WO2015136284A1 - Trusted networks - Google Patents

Trusted networks Download PDF

Info

Publication number
WO2015136284A1
WO2015136284A1 PCT/GB2015/050714 GB2015050714W WO2015136284A1 WO 2015136284 A1 WO2015136284 A1 WO 2015136284A1 GB 2015050714 W GB2015050714 W GB 2015050714W WO 2015136284 A1 WO2015136284 A1 WO 2015136284A1
Authority
WO
WIPO (PCT)
Prior art keywords
gateway device
server
credential
sensor device
portable module
Prior art date
Application number
PCT/GB2015/050714
Other languages
French (fr)
Inventor
George Redpath
Stewart MAGUIRE
Original Assignee
Iot Tech Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Iot Tech Limited filed Critical Iot Tech Limited
Publication of WO2015136284A1 publication Critical patent/WO2015136284A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Definitions

  • the invention relates to a method of building a trusted network.
  • networks comprising a plurality of devices, for example networks in care homes having a plurality of sensors for sensing temperature etc. to produce alarms and networks having a plurality of appliances such as a fridge or a lamp etc.
  • a common problem with such networks is their security against attack and unauthorised access to the data created in the network. A key element of this is trust between the components of the network.
  • a method of building a trusted network comprising at least one server, at least one gateway device and at least one sensor device, each comprising a secure element, the method comprising
  • NFC near field communication
  • the sensor device placing the sensor device in proximity with the gateway device to establish a NFC link between the sensor device and the gateway device, using the NFC link to transfer a sensor device activation credential from the gateway device to the sensor device, using the sensor device activation credential to open the secure element of the sensor device, obtaining the security credential in the secure element of the sensor device, using the sensor device security credential to establish a trusted connection between the gateway device and the sensor device, installing the sensor device in a third network location.
  • the security credential of the or each gateway device may be generated by a gateway device algorithm using a first primary key and an unique identifier of the secure element of the gateway device.
  • the security credential of the or each sensor device may be generated by a sensor device algorithm using a second primary key and an unique identifier of the secure element of the sensor device.
  • the first a nd second primary keys may be unique to the provider of the network.
  • the unique identifier of each secure element may be assigned to the element on its manufacture. The security credential of each of the network devices will therefore be unique to the device and also to the network provider, which enhances security and trust in the network.
  • Placing the gateway device activation credential on the server may comprise placing a mechanism to generate the gateway device activation credential on the server.
  • the gateway device activation credential may be generated using the security credential of the gateway device and an unique identifier of the portable module.
  • the gateway device activation credential may comprise a 128 bit number.
  • the unique identifier of the portable module may be read from the portable module.
  • the connection information for connecting the server and the gateway device may comprise at IP address of the server, a name of the server, details of an authentication method to be used between the server and the gateway device, details of encryption to be used in establishing a connection between the server and the gateway device.
  • Accessing the server at the first network location may comprise installing the server at the first network location.
  • Accessing the server at the first network location may comprise accessing an existing server at the first network location.
  • the portable module may comprise any of a smart card, a mobile telephone, a tablet, used by an installer of the network. Prior to bringing the portable module into proximity with the server, the installer of the network may use a credential to gain access to and allow use of the portable module.
  • the credential may be any of a certificate, a key, a token, a password, a biometric.
  • Establishing the trusted communication link between the portable module and the server may comprise bringing the portable module into proximity with the server and establishing a NFC link between the two.
  • Establishing the trusted communication link between the portable module and the server may comprise bringing the portable module into proximity with an intermediate device securely authenticated with the server and establishing a NFC link between the portable module and the intermediate device.
  • the portable module may contain a server-specific credential.
  • the server- specific credential may be any of a certificate, a key, a token.
  • Establishing the trusted communication link between the portable module and the server may comprise using the server-specific credential on the portable module and a corresponding server- specific credential on the server to establish a mutually authenticated link between the portable module and the server.
  • Placing the portable module in proximity with the gateway device may comprise the gateway device prompting the installer to bring the portable module into proximity with the gateway device.
  • the gateway device may prompt the installer by issuing a signal such as an audio signal or a visual signal.
  • Transferring the gateway device activation credential from the portable module to the gateway device may comprise sending a portable module read credential from the gateway device to the portable module, using the portable module read credential to read the gateway device activation credential and sending the gateway device activation credential from the portable module to the gateway device.
  • the gateway device activation credential may be placed in the secure element of the gateway device.
  • the gateway device activation credential may be a single-use credential.
  • the gateway device activation credential may be a time-limited credential.
  • Using the gateway device activation credential to open the gateway device secure element may comprise using the gateway device activation credential to generate a key which opens the gateway device secure element.
  • Transferring the connection data from the portable module to the gateway device may comprise reading an access credential for the portable module in the secure element of the gateway device, sending the portable module access credential from the gateway device to the portable module, using the portable module access credential to open a data file on the portable module, reading the connection data from the data file and sending the connection data from the portable module to the gateway device.
  • the portable module access credential may be stored in the secure element of the gateway device on preparation of the gateway device.
  • the connection data may be placed in the secure element of the gateway device.
  • Transferring the connection data from the portable module to the gateway device may comprise reading an access credential for the portable module in the secure element of the gateway device, using the portable module access credential to generate a gateway device challenge, sending the gateway device challenge from the gateway device to the portable module, reading an access credential for the portable module in the portable module, using the portable module access credential to generate a portable module challenge, comparing the gateway device challenge with the portable module challenge, if a match occurs using the portable module access credential to open a data file on the portable module, reading the connection data from the data file and sending the connection data from the portable module to the gateway device.
  • the portable module access credential may be stored in the secure element of the gateway device on preparation of the gateway device.
  • the portable module access credential may be stored in the portable module on preparation of the portable module.
  • the connection data may be placed in the secure element of the gateway device.
  • the NFC link may be used to commence a communication session between the portable module and the gateway device, and during the communication session both of the gateway activation credential and the connection data may be transferred from the portable module to the gateway device. Transferring the gateway device activation credential and the connection data from the portable module to the gateway device in the same communication session increases the security of the transfer and the trust in the network.
  • Establishing a trusted connection between the gateway device and the server may comprise using the connection data to set up a communication link between the gateway device and the server, using the gateway device security credential on the gateway device to generate a gateway device challenge, sending the gateway device challenge to the server, using the gateway device security credential stored on the server to generate a server challenge, comparing the gateway device challenge with the server challenge, if a match occurs establishing a mutually authenticated communication link between the gateway device and the server.
  • the communication link between the gateway device and the server may be an encryption-protected link.
  • the communication link between the gateway device and the server may be provided via the Internet.
  • the communication link may be provided via the Internet using an IP address of the server stored in the connection data on the gateway device.
  • the method may further comprise using the trusted connection between the server and the gateway device to transfer network information from the server to the gateway device.
  • the network information may comprise job location data for the network.
  • the network information transferred from the server to the gateway device may comprise topology of the network.
  • the network topography data may consist of the type and location within the network of the gateway device.
  • the gateway device may use the network topography data to prompt an installer to place the gateway device in the second location within the network.
  • the network topography data may comprise operation requirements of the gateway device.
  • the network topography data may consist of the type and location within the network of the sensor device.
