Touchless secure bootstrapping of IoT devices
US-10833926-B2 · Nov 10, 2020 · US
Connecting internet of thing (IoT) devices to a wireless network
US12095770B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12095770-B2 |
| Application number | US-202117346366-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 14, 2021 |
| Priority date | Jun 14, 2021 |
| Publication date | Sep 17, 2024 |
| Grant date | Sep 17, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Example implementations relate to connecting an IoT device to a wireless network using Device Provisioning Protocol (DPP). An authentication server receives a DPP network access authorization request including a connector identifier from an Access Point (AP) in communication with the IoT device. The connector identifier is a hash of the public network access key of the IoT device. If the connector identifier is valid, the authentication server determines a configurable policy from a set of configurable policies that is applicable to the IoT device. The authentication server transmits network permissions defined in the configurable policy to the AP. The IoT device is connected to the wireless network by the AP based on the network permissions.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving, by an authentication server, a Device Provisioning Protocol (DPP) network access authorization request from an access point (AP) communicating with an Internet of Things (IoT) device, wherein the DPP network access authorization request comprises a connector identifier, wherein the connector identifier is a hash of a public network access key of the IoT device; determining, by the authentication server, validity of the connector identifier; and in response to determining that the connector identifier is valid, determining, by the authentication server, a configurable policy from a set of configurable policies that is applicable to the IoT device, wherein the configurable policy comprises of network permissions, and transmitting by the authentication server, the network permissions to the AP for connecting the IoT device to a wireless network; receiving, by the authentication server, a DPP bootstrap authorization request from the AP communicating with the IoT device, wherein the DPP bootstrap authorization request comprises a hash of a public bootstrapping key of the IoT device; determining, by the authentication server, if the hash of the public bootstrapping key is valid; and in response to determining that the hash of the public bootstrapping key is valid, transmitting, by the authentication server, the public bootstrapping key for the IoT device to the AP. 2. The method of claim 1 , wherein determining the configurable policy comprises assigning, by the authentication server, a role to the IoT device, wherein the configurable policy applicable to the IoT device is determined based on the role of the IoT device. 3. The method of claim 1 , wherein determining if the hash of the public bootstrapping key is valid further comprises determining if the public bootstrapping key is registered with an external cloud IoT platform. 4. The method of claim 3 , further comprising receiving, by the authentication server, the public bootstrapping key from one of the external cloud IoT platform or a mobile application. 5. The method of claim 1 , further comprising binding, by the authentication server, the hash of the public network access key of the IoT device with the hash of the public bootstrapping key of the IoT device. 6. An access point (AP) for connecting an Internet of Things (IoT) device to a wireless network, the AP comprising: a processor; and a machine-readable medium storing instructions that when executed by the processor, causes the processor to: transmit, to an authentication server, a Device Provisioning Protocol (DPP) network access authorization request, wherein the DPP network access authorization request is generated based on a DPP peer discovery request received at the AP from the IoT device; receive, from the authentication server, network permissions for the IoT device after a connector identifier in the DPP network access authorization request is validated by the authentication server; and connect the IoT device to the wireless network after setting an access policy based on the network permissions; transmit, to the authentication server, a DPP bootstrap authorization request for the IoT device, wherein the DPP bootstrap authorization request is generated for verifying a hash of a public bootstrapping key of the IoT device; and generate a connector for the IoT device based on a positive bootstrap authorization response being received at the AP, wherein the positive bootstrap authorization response indicates that the hash of the public bootstrapping key has been successfully verified by the authentication server. 7. The AP of claim 6 , wherein the machine-readable medium stores additional instructions that when executed by the processor, cause the processor to transmit a DPP identity binding request to the authentication server for binding the connector identifier with the hash of the public bootstrapping key, wherein the connector identifier is a hash of a public network access key of the IoT device. 8. The AP of claim 6 , wherein the machine-readable medium stores additional instructions that when executed by the processor, causes the processor to exchange DPP configuration messages between a configurator of the wireless network and the IoT device. 9. The AP of claim 8 , wherein the connector of the IoT device is signed by the configurator. 10. The AP of claim 9 , wherein the machine-readable medium stores additional instructions that when executed by the processor, cause the processor to generate the DPP network access authorization request based on validation of the connector, wherein the AP validates the connector based on a configurator signature-key of the configurator. 11. The AP of claim 8 , wherein the machine-readable medium stores additional instructions that when executed by the processor, causes the processor to establish a DPP communication channel between the IoT device and the AP, wherein the DPP communication channel is established based on the positive bootstrap authorization response. 12. The AP of claim 11 , wherein the IoT device communicates with the AP over the DPP communication channel to provision access to the wireless network for the IoT device. 13. An authentication server comprising: a processor; and a machine-readable medium storing instructions that when executed by the processor, causes the processor to: receive a Device Provisioning Protocol (DPP) network access authorization request from an access point (AP), wherein the AP generates the DPP network access authorization request upon receiving a DPP peer discovery request from an IoT device; determine if a connector identifier in the DPP network access authorization request is valid, wherein the connector identifier is a hash of a public network access key of the IoT device; and in response to determining that the connector identifier is valid, determine a configurable policy from a set of configurable policies that is applicable to the IoT device, and transmit network permissions to the AP for connecting the IoT device to a wireless network, wherein the network permissions are defined in the configurable policy; receive a DPP bootstrap authorization request from the AP communicating with the IoT device, wherein the DPP bootstrap authorization request comprises a hash of a public bootstrapping key of the IoT device; determine if the hash of the public bootstrapping key is valid; and in response to determining that the hash of the public bootstrapping key is valid, transmit the public bootstrapping key for the IoT device to the AP. 14. The authentication server of claim 13 , wherein the instructions to determine the configurable policy further comprises of additional instructions that when executed by the processor, causes the processor to assign a role for the IoT device, wherein the configurable policy applicable to the IoT device is determined based on the role of the IoT device. 15. The authentication server of claim 13 , wherein the machine-readable medium stores additional instructions that when executed by the processor, causes the processor to determine if the public bootstrapping key of the IoT device is registered with an external cloud IoT platform. 16. The authentication server of claim 13 , wherein the machine-readable medium stores additional instructions that when executed by the processor, causes the processor to bind the hash of the public network access key of the IoT device with the hash of the public bootstrapping key of the IoT device. 17. The authentication server of claim 13 , wherein t
Assignees
Inventors
Classifications
Tools and structures for managing or administering access control systems · CPC title
Structures or tools for the administration of authentication · CPC title
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC · CPC title
Security thereof · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12095770B2 cover?
- Example implementations relate to connecting an IoT device to a wireless network using Device Provisioning Protocol (DPP). An authentication server receives a DPP network access authorization request including a connector identifier from an Access Point (AP) in communication with the IoT device. The connector identifier is a hash of the public network access key of the IoT device. If the connec…
- Who is the assignee on this patent?
- Hewlett Packard Entpr Dev Lp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/105. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 17 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).