US20150350167A1 - Systems and methods for secure communication over a network using a linking address - Google Patents

Systems and methods for secure communication over a network using a linking address Download PDF

Info

Publication number
US20150350167A1
US20150350167A1 US14/728,867 US201514728867A US2015350167A1 US 20150350167 A1 US20150350167 A1 US 20150350167A1 US 201514728867 A US201514728867 A US 201514728867A US 2015350167 A1 US2015350167 A1 US 2015350167A1
Authority
US
United States
Prior art keywords
data packet
electronic device
linking address
engine
computer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/728,867
Other languages
English (en)
Inventor
Vladan Djakovic
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubbell Inc
Original Assignee
iDevices LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by iDevices LLC filed Critical iDevices LLC
Priority to US14/728,867 priority Critical patent/US20150350167A1/en
Assigned to iDevices, LLC reassignment iDevices, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: DJAKOVIC, VLADAN
Publication of US20150350167A1 publication Critical patent/US20150350167A1/en
Assigned to HUBBELL INCORPORATED (DELAWARE) reassignment HUBBELL INCORPORATED (DELAWARE) MERGER (SEE DOCUMENT FOR DETAILS). Assignors: iDevices, LLC
Priority to US17/843,466 priority patent/US20220321543A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2521Translation architectures other than single NAT servers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5092Address allocation by self-assignment, e.g. picking addresses at random and testing if they are already in use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Definitions