  • the gateway device may use the network topography data to prompt an installer to place the sensor device in the third location within the network.
  • the network topography data may comprise operation requirements of the sensor device.
  • the method may further comprise transferring a change credential from the gateway device to the sensor device to be used to change data stored on the sensor device.
  • Placing the sensor device into proximity with the gateway device may comprise the gateway device prompting the installer to bring the sensor device into proximity with the gateway device.
  • the gateway device may prompt the installer by issuing a signal such as an audio signal or a visual signal.
  • the signal may be issued to the installer via an authenticated communication link established between the gateway device and a mobile device of the installer.
  • Placing the sensor device into proximity with the gateway device may comprise placing the sensor device over an antenna of the gateway device.
  • the antenna of the gateway device may produce a radio frequency (RF) field which may be used to power an NFC tag of the sensor device. This may enable transfer of data to the sensor device without powering it up.
  • RF radio frequency
  • Transferring the sensor device activation credential from the gateway device to the sensor device may comprise transferring an unique identifier of the secure element of the sensor device from the sensor device to the gateway device, using the unique identifier to generate on the gateway device the sensor device activation credential and sending the sensor device activation credential from the gateway device to the sensor device.
  • Using the unique identifier of the secure element of the sensor device to generate the sensor device activation credential may comprise using a symmetrical key diversification of an installer key by the unique identifier.
  • the sensor device activation credential may be a 128 bit or longer number.
  • Using the sensor device activation credential to open the secure element of the sensor device may comprise using the sensor device activation credential to generate a key which opens the sensor device secure element.
  • Using the sensor device security credential to establish a trusted connection between the gateway device and the sensor device may comprise using the sensor device security credential on the sensor device to generate a sensor device challenge, sending the sensor device challenge to the gateway device, using a sensor device security credential on the gateway device to generate a gateway device challenge, comparing the sensor device challenge with the gateway device challenge, if a match occurs establishing a mutually authenticated communication link between the sensor device and the gateway device.
  • the communication link between the sensor device and the gateway device may be an encryption-protected link.
  • the sensor device security credential on the gateway device may be stored on the gateway device during its manufacture.
  • the sensor device security credential on the gateway device may be received from the portable module.
  • the sensor device security credential on the gateway device may be received from the server.
  • the sensor device security credential on the gateway device may be generated using the sensor device algorithm and the second primary key and the unique identifier of the secure element of the sensor device. Any of the sensor device algorithm, the second primary key, the unique identifier of the secure element of the sensor device may be stored on the gateway device or may be received by the gateway device. In particular the unique identifier of the secure element of the sensor device may be received by the gateway device from the sensor device.
  • the method may further comprise using the trusted connection between the gateway device and the sensor device to transfer sensor information from the gateway device to the sensor device.
  • the sensor information may comprise a network key which enables the sensor device to communicate with the gateway device.
  • the sensor information may comprise a session key which allows the sensor device to operate an application.
  • the session key may be stored in RAM of the sensor device, so that it may be destroyed if the sensor device is tampered with.
  • the gateway device may instruct the sensor device to destroy the session key for example if the application is no longer needed or no longer being paid for.
  • the method may further comprise transferring a change credential from the gateway device to the sensor device to be used to change data stored on the sensor device.
  • the method may further comprise indicating completion of establishing a trusted connection between the gateway device and the sensor device.
  • Indicating completion may comprise setting a flag in a memory element of the NFC tag of the sensor device.
  • Indicating completion may comprise activating a signal on the sensor device such as a light emitting diode (LED).
  • the method may further comprise the gateway device collecting data concerning the installation of the sensor device.
  • the gateway device may store the installation data in its security element.
  • the gateway device may transfer the installation data to the portable module.
  • the gateway device may transfer the installation data to the server.
  • the method may further comprise transferring job location data from the portable module to the gateway device.
  • the job location data may be used to identify data for the network to an installer.
  • Transferring any of the credentials from a first component of the network to a second component of the network may comprise coding the credential in a signal between the components.
  • Transferring any of the credentials from a first component of the network to a second component of the network may comprise transferring a diversified credential.
  • the credentials may be any of a certificate, a key, a token, a password, a biometric.
  • the sensor device may be a fixed device or may be a mobile device.
  • the sensor device may be any of a wired sensor, a communication over power line sensor, a wireless sensor.
  • the sensor device may be any of battery powered, powered over Ethernet, powered by an external power supply.
  • the sensor device may sense any of temperature, humidity, visible radiation, passive infra red radiation, motion.
  • the sensor device may be an appliance device.
  • the appliance device may be any of utility meters, white goods, security and home automation devices.
  • the sensor device may be a proxy pairing device.
  • the proxy pairing device may be paired to the gateway device and then connected to a further device.
  • the pairing of the proxy pairing device and the gateway device may be time-limited.
  • the proxy pairing device may be physically transported to the other device for connection thereto.
  • the further device may be any of a sensor, an appliance.
  • a relatively immovable device such as a fridge, which cannot easily be brought into proximity with the gateway device can be paired to the gateway device using the proxy pairing device.
  • the network may comprise at least one server and at least one gateway device and a plurality of sensor devices.
  • the method may comprise establishing trusted connections between the gateway device and the plurality of sensor devices.
  • the plurality of sensor devices may be paired to the gateway device in the order of wired sensors, communication over power line sensors, closest wireless sensor. This is to provide the greatest chance of a successful wireless installation.
  • the plurality of sensor devices may communicate with the gateway device and the gateway device communicate with the server.
  • the network may comprise at least one server and a plurality of gateway devices and a plurality of sensor devices.
  • the method may comprise establishing trusted connections between one or more gateway devices and one or more sensor devices.
  • Figure 1 is a flow diagram illustrating the method of the first aspect of the invention.
  • Figure 2 is a schematic representation of a network built according to the method of Figure 1.
  • the network comprises a server 38, a gateway device 34 and a plurality of sensor devices 36, each of which comprises a secure element (SE).
  • SE secure element
  • the server and the network devices are prepared (step 10). This comprises placing a security credential in the secure element of each of the network devices, placing the security credentials of the network devices in the secure element of the server, placing an activation credential for the gateway device in the secure element of the server, and placing connection information for connecting the server and the gateway device in the secure element of the server.
  • the secure elements of the devices comprise protected-access, tamper resistant memory elements. Placing a security credential in the secure element of a network device comprises loading the security credential into the secure element and attaching the secure element to the device. Loading the security credential comprises coding the security credential into the secure element memory element. Attaching the secure element comprises bonding the secure element onto a board, e.g. the motherboard, of the device.
  • the security credential of the or each gateway device is generated by a gateway device algorithm using a first primary key and an unique identifier of the secure element of the gateway device.
  • the security credential of the or each sensor device is generated by a sensor device algorithm using a second primary key and an unique identifier of the secure element of the sensor device.
  • the first and second primary keys are unique to the provider of the network.
  • the unique identifier of each secure element is assigned to the element on its manufacture.
  • placing the security credentials of the network devices in the secure element of the server comprises placing a mechanism to generate the security credentials on the server, which comprises placing the unique identifiers of the secure elements of the network devices and the first and second primary keys and the gateway and sensor device algorithms on the server.
  • Placing the gateway device activation credential on the server may comprise placing a mechanism to generate the gateway device activation credential on the server.
  • the gateway device activation credential may be generated using the security credential of the gateway device and an unique identifier of the portable module.
  • the gateway device activation credential may comprise a 128 bit number.
  • the unique identifier of the portable module may be read from the portable module.
