GB2588002A - Security management for networked client devices using a distributed ledger service - Google Patents

Security management for networked client devices using a distributed ledger service Download PDF

Info

Publication number
GB2588002A
GB2588002A GB2018249.9A GB202018249A GB2588002A GB 2588002 A GB2588002 A GB 2588002A GB 202018249 A GB202018249 A GB 202018249A GB 2588002 A GB2588002 A GB 2588002A
Authority
GB
United Kingdom
Prior art keywords
distributed ledger
network
enabled client
computing system
communication path
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB2018249.9A
Other versions
GB2588002B (en
GB202018249D0 (en
Inventor
Zankowicz Josef
Fallah Jay
Rankine Scott
Byrne Kristopher
John Oerton Kevin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NXM Labs Canada Inc
Original Assignee
NXM Labs Canada Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US15/988,427 external-priority patent/US10708070B2/en
Application filed by NXM Labs Canada Inc filed Critical NXM Labs Canada Inc
Priority to GB2217262.1A priority Critical patent/GB2609872B/en
Publication of GB202018249D0 publication Critical patent/GB202018249D0/en
Publication of GB2588002A publication Critical patent/GB2588002A/en
Application granted granted Critical
Publication of GB2588002B publication Critical patent/GB2588002B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1044Group management mechanisms 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/76Proxy, i.e. using intermediary entity to perform cryptographic operations

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Theoretical Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

A system and method for managing a plurality of network-enabled client devices such as Internet of Things (IoT) and smart devices employs a distributed ledger or blockchain to store security-related information for each client device. Access to the distributed ledger is provided through a proxy computing system that is configured to exchange security-related messages with the client devices over a first communication path, which may be over a public network; and to engage in transactions with or query the distributed ledger on behalf of the client devices over a second communication path, which is a private channel. Vendible data published by the client devices may be routed by the proxy computing system to a data broker or publishing system in a manner that removes identifying information from the vendible data.

Claims (21)

