What technology area does this patent fall under?

Primary CPC classification H04L63/101. Mapped technology areas include Electricity.

When was this patent published?

Publication date Thu Dec 15 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

System, Apparatus and Method for Auto-Optimization of Access Control Policy and Key Management in A Network Authoring Tool

US2016366141A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2016366141-A1
Application number	US-201514998275-A
Country	US
Kind code	A1
Filing date	Dec 26, 2015
Priority date	Jun 9, 2015
Publication date	Dec 15, 2016
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

In one embodiment, a method includes: presenting, in a user interface of an authoring tool, a plurality of levels of abstraction for a network having a plurality of devices; receiving information from a user regarding a subset of the plurality of devices to be provisioned with one or more security keys and an access control policy; automatically provisioning a key schedule for the subset of the plurality of devices in the network based on the user input and a topological context of the network; and automatically provisioning the access control policy for the subset of the plurality of devices in the network based on the user input and the topological context of the network.

First claim

Opening claim text (preview).

What is claimed is: 1 . At least one computer readable storage medium comprising instructions that when executed enable a system to: access an internet-of-things (IoT) network topology model that is partitioned into first and second nodes; determine a first execution plan that, when executed, couples the first and second nodes together to execute a first task; determine the first node is within a first logical boundary and the second node is within a second logical boundary; determine a first boundary crossing exists where the first execution plan, when executed, will cross from the first logical boundary into the second logical boundary; and in response to determining the first boundary crossing, determine a first credential and a first access control list (ACL) are needed for communications across the first boundary crossing; wherein (a) the first node is an abstraction of at least one of a first physical node included in the IoT network and a first logical node corresponding to the first physical node; and (b) the second node is an abstraction of at least one of a second physical node included in the IoT network and a second logical node corresponding to the second physical node. 2 . The at least one computer readable storage medium of claim 1 , further comprising instructions that when executed enable the system to indirectly provision the first credential to the first node. 3 . The at least one computer readable storage medium of claim 2 , wherein the first physical node includes at least one of a sensor, an actuator, and a processor and the first node is an abstraction of the first physical node. 4 . The at least one computer readable storage medium of claim 2 , wherein the first credential includes a first encryption key and the first ACL. 5 . The at least one computer readable storage medium of claim 2 , wherein provisioning the first credential to the first physical node includes informing an access management service to provide the first credential to the first node. 6 . The at least one computer readable storage medium of claim 1 , further comprising instructions that when executed enable the system to determine the first node is at least one of a first source node, a first sink node, and a first operator node. 7 . The at least one computer readable storage medium of claim 1 , further comprising instructions that when executed enable the system to determine the first node is a first operator node and the second node is a second operator node. 8 . The at least one computer readable storage medium of claim 7 , further comprising instructions that when executed enable the system to determine: the first operator node couples output from a physical node to the second operator node; and the second operator node couples output from the first operator node to another physical node. 9 . The at least one computer readable storage medium of claim 1 , further comprising instructions that when executed enable the system to: determine a second execution plan that, when executed, couples the first and second nodes together to execute the first task; determine the first node is within a third logical boundary; determine a second boundary crossing exists where the second execution plan, when executed, will cross from the third logical boundary into at least one of the second logical boundary and a fourth logical boundary; and in response to determining the second boundary crossing exists, determine a second ACL is needed for communications across the second boundary crossing. 10 . The at least one computer readable storage medium of claim 9 , further comprising instructions that when executed enable the system to simulate execution of the first and second execution plans. 11 . The at least one computer readable storage medium of claim 9 , further comprising instructions that when executed enable the system to: determine first physical performance characteristics for the first logical boundary; determine second physical performance characteristics for third logical boundary; in response to determining the second boundary crossing exists, determine a second credential is needed for communications across the second boundary crossing; wherein the first and second credentials are unequal based on the first and second physical performance characteristics being unequal. 12 . The at least one computer readable storage medium of claim 9 , further comprising instructions that when executed enable the system to: determine the first execution plan failed; and determine the second execution plan in response to determining the first execution plan failed. 13 . The at least one computer readable storage medium of claim 1 , further comprising instructions that when executed enable the system to visually depict, with a user interface, the first and second logical boundaries and the first and second nodes. 14 . The at least one computer readable storage medium of claim 1 , further comprising instructions that when executed enable the system to: determine the first execution plan, when executed, couples a third node to the second node to execute the first task; determine the third node is within a third logical boundary; determine a second boundary crossing exists where the first execution plan, when executed, will cross from the third logical boundary into the second logical boundary; and in response to determining the second boundary crossing exists, determine a second credential and a second ACL are needed for communications across the second boundary crossing. 15 . The at least one computer readable storage medium of claim 1 , wherein the first node is an abstraction of the first logical node and the first logical node is at least one of a sandboxed process and a trusted execution environment (TEE). 16 . At least one computer readable storage medium comprising instructions that when executed enable a system to determine: a topology for an internet-of-things (IoT) network having first and second nodes; the first and second nodes are within first and second logical boundaries of the topology; a first boundary crossing exists when a first execution plan, when executed, crosses from the first logical boundary into the second logical boundary; and wherein (a) the first node is an abstraction of at least one of a first physical node included in the IoT network and a first logical node corresponding to the first physical node; and (b) the second node is an abstraction of at least one of a second physical node included in the IoT network and a second logical node corresponding to the second physical node. 17 . The at least one computer readable storage medium of claim 16 , further comprising instructions that when executed enable the system to determine: the first node is within a third logical boundary; and a second boundary crossing exists where a second execution plan, when executed, crosses from the third logical boundary into at least one of the second logical boundary and a fourth logical boundary. 18 . The at least one computer readable storage medium of claim 17 , further comprising instructions that when executed enable the system to indirectly provision: a first credential for communications across the first boundary crossing; and a second credential for communications across the second boundary crossing. 19 . A device comprising: at least one hardware processor; a security inference engine, coupled to the at least one processor, including at least one non-transitory storage m

Assignees

Intel Corp

Inventors

Classifications

H04W12/08
Access security · CPC title
H04W4/70
Services for machine-to-machine communication [M2M] or machine type communication [MTC] · CPC title
H04L67/12
specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks · CPC title
H04L63/104
Grouping of entities · CPC title
H04L63/101Primary
Access control lists [ACL] · CPC title

Patent family

Related publications grouped by family.

View patent family 57503298

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2016366141A1 cover?: In one embodiment, a method includes: presenting, in a user interface of an authoring tool, a plurality of levels of abstraction for a network having a plurality of devices; receiving information from a user regarding a subset of the plurality of devices to be provisioned with one or more security keys and an access control policy; automatically provisioning a key schedule for the subset of the…
Who is the assignee on this patent?: Intel Corp
What technology area does this patent fall under?: Primary CPC classification H04L63/101. Mapped technology areas include Electricity.
When was this patent published?: Publication date Thu Dec 15 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).