  • the method then comprises accessing the server at a first network location (step 12). This comprises establishing a trusted communication link between the server and the portable module, and using the trusted communication link to transfer the gateway device activation credential and the connection data from the server to the portable module.
  • accessing the server at the first network location comprises installing the server at the first network location.
  • the portable module comprises a smart card used by an installer of the network. Prior to bringing the portable module into proximity with the server, the installer of the network uses a credential to gain access to and allow use of the portable module.
  • the trusted communication link between the portable module and the server is established by bringing the portable module into proximity with the server and establishing a NFC link between the two.
  • the method then comprises establishing a trusted connection between the server and the gateway device (step 14). This comprises placing the portable module in proximity with the gateway device to establish a NFC link between the portable module and the gateway device, transferring the gateway device activation credential from the portable module to the gateway device, using the gateway device activation credential to open the secure element of the gateway device, obtaining the security credential in the secure element of the gateway device, transferring the connection data from the portable module to the gateway device, using the connection data and the gateway device security credential to establish a trusted connection between the gateway device and the server, and installing the gateway device in a second network location.
  • Placing the portable module in proximity with the gateway device may comprise the gateway device prompting the installer to bring the portable module into proximity with the gateway device.
  • the gateway device may prompt the installer by issuing a signal such as an audio signal or a visual signal.
  • Transferring the gateway device activation credential from the portable module to the gateway device comprises sending a portable module read credential from the gateway device to the portable module, using the portable module read credential to read the gateway device activation credential and sending the gateway device activation credential from the portable module to the gateway device.
  • the gateway device activation credential is in the secure element of the gateway device.
  • Using the gateway device activation credential to open the gateway device secure element comprises using the gateway device activation credential to generate a key which opens the gateway device secure element.
  • Transferring the connection data from the portable module to the gateway device comprises reading an access credential for the portable module in the secure element of the gateway device, sending the portable module access credential from the gateway device to the portable module, using the portable module access credential to open a data file on the portable module, reading the connection data from the data file and sending the connection data from the portable module to the gateway device.
  • the portable module access credential may be stored in the secure element of the gateway device on preparation of the gateway device.
  • the connection data is placed in the secure element of the gateway device.
  • the N FC link is used to commence a communication session between the portable module and the gateway device, and during the communication session both of the gateway activation credential and the connection data are transferred from the portable module to the gateway device. This increases the security of the transfer and the trust in the network.
  • Establishing a trusted connection between the gateway device and the server comprises using the connection data to set up a communication link between the gateway device and the server, using the gateway device security credential on the gateway device to generate a gateway device challenge, sending the gateway device challenge to the server, using the gateway device security credential stored on the server to generate a server challenge, comparing the gateway device challenge with the server challenge, if a match occurs establishing a mutually authenticated communication link between the gateway device and the server.
  • the communication link between the gateway device and the server may be an encryption-protected link.
  • the communication link between the gateway device and the server is provided via the Internet using an IP address of the server stored in the connection data on the gateway device. Using both of the connection data and the gateway device security credential to establish a trusted connection between the gateway device and the server increases the security of the connection and trust between the gateway device and the server.
  • the trusted connection between the server and the gateway device is then used to transfer network information from the server to the gateway device.
  • the network information may comprise job location data for the network.
  • the network information transferred from the server to the gateway device may comprise topology of the network.
  • the network topography data may consist of the type and location within the network of the gateway device.
  • the gateway device may use the network topography data to prompt an installer to place the gateway device in the second location within the network.
  • the network topography data may comprise operation requirements of the gateway device.
  • the network topography data may consist of the type and location within the network of the sensor device.
  • the gateway device may use the network topography data to prompt an installer to place the sensor device in the third location within the network.
  • the network topography data may comprise operation requirements of the sensor device.
  • a change credential is transferred from the gateway device to the sensor device to be used to change data stored on the sensor device.
  • the gateway device is installed in the second network location.
  • the method of building the trusted network then comprises establishing a trusted connection between the gateway device and the sensor device (step 16). This comprises placing the sensor device in proximity with the gateway device to establish a NFC link between the sensor device and the gateway device, using the NFC link to transfer a sensor device activation credential from the gateway device to the sensor device, using the sensor device activation credential to open the secure element of the sensor device, obtaining the security credential in the secure element of the sensor device, using the sensor device security credential to establish a trusted connection between the gateway device and the sensor device, installing the sensor device in a third network location.
  • Placing the sensor device into proximity with the gateway device may comprise the gateway device prompting the installer to bring the sensor device into proximity with the gateway device.
  • the gateway device may prompt the installer by issuing a signal such as an audio signal or a visual signal.
  • the signal may be issued to the installer via an authenticated communication link established between the gateway device and a mobile device of the installer.
  • Placing the sensor device into proximity with the gateway device may comprise placing the sensor device over an antenna of the gateway device.
  • the antenna of the gateway device may produce a radio frequency (RF) field which may be used to power an NFC tag of the sensor device. This may enable transfer of data to the sensor device without powering it up.
  • RF radio frequency
  • Transferring the sensor device activation credential from the gateway device to the sensor device comprises transferring an unique identifier of the secure element of the sensor device from the sensor device to the gateway device, using the unique identifier to generate on the gateway device the sensor device activation credential and sending the sensor device activation credential from the gateway device to the sensor device.
  • Using the sensor device activation credential to open the secure element of the sensor device comprises using the sensor device activation credential to generate a key which opens the sensor device secure element.
  • Using the sensor device security credential to establish a trusted connection between the gateway device and the sensor device comprises using the sensor device security credential on the sensor device to generate a sensor device challenge, sending the sensor device challenge to the gateway device, using a sensor device security credential on the gateway device to generate a gateway device challenge, comparing the sensor device challenge with the gateway device challenge, if a match occurs establishing a mutually authenticated communication link between the sensor device and the gateway device.
  • the communication link between the sensor device and the gateway device may be an encryption-protected link.
  • the sensor device security credential on the gateway device may be stored on the gateway device during its manufacture.
  • the sensor device security credential on the gateway device may be received from the portable module.
  • the sensor device security credential on the gateway device may be received from the server.
  • the sensor device security credential on the gateway device may be generated using the sensor device algorithm and the second primary key and the unique identifier of the secure element of the sensor device. Any of the sensor device algorithm, the second primary key, the unique identifier of the secure element of the sensor device may be stored on the gateway device or may be received by the gateway device. In particular the unique identifier of the secure element of the sensor device may be received by the gateway device from the sensor device.
  • the trusted connection between the gateway device and the sensor device is then used to transfer sensor information from the gateway device to the sensor device.
  • the sensor information may comprise a network key which enables the sensor device to communicate with the gateway device.
  • the sensor information may comprise a session key which allows the sensor device to operate an application.
  • the session key may be stored in RAM of the sensor device, so that it may be destroyed if the sensor device is tampered with.
  • the gateway device may instruct the sensor device to destroy the session key, e.g. if the application is no longer needed or no longer being paid for.