Claims
1. A system for managing a plurality of network-enabled client devices, comprising: a distributed ledger computing system maintaining a distributed ledger for storing security-related information for the plurality of network-enabled client devices; a proxy computing system configured to exchange security-related messages with the plurality of network-enabled client devices over a first communication path; and to engage in transactions or call functions with the distributed ledger on behalf of the network-enabled client devices over a second communication path.
2. The system of claim 1, wherein the distributed ledger stores associations between unique identifiers defined for the plurality of network-enabled client devices and corresponding encryption keys.
3. The system of claim 1, wherein the distributed ledger stores at least one of: pairing associations between network-enabled client devices, and associations between administrator devices and network-enabled client devices.
4. The system of claim 1 , wherein the proxy computing system is configured to: receive, from a network-enabled client device over the first communication path, a security-related request; generate a transaction or a function call for the distributed ledger, the transaction including as an account identifier or as a parameter a unique identifier of the network- enabled client device; and transmit the transaction or function call to the distributed ledger computing system for execution on the distributed ledger over the second communication path.
5. The system of claim 4, wherein the proxy computing system is further configured to receive an output from the distributed ledger computing system in response to the executed transaction or function.
6. The system of claim 1, wherein: the distributed ledger computing system comprises a repository storing a copy of the distributed ledger, the copy of the distributed ledger being updated when a change is made to the distributed ledger; and wherein the proxy computing system is further configured to access the copy of the distributed ledger over a third communication path distinct from the second communication path, and to further: receive, from a network-enabled client device over the first communication path, a security-related request; generate a transaction or a function call for the distributed ledger, the transaction including as an account identifier or as a parameter a unique identifier of the network- enabled client device; transmit the transaction or function call to the distributed ledger computing system for execution on the distributed ledger over the second communication path; and retrieve, from the copy of the distributed ledger over the third communication path, security-related information for transmission to the network-enabled client device.
7. The system of claim 6, wherein the transaction or function call comprises a transaction adding a pairing association between the network-enabled client device and a second network-enabled client device, and the security-related information retrieved from the copy of the distributed ledger comprises a public key for the second network-enabled client device.
8. The system of claim 1 , further comprising the plurality of network-enabled client devices.
9. The system of claim 8, wherein each network-enabled client device is configured to self-generate a unique identifier for identifying the network-enabled client device in the distributed ledger.
10. A method, comprising: maintaining, by a distributed ledger computing system, a distributed ledger for storing security-related information for a plurality of network-enabled client devices; a proxy computing system exchanging security-related messages with a plurality of network-enabled client devices over a first communication path; the proxy computing system transmitting, over a second communication path and on behalf of the plurality of network-enabled client devices, transactions or calls of functions for a distributed ledger storing security-related information for the plurality of network-enabled client devices.
11. The method of claim 10, wherein the distributed ledger stores associations between unique identifiers defined for the plurality of network-enabled client devices and corresponding encryption keys.
12. The method of claim 10, wherein the distributed ledger stores at least one of: pairing associations between network-enabled client devices, and associations between administrator devices and network-enabled client devices.
13. The method of claim 10, further comprising the proxy computing system: receiving, from a network-enabled client device over the first communication path, a security-related request; generating a transaction or a function call for the distributed ledger, the transaction including as an account identifier or as a parameter a unique identifier of the network- enabled client device; and transmitting the transaction or function call to the distributed ledger computing system for execution on the distributed ledger over the second communication path.
14. The method of claim 13, further comprising the proxy computing system receiving an output from the distributed ledger computing system in response to the executed transaction or function.
15. The method of claim 10, wherein the distributed ledger computing system comprises a repository storing a copy of the distributed ledger, the copy of the distributed ledger being updated when a change is made to the distributed ledger, the method further comprising: the proxy computing system accessing the copy of the distributed ledger over a third communication path distinct from the second communication path; the proxy computing system receiving, from a network-enabled client device over the first communication path, a security-related request; the proxy computing system generating a transaction or a function call for the distributed ledger, the transaction including as an account identifier or as a parameter a unique identifier of the network-enabled client device; the proxy computing system transmitting the transaction or function call to the distributed ledger computing system for execution on the distributed ledger over the second communication path; and the proxy computing system retrieving, from the copy of the distributed ledger over the third communication path, security-related information for transmission to the network- enabled client device.
16. The method of claim 15, wherein the transaction or function call comprises a transaction adding a pairing association between the network-enabled client device and a second network-enabled client device, and the security-related information retrieved from the copy of the distributed ledger comprises a public key for the second network-enabled client device.
17. The method of claim 10, wherein each network-enabled client device is configured to self-generate a unique identifier for identifying the network-enabled client device in the distributed ledger.
18. Non-transitory computer-readable media storing code which, when executed by at least one processor of a computing system, causes the computing system to implement the method of any one of claims 10 to 17.
19. A system, comprising: a distributed ledger computing system maintaining a distributed ledger for storing security-related information for a plurality of network-enabled devices; a proxy computing system configured to exchange messages with the plurality of network-enabled client devices over a first communication path; to engage in transactions or call functions with the distributed ledger on behalf of the network-enabled client devices over a second communication path; and to transmit data received from the plurality of network-enabled client devices to a data storage or distribution computing system over a third communication path.
20. The system of claim 19, further comprising the data storage or distribution computing system.
21. The system of claim 19, further comprising a plurality of network-enabled client devices, each network-enabled client device comprising a processing unit and a communications subsystem, each network-enabled client device being configured to transmit messages comprising vendible data and security-related messages to the proxy computing system over the first connection; the proxy computing system being configured to transmit vendible data received from one of the network-enabled client devices to the data storage or distribution system over the third communication path; the proxy computing system being configured to generate a transaction or a function call for the distributed ledger based on a security-related message received from the network- enabled client device, and transmit the transaction or function call to the distributed ledger computing system for execution on the distributed ledger over the second communication path.
GB2018249.9A 2018-05-10 2019-05-10 Security management for networked client devices using a distributed ledger service Active GB2588002B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB2217262.1A GB2609872B (en) 2018-05-10 2019-05-10 Security management for networked client devices using a distributed ledger service

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US201862669652P 2018-05-10 2018-05-10
US15/988,427 US10708070B2 (en) 2017-05-24 2018-05-24 System and method for utilizing connected devices to enable secure and anonymous electronic interaction in a decentralized manner
US201862689303P 2018-06-25 2018-06-25
US201862739771P 2018-10-01 2018-10-01
PCT/CA2019/050635 WO2019213781A1 (en) 2018-05-10 2019-05-10 Security management for networked client devices using a distributed ledger service

Publications (3)

Publication Number Publication Date
GB202018249D0 GB202018249D0 (en) 2021-01-06
GB2588002A true GB2588002A (en) 2021-04-14
GB2588002B GB2588002B (en) 2022-12-28

Family

ID=68466839

Family Applications (2)

Application Number Title Priority Date Filing Date
GB2217262.1A Active GB2609872B (en) 2018-05-10 2019-05-10 Security management for networked client devices using a distributed ledger service
GB2018249.9A Active GB2588002B (en) 2018-05-10 2019-05-10 Security management for networked client devices using a distributed ledger service

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GB2217262.1A Active GB2609872B (en) 2018-05-10 2019-05-10 Security management for networked client devices using a distributed ledger service

Country Status (2)