  • the present disclosure relates generally to systems and methods for secure communication over a network using a linking address. More specifically, the present disclosure relates to a system and method for secure transmission and storage over a network using one of many linking addresses.
  • IP Internet of Things
  • a difficulty of having so many devices in communication over the Internet is providing an efficient, effective, reliable, and scalable way to directly connect all of these devices with one another.
  • Many electronic devices connect to the Internet through various firewalls and routers using a Network Address Translation (NAT) protocol.
  • NAT Network Address Translation
  • Communication via NAT does not directly expose the communicating device to the external network environment, which can be problematic when such devices are trying to communicate directly (e.g., when the devices are not connected to servers that have their Internet address exposed).
  • the Interactive Connectivity Establishment (ICE) protocol (e.g., with Session Traversal Utilities for NAT (STUN)) can be used to assist the direct connection of devices, but this approach does not work in every case (e.g., in 10% of cases).
  • ICE Interactive Connectivity Establishment
  • STUN Session Traversal Utilities for NAT
  • a relaying service could be used (e.g., Traversal Using Relays around NAT (TURN)), which is more reliable, but requires the relaying services to be a trusted party (e.g., to know its individual clients as well as store permissions and session states).
  • logs periodic or event-driven historical records
  • Many available log storage mechanisms form a closed system with mutual trust between the storage mechanism, log generator, and consumer.
  • requiring every system to have its own log storage mechanism can be problematic when log generators and consumers are owned by various parties, when it is unknown who the log consumer will be, when there are multiple log consumers, etc.
  • coupling security associations and trust relationships with the log storage mechanism increases the amount of security associations and procedures to set up and maintain. It is impractical for every analytic application to create its own log storage mechanism, or have each device model commit to one particular log storage mechanism at the time of manufacture.
  • the present disclosure relates to systems and methods for secure communication over a network using a linking address.
  • the system for secure communication comprising a computer system in electronic communication over a network with a plurality of electronic devices, a database in electronic communication with the computer system, the database configured to electronically store at least a linking address and an associated payload of a data packet, an engine stored on and executed by the computer system, the engine electronically receiving a data packet over the network from a first electronic device, processing the data packet to identify a linking address and a payload, the linking address being at least 32 bit, storing the linking address and payload in the database, electronically receiving a query from a second electronic device, the second electronic device identifying the linking address, and electronically transmitting the data packet over the network to the second electronic device.
  • a method for secure communication comprises electronically receiving, at an engine stored on and executed by a computer system, a data packet from a first electronic device over a network, processing the data packet to identify a linking address and a payload contained therein, the linking address being at least 32 bit, storing the linking address and the associated payload of the data packet in a database, electronically receiving a query from a second electronic device, the second electronic device identifying the linking address, and electronically transmitting the data packet over the network to the second electronic device.
  • FIG. 1 is a diagram showing an IoT/IP system for secure electronic communication and storage over a network
  • FIG. 2 is a diagram illustrating subsystems of the IoT/IP engine
  • FIG. 3 is a diagram illustrating electronic communication of an electronic device using the IoT/IP system
  • FIG. 4 is a diagram illustrating use of the IoT/IP system across multiple electronic devices
  • FIG. 5 illustrates processing steps of the secure communication relay subsystem of the IoT/IP system
  • FIG. 6 is a diagram illustrating the processing steps of FIG. 5 ;
  • FIG. 7 illustrates processing steps of the secure log storage subsystem of the IoT/IP system.
  • FIG. 8 is a diagram showing hardware and software components of the system.
  • the present disclosure relates to a system and method for secure electronic communication and storage over a network. More specifically, the present disclosure relates to an Internet of Things/Internet Protocol (IoT/IP) system to provide secure electronic communication and storage over a network.
  • IoT/IP Internet of Things/Internet Protocol
  • the IoT/IP system is scalable, reliable, and secure, and uses minimal computer resources (e.g., processing power, memory, etc.) and minimal financial resources to setup, maintain, and use. As a result of using fewer computer resources, the IoT/IP system also improves the functioning of the computer itself, among other advantages.
  • the IoT/IP system provides for secure communication (e.g., electronic transmissions) as well as secure storage (e.g., log storage) by using a unique linking address (e.g., key, pin, token, ID, etc.), where the linking address is one of a very large number of possible linking addresses (e.g., trillions). In other words, the number of linking addresses in use (e.g., by electronic devices) is much less than the number of linking addresses available. This makes the linking address being used impractical (unlikely) to guess or deduce, even using a computerized random address generator.
  • the linking address may be as large or larger than 32 bit, 64 bit, 128 bit, 256 bit, 512 bit, etc.
  • the collision probability after 20 trillion pairings is one in a trillion, so the probability of guessing or deducing the relevant active ID (if trillion logs are simultaneously active) is 1 in 10 26 . Accordingly, the IoT/IP system does not require or use any security associations.
  • FIG. 1 is a diagram showing an exemplary IoT/IP system for secure electronic communication and storage over a network, indicated generally at 10 .
  • the IoT/IP system 10 comprises a computer system 12 (e.g., a server, multiple servers) having a database 14 stored therein or operatively connected thereto and an IoT/IP engine 16 .
  • the computer system 12 may be any suitable computer server (e.g., a server with an INTEL microprocessor, multiple processors, multiple processing cores, etc.) running any suitable operating system (e.g., Windows by Microsoft, Linux, etc.).
  • the database 14 may be stored on the computer system 12 , or located externally therefrom (e.g., in a separate database server in communication with the IoT/IP system 10 ).
  • the IoT/IP system 10 is remotely accessible such that the IoT/IP system 10 communicates through a network 20 with one or more of a variety of computer systems 22 (e.g., personal computer system 26 a , a smart cellular telephone 26 b , a tablet computer 26 c , and/or other electronic devices).
  • computer systems 22 e.g., personal computer system 26 a , a smart cellular telephone 26 b , a tablet computer 26 c , and/or other electronic devices.
  • Network communication may be over the Internet using standard TCP/IP communications protocols (e.g., hypertext transfer protocol (HTTP), secure HTTP (HTTPS), file transfer protocol (FTP), electronic data interchange (EDI), etc.), through a private network connection (e.g., wide-area network (WAN) connection, emails, electronic data interchange (EDI) messages, extensible markup language (XML) messages, file transfer protocol (FTP) file transfers, etc.), or any other suitable wired or wireless electronic communications format and system.
  • HTTP hypertext transfer protocol
  • HTTPS secure HTTP
  • FTP file transfer protocol
  • EDI electronic data interchange
  • EDI electronic data interchange
  • a private network connection e.g., wide-area network (WAN) connection, emails, electronic data interchange (EDI) messages, extensible markup language (XML) messages, file transfer protocol (FTP) file transfers, etc.
  • WAN wide-area network
  • EDI extensible markup language
  • FTP file transfer protocol
  • FIG. 2 is a diagram illustrating exemplary subsystems of the IoT/IP engine 16 . These include a secure communication relay subsystem 30 and a secure log storage subsystem 32 .
  • the secure communication relay subsystem 30 provides anonymous relaying (e.g., in real time) of secure communications between two (or more) electronic devices over a network by utilizing a unique linking address (e.g., previously agreed upon). More specifically, the linking address for the secure communication relay subsystem 30 may be a Remote Conduit Identification (RCID).
  • the predetermined RCID is so complex (e.g., large) as to be impractical to guess or determine, and the number of unique RCIDs available is much larger than the actual number in use.
  • the secure communication relay subsystem 30 is completely indifferent (e.g., agnostic) to the identities of the electronic devices and the content of the data packet (e.g., electronic communication) being transmitted.
  • the secure log storage subsystem 32 provides anonymous storage of log entries (or any other type of data) generated from a first log generator electronic device, which can then be accessed by one or more second log consumer electronic devices by using a linking address.
  • the first log consumer electronic device may be the same device as the second log generator electronic device.
  • the linking address for the secure log storage subsystem 32 may be a Remote Storage Identification (RSID).
  • the log generator electronic device may transmit log entries to a single RSID, which then may be accessed by one or more log consumer electronic devices.
  • the log generator electronic device may transmit log entries to multiple RSIDs, such that each linking address is exclusive to only one log consumer electronic device.
  • the RSID is so complex (e.g., large) as to be impractical to guess or deduce the one being used, and the number of unique RSIDs available is much larger than the actual number in use.
  • the secure log storage subsystem 32 is completely indifferent (e.g., agnostic) as to the identities of the electronic devices and the content of the data packet (e.g., log entries) being transmitted and stored. Although log entries are described, the secure log storage subsystem 32 may store any type of electronic data.
  • the IoT/IP system does not store any confidential information or client information (e.g., registration information, configuration information, hardware address information, etc.), and thus the server of the IoT/IP system does not require protection.
  • the IoT/IP system e.g., including each of the secure communication relay subsystem 30 and the secure log storage subsystem 32 ) has no knowledge of the electronic devices communicating therewith, nor does the IoT/IP system have any knowledge of any security associations of such devices.