Abstract

A method of building a trusted network comprising at least one server, at least one gateway device and at least one sensor device, each comprising a secure element,the method comprising (i)preparing the server and the network devices comprising placing a security credential in the secure element of each of the network devices,placing the security credentials of the network devices in the secure element of the server, placing an activation credential for the gateway device in the secure element of the server, placing connection information for connecting the server and the gateway device in the secure element of the server,(ii) accessing the server at a first network location comprising establishing a trusted communication link between the server and a portable module,using the trusted communication link to transfer the gateway device activation credential and the connection data from the server to the portable module, (iii) establishing a trusted connection between the server and the gateway device comprising placing the portable module in proximity with the gateway device to establish a NFC link between the portable module and the gateway device,transferring the gateway device activation credential from the portable module to the gateway device,using the gateway device activation credential to open the secure element of the gateway device,obtaining the security credential in the secure element of the gateway device,transferring the connection data from the portable module to the gateway device, using the connection data and the gateway device security credential to establish a trusted connection between the gateway device and the server,installing the gateway device in a second network location, (iv) establishing a trusted connection between the gateway device and the sensor device comprising placing the sensor device in proximity with the gateway device to establish a NFC link between the sensor device and the gateway device,using the NFC link to transfer a sensor device activation credential from the gateway device to the sensor device,using the sensor device activation credential to open the secure element of the sensor device,obtaining the security credential in the secure element of the sensor device,using the sensor device security credential to establish a trusted connection between the gateway device and the sensor device,installing the sensor device in a third network location.

