Method of establishing a trusted identity for an agent device
US-9860235-B2 · Jan 2, 2018 · US
Registering, managing, and communicating with IoT devices using domain name system processes
US11323422B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11323422-B2 |
| Application number | US-201715701408-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 11, 2017 |
| Priority date | Jan 9, 2015 |
| Publication date | May 3, 2022 |
| Grant date | May 3, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Provided herein is a method for registering an IoT device with a DNS registry. The method can include obtaining, at a DNS server, an identifier, IP address, and a public key of an asymmetric key pair associated with the IoT device from a network gateway device that is in communication with the IoT device, wherein the asymmetric key pair is provisioned onto the IoT device and an associated private key stored within a memory of the IoT device at a time that IoT device is manufactured or during a predetermined time window after manufacturing; creating at least one DNS record for the IoT device; assigning a domain name associated with the internet protocol (“IP”) address to the IoT device; storing the identifier, IP address, the domain name, and the public key in the at least one DNS record; and providing confirmation of the registration to the IoT device.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for authenticating a message produced by a first device, the method comprising: obtaining, by a second device, a first message via a first feed, wherein the first feed is included in a network in which the second device is configured to access the first feed, wherein the first message is published to the first feed by the first device, wherein the first message has been cryptographically signed by a first private key of a first asymmetric key pair associated with the first device, and the first message comprises a data payload and a first identifier of the first device; in response to obtaining the first message by the second device, sending, by the second device to a domain registry, a query for a first record associated with the first device, wherein the query for the first record is based on the first identifier, wherein the first device and the second device are both is separate from the domain registry, wherein the domain registry is configured to register a plurality of domain names and to store the first record, and wherein the first record includes the first identifier and a first public key of the first asymmetric key pair; in response to sending the query, obtaining, by the second device from the domain registry, the first public key of the first asymmetric key pair; and authenticating the first message using the first public key. 2. The method of claim 1 , wherein the first record is TLSA record type. 3. The method of claim 1 , wherein the first record is signed using DNSSEC. 4. A device for authenticating a message produced by a first device, the device comprising: a memory containing instructions; and one or more processors, operably connected to the memory, that executes the instructions to perform operations comprising: obtaining, by the device, a first message via a first feed, wherein the first feed is included in a network in which the device is configured to access the first feed, wherein the first message is published to the first feed by the first device, wherein the first message has been cryptographically signed by a first private key of a first asymmetric key pair associated with the first device, and the first message comprises a data payload and a first identifier of the first device; in response to obtaining the first message from the first device, sending, by the device to a domain registry, a query for a first record associated with the first device, wherein the query for the first record is based on the first identifier, wherein the first device and the device are both separate from the domain registry, wherein the domain registry is configured to register a plurality of domain names and to store the first record, and wherein the first record includes the first identifier and a first public key of the first asymmetric key pair; in response to sending the query, obtaining, by the device from the domain registry, the first public key of the first asymmetric key pair; and authenticating the first message using the first public key. 5. The method of claim 1 , further comprising obtaining, by the second device, the first record from the domain registry. 6. The method of claim 1 , further comprising, publishing, by the first device, the first message to the first feed. 7. The method of claim 6 , wherein the first message includes a first feed identifier associated with the first feed, and the second device obtains the first message from the first feed based on the first feed identifier. 8. The method of claim 1 , wherein the first identifier comprises a domain name associated with the first device. 9. The device of claim 4 , wherein the first record is TLSA record type. 10. The device of claim 4 , wherein the first record is signed using DNSSEC. 11. One or more non-transitory computer-readable media including instructions that, when executed by one or more processors, cause the one or more processors to authenticate a message produced by a first device, by performing the steps of: obtaining, by a second device, a first message via a first feed, wherein the first feed is included in a network in which the second device is configured to access the first feed, wherein the first message is published to the first feed by the first device, wherein the first message has been cryptographically signed by a first private key of a first asymmetric key pair associated with the first device, and the first message comprises a data payload and a first identifier of the first device; in response to obtaining the first message by the second device, sending, by the second device to a domain registry, a query for a first record associated with the first device, wherein the query for the first record is based on the first identifier, wherein the first device and the second device are both separate from the domain registry, wherein the domain registry is configured to register a plurality of domain names and to store the first record, and wherein the first record includes the first identifier and a first public key of the first asymmetric key pair; in response to sending the query, obtaining, by the second device from the domain registry, the first public key of the first asymmetric key pair; and authenticating the first message using the first public key. 12. The one or more non-transitory computer-readable media of claim 11 , wherein the first record is TLSA record type. 13. The one or more non-transitory computer-readable media of claim 11 , wherein the first record is signed using DNSSEC.
Assignees
Inventors
Classifications
- H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
involving public key infrastructure [PKI] trust models (network architecture or network communication protocol for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
Services for machine-to-machine communication [M2M] or machine type communication [MTC] · CPC title
Protecting application or service provisioning, e.g. securing SIM application provisioning · CPC title
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11323422B2 cover?
- Provided herein is a method for registering an IoT device with a DNS registry. The method can include obtaining, at a DNS server, an identifier, IP address, and a public key of an asymmetric key pair associated with the IoT device from a network gateway device that is in communication with the IoT device, wherein the asymmetric key pair is provisioned onto the IoT device and an associated priva…
- Who is the assignee on this patent?
- Verisign Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 03 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 10 related publications on this page (citations in our corpus or others sharing the same primary CPC).