  • the IoT/IP system operates at a very low financial cost and uses minimal computer resources, thereby improving the functioning (e.g., speed) of the computer itself.
  • the IoT/IP system does not require any information or knowledge of any of the electronic devices prior to those devices using the system, thereby avoiding costly authentication systems and procedures (e.g., logins, accounts, etc.). This provides a connectivity infrastructure between many devices (e.g., millions of devices) without any preparation steps and without communicating individual device information.
  • FIG. 3 is a diagram illustrating an example of electronic communication of an electronic device using the IoT/IP system.
  • a first electronic device e.g., smartlamp 40
  • communicates locally e.g., Bluetooth, Bluetooth low energy, Wi-Fi
  • a second electronic device e.g., smartphone 42
  • a local communication stack 34 to securely pair the two devices together (e.g., locally authenticate the two devices).
  • the two electronic devices agree upon one or more unique linking addresses (e.g., RCID and/or RSID).
  • the devices may be securely paired in any of a variety of alternative ways (e.g., preset by the manufacturer).
  • the two electronic devices can communicate with each other remotely over the Internet using the linking address. More specifically, the smartlamp 40 can transmit a data packet (e.g., communication) to the predetermined RCID of the secure communication relay subsystem 30 (e.g., conduit IoT/IP service). The smartphone 42 can then retrieve the data packet from the secure communication relay subsystem 30 using the RCID (e.g., for real time alerts).
  • a data packet e.g., communication
  • the predetermined RCID of the secure communication relay subsystem 30 e.g., conduit IoT/IP service
  • the smartphone 42 can then retrieve the data packet from the secure communication relay subsystem 30 using the RCID (e.g., for real time alerts).
  • the smartlamp 40 can also send (e.g., stream) data packet(s) (e.g., log entry) to the RSID of the secure log storage subsystem 32 (e.g., EStorage IoT/IP service), which stores the data packet at that RSID until subsequently retrieved at a later time, such as by an application programming interface (API) 44 of an electronic device.
  • data packet(s) e.g., log entry
  • the secure log storage subsystem 32 e.g., EStorage IoT/IP service
  • API application programming interface
  • FIG. 3 is shown as being a wireless communications system, any suitable communications system, wireless or wired, may be used.
  • FIG. 4 is a diagram illustrating an exemplary use of an IoT/IP system across multiple electronic devices.
  • a first electronic device e.g., smartlamp 40
  • communicates locally e.g., using Bluetooth, Bluetooth low energy, Wi-Fi, etc.
  • second electronic devices e.g., local smartphone 42 a , local router 46 , etc.
  • a smartlamp 40 may communicate locally over a first (wired or wireless) communication link 45 a with a smartphone 42 a (e.g., to agree on the RCID), the smartlamp 40 may also communicate with a router 46 over a second (wired or wireless) communication link 45 b , and the smartphone 42 a may communicate with the router 46 over a third (wired or wireless) communication link 45 c . Accordingly, the smartlamp 40 , smartphone 42 a and router 46 are authenticated with one another as trusted devices.
  • a remote smartphone 42 b (which may be a different, or the same smartphone as smartphone 42 a when remotely located) may communicate with the IoT/IP engine 16 which communicates with the smartlamp 40 via the local router 46 .
  • the system is completely indifferent to the local electronic communication protocol used (e.g., indifferent to NAT protocol). Any number or any type of electronic devices may be used and paired with one another (e.g., smartlamp 40 , desktop computer 48 , smartphone 50 , tablet computer 52 , laptop computer, thermostat, lightswitch, electrical socket, garage door opener, etc.) to remotely communicate with each other via the IoT/IP engine 16 .
  • the devices may directly communicate with each other locally (e.g., using Bluetooth, Wi-Fi, etc.) to determine an agreed upon linking address, and then communicate with one another remotely over the network 20 (e.g., smartlamp 40 and smartphone 42 b ) using the predetermined linking address.
  • the devices communicate and operate with one another the same when locally communicating as they do when remotely communicating without any need for online registration (e.g., of the user, the device hardware, and/or any other identifying information).
  • the system may utilize forward secrecy such that if an unauthorized user were to break into the device and/or the IoT/IP system, they would not be able to reconstruct past communications.
  • FIG. 5 illustrates processing steps 60 of a secure communication relay subsystem of an exemplary IoT/IP system.
  • the IoT/IP system receives over a network a data packet (e.g., packet, message, communication, record, etc.) from a first electronic device (e.g., Device A, Device 1, etc.) paired (e.g., synced, authenticated) with a second electronic device (e.g., Device B, Device 2, etc.).
  • a data packet e.g., packet, message, communication, record, etc.
  • a first electronic device e.g., Device A, Device 1, etc.
  • a second electronic device e.g., Device B, Device 2, etc.
  • the first electronic device and second electronic device are paired such that the devices agree on a Remote Conduit Identification (RCID) (e.g., linking address) and role identifiers (e.g., roles) to distinguish between themselves (e.g., A and B, 1 and 2, etc.).
  • RCID Remote Conduit Identification
  • role identifiers e.g., roles
  • the RCID in various embodiments exists in a very sparse name space and could be a random token, number, a word, a passphrase, a symbol, etc. If an RCID of sufficient complexity (e.g., size, variability, etc.) is used, it will be impractical to guess or deduce the specific RCID being utilized.
  • the RCID may be a token of 128 bits.
  • the two electronic devices could be paired together (e.g., and agree on a common RCID) in any of a variety of suitable ways.
  • the two electronic devices could communicate directly with one another (e.g., using Bluetooth, Wi-Fi, etc.), the two electronic devices could be packaged and sold together such that the devices have been preprogrammed with the common RCID by the manufacturer, and/or the two electronic devices could be registered with a website that syncs the two devices together.
  • a user could manually enter an RCID in each of the devices and/or manually enter a unique passphrase (e.g., word, sentence, etc.) that is processed by a pre-programmed mathematical algorithm to correlate with a RCID (e.g., entering the passphrase on each device gets processed by the same algorithm so that each device independently comes up with the same RCID).
  • the two electronic device may also have established credentials (e.g., shared secrets) that enable secure communication over insecure channels. More specifically, such established credentials enable end-to-end encryption between the devices to protect communications from the IoT/IP system and/or anyone else.
  • the IoT/IP system decrypts the data packet if encrypted by a public key of the server of the IoT/IP system.
  • Data packet encryption hides the RCID from observers and prevents interference by third parties (e.g., prevents third parties from learning the RCID).
  • any of the existing public key schemes can be used (e.g., RSA, Diffie-Hellman (DH), elliptic curve cryptography (ECC), etc).
  • the IoT/IP system does not require security associations. Particularly for data packets with end-to-end encryption and authentication with pre-established credentials, securing electronic communication (e.g., traffic) between clients and the IoT/IP system is not required.
  • Encrypting the RCID with the public key of the IoT/IP server and using sparse ID name space ensures that attackers cannot insert malicious traffic or log entries, or pose as legitimate users, thereby preventing targeted denial of service (DoS) attacks and snooping.
  • the IoT/IP system then processes the data packet received to identify the RCID, role identifier (e.g., A or B, 1 or 2 , etc.), and payload (e.g., encrypted payload).
  • the IoT/IP system determines whether the first role is active.
  • Each electronic device can establish an active status of a role of an RCID with the IoT/IP system (e.g., the server), such as by electronically transmitting an open channel request to the IoT/IP system (e.g., before or with electronic transmission of a data packet).
  • the open channel request could include the RCID, the role, and/or credentials (e.g., a unique blinded certificate) to validate with the IoT/IP system to confirm that the electronic device is authorized to use the IoT/IP system.
  • the IoT/IP system validates the open channel request (e.g., including the credentials)
  • the IoT/IP system declares the status of the role (e.g., the first role) of the RCID as active.
  • the IoT/IP system could record the time the open channel request was received and start a timer. Once a predetermined time period has expired (e.g., two minutes, five minutes, etc.), the IoT/IP system removes the active status (e.g., changes the status of the role to inactive) unless the electronic device maintains the active status.
  • the electronic device can maintain the active status and reset the timer by resubmitting an open channel request (e.g., with credentials) or by successfully transmitting a data packet to a second electronic device as described below.
  • the first role is not active (e.g., inactive)
  • the system proceeds to step 76 and drops the data packet.
  • the IoT/IP system records the IP address of the data packet and/or the time received in the database.
  • the IoT/IP system determines whether the second role (e.g., a second electronic device) is active. If so, in step 74 , the IoT/IP system forwards the data packet (with the encrypted payload) to the second electronic device.
  • the IoT/IP system in some embodiments encrypts the data packet for transmission to the second electronic device. If not, in step 76 , the system drops the data packet. Once received, the second electronic device can then decrypt both the encrypted packet (if encrypted) and the encrypted payload (if encrypted). In this way, the IoT/IP system acts as a relay between the first electronic device and the second electronic device.
  • the IoT/IP system is completely indifferent (e.g., agnostic) as to the identity of the electronic devices, the content of the encrypted payload, the identity of the owner of one or both of the electronic devices, etc. However, because the RCID is so large, the IoT/IP provides the privacy and security necessary for electronic communications over a network.
  • FIG. 6 is a diagram illustrating exemplary processing steps of FIG. 5 . More specifically, as shown, Client A 80 (e.g., first electronic device) and Client B 82 are securely paired such that they agree upon a preset RCID 84 . Client A 80 then sends a data packet 88 for Client B 82 over the network to the relay 86 (e.g., the IoT/IP system).
  • the data packet 88 includes the RCID 90 (e.g, the same as preset RCID 84 ), the role identifier 92 of the sending client (e.g., A if sent from Client A 80 , B if sent from Client B 82 ), and an encrypted payload 94 , though as noted above in other embodiments the payload is not encrypted.