Description

Trusted Networks
The invention relates to a method of building a trusted network. There are numerous types of networks comprising a plurality of devices, for example networks in care homes having a plurality of sensors for sensing temperature etc. to produce alarms and networks having a plurality of appliances such as a fridge or a lamp etc. A common problem with such networks is their security against attack and unauthorised access to the data created in the network. A key element of this is trust between the components of the network.
According to a first aspect of the invention there is provided a method of building a trusted network comprising at least one server, at least one gateway device and at least one sensor device, each comprising a secure element, the method comprising
(i) preparing the server and the network devices comprising:
placing a security credential in the secure element of each of the network devices, placing the security credentials of the network devices in the secure element of the server, placing an activation credential for the gateway device in the secure element of the server, placing connection information for connecting the server and the gateway device in the secure element of the server,
(ii) accessing the server at a first network location comprising:
establishing a trusted communication link between the server and a portable module, using the trusted communication link to transfer the gateway device activation credential and the connection data from the server to the portable module,
(iii) establishing a trusted connection between the server and the gateway device comprising:
placing the portable module in proximity with the gateway device to establish a near field communication (NFC) link between the portable module and the gateway device, transferring the gateway device activation credential from the portable module to the gateway device, using the gateway device activation credential to open the secure element of the gateway device, obtaining the security credential in the secure element of the gateway device, transferring the connection data from the portable module to the gateway device, using the connection data and the gateway device security credential to establish a trusted connection between the gateway device and the server, installing the gateway device in a second network location,
(iv) establishing a trusted connection between the gateway device and the sensor device comprising:
placing the sensor device in proximity with the gateway device to establish a NFC link between the sensor device and the gateway device, using the NFC link to transfer a sensor device activation credential from the gateway device to the sensor device, using the sensor device activation credential to open the secure element of the sensor device, obtaining the security credential in the secure element of the sensor device, using the sensor device security credential to establish a trusted connection between the gateway device and the sensor device, installing the sensor device in a third network location.
The secure elements of the devices may comprise protected-access, tamper resistant memory elements. Placing a security credential in the secure element of a network device may comprise loading the security credential into the secure element and attaching the secure element to the device. Loading the security credential may comprise coding the security credential into the secure element memory element. Attaching the secure element may comprise bonding the secure element onto a board of the device.
The security credential of the or each gateway device may be generated by a gateway device algorithm using a first primary key and an unique identifier of the secure element of the gateway device. The security credential of the or each sensor device may be generated by a sensor device algorithm using a second primary key and an unique identifier of the secure element of the sensor device. The first a nd second primary keys may be unique to the provider of the network. The unique identifier of each secure element may be assigned to the element on its manufacture. The security credential of each of the network devices will therefore be unique to the device and also to the network provider, which enhances security and trust in the network.
Placing the security credentials of the network devices in the secure element of the server may comprise placing a mechanism to generate the security credentials on the server. Placing a mechanism to generate the security credentials on the server may comprise placing the unique identifiers of the secure elements of the network devices and the first and second primary keys and the gateway and sensor device algorithms on the server.
Placing the gateway device activation credential on the server may comprise placing a mechanism to generate the gateway device activation credential on the server. The gateway device activation credential may be generated using the security credential of the gateway device and an unique identifier of the portable module. The gateway device activation credential may comprise a 128 bit number. The unique identifier of the portable module may be read from the portable module. The connection information for connecting the server and the gateway device may comprise at IP address of the server, a name of the server, details of an authentication method to be used between the server and the gateway device, details of encryption to be used in establishing a connection between the server and the gateway device. Accessing the server at the first network location may comprise installing the server at the first network location. Accessing the server at the first network location may comprise accessing an existing server at the first network location.
The portable module may comprise any of a smart card, a mobile telephone, a tablet, used by an installer of the network. Prior to bringing the portable module into proximity with the server, the installer of the network may use a credential to gain access to and allow use of the portable module. The credential may be any of a certificate, a key, a token, a password, a biometric. Establishing the trusted communication link between the portable module and the server may comprise bringing the portable module into proximity with the server and establishing a NFC link between the two. Establishing the trusted communication link between the portable module and the server may comprise bringing the portable module into proximity with an intermediate device securely authenticated with the server and establishing a NFC link between the portable module and the intermediate device. The portable module may contain a server-specific credential. The server- specific credential may be any of a certificate, a key, a token. Establishing the trusted communication link between the portable module and the server may comprise using the server-specific credential on the portable module and a corresponding server- specific credential on the server to establish a mutually authenticated link between the portable module and the server.
Placing the portable module in proximity with the gateway device may comprise the gateway device prompting the installer to bring the portable module into proximity with the gateway device. The gateway device may prompt the installer by issuing a signal such as an audio signal or a visual signal.
Establishing the NFC link between the gateway device and the portable module provides a trusted link between them as NFC links have high security due to their very short range.
Transferring the gateway device activation credential from the portable module to the gateway device may comprise sending a portable module read credential from the gateway device to the portable module, using the portable module read credential to read the gateway device activation credential and sending the gateway device activation credential from the portable module to the gateway device. The gateway device activation credential may be placed in the secure element of the gateway device. The gateway device activation credential may be a single-use credential. The gateway device activation credential may be a time-limited credential.
Using the gateway device activation credential to open the gateway device secure element may comprise using the gateway device activation credential to generate a key which opens the gateway device secure element. Transferring the connection data from the portable module to the gateway device may comprise reading an access credential for the portable module in the secure element of the gateway device, sending the portable module access credential from the gateway device to the portable module, using the portable module access credential to open a data file on the portable module, reading the connection data from the data file and sending the connection data from the portable module to the gateway device. The portable module access credential may be stored in the secure element of the gateway device on preparation of the gateway device. The connection data may be placed in the secure element of the gateway device. Transferring the connection data from the portable module to the gateway device may comprise reading an access credential for the portable module in the secure element of the gateway device, using the portable module access credential to generate a gateway device challenge, sending the gateway device challenge from the gateway device to the portable module, reading an access credential for the portable module in the portable module, using the portable module access credential to generate a portable module challenge, comparing the gateway device challenge with the portable module challenge, if a match occurs using the portable module access credential to open a data file on the portable module, reading the connection data from the data file and sending the connection data from the portable module to the gateway device. The portable module access credential may be stored in the secure element of the gateway device on preparation of the gateway device. The portable module access credential may be stored in the portable module on preparation of the portable module. The connection data may be placed in the secure element of the gateway device. The NFC link may be used to commence a communication session between the portable module and the gateway device, and during the communication session both of the gateway activation credential and the connection data may be transferred from the portable module to the gateway device. Transferring the gateway device activation credential and the connection data from the portable module to the gateway device in the same communication session increases the security of the transfer and the trust in the network.
Establishing a trusted connection between the gateway device and the server may comprise using the connection data to set up a communication link between the gateway device and the server, using the gateway device security credential on the gateway device to generate a gateway device challenge, sending the gateway device challenge to the server, using the gateway device security credential stored on the server to generate a server challenge, comparing the gateway device challenge with the server challenge, if a match occurs establishing a mutually authenticated communication link between the gateway device and the server. The communication link between the gateway device and the server may be an encryption-protected link. The communication link between the gateway device and the server may be provided via the Internet. The communication link may be provided via the Internet using an IP address of the server stored in the connection data on the gateway device. Using both of the connection data and the gateway device security credential to establish a trusted connection between the gateway device and the server increases the security of the connection and trust between the gateway device and the server.
