Anti-replay mechanism for group virtual private networks
US-9246876-B1 · Jan 26, 2016 · US
Systems, methods, and devices for device credential protection
US2018123784A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2018123784-A1 |
| Application number | US-201615565778-A |
| Country | US |
| Kind code | A1 |
| Filing date | Apr 22, 2016 |
| Priority date | Apr 24, 2015 |
| Publication date | May 3, 2018 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems, methods, and/or techniques may be disclosed to prevent credentials from being compromised during an attack or theft of Internet of Things (IoT) devices. Secure communications between IoT devices and a device management server may be managed. A group master key may be received at a local key generation unit or a particular IoT attached to a local area network. A first session group key may be generated at the local key generation unit or the particular IoT device using the received group master key and a sequence number. The first session group key may be sent from the local key generation unit to each of a plurality of IoT devices via the local area network.
First claim
Opening claim text (preview).
1 - 22 . (canceled) 23 . An Internet of Things (IoT) device comprising: a memory; and a processor, wherein the processor is configured to: receive a pre-shared key unique to the IoT device; receive a first session group key from a device associated with a same local network as the IoT device that was generated based on a group master key and a first sequence number, the first session group key being valid for a time interval; and send an encrypted message to a device management server (DMS) to establish a secure channel with the DMS, the encrypted message comprising an identifier comprising an indication of the first sequence number, the encrypted message being encrypted based on the first session group key and the pre-shared key. 24 . The IoT device of claim 23 , wherein the processor is configured to: concatenate the first session group key and the pre-shared key; and encrypt the encrypted message as based on the concatenated keys. 25 . The IoT device of claim 23 , wherein the processor is configured to: determine a combined key based on cryptographic processing involving the first session group key and the pre-shared key; and encrypt the encrypted message based on the combined key. 26 . The IoT device of claim 25 , wherein the cryptographic processing comprises a pseudorandom function (PRF). 27 . The IoT device of claim 23 , wherein the first session group key is valid if the first sequence number is within a range of sequence numbers and the session group key is invalid if the first sequence number is not within the range of sequence numbers. 28 . The IoT device of claim 23 , wherein the group master key is associated with a maximum number of session group keys. 29 . The IoT device of claim 28 , wherein the first session group key was generated based on the group master key for a specified range of sequence numbers. 30 . The IoT device of claim 23 , wherein the first sequence number is associated with a time interval during which the first session group key associated with the first sequence number is valid. 31 . The IoT device of claim 23 , wherein the processor is configured to receive a second session group key via the same local network, and wherein the second session group key is associated with a second sequence number. 32 . The IoT device of claim 23 , wherein the processor is further configured to receive, from the same local network, the first sequence number or an indication of the first sequence number. 33 . A device comprising: a memory; and a processor configured to: receive a group master key; generate a first session group key based on the group master key and a sequence number, the first session group key being valid for a first time period; send the first session group key to an Internet of Things (IoT) device via a local network; update the sequence number; generate a second session group key based on the group master key and the updated sequence number, the second session group key being valid for a second time period; and send the second session group key to the IoT device via the local network. 34 . The device of claim 33 , wherein the processor is further configured to send an indication of the sequence number to the IoT device. 35 . The device of claim 33 , wherein the processor is further configured to: on a condition that a maximum number of session group keys that can be generated based on the group master key is not exceeded, update the sequence number and generate the second session group key based on the group master key and the updated sequence number. 36 . A method of using an Internet of Things (IoT) device, comprising: receiving a pre-shared key unique to the IoT device; receiving a first session group key from a device associated with a same local network as the IoT device that was generated based on a group master key and a first sequence number, the first session group key being valid for a time interval; and sending an encrypted message to a device management server (DMS) to establish a secure channel with the DMS, the encrypted message comprising an identifier comprising an indication of the first sequence number, the encrypted message being encrypted based on the first session group key and the pre-shared key. 37 . The method of claim 36 , further comprising concatenating the first session group key and the pre-shared key; and encrypting the encrypted message based on the concatenated keys. 38 . The method of claim 36 , wherein the first session group key is valid if the first sequence number is within a range of sequence numbers and the session group key is invalid if the first sequence number is not within the range of sequence numbers. 39 . The method of claim 36 , wherein the group master key is associated with a maximum number of session group keys. 40 . The method of claim 39 , wherein the first session group key was generated based on the group master key for a specified range of sequence numbers. 41 . The method of claim 36 , wherein the first sequence number is associated with a time interval during which the first session group key associated with the first sequence number is valid. 42 . The method of claim 36 , further comprising receiving a second session group key via the same local network, and wherein the second session group key is associated with a second sequence number.
Assignees
Inventors
Classifications
Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy · CPC title
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
involving random numbers or seeds · CPC title
using a plurality of keys or algorithms · CPC title
- H04L9/0822Primary
using key encryption key · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2018123784A1 cover?
- Systems, methods, and/or techniques may be disclosed to prevent credentials from being compromised during an attack or theft of Internet of Things (IoT) devices. Secure communications between IoT devices and a device management server may be managed. A group master key may be received at a local key generation unit or a particular IoT attached to a local area network. A first session group key …
- Who is the assignee on this patent?
- Pcms Holdings Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0822. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu May 03 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).