Generic Bootstrapping Architecture (GBA) Based Security Over Constrained Application Protocol (CoAP) for IoT Devices
US-2019036896-A1 · Jan 31, 2019 · US
System and method for internet of things (IoT) device validation
US10924920B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10924920-B2 |
| Application number | US-201916391254-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 22, 2019 |
| Priority date | Apr 22, 2019 |
| Publication date | Feb 16, 2021 |
| Grant date | Feb 16, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system and method are described for validating an IoT device. For example, a method in accordance with one embodiment comprises: generating a first random value to be used as a first offset into a first block of program code of an Internet of Things (IoT) device; transmitting a challenge request message to the IoT device, the challenge request including the first offset or data based on the first offset; receiving a challenge response message transmitted by the IoT device, the challenge response message comprising first authentication data for the first block of IoT device program code; and using the first authentication data to attempt to validate the first block of program code.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: generating a first random value to be used as a first offset into a program code of an Internet of Things (IoT) device to identify a first block of program code; transmitting a challenge request message to the IoT device, the challenge request including the first offset; receiving a challenge response message transmitted by the IoT device, the challenge response message comprising first authentication data generated by the IoT device for the first block of program code identified based on the first offset; and using the first authentication data to attempt to validate the first block of program code. 2. The method of claim 1 wherein the IoT device generates the first authentication data by using a first key to encrypt the first block of program code and/or to generate a signature over the first block of program code. 3. The method of claim 1 wherein using the first authentication data to attempt to validate the first block of program code comprises: generating second authentication data from a copy of the first block of program code; comparing the second authentication data to the first authentication data; and validating the first block of program code if the first authentication data is equivalent to the second authentication data. 4. The method of claim 3 wherein the IoT device includes firmware comprising program code to be executed by a processor of the IoT device, wherein the first block of program code comprises a block of the firmware. 5. The method of claim 1 further comprising: generating a second random value to indicate a size of the first block of program code, wherein the challenge request message transmitted to the IoT device includes an indication of the size and wherein the first authentication data is generated based on both the first offset and the size. 6. The method of claim 1 wherein the first key comprises a session key used to establish a secure communication session between the IoT device and an IoT service. 7. The method of claim 4 further comprising: receiving an initial request from the IoT device to validate its firmware. 8. The method of claim 4 further comprising: determining that the first block of program code cannot be validated and performing one or more of: attempting to validate one or more additional randomly selected blocks of the program code; forcing an update of the IoT device's firmware; generating a notification to a user of the IoT device and/or a provider of an IoT service; de-registering the IoT device with an IoT service; and overwriting selected portions of the IoT device's firmware. 9. A system comprising: an Internet of Things (IoT) device; an IoT service to generate a first random value to be used as a first offset into a program code of the IoT device to identify a first block of program code; the IoT service to transmit a challenge request message to the IoT device, the challenge request including the first offset; the IoT device, responsive to the challenge request message, to generate first authentication data for the first block of program code identified based on the offset and to transmit a challenge response message comprising the first authentication data; and the IoT service to use the first authentication data to attempt to validate the first block of program code. 10. The system of claim 9 wherein the IoT device generates the first authentication data by using a first key to encrypt the first block of program code and/or to generate a signature over the first block of program code. 11. The system of claim 9 wherein using the first authentication data to attempt to validate the first block of program code comprises: generating second authentication data from a copy of the first block of program code; comparing the second authentication data to the first authentication data; and validating the first block of program code if the first authentication data is equivalent to the second authentication data. 12. The system of claim 11 wherein the IoT device includes firmware comprising program code to be executed by a processor of the IoT device, wherein the first block of program code comprises a block of the firmware. 13. The system of claim 9 further comprising: generating a second random value to indicate a size of the first block of program code, wherein the challenge request message transmitted to the IoT device includes an indication of the size and wherein the first authentication data is generated based on both the first offset and the size. 14. The system of claim 9 wherein the first key comprises a session key used to establish a secure communication session between the IoT device and an IoT service. 15. The system of claim 12 further comprising: receiving an initial request from the IoT device to validate its firmware. 16. The system of claim 12 further comprising: determining that the first block of program code cannot be validated and performing one or more of: attempting to validate one or more additional randomly selected blocks of the program code; forcing an update of the IoT device's firmware; generating a notification to a user of the IoT device and/or a provider of an IoT service; de-registering the IoT device with an IoT service; and overwriting selected portions of the IoT device's firmware. 17. A machine-readable medium having program code stored thereon which, when executed by a machine, causes the machine to perform the operations of: generating a first random value to be used as a first offset into a program code of an Internet of Things (IoT) device to identify a first block of program code; transmitting a challenge request message to the IoT device, the challenge request including the first offset; receiving a challenge response message transmitted by the IoT device, the challenge response message comprising first authentication data generated by the IoT device for the first block of program code identified based on the first offset; and using the first authentication data to attempt to validate the first block of program code. 18. The machine-readable medium of claim 17 wherein the IoT device generates the first authentication data by using a first key to encrypt the first block of program code and/or to generate a signature over the first block of program code. 19. The machine-readable medium of claim 17 wherein using the first authentication data to attempt to validate the first block of program code comprises: generating second authentication data from a copy of the first block of program code; comparing the second authentication data to the first authentication data; and validating the first block of program code if the first authentication data is equivalent to the second authentication data. 20. The machine-readable medium of claim 19 wherein the IoT device includes firmware comprising program code to be executed by a processor of the IoT device, wherein the first block of program code comprises a block of the firmware. 21. The machine-readable medium of claim 17 further comprising: generating a second random value to indicate a size of the first block of program code, wherein the challenge request message transmitted to the IoT device includes an indication of the size and wherein the first authentication data is generated based on both the first offset and the size. 22. The machine-readable medium of claim 17 wherein the first key comprises a session key used to
Assignees
Inventors
Classifications
- H04W12/03Primary
Protecting confidentiality, e.g. by encryption · CPC title
Security thereof · CPC title
using challenge-response · CPC title
Key management protocols · CPC title
Authentication · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10924920B2 cover?
- A system and method are described for validating an IoT device. For example, a method in accordance with one embodiment comprises: generating a first random value to be used as a first offset into a first block of program code of an Internet of Things (IoT) device; transmitting a challenge request message to the IoT device, the challenge request including the first offset or data based on the f…
- Who is the assignee on this patent?
- Afero Inc
- What technology area does this patent fall under?
- Primary CPC classification H04W12/03. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 16 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).