The method may further comprise using the trusted connection between the server and the gateway device to transfer network information from the server to the gateway device. The network information may comprise job location data for the network. The network information transferred from the server to the gateway device may comprise topology of the network. The network topography data may consist of the type and location within the network of the gateway device. The gateway device may use the network topography data to prompt an installer to place the gateway device in the second location within the network. The network topography data may comprise operation requirements of the gateway device. The network topography data may consist of the type and location within the network of the sensor device. The gateway device may use the network topography data to prompt an installer to place the sensor device in the third location within the network. The network topography data may comprise operation requirements of the sensor device.
The method may further comprise transferring a change credential from the gateway device to the sensor device to be used to change data stored on the sensor device.
Placing the sensor device into proximity with the gateway device may comprise the gateway device prompting the installer to bring the sensor device into proximity with the gateway device. The gateway device may prompt the installer by issuing a signal such as an audio signal or a visual signal. The signal may be issued to the installer via an authenticated communication link established between the gateway device and a mobile device of the installer.
Placing the sensor device into proximity with the gateway device may comprise placing the sensor device over an antenna of the gateway device. The antenna of the gateway device may produce a radio frequency (RF) field which may be used to power an NFC tag of the sensor device. This may enable transfer of data to the sensor device without powering it up.
Transferring the sensor device activation credential from the gateway device to the sensor device may comprise transferring an unique identifier of the secure element of the sensor device from the sensor device to the gateway device, using the unique identifier to generate on the gateway device the sensor device activation credential and sending the sensor device activation credential from the gateway device to the sensor device. Using the unique identifier of the secure element of the sensor device to generate the sensor device activation credential may comprise using a symmetrical key diversification of an installer key by the unique identifier. The sensor device activation credential may be a 128 bit or longer number.
Using the sensor device activation credential to open the secure element of the sensor device may comprise using the sensor device activation credential to generate a key which opens the sensor device secure element.
Using the sensor device security credential to establish a trusted connection between the gateway device and the sensor device may comprise using the sensor device security credential on the sensor device to generate a sensor device challenge, sending the sensor device challenge to the gateway device, using a sensor device security credential on the gateway device to generate a gateway device challenge, comparing the sensor device challenge with the gateway device challenge, if a match occurs establishing a mutually authenticated communication link between the sensor device and the gateway device. The communication link between the sensor device and the gateway device may be an encryption-protected link.
The sensor device security credential on the gateway device may be stored on the gateway device during its manufacture. The sensor device security credential on the gateway device may be received from the portable module. The sensor device security credential on the gateway device may be received from the server. The sensor device security credential on the gateway device may be generated using the sensor device algorithm and the second primary key and the unique identifier of the secure element of the sensor device. Any of the sensor device algorithm, the second primary key, the unique identifier of the secure element of the sensor device may be stored on the gateway device or may be received by the gateway device. In particular the unique identifier of the secure element of the sensor device may be received by the gateway device from the sensor device. The method may further comprise using the trusted connection between the gateway device and the sensor device to transfer sensor information from the gateway device to the sensor device. The sensor information may comprise a network key which enables the sensor device to communicate with the gateway device. The sensor information may comprise a session key which allows the sensor device to operate an application. The session key may be stored in RAM of the sensor device, so that it may be destroyed if the sensor device is tampered with. The gateway device may instruct the sensor device to destroy the session key for example if the application is no longer needed or no longer being paid for. The method may further comprise transferring a change credential from the gateway device to the sensor device to be used to change data stored on the sensor device.
The method may further comprise indicating completion of establishing a trusted connection between the gateway device and the sensor device. Indicating completion may comprise setting a flag in a memory element of the NFC tag of the sensor device. Indicating completion may comprise activating a signal on the sensor device such as a light emitting diode (LED). The method may further comprise the gateway device collecting data concerning the installation of the sensor device. The gateway device may store the installation data in its security element. The gateway device may transfer the installation data to the portable module. The gateway device may transfer the installation data to the server.
The method may further comprise transferring job location data from the portable module to the gateway device. The job location data may be used to identify data for the network to an installer. Transferring any of the credentials from a first component of the network to a second component of the network may comprise coding the credential in a signal between the components. Transferring any of the credentials from a first component of the network to a second component of the network may comprise transferring a diversified credential.
The credentials may be any of a certificate, a key, a token, a password, a biometric.
The sensor device may be a fixed device or may be a mobile device. The sensor device may be any of a wired sensor, a communication over power line sensor, a wireless sensor. The sensor device may be any of battery powered, powered over Ethernet, powered by an external power supply. The sensor device may sense any of temperature, humidity, visible radiation, passive infra red radiation, motion. The sensor device may be an appliance device. The appliance device may be any of utility meters, white goods, security and home automation devices.
The sensor device may be a proxy pairing device. The proxy pairing device may be paired to the gateway device and then connected to a further device. The pairing of the proxy pairing device and the gateway device may be time-limited. The proxy pairing device may be physically transported to the other device for connection thereto. The further device may be any of a sensor, an appliance. Thus a relatively immovable device, such as a fridge, which cannot easily be brought into proximity with the gateway device can be paired to the gateway device using the proxy pairing device.
The network may comprise at least one server and at least one gateway device and a plurality of sensor devices. The method may comprise establishing trusted connections between the gateway device and the plurality of sensor devices. The plurality of sensor devices may be paired to the gateway device in the order of wired sensors, communication over power line sensors, closest wireless sensor. This is to provide the greatest chance of a successful wireless installation. The plurality of sensor devices may communicate with the gateway device and the gateway device communicate with the server. The network may comprise at least one server and a plurality of gateway devices and a plurality of sensor devices. The method may comprise establishing trusted connections between one or more gateway devices and one or more sensor devices.
According to a second aspect of the invention there is provided a network built according to the method of the first aspect of the invention.
Embodiments of the present invention will now be described by way of example only with reference to the accompanying drawings, in which:
Figure 1 is a flow diagram illustrating the method of the first aspect of the invention, and
Figure 2 is a schematic representation of a network built according to the method of Figure 1.
Referring to Figures 1 and 2 a method of building a trusted network is shown. The network comprises a server 38, a gateway device 34 and a plurality of sensor devices 36, each of which comprises a secure element (SE). The method comprises a plurality of steps as follows.
Firstly the server and the network devices are prepared (step 10). This comprises placing a security credential in the secure element of each of the network devices, placing the security credentials of the network devices in the secure element of the server, placing an activation credential for the gateway device in the secure element of the server, and placing connection information for connecting the server and the gateway device in the secure element of the server. The secure elements of the devices comprise protected-access, tamper resistant memory elements. Placing a security credential in the secure element of a network device comprises loading the security credential into the secure element and attaching the secure element to the device. Loading the security credential comprises coding the security credential into the secure element memory element. Attaching the secure element comprises bonding the secure element onto a board, e.g. the motherboard, of the device.
The security credential of the or each gateway device is generated by a gateway device algorithm using a first primary key and an unique identifier of the secure element of the gateway device. The security credential of the or each sensor device is generated by a sensor device algorithm using a second primary key and an unique identifier of the secure element of the sensor device. The first and second primary keys are unique to the provider of the network. The unique identifier of each secure element is assigned to the element on its manufacture.