  • the relay 86 receives the data packet 88 from Client A 80 and then decrypts the data packet 88 to reveal the RCID 90 , the role identifier 82 , and the still encrypted payload 94 (which step is not performed if the payload is not encrypted).
  • Client B 82 retrieves the data packet 88 from the relay 86 using the preset RCID 84 , and then decrypts data packet 88 and the encrypted payload 94 .
  • the relay 86 in some embodiments encrypts the data packet 88 for transmission to Client B 82 . In some such embodiments, the encrypted payload 94 of the data packet 88 is never decrypted by the relay 86 .
  • the relay 86 only provides data packet decryption, not payload decryption.
  • FIG. 7 illustrates processing steps 100 of a secure log storage subsystem of an exemplary IoT/IP system.
  • the IoT/IP system electronically receives over a network a data packet (e.g., message, communication, record, etc.) from a log generator (e.g., first electronic device) paired (e.g., synced) with one or more log consumers (e.g., second electronic devices).
  • the log generator and log consumer are paired such that the devices agree on a Remote Storage Identification (RSID) (e.g., linking address).
  • RSID Remote Storage Identification
  • the RSID in various embodiments exists in a very sparse name space and could be a random token, number, a word, a passphrase, a symbol, etc.
  • the RSID may be a token of 128 bits.
  • the log generator and log consumer e.g., two electronic devices
  • the log generator and log consumer may be paired together (e.g., and agree on a common RSID) in any of a variety of ways.
  • the two electronic devices could communicate directly with one another (e.g., using Bluetooth, Wi-Fi, etc.), the two electronic devices could be packaged and sold together such that the devices have been preprogrammed with the common RSID by the manufacturer, and/or the two electronic devices could be registered with a website which syncs the two devices together.
  • a user could manually enter a RSID in each of the devices and/or manually enter a unique passphrase (e.g., word, sentence, etc.) which is processed by a pre-programmed mathematical algorithm to correlate with a RSID (e.g., entering the passphrase on each device gets processed by the same algorithm so that each device independently comes up with the same RSID).
  • the log generator could create an RSID upfront, use it to store log entries, and subsequently electronically communicate the RSID to one or more log consumers. Any suitable method of electronic communication may be used, such as secure socket layer (SSL), etc.
  • SSL secure socket layer
  • the two electronic devices may also have established credentials (e.g., shared secrets) that enable secure communication over insecure channels.
  • such established credentials enable end-to-end encryption between the devices to protect communications from the IoT/IP system and/or anyone else.
  • the entire data packet may be encrypted by a first encryption having an RSID and a payload encrypted by a second encryption.
  • the log entries could be stored encrypted, and only authorized log consumers can decrypt them.
  • the IoT/IP system decrypts the data packet received if encrypted by a public key of the server of the IoT/IP system.
  • Data packet encryption hides the RSID from observers and prevents interference by third parties (e.g., prevents third parties from learning the RSID).
  • any of the existing public key schemes can be used (e.g., RSA, Diffie-Hellman (DH), elliptic curve cryptography (ECC), etc).
  • the IoT/IP system does not require security associations. Electronic communications from the log generator and/or the log consumer to the IoT/IP system could be encrypted with the public key of the server of the IoT/IP system.
  • the IoT/IP system then processes the data packet received to identify the RSID and payload (e.g., encrypted payload), thereby associating the log entry with the RSID.
  • the IoT/IP system records the IP address of the data packet and/or the time received (e.g., adds a timestamp to the data packet) in the database.
  • the IoT/IP system stores the packet in a database (e.g., a key-value database). Any of a variety of databases could be used, such as Riak.
  • the storage mechanism provides at least retrieval operation on RSID alone. Additionally, the storage mechanism may also provide retrieval on RSID and a timestamp range, deletion of contents associated with RSID, and/or silent log record dropping (e.g., after age and/or capacity per RSID is reached or exceeded).
  • an encrypted payload could include random salt (e.g., Initialization Vector (IV), etc.), payload length, and/or Initialization Vector with log entry (e.g., encrypted by a stream cipher using shared secret as a key).
  • random salt e.g., Initialization Vector (IV), etc.
  • payload length e.g., payload length
  • Initialization Vector with log entry e.g., encrypted by a stream cipher using shared secret as a key.
  • the IoT/IP system electronically receives a query (e.g., request) from a log consumer.
  • the request includes the RSID and may optionally include query terms (e.g., maximum number of latest entries to be retrieved and/or time of oldest entry to retrieve, etc.).
  • the request may be encrypted with the public key of the server of the IoT/IP system. This encryption hides the RSID from observers and prevents interference by third parties (e.g., prevents third parties from learning the RSID).
  • any of the existing public key schemes can be used (e.g., RSA, Diffie-Hellman (DH), elliptic curve cryptography (ECC), etc).
  • the IoT/IP system does not require security associations. Particularly for data packets with end-to-end encryption and authentication with pre-established credentials, securing electronic communication (e.g., traffic) between clients and the IoT/IP system is not required. Encrypting the RSID with the public key of the IoT/IP server and using sparse ID name space ensures that attackers cannot insert malicious traffic or log entries, or pose as legitimate communications peers or consumers, thereby preventing targeted denial of service (DoS) attacks and snooping. In step 114 , the IoT/IP system retrieves the log entries requested (e.g., consistent with the query terms) from the database.
  • DoS targeted denial of service
  • the IoT/IP system electronically transmits the log entries to the log consumer. If encrypted, the log entry (e.g., payload) remains opaque to third parties.
  • the electronic transmission may include a timestamp and/or be encrypted, such as by the IoT/IP system server and log consumer establishing a one-time shared secret by an public key method (e.g., Diffie-Hellman). In this way, the IoT/IP system acts as a storage between the first electronic device and the second electronic device.
  • an public key method e.g., Diffie-Hellman
  • the IoT/IP system is completely indifferent (e.g., agnostic) as to the identity of the electronic devices (e.g., log generators, log consumers, etc.), the content of the encrypted log entries, the identity of the owner of one or both of the electronic devices, etc.
  • the RSID range is so large, only the agreed upon parties (e.g., the log generator and the log consumer) can deposit and retrieve log entries.
  • the IoT/IP provides the privacy and security necessary for electronic communications over a network.
  • the IoT/IP system e.g., secure relay communication subsystem, secure log storage subsystem
  • each authorized electronic device could be issued a unique blinded certificate.
  • the unique blinded certificate e.g., bureau document
  • the unique blinded certificate could be required to be submitted periodically (e.g., with the first log entry, every inactivity timer period, etc.).
  • the unique blinded certificate may be embedded by the manufacturer, issued from online registration, etc.
  • the IoT/IP system could recognize a valid certificate, but does not associate it with a particular electronic device and/or user.
  • the IoT/IP system may, in some embodiments, monitor for signs of abuse and could blacklist (e.g., ban) any certificates and/or IP addresses found to cause abuse, thereby preventing the IP address or certificate holder from accessing the IoT/IP system.
  • signs of abuse could include access to a particular RCID by an IP address where the IP address changes too frequently, or concurrent use of a particular RSID by two devices with the same certificate but different IP addresses, or a third electronic device attempting to use a particular RCID, etc.
  • sparse ID e.g., linking address, RSID, RCID
  • N log servers which do not need to be connected
  • each client e.g., generator, consumer, Client A, Client B, etc.
  • a client e.g., generator, consumer, Client A, Client B, etc.
  • Server[i] select Server[i].
  • ID mod N where ID is either RCID or RSID
  • FIG. 8 is a diagram showing hardware and software components of an exemplary IoT/IP system 200 .
  • the system 200 comprises a processing server 202 which may include one or more of a storage device 204 , a network interface 208 , a communications bus 210 , a central processing unit (CPU) (microprocessor) 212 , a random access memory (RAM) 214 , and one or more input devices 216 , such as a keyboard, mouse, etc.
  • the server 202 may also include a display (e.g., liquid crystal display (LCD), cathode ray tube (CRT), etc.).
  • LCD liquid crystal display
  • CRT cathode ray tube
  • the storage device 204 may comprise any suitable, computer-readable storage medium such as disk, non-volatile memory (e.g., read-only memory (ROM), eraseable programmable ROM (EPROM), electrically-eraseable programmable ROM (EEPROM), flash memory, field-programmable gate array (FPGA), etc.).
  • the server 202 may be a networked computer system, a personal computer, a smart phone, tablet computer etc.
  • the functionality provided by the present disclosure may be provided by an IoT/IP program/engine 206 , which may be embodied as computer-readable program code stored on the storage device 204 and executed by the CPU 212 using any suitable, high or low level computing language, such as Python, Java, C, C++, C#, .NET, MATLAB, etc.
  • the network interface 208 may include an Ethernet network interface device, a wireless network interface device, or any other suitable device that permits the server 202 to communicate via the network.
  • the CPU 212 may include any suitable single- or multiple-core microprocessor of any suitable architecture that is capable of implementing and running the IoT/IP engine 206 (e.g., Intel processor).
  • the random access memory 214 may include any suitable, high-speed, random access memory typical of most modern computers, such as dynamic RAM (DRAM), etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
US14/728,867 2014-06-02 2015-06-02 Systems and methods for secure communication over a network using a linking address Abandoned US20150350167A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US14/728,867 US20150350167A1 (en) 2014-06-02 2015-06-02 Systems and methods for secure communication over a network using a linking address
US17/843,466 US20220321543A1 (en) 2014-06-02 2022-06-17 Systems and methods for secure communication over a network using a linking address

