas include Electricity.
When was this patent published?
Publication date Tue Jun 04 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?
We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).