In this embodiment, placing the security credentials of the network devices in the secure element of the server comprises placing a mechanism to generate the security credentials on the server, which comprises placing the unique identifiers of the secure elements of the network devices and the first and second primary keys and the gateway and sensor device algorithms on the server.
Placing the gateway device activation credential on the server may comprise placing a mechanism to generate the gateway device activation credential on the server. The gateway device activation credential may be generated using the security credential of the gateway device and an unique identifier of the portable module. The gateway device activation credential may comprise a 128 bit number. The unique identifier of the portable module may be read from the portable module. The method then comprises accessing the server at a first network location (step 12). This comprises establishing a trusted communication link between the server and the portable module, and using the trusted communication link to transfer the gateway device activation credential and the connection data from the server to the portable module.
In this embodiment, accessing the server at the first network location comprises installing the server at the first network location. In this embodiment, the portable module comprises a smart card used by an installer of the network. Prior to bringing the portable module into proximity with the server, the installer of the network uses a credential to gain access to and allow use of the portable module. The trusted communication link between the portable module and the server is established by bringing the portable module into proximity with the server and establishing a NFC link between the two.
The method then comprises establishing a trusted connection between the server and the gateway device (step 14). This comprises placing the portable module in proximity with the gateway device to establish a NFC link between the portable module and the gateway device, transferring the gateway device activation credential from the portable module to the gateway device, using the gateway device activation credential to open the secure element of the gateway device, obtaining the security credential in the secure element of the gateway device, transferring the connection data from the portable module to the gateway device, using the connection data and the gateway device security credential to establish a trusted connection between the gateway device and the server, and installing the gateway device in a second network location.
Placing the portable module in proximity with the gateway device may comprise the gateway device prompting the installer to bring the portable module into proximity with the gateway device. The gateway device may prompt the installer by issuing a signal such as an audio signal or a visual signal. Transferring the gateway device activation credential from the portable module to the gateway device comprises sending a portable module read credential from the gateway device to the portable module, using the portable module read credential to read the gateway device activation credential and sending the gateway device activation credential from the portable module to the gateway device. The gateway device activation credential is in the secure element of the gateway device. Using the gateway device activation credential to open the gateway device secure element comprises using the gateway device activation credential to generate a key which opens the gateway device secure element.
Transferring the connection data from the portable module to the gateway device comprises reading an access credential for the portable module in the secure element of the gateway device, sending the portable module access credential from the gateway device to the portable module, using the portable module access credential to open a data file on the portable module, reading the connection data from the data file and sending the connection data from the portable module to the gateway device. The portable module access credential may be stored in the secure element of the gateway device on preparation of the gateway device. The connection data is placed in the secure element of the gateway device.
The N FC link is used to commence a communication session between the portable module and the gateway device, and during the communication session both of the gateway activation credential and the connection data are transferred from the portable module to the gateway device. This increases the security of the transfer and the trust in the network.
Establishing a trusted connection between the gateway device and the server comprises using the connection data to set up a communication link between the gateway device and the server, using the gateway device security credential on the gateway device to generate a gateway device challenge, sending the gateway device challenge to the server, using the gateway device security credential stored on the server to generate a server challenge, comparing the gateway device challenge with the server challenge, if a match occurs establishing a mutually authenticated communication link between the gateway device and the server. The communication link between the gateway device and the server may be an encryption-protected link. The communication link between the gateway device and the server is provided via the Internet using an IP address of the server stored in the connection data on the gateway device. Using both of the connection data and the gateway device security credential to establish a trusted connection between the gateway device and the server increases the security of the connection and trust between the gateway device and the server.
The trusted connection between the server and the gateway device is then used to transfer network information from the server to the gateway device. The network information may comprise job location data for the network. The network information transferred from the server to the gateway device may comprise topology of the network. The network topography data may consist of the type and location within the network of the gateway device. The gateway device may use the network topography data to prompt an installer to place the gateway device in the second location within the network. The network topography data may comprise operation requirements of the gateway device. The network topography data may consist of the type and location within the network of the sensor device. The gateway device may use the network topography data to prompt an installer to place the sensor device in the third location within the network. The network topography data may comprise operation requirements of the sensor device. A change credential is transferred from the gateway device to the sensor device to be used to change data stored on the sensor device. The gateway device is installed in the second network location.
The method of building the trusted network then comprises establishing a trusted connection between the gateway device and the sensor device (step 16). This comprises placing the sensor device in proximity with the gateway device to establish a NFC link between the sensor device and the gateway device, using the NFC link to transfer a sensor device activation credential from the gateway device to the sensor device, using the sensor device activation credential to open the secure element of the sensor device, obtaining the security credential in the secure element of the sensor device, using the sensor device security credential to establish a trusted connection between the gateway device and the sensor device, installing the sensor device in a third network location.
Placing the sensor device into proximity with the gateway device may comprise the gateway device prompting the installer to bring the sensor device into proximity with the gateway device. The gateway device may prompt the installer by issuing a signal such as an audio signal or a visual signal. The signal may be issued to the installer via an authenticated communication link established between the gateway device and a mobile device of the installer.
Placing the sensor device into proximity with the gateway device may comprise placing the sensor device over an antenna of the gateway device. The antenna of the gateway device may produce a radio frequency (RF) field which may be used to power an NFC tag of the sensor device. This may enable transfer of data to the sensor device without powering it up.
Transferring the sensor device activation credential from the gateway device to the sensor device comprises transferring an unique identifier of the secure element of the sensor device from the sensor device to the gateway device, using the unique identifier to generate on the gateway device the sensor device activation credential and sending the sensor device activation credential from the gateway device to the sensor device.
Using the sensor device activation credential to open the secure element of the sensor device comprises using the sensor device activation credential to generate a key which opens the sensor device secure element. Using the sensor device security credential to establish a trusted connection between the gateway device and the sensor device comprises using the sensor device security credential on the sensor device to generate a sensor device challenge, sending the sensor device challenge to the gateway device, using a sensor device security credential on the gateway device to generate a gateway device challenge, comparing the sensor device challenge with the gateway device challenge, if a match occurs establishing a mutually authenticated communication link between the sensor device and the gateway device. The communication link between the sensor device and the gateway device may be an encryption-protected link.
The sensor device security credential on the gateway device may be stored on the gateway device during its manufacture. The sensor device security credential on the gateway device may be received from the portable module. The sensor device security credential on the gateway device may be received from the server. The sensor device security credential on the gateway device may be generated using the sensor device algorithm and the second primary key and the unique identifier of the secure element of the sensor device. Any of the sensor device algorithm, the second primary key, the unique identifier of the secure element of the sensor device may be stored on the gateway device or may be received by the gateway device. In particular the unique identifier of the secure element of the sensor device may be received by the gateway device from the sensor device.
The trusted connection between the gateway device and the sensor device is then used to transfer sensor information from the gateway device to the sensor device. The sensor information may comprise a network key which enables the sensor device to communicate with the gateway device. The sensor information may comprise a session key which allows the sensor device to operate an application. The session key may be stored in RAM of the sensor device, so that it may be destroyed if the sensor device is tampered with. The gateway device may instruct the sensor device to destroy the session key, e.g. if the application is no longer needed or no longer being paid for.