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201461997450P 2014-06-02 2014-06-02
US201461997422P 2014-06-02 2014-06-02
US14/728,867 US20150350167A1 (en) 2014-06-02 2015-06-02 Systems and methods for secure communication over a network using a linking address

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US17/843,466 Continuation US20220321543A1 (en) 2014-06-02 2022-06-17 Systems and methods for secure communication over a network using a linking address

Publications (1)

Publication Number Publication Date
US20150350167A1 true US20150350167A1 (en) 2015-12-03

Family

ID=54703117

Family Applications (2)

Application Number Title Priority Date Filing Date
US14/728,867 Abandoned US20150350167A1 (en) 2014-06-02 2015-06-02 Systems and methods for secure communication over a network using a linking address
US17/843,466 Pending US20220321543A1 (en) 2014-06-02 2022-06-17 Systems and methods for secure communication over a network using a linking address

Family Applications After (1)

Application Number Title Priority Date Filing Date
US17/843,466 Pending US20220321543A1 (en) 2014-06-02 2022-06-17 Systems and methods for secure communication over a network using a linking address

Country Status (7)

Country Link
US (2) US20150350167A1 (fr)
EP (1) EP3155761B1 (fr)
JP (1) JP6367375B2 (fr)
CN (1) CN106576061B (fr)
AU (2) AU2015271780A1 (fr)
CA (1) CA2950301C (fr)
WO (1) WO2015187718A1 (fr)

Cited By (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160044001A1 (en) * 2014-08-11 2016-02-11 Intel Corporation Network-enabled device provisioning
US9338147B1 (en) * 2015-04-24 2016-05-10 Extrahop Networks, Inc. Secure communication secret sharing
US9967292B1 (en) 2017-10-25 2018-05-08 Extrahop Networks, Inc. Inline secret sharing
US10104119B2 (en) * 2016-05-11 2018-10-16 Cisco Technology, Inc. Short term certificate management during distributed denial of service attacks
US10284524B2 (en) * 2014-08-21 2019-05-07 James Armand Baldwin Secure auto-provisioning device network
US20190166502A1 (en) * 2017-11-29 2019-05-30 Mojo Networks, LLC. Security monitoring for wireless sensor nodes
US10476673B2 (en) 2017-03-22 2019-11-12 Extrahop Networks, Inc. Managing session secrets for continuous packet capture systems
US10491382B2 (en) 2016-08-16 2019-11-26 iDevices, LLC Secure authentication of devices without server assistance or pre-shared credentials
US10644875B2 (en) * 2016-04-28 2020-05-05 International Business Machines Corporation Pre-authorization of public key infrastructure
US10728126B2 (en) 2018-02-08 2020-07-28 Extrahop Networks, Inc. Personalization of alerts based on network monitoring
US10742677B1 (en) 2019-09-04 2020-08-11 Extrahop Networks, Inc. Automatic determination of user roles and asset types based on network monitoring
US10742530B1 (en) 2019-08-05 2020-08-11 Extrahop Networks, Inc. Correlating network traffic that crosses opaque endpoints
US10965702B2 (en) * 2019-05-28 2021-03-30 Extrahop Networks, Inc. Detecting injection attacks using passive network monitoring
US10979282B2 (en) 2018-02-07 2021-04-13 Extrahop Networks, Inc. Ranking alerts based on network monitoring
US11012329B2 (en) 2018-08-09 2021-05-18 Extrahop Networks, Inc. Correlating causes and effects associated with network activity
US20210176209A1 (en) * 2018-04-20 2021-06-10 Byd Company Limited Vehicle and vehicle security control method and system based on open platform
US20210273802A1 (en) * 2015-06-05 2021-09-02 Apple Inc. Relay service for communication between controllers and accessories
US20210303498A1 (en) * 2018-09-18 2021-09-30 Samsung Electronics Co., Ltd. Mechanism to identify fpga and ssd pairing in a multi-device environment
US11165814B2 (en) 2019-07-29 2021-11-02 Extrahop Networks, Inc. Modifying triage information based on network monitoring
US11165823B2 (en) 2019-12-17 2021-11-02 Extrahop Networks, Inc. Automated preemptive polymorphic deception
US11296967B1 (en) 2021-09-23 2022-04-05 Extrahop Networks, Inc. Combining passive network analysis and active probing
US11310256B2 (en) 2020-09-23 2022-04-19 Extrahop Networks, Inc. Monitoring encrypted network traffic
CN114389879A (zh) * 2022-01-13 2022-04-22 重庆东电通信技术有限公司 一种物联网终端数据管控系统
US11323467B2 (en) 2018-08-21 2022-05-03 Extrahop Networks, Inc. Managing incident response operations based on monitored network activity
US11349861B1 (en) 2021-06-18 2022-05-31 Extrahop Networks, Inc. Identifying network entities based on beaconing activity
US11388072B2 (en) 2019-08-05 2022-07-12 Extrahop Networks, Inc. Correlating network traffic that crosses opaque endpoints
US11405208B2 (en) * 2019-10-17 2022-08-02 Hyundai Motor Company Vehicle communication system and method of security communication therefor
US11431744B2 (en) 2018-02-09 2022-08-30 Extrahop Networks, Inc. Detection of denial of service attacks
US11463466B2 (en) 2020-09-23 2022-10-04 Extrahop Networks, Inc. Monitoring encrypted network traffic
US11843606B2 (en) 2022-03-30 2023-12-12 Extrahop Networks, Inc. Detecting abnormal data access based on data similarity