Country Link
GB (2) GB2609872B (en)
WO (1) WO2019213781A1 (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200064792A1 (en) * 2018-08-24 2020-02-27 Sensormatic Electronics, LLC Event Engine for Building Management System Using Distributed Devices and Blockchain Ledger
EP3834157B1 (en) 2020-04-22 2023-09-13 Alipay (Hangzhou) Information Technology Co., Ltd. Managing transaction requests in ledger systems
EP3841549B1 (en) 2020-04-22 2022-10-26 Alipay (Hangzhou) Information Technology Co., Ltd. Managing transaction requests in ledger systems
CN111556119B (en) * 2020-04-23 2023-04-21 杭州涂鸦信息技术有限公司 Device information changing method and related device
CN113595958B (en) * 2020-04-30 2023-06-16 杭州萤石软件有限公司 Security detection system and method for Internet of things equipment
US20230379699A1 (en) * 2020-09-28 2023-11-23 Nxm Labs, Inc. Security management of networked devices using a distributed ledger network
US11368288B2 (en) 2020-11-20 2022-06-21 Hong Kong Applied Science and Technology Research Institute Company Limited Apparatus and method of lightweight communication protocols between multiple blockchains
CN112654033B (en) * 2020-12-15 2023-02-17 中国联合网络通信集团有限公司 Service opening method and device
CN112969217A (en) * 2021-01-29 2021-06-15 中国联合网络通信集团有限公司 Access method of communication network, unified data management entity and terminal
CN113411344A (en) * 2021-06-28 2021-09-17 湖南大学 Distributed account book security-oriented high-performance expandable system and cluster architecture thereof
WO2024144443A1 (en) * 2022-12-30 2024-07-04 Telefonaktiebolaget Lm Ericsson (Publ) Managing data for access authorization and user registration

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180075247A1 (en) * 2016-09-09 2018-03-15 Tyco Integrated Security, LLC Architecture For Access Management
CN108011370A (en) * 2017-12-27 2018-05-08 华北电力大学(保定) A kind of distributed energy scheduling method of commerce based on global energy block chain
US20190102409A1 (en) * 2017-09-29 2019-04-04 Oracle International Corporation System and method for managing a blockchain cloud service

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170302663A1 (en) * 2016-04-14 2017-10-19 Cisco Technology, Inc. BLOCK CHAIN BASED IoT DEVICE IDENTITY VERIFICATION AND ANOMALY DETECTION
US11144911B2 (en) * 2016-06-20 2021-10-12 Intel Corporation Technologies for device commissioning
KR101919590B1 (en) * 2017-05-10 2019-02-08 주식회사 코인플러그 METHOD FOR PAYING COST OF IoT DEVICE BASED ON BLOCKCHAIN AND MERKLE TREE STRUCTURE RELATED THERETO, AND SERVER, SERVICE PROVIDING TERMINAL, AND DIGITAL WALLET USING THE SAME
CN111869187A (en) * 2018-05-07 2020-10-30 康维达无线有限责任公司 Interworking between IOT service layer system and distributed ledger system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180075247A1 (en) * 2016-09-09 2018-03-15 Tyco Integrated Security, LLC Architecture For Access Management
US20190102409A1 (en) * 2017-09-29 2019-04-04 Oracle International Corporation System and method for managing a blockchain cloud service
CN108011370A (en) * 2017-12-27 2018-05-08 华北电力大学(保定) A kind of distributed energy scheduling method of commerce based on global energy block chain

Also Published As

Publication number Publication date
GB2588002B (en) 2022-12-28
GB2609872B (en) 2023-05-17
GB2609872A (en) 2023-02-15
GB202217262D0 (en) 2023-01-04
GB202018249D0 (en) 2021-01-06
WO2019213781A1 (en) 2019-11-14

Similar Documents

Publication Publication Date Title
GB2588002A (en) Security management for networked client devices using a distributed ledger service
US10346627B2 (en) Privacy preserving data querying
US10735426B2 (en) Secure asynchronous retrieval of data behind a firewall
US20210349989A1 (en) Method and apparatus for updating password of electronic device, device and storage medium
US20190097791A1 (en) Distributed key caching for encrypted keys
US7844707B2 (en) Web service multi-key rate limiting method and system
KR101850351B1 (en) Method for Inquiring IoC Information by Use of P2P Protocol
CN105247529A (en) Synchronizing credential hashes between directory services
CN112699399A (en) Encryption database system, method and device for realizing encryption database system
CN112363991B (en) Block chain data registration method and device
US10700865B1 (en) System and method for granting secure access to computing services hidden in trusted computing environments to an unsecure requestor
EP2354996A1 (en) Apparatus and method for remote processing while securing classified data
US20080172467A1 (en) Store-and-forward messaging channel for occasionally connected mobile applications
CN113254050A (en) Micro front-end system
CN117081813A (en) Encryption and decryption method, system, device, equipment and medium for service data
EP3528452A1 (en) Harvesting and distributing a certificate based on a dns name
US20160323260A1 (en) Obtaining data for connection to a device via a network
CN112887087B (en) Data management method and device, electronic equipment and readable storage medium
CN112491955B (en) Method and system for realizing iframe system data exchange based on proxy server
CN108141462B (en) Method and system for database query
CN114840739B (en) Information retrieval method, device, electronic equipment and storage medium
US20100228976A1 (en) Method and apparatus for providing secured network robot services
CN115208630B (en) Block chain-based data acquisition method and system and block chain system
Naik et al. Security attacks on information centric networking for healthcare system
CN111698192B (en) Method for monitoring transaction system, transaction device, monitoring device and system

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20210715 AND 20210721