Claims

CLAI MS
1. A method of building a trusted network comprising at least one server, at least one gateway device and at least one sensor device, each comprising a secure element, the method comprising
(i) preparing the server and the network devices comprising:
placing a security credential in the secure element of each of the network devices, placing the security credentials of the network devices in the secure element of the server, placing an activation credential for the gateway device in the secure element of the server, placing connection information for connecting the server and the gateway device in the secure element of the server,
(ii) accessing the server at a first network location comprising:
establishing a trusted communication link between the server and a portable module, using the trusted communication link to transfer the gateway device activation credential and the connection data from the server to the portable module,
(iii) establishing a trusted connection between the server and the gateway device comprising:
placing the portable module in proximity with the gateway device to establish a NFC link between the portable module and the gateway device, transferring the gateway device activation credential from the portable module to the gateway device, using the gateway device activation credential to open the secure element of the gateway device, obtaining the security credential in the secure element of the gateway device, transferring the connection data from the portable module to the gateway device, using the connection data and the gateway device security credential to establish a trusted connection between the gateway device and the server, installing the gateway device in a second network location,
(iv) establishing a trusted connection between the gateway device and the sensor device comprising:
placing the sensor device in proximity with the gateway device to establish a NFC link between the sensor device and the gateway device, using the NFC link to transfer a sensor device activation credential from the gateway device to the sensor device, using the sensor device activation credential to open the secure element of the sensor device, obtaining the security credential in the secure element of the sensor device, using the sensor device security credential to establish a trusted connection between the gateway device and the sensor device, installing the sensor device in a third network location.
2. A method according to claim 1 in which the security credential of the or each gateway device is generated by a gateway device algorithm using a first primary key and an unique identifier of the secure element of the gateway device.
3. A method according to claim 1 or claim 2 in which the security credential of the or each sensor device is generated by a sensor device algorithm using a second primary key and an unique identifier of the secure element of the sensor device.
4. A method according to claim 2 and claim 3 in which the first and second primary keys are unique to the provider of the network.
5. A method according to any preceding claim in which placing the security credentials of the network devices in the secure element of the server comprises placing a mechanism to generate the security credentials on the server.
6. A method according to any preceding claim in which placing the gateway device activation credential on the server comprises placing a mechanism to generate the gateway device activation credential on the server.
7. A method according to any preceding claim in which establishing the trusted communication link between the portable module and the server comprises bringing the portable module into proximity with the server and establishing a NFC link between the two.
8. A method according to any preceding claim in which transferring the gateway device activation credential from the portable module to the gateway device comprises sending a portable module read credential from the gateway device to the portable module, using the portable module read credential to read the gateway device activation credential and sending the gateway device activation credential from the portable module to the gateway device.
9. A method according to any preceding claim in which transferring the connection data from the portable module to the gateway device comprises reading an access credential for the portable module in the secure element of the gateway device, sending the portable module access credential from the gateway device to the portable module, using the portable module access credential to open a data file on the portable module, reading the connection data from the data file and sending the connection data from the portable module to the gateway device.
10. A method according to any preceding claim in which the NFC link is used to commence a communication session between the portable module and the gateway device, and during the communication session both of the gateway activation credential and the connection data are transferred from the portable module to the gateway device.
11. A method according to any preceding claim in which establishing a trusted connection between the gateway device and the server comprises using the connection data to set up a communication link between the gateway device and the server, using the gateway device security credential on the gateway device to generate a gateway device challenge, sending the gateway device challenge to the server, using the gateway device security credential stored on the server to generate a server challenge, comparing the gateway device challenge with the server challenge, if a match occurs establishing a mutually authenticated communication link between the gateway device and the server.
12. A method according to any preceding claim in which transferring the sensor device activation credential from the gateway device to the sensor device comprises transferring an unique identifier of the secure element of the sensor device from the sensor device to the gateway device, using the unique identifier to generate on the gateway device the sensor device activation credential and sending the sensor device activation credential from the gateway device to the sensor device.
13. A method according to any preceding claim in which using the sensor device security credential to establish a trusted connection between the gateway device and the sensor device comprises using the sensor device security credential on the sensor device to generate a sensor device challenge, sending the sensor device challenge to the gateway device, using a sensor device security credential on the gateway device to generate a gateway device challenge, comparing the sensor device challenge with the gateway device challenge, if a match occurs establishing a mutually authenticated communication link between the sensor device and the gateway device.
14. A method according to claim 13 in which the sensor device security credential on the gateway device is generated using the sensor device algorithm and the second primary key and the unique identifier of the secure element of the sensor device stored on or received by the gateway device.
15. A network built according to the method of any of claims 1 to 14.
PCT/GB2015/050714 2014-03-11 2015-03-11 Trusted networks WO2015136284A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB201404303A GB201404303D0 (en) 2014-03-11 2014-03-11 Pairing near field communication enabled devices in networks
GB1404303.8 2014-03-11

Publications (1)

Publication Number Publication Date
WO2015136284A1 true WO2015136284A1 (en) 2015-09-17

Family

ID=50554899

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2015/050714 WO2015136284A1 (en) 2014-03-11 2015-03-11 Trusted networks

Country Status (2)

Country Link
GB (2) GB201404303D0 (en)
WO (1) WO2015136284A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105897771A (en) * 2016-06-22 2016-08-24 中国联合网络通信集团有限公司 Identity authentication method, authentication server and third-party platform

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060136717A1 (en) * 2004-12-20 2006-06-22 Mark Buer System and method for authentication via a proximate device
WO2008087571A2 (en) * 2007-01-19 2008-07-24 Koninklijke Philips Electronics N.V. Smart install
US20090222659A1 (en) * 2008-03-03 2009-09-03 Sony Corporation Communication device and communication method

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7936878B2 (en) * 2006-04-10 2011-05-03 Honeywell International Inc. Secure wireless instrumentation network system
JP5521577B2 (en) * 2010-01-27 2014-06-18 株式会社リコー Peripheral device, network system, communication processing method, and communication processing control program
US8875283B2 (en) * 2012-04-10 2014-10-28 Blackberry Limited Restricted access memory device providing short range communication-based security features and related methods

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060136717A1 (en) * 2004-12-20 2006-06-22 Mark Buer System and method for authentication via a proximate device
WO2008087571A2 (en) * 2007-01-19 2008-07-24 Koninklijke Philips Electronics N.V. Smart install
US20090222659A1 (en) * 2008-03-03 2009-09-03 Sony Corporation Communication device and communication method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105897771A (en) * 2016-06-22 2016-08-24 中国联合网络通信集团有限公司 Identity authentication method, authentication server and third-party platform
CN105897771B (en) * 2016-06-22 2019-04-09 中国联合网络通信集团有限公司 Identity identifying method, certificate server and third-party platform

Also Published As

Publication number Publication date
GB2525972A (en) 2015-11-11
GB201504126D0 (en) 2015-04-22
GB201404303D0 (en) 2014-04-23

Similar Documents

Publication Publication Date Title
US10992672B2 (en) System and method for automatic wireless network authentication
US11626974B2 (en) System and method for securely configuring a new device with network credentials
US10841874B2 (en) Embedded internet of things (IoT) hub for integration with an appliance and associated systems and methods
US10721208B2 (en) System and method for automatic wireless network authentication in an internet of things (IOT) system
US10454152B2 (en) Modular antenna for integration with an internet of things (IoT) hub and associated systems and methods
US10841759B2 (en) Securely providing a password using an internet of things (IoT) system
US11153754B2 (en) Devices, systems and methods for connecting and authenticating local devices to common gateway device
US10779296B2 (en) System and method for intelligent communication channel selection for an internet of things (IoT) device
US11695635B2 (en) Rapid install of IoT devices
US20200274707A1 (en) Server for and method of secure device registration
KR20160146753A (en) Network node security using short range communication
US11217049B2 (en) Secure wireless key system and method with dynamically adjustable modulation
US10939532B2 (en) Secure commissioning of wireless enabled lighting devices
US11228453B2 (en) Secure provisioning of electronic lock controllers
WO2015136284A1 (en) Trusted networks
US20230345245A1 (en) Methods, devices and systems for automatically adding devices to network using wireless positioning techniques

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15714604

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15714604

Country of ref document: EP

Kind code of ref document: A1