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019181460A1 (fr) * 2018-03-19 2019-09-26 株式会社Nttドコモ Système et procédé de communication
WO2024085728A1 (fr) * 2022-10-21 2024-04-25 삼성전자 주식회사 Dispositif électronique, et procédé de téléchargement de données à partir d'un dispositif électronique externe vers un dispositif électronique

Citations (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5500860A (en) * 1991-06-14 1996-03-19 Digital Equipment Corporation Router using multiple hop redirect messages to enable bridge like data forwarding
US6108644A (en) * 1998-02-19 2000-08-22 At&T Corp. System and method for electronic transactions
US6636516B1 (en) * 1999-03-17 2003-10-21 Nec Corporation QOS-based virtual private network using ATM-based internet virtual connections
US6917978B1 (en) * 1999-10-26 2005-07-12 Fujitsu Limited Network system having function of retrieving information, network terminal device having function of retrieving information, and network relay device having function of retrieving information
US6944154B2 (en) * 2000-12-06 2005-09-13 International Business Machines Corporation System and method for remultiplexing of a filtered transport stream with new content in real-time
US7472277B2 (en) * 2004-06-17 2008-12-30 International Business Machines Corporation User controlled anonymity when evaluating into a role
US7558604B2 (en) * 2005-11-25 2009-07-07 Lenovo (Singapore) Pte. Ltd. Method and apparatus for remote discovery of client and access point settings in a wireless LAN
US7626576B2 (en) * 2004-03-16 2009-12-01 Free Alliance Sdn Bhd Wireless transceiver system for computer input devices
US7760693B2 (en) * 2004-12-10 2010-07-20 Nec Corporation Packet distribution system, PAN registration device, PAN control device, packet transfer device, and packet distribution method
US20100235481A1 (en) * 2007-10-24 2010-09-16 Lantronix, Inc. Various methods and apparatuses for accessing networked devices without accessible addresses via virtual ip addresses
US7965638B1 (en) * 2006-05-22 2011-06-21 Atrica Israel Ltd. Policing machine incorporating randomization of rate threshold
US7990967B2 (en) * 2005-01-06 2011-08-02 Rockwell Automation Technologies, Inc. Firewall method and apparatus for industrial systems
US8010496B2 (en) * 2008-03-25 2011-08-30 Hitachi, Ltd. Backup management method in a remote copy environment
US8040901B1 (en) * 2008-02-06 2011-10-18 Juniper Networks, Inc. Packet queueing within ring networks
US8352563B2 (en) * 2010-04-29 2013-01-08 Damaka, Inc. System and method for peer-to-peer media routing using a third party instant messaging system for signaling
US20130227653A1 (en) * 2008-11-29 2013-08-29 Yu Yung Choi System and method for streamlined registration of products over a communication network and for verification and management of information related thereto
US20140108943A1 (en) * 2012-10-16 2014-04-17 Korea Electronics Technology Institute Method for browsing internet of things and apparatus using the same
US20140219281A1 (en) * 2009-09-14 2014-08-07 Nec Corporation Communication system, forwarding node, path management server, communication method, and program
US8806033B1 (en) * 2011-06-30 2014-08-12 Juniper Networks, Inc. Effective network identity pairing
US9143890B2 (en) * 2012-07-12 2015-09-22 Samsung Electronics Co., Ltd. Network, master, hub and method for providing a bluetooth infrastructure
US20150318874A1 (en) * 2014-04-30 2015-11-05 Aliphcom Pairing devices using acoustic signals
US9204263B2 (en) * 2012-05-23 2015-12-01 Mark A. Lindner Systems and methods for establishing a group communication based on motion of a mobile device
US20150347511A1 (en) * 2014-05-30 2015-12-03 Apple Inc Universal identifier
US20160028699A1 (en) * 2013-03-13 2016-01-28 Jumpto Media Inc. Encrypted network storage space
US9276769B2 (en) * 2007-09-19 2016-03-01 Coriant Operations, Inc. Circuit bundle for resiliency/protection of circuits
US20160100014A1 (en) * 2014-01-16 2016-04-07 1More Inc. Method and Terminal for Controlling Internet of Things and Controlled Electronic Device
US9372922B2 (en) * 2013-07-11 2016-06-21 Neura, Inc. Data consolidation mechanisms for internet of things integration platform
US9634889B2 (en) * 2014-11-17 2017-04-25 Huawei Technologies Co., Ltd Method for migrating service of data center, apparatus, and system
US10154017B2 (en) * 2015-04-30 2018-12-11 Mcafee, Llc Device pairing in a local network

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2500300A (en) * 1999-01-12 2000-08-01 Lake Communications Limited Wireless communications gateway for a home or small office
US20050114505A1 (en) * 2003-11-26 2005-05-26 Destefano Jason M. Method and apparatus for retrieving and combining summarized log data in a distributed log data processing system
JP4158972B2 (ja) * 2003-12-18 2008-10-01 Kddi株式会社 マルチホップ通信方法
JP2009164901A (ja) * 2008-01-07 2009-07-23 Ntt Docomo Inc 呼接続装置及び呼接続方法
US8954003B2 (en) * 2011-10-18 2015-02-10 Blackberry Limited System and method of managing pairing information associated with peer-to-peer device pairings
CN103067340B (zh) * 2011-10-20 2016-08-03 中兴通讯股份有限公司 远程控制网络信息家电的鉴权方法及系统、互联网家庭网关
CN103118048A (zh) * 2011-11-17 2013-05-22 腾讯科技(深圳)有限公司 数据同步的方法、服务器和终端
CN102984120A (zh) * 2012-04-17 2013-03-20 广州市国迈科技有限公司 一种实现文件安全流转的即时通讯方法和系统
US8832433B2 (en) * 2012-08-17 2014-09-09 Cellco Partnership Methods and systems for registering a packet-based address for a mobile device using a fully-qualified domain name (FQDN) for the device in a mobile communication network
US8539567B1 (en) * 2012-09-22 2013-09-17 Nest Labs, Inc. Multi-tiered authentication methods for facilitating communications amongst smart home devices and cloud-based servers
CN102891891A (zh) * 2012-09-26 2013-01-23 广州市动景计算机科技有限公司 跨设备文件传输方法和系统
CN103853764B (zh) * 2012-12-03 2017-08-08 金蝶软件(中国)有限公司 终端信息同步方法及装置
CN103259859A (zh) * 2013-05-08 2013-08-21 王天一 一种基于Android的体域网及其智能终端连接方法
JP6279938B2 (ja) * 2014-03-10 2018-02-14 株式会社東芝 接続管理装置、通信システム、接続管理方法およびプログラム
CN104298203A (zh) * 2014-10-21 2015-01-21 四川长虹电器股份有限公司 基于手机远程监控抽油烟机和灶具的系统和方法

