Application US20200067708

METHOD FOR ENSURING SECURITY OF AN INTERNET OF THINGS NETWORK
[+] Show Details

US20200067708

1. A method for registering a second node by at least one first node of a network, the method comprising: (4) (11)

i) a step of the second node transmitting a registration request to the first node, wherein the registration request comprises a unique identification parameter associated with the second node, and wherein a device status of the second node is used for indicating that the device is a bought device;

ii) a step of receiving, by the first node, the registration request from the second node;

iii) a step of accessing, by the first node, the encrypted device parameters of the second node from a smart contract stored on a public blockchain using the unique identification parameter, wherein the encrypted device parameters comprises a device access code and a Diffie-Hellman common secret multiplier;

iv) a step of establishing a shared secret between the first node and the second node using the Diffie-Hellman common secret multiplier;

v) a step of computing, by the first node and the second node, a symmetric key using the shared secret;

vi) a step of transmitting, by the first node, a registration key request to the second node, wherein the registration key request comprises the device access code encrypted using the symmetric key,

vii) a step of receiving the registration key request and decrypting the registration key request, by the second node, using the symmetric key for validating the device access code, wherein the second node validates the device access code based on a value of the device access code stored in a secure storage of the second node and transmits the registration key response;

viii) a step of receiving, by the first node, a registration key response from the second node, wherein the registration key response comprises a registration key encrypted using the symmetric key;

ix) a step of decrypting, by the first node, the registration key using the symmetric key and transmitting a hash of the registration key to the smart contract on the public blockchain for validation against a hash of a registration key stored on the smart contract;

x) a step of creating and storing, by the first node, a digital certificate for the second node, wherein the digital certificate is stored in a permissioned blockchain upon successful validation of the registration key by the public blockchain; and

xi) a step of updating, by the first node, a device status of the second node, on the public blockchain, for indicating that the second node is registered.

2. The method as claimed in claim 1, wherein the at least one first node is a certifying authority node. (0)

3. The method as claimed in claim 1, wherein the unique identification parameter is an electronic product code. (0)

4. The method as claimed in claim 1, wherein the unique identification parameter, the registration key, the Device Access Code, the Diffie-Hellman common secret multiplier and the symmetric key are stored on the secure storage of the second node and in the smart contract in the public blockchain, by a first entity, upon manufacturing of the second node. (2) (0)

11. A device comprising: (0) (2)

7. A method for secure communication between a first node and a second node, the method comprising: (4) (8)

i) a step of retrieving, by the first node and the second node, Diffie-Hellman public keys of the second node and the first node, respectively, from digital certificates stored on a permissioned block chain;

ii) a step of establishing a shared secret between the first node and the second node using the Diffie-Hellman public keys;

iii) a step of independently deriving, by the first node and the second node, an ephemeral symmetric key from the shared secret;

iv) a step of generating, by the first node, at least one nonce, for deriving, independently, at least one Message Integrity and Authenticity key by the first node and by the second node;

v) a step of encrypting and transmitting, by the first node, the at least one nonce to the second node, wherein the nonce is encrypted using the ephemeral symmetric key;

vi) a step of deriving, by the second node, the at least one Message Integrity and Authenticity key by decrypting the encrypted nonce received from the first node, wherein the nonce is decrypted using the ephemeral symmetric key;

vii) a step of transmitting, by the second node, a message and a message Integrity and Authenticity code determined from the derived Message Integrity and Authenticity key, to the first node; and

viii) a step of validating, by the first node, the message received from the second node based on the Message Integrity and Authenticity code received from the second node and the Message Integrity and Authenticity key derived by the first node.

8. The method as claimed in claim 7, wherein the message transmitted by the second node is encrypted using the ephemeral symmetric key. (0)

9. The method as claimed in claim 7, wherein the message transmitted by the second node is a plain text. (0)

10. The method as claimed in claim 7, wherein the message transmitted by the second node further comprises a random nonce. (0)

12. A device comprising: (0) (2)

View Abstract and Specification Size

PDF with Images and Document Face >

Full Text Publication >

Application US20200067708

METHOD FOR ENSURING SECURITY OF AN INTERNET OF THINGS NETWORK

Patent Matrix® Search