Patent Citations (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5500860A (en) * 1991-06-14 1996-03-19 Digital Equipment Corporation Router using multiple hop redirect messages to enable bridge like data forwarding
US6108644A (en) * 1998-02-19 2000-08-22 At&T Corp. System and method for electronic transactions
US6636516B1 (en) * 1999-03-17 2003-10-21 Nec Corporation QOS-based virtual private network using ATM-based internet virtual connections
US6917978B1 (en) * 1999-10-26 2005-07-12 Fujitsu Limited Network system having function of retrieving information, network terminal device having function of retrieving information, and network relay device having function of retrieving information
US6944154B2 (en) * 2000-12-06 2005-09-13 International Business Machines Corporation System and method for remultiplexing of a filtered transport stream with new content in real-time
US7626576B2 (en) * 2004-03-16 2009-12-01 Free Alliance Sdn Bhd Wireless transceiver system for computer input devices
US7472277B2 (en) * 2004-06-17 2008-12-30 International Business Machines Corporation User controlled anonymity when evaluating into a role
US7760693B2 (en) * 2004-12-10 2010-07-20 Nec Corporation Packet distribution system, PAN registration device, PAN control device, packet transfer device, and packet distribution method
US7990967B2 (en) * 2005-01-06 2011-08-02 Rockwell Automation Technologies, Inc. Firewall method and apparatus for industrial systems
US7558604B2 (en) * 2005-11-25 2009-07-07 Lenovo (Singapore) Pte. Ltd. Method and apparatus for remote discovery of client and access point settings in a wireless LAN
US7965638B1 (en) * 2006-05-22 2011-06-21 Atrica Israel Ltd. Policing machine incorporating randomization of rate threshold
US9276769B2 (en) * 2007-09-19 2016-03-01 Coriant Operations, Inc. Circuit bundle for resiliency/protection of circuits
US20100235481A1 (en) * 2007-10-24 2010-09-16 Lantronix, Inc. Various methods and apparatuses for accessing networked devices without accessible addresses via virtual ip addresses
US8040901B1 (en) * 2008-02-06 2011-10-18 Juniper Networks, Inc. Packet queueing within ring networks
US8010496B2 (en) * 2008-03-25 2011-08-30 Hitachi, Ltd. Backup management method in a remote copy environment
US20130227653A1 (en) * 2008-11-29 2013-08-29 Yu Yung Choi System and method for streamlined registration of products over a communication network and for verification and management of information related thereto
US20140219281A1 (en) * 2009-09-14 2014-08-07 Nec Corporation Communication system, forwarding node, path management server, communication method, and program
US8352563B2 (en) * 2010-04-29 2013-01-08 Damaka, Inc. System and method for peer-to-peer media routing using a third party instant messaging system for signaling
US8806033B1 (en) * 2011-06-30 2014-08-12 Juniper Networks, Inc. Effective network identity pairing
US9204263B2 (en) * 2012-05-23 2015-12-01 Mark A. Lindner Systems and methods for establishing a group communication based on motion of a mobile device
US9143890B2 (en) * 2012-07-12 2015-09-22 Samsung Electronics Co., Ltd. Network, master, hub and method for providing a bluetooth infrastructure
US20140108943A1 (en) * 2012-10-16 2014-04-17 Korea Electronics Technology Institute Method for browsing internet of things and apparatus using the same
US20160028699A1 (en) * 2013-03-13 2016-01-28 Jumpto Media Inc. Encrypted network storage space
US9372922B2 (en) * 2013-07-11 2016-06-21 Neura, Inc. Data consolidation mechanisms for internet of things integration platform
US20160100014A1 (en) * 2014-01-16 2016-04-07 1More Inc. Method and Terminal for Controlling Internet of Things and Controlled Electronic Device
US20150318874A1 (en) * 2014-04-30 2015-11-05 Aliphcom Pairing devices using acoustic signals
US20150347511A1 (en) * 2014-05-30 2015-12-03 Apple Inc Universal identifier
US9634889B2 (en) * 2014-11-17 2017-04-25 Huawei Technologies Co., Ltd Method for migrating service of data center, apparatus, and system
US10154017B2 (en) * 2015-04-30 2018-12-11 Mcafee, Llc Device pairing in a local network

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Hinden et al. "Unique Local IPv6 Unicast Addresses", RFC 4193. October 2005. 16 pgs. *
Rekhter et al. "Address Allocation for Private Internets", RFC 1918. February 1996. 9 pgs. *

Cited By (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160044001A1 (en) * 2014-08-11 2016-02-11 Intel Corporation Network-enabled device provisioning
US9571464B2 (en) * 2014-08-11 2017-02-14 Intel Corporation Network-enabled device provisioning
US10284524B2 (en) * 2014-08-21 2019-05-07 James Armand Baldwin Secure auto-provisioning device network
US9621523B2 (en) 2015-04-24 2017-04-11 Extrahop Networks, Inc. Secure communication secret sharing
US9338147B1 (en) * 2015-04-24 2016-05-10 Extrahop Networks, Inc. Secure communication secret sharing
US10326741B2 (en) 2015-04-24 2019-06-18 Extrahop Networks, Inc. Secure communication secret sharing
US11831770B2 (en) * 2015-06-05 2023-11-28 Apple Inc. Relay service for communication between controllers and accessories
US20210273802A1 (en) * 2015-06-05 2021-09-02 Apple Inc. Relay service for communication between controllers and accessories
US10644875B2 (en) * 2016-04-28 2020-05-05 International Business Machines Corporation Pre-authorization of public key infrastructure
US10104119B2 (en) * 2016-05-11 2018-10-16 Cisco Technology, Inc. Short term certificate management during distributed denial of service attacks
US10749897B2 (en) 2016-05-11 2020-08-18 Cisco Technology, Inc. Short term certificate management during distributed denial of service attacks
US10491382B2 (en) 2016-08-16 2019-11-26 iDevices, LLC Secure authentication of devices without server assistance or pre-shared credentials
US11546153B2 (en) 2017-03-22 2023-01-03 Extrahop Networks, Inc. Managing session secrets for continuous packet capture systems
US10476673B2 (en) 2017-03-22 2019-11-12 Extrahop Networks, Inc. Managing session secrets for continuous packet capture systems
US11665207B2 (en) 2017-10-25 2023-05-30 Extrahop Networks, Inc. Inline secret sharing
US11165831B2 (en) 2017-10-25 2021-11-02 Extrahop Networks, Inc. Inline secret sharing
US9967292B1 (en) 2017-10-25 2018-05-08 Extrahop Networks, Inc. Inline secret sharing
US20190166502A1 (en) * 2017-11-29 2019-05-30 Mojo Networks, LLC. Security monitoring for wireless sensor nodes
US11463299B2 (en) 2018-02-07 2022-10-04 Extrahop Networks, Inc. Ranking alerts based on network monitoring
US10979282B2 (en) 2018-02-07 2021-04-13 Extrahop Networks, Inc. Ranking alerts based on network monitoring
US10728126B2 (en) 2018-02-08 2020-07-28 Extrahop Networks, Inc. Personalization of alerts based on network monitoring
US11431744B2 (en) 2018-02-09 2022-08-30 Extrahop Networks, Inc. Detection of denial of service attacks
US11916884B2 (en) * 2018-04-20 2024-02-27 Byd Company Limited Vehicle and vehicle security control method and system based on open platform
US20210176209A1 (en) * 2018-04-20 2021-06-10 Byd Company Limited Vehicle and vehicle security control method and system based on open platform
US11012329B2 (en) 2018-08-09 2021-05-18 Extrahop Networks, Inc. Correlating causes and effects associated with network activity
US11496378B2 (en) 2018-08-09 2022-11-08 Extrahop Networks, Inc. Correlating causes and effects associated with network activity
US11323467B2 (en) 2018-08-21 2022-05-03 Extrahop Networks, Inc. Managing incident response operations based on monitored network activity
US20210303498A1 (en) * 2018-09-18 2021-09-30 Samsung Electronics Co., Ltd. Mechanism to identify fpga and ssd pairing in a multi-device environment
US11706233B2 (en) * 2019-05-28 2023-07-18 Extrahop Networks, Inc. Detecting injection attacks using passive network monitoring
US20220021694A1 (en) * 2019-05-28 2022-01-20 Extrahop Networks, Inc. Detecting injection attacks using passive network monitoring
US10965702B2 (en) * 2019-05-28 2021-03-30 Extrahop Networks, Inc. Detecting injection attacks using passive network monitoring
US11165814B2 (en) 2019-07-29 2021-11-02 Extrahop Networks, Inc. Modifying triage information based on network monitoring
US10742530B1 (en) 2019-08-05 2020-08-11 Extrahop Networks, Inc. Correlating network traffic that crosses opaque endpoints
US11652714B2 (en) 2019-08-05 2023-05-16 Extrahop Networks, Inc. Correlating network traffic that crosses opaque endpoints
US11388072B2 (en) 2019-08-05 2022-07-12 Extrahop Networks, Inc. Correlating network traffic that crosses opaque endpoints
US11438247B2 (en) 2019-08-05 2022-09-06 Extrahop Networks, Inc. Correlating network traffic that crosses opaque endpoints
US11463465B2 (en) 2019-09-04 2022-10-04 Extrahop Networks, Inc. Automatic determination of user roles and asset types based on network monitoring
US10742677B1 (en) 2019-09-04 2020-08-11 Extrahop Networks, Inc. Automatic determination of user roles and asset types based on network monitoring
US11405208B2 (en) * 2019-10-17 2022-08-02 Hyundai Motor Company Vehicle communication system and method of security communication therefor
US11165823B2 (en) 2019-12-17 2021-11-02 Extrahop Networks, Inc. Automated preemptive polymorphic deception
US12107888B2 (en) 2019-12-17 2024-10-01 Extrahop Networks, Inc. Automated preemptive polymorphic deception
US11463466B2 (en) 2020-09-23 2022-10-04 Extrahop Networks, Inc. Monitoring encrypted network traffic
US11558413B2 (en) 2020-09-23 2023-01-17 Extrahop Networks, Inc. Monitoring encrypted network traffic
US11310256B2 (en) 2020-09-23 2022-04-19 Extrahop Networks, Inc. Monitoring encrypted network traffic
US11349861B1 (en) 2021-06-18 2022-05-31 Extrahop Networks, Inc. Identifying network entities based on beaconing activity
US11296967B1 (en) 2021-09-23 2022-04-05 Extrahop Networks, Inc. Combining passive network analysis and active probing
US11916771B2 (en) 2021-09-23 2024-02-27 Extrahop Networks, Inc. Combining passive network analysis and active probing
CN114389879A (zh) * 2022-01-13 2022-04-22 重庆东电通信技术有限公司 一种物联网终端数据管控系统
US11843606B2 (en) 2022-03-30 2023-12-12 Extrahop Networks, Inc. Detecting abnormal data access based on data similarity

Also Published As

Publication number Publication date
CN106576061A (zh) 2017-04-19
AU2018223001A1 (en) 2018-09-20
JP2017524287A (ja) 2017-08-24
WO2015187718A1 (fr) 2015-12-10
EP3155761A4 (fr) 2018-03-14
AU2015271780A1 (en) 2016-12-08
CN106576061B (zh) 2020-09-04
JP6367375B2 (ja) 2018-08-01
CA2950301A1 (fr) 2015-12-10
CA2950301C (fr) 2021-06-29
US20220321543A1 (en) 2022-10-06
EP3155761B1 (fr) 2021-03-17
EP3155761A1 (fr) 2017-04-19

Similar Documents

Publication Publication Date Title
US20220321543A1 (en) Systems and methods for secure communication over a network using a linking address
US10693848B2 (en) Installation of a terminal in a secure system
CN107666383B (zh) 基于https协议的报文处理方法以及装置
EP3205048B1 (fr) Génération d'une clé de cryptage symétrique
US10356090B2 (en) Method and system for establishing a secure communication channel
US10511596B2 (en) Mutual authentication
US11736401B2 (en) Reassigning exit internet protocol addresses in a virtual private network server
US11695734B2 (en) Rotating internet protocol addresses in a virtual private network
US10733309B2 (en) Security through authentication tokens
JP2017130923A (ja) 無線ネットワークにおける高速、安全且つプライバシーフレンドリーなインターネット接続検出の方法
Yerlikaya et al. Authentication and authorization mechanism on message queue telemetry transport protocol
US11765133B2 (en) Authentication scheme in a virtual private network
US11943201B2 (en) Authentication procedure in a virtual private network
US11729154B2 (en) Systems and methods for network privacy
WO2016141513A1 (fr) Procédé et appareil de traitement de service

Legal Events

Date Code Title Description
AS Assignment

Owner name: IDEVICES, LLC, CONNECTICUT

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:DJAKOVIC, VLADAN;REEL/FRAME:035769/0504

Effective date: 20150601

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: ADVISORY ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: AWAITING RESPONSE FOR INFORMALITY, FEE DEFICIENCY OR CRF ACTION

AS Assignment

Owner name: HUBBELL INCORPORATED (DELAWARE), CONNECTICUT

Free format text: MERGER;ASSIGNOR:IDEVICES, LLC;REEL/FRAME:057797/0818

Effective date: 20210830

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION