US010177911B2

(12) United States Patent ( 10 ) Patent No.: US 10 , 177,911 B2

Nix (45) Date of Patent: * Jan . 8 , 2019
(54 ) SECURE PKI COMMUNICATIONS FOR (58 ) Field of Classification Search
“MACHINE - TO -MACHINE " MODULES , CPC ... HO4L 9 /0861; H04L 9 /006 ; H04L 63 / 0272 ;
INCLUDING KEY DERIVATION BY G06F 21/35; G06F 2221/2105 ; H04W
MODULES AND AUTHENTICATING PUBLIC 12 /06
KEYS See application file for complete search history.
( 71) Applicant: Network - 1 Technologies, Inc ., New ( 56 ) References Cited
York , NY (US) U . S . PATENT DOCUMENTS
( 72 ) Inventor: John A . Nix , Evanston , IL (US) 6 ,038 ,322 A 3 /2000 Harkins
7, 921,292 B1 4 / 2011 Pauker et al.
(73 ) Assignee : Network -1 Technologies, Inc., New (Continued )
York , NY (US) FOREIGN PATENT DOCUMENTS
( * ) Notice : Subject to any disclaimer, the term of this CA 2775853 12/ 2012
patent is extended or adjusted under 35 1981224 10 / 2008
U . S . C . 154(b ) by 0 days . (Continued )
This patent is subject to a terminal dis
claimer . OTHER PUBLICATIONS
(21) Appl. No.: 15 /983,957 Kirk H . M . Wong et al , A Dynamic User Authentication Scheme for
Wireless Sensor Networks, Proceedings of the EEE International
(22 ) Filed : May 18 , 2018 Conference on Sensor Networks , Ubiquitous, and Trustworthy
Computing ( SUTC '06 ), pp . 1-8 .
(65 ) Prior Publication Data (Continued )
US 2018 /0270059 A1 Sep . 20 , 2018 Primary Examiner — Wasika Nipa
(74 ) Attorney, Agent, or Firm — Amster, Rothstein &
Ebenstein LLP
Related U .S . Application Data
(63) Continuation of application No . 15 /043 ,293 , filed on (57) ABSTRACT
Feb . 12 , 2016 , now Pat. No . 9, 998, 280 , which is a Methods and systems are provided for efficient and secure
(Continued ) “ Machine-to -Machine ” (M2M ) between modules and serv
ers . A module can communicate with a server by accessing
(51) H04L
Int. Ci9./30 the Internet, and the module can include a sensor and /or
(2006 . 01) actuator. The module and server can utilize public key
H04L 29 / 06 infrastructure ( PKI) such as public keys to encrypt mes
(2006 .01) sages . The module and server can use private keys to
(Continued ) generate digital signatures for datagrams sent and decrypt
(52 ) U . S . CI. messages received . The module can internally derive pairs
CPC ............ H04L 9/0861 (2013.01); G06F 21/35 of private / public keys using cryptographic algorithms and a
( 2013.01); H04J 11/00 ( 2013 .01) ; H04L 9 /006 set of parameters . A server can use a shared secret key to
( 2013 .01) ; authenticate the submission of derived public keys with an
(Continued ) (Continued )
100

101 Module
Internet
107 User Interface 1011
102 Module Program
Wireless Network Server
103 1017 Data Reporting
105 Steps 1011
Monitorad
Unit Module NrFeitlwosarlk FNSiertwvoaerlk IP Address
108
Operating System
Device Driver
1011
- 1019
1ab2:034f -ecod :4e8b
Mod . Private 1014
Key 112 RAM
119 - 1010
124 M2M Service
Provider 108 1015 + CPU ROM + - 1016
Module Provider 109
Certificate 118 1011 101y
Module Public Key Authority Server Public Key Sensor Actuator

31
Server Private key
CA Public Key Physical Interface
Provider Public Key 120
CA Private Key 132
Provider Private Key 121
 US 10 ,Page
177,2911 B2
associated module identity. For the very first submission of (2018 .01); YO2D 70 / 162 ( 2018.01) ; YO2D
a public key derived the module, the shared secret key can 70 / 164 (2018 .01) ; YO2D 70/ 166 ( 2018.01);
comprise a pre -shared secret key which can be loaded into YO2D 70/ 21 (2018 .01); YO2D 70/ 24 (2018 .01 )
the module using a pre-shared secret key code .
( 56 ) References Cited
11 Claims, 16 Drawing Sheets
U .S . PATENT DOCUMENTS
8 , 127, 142 B2 2/ 2012 Cuppett
8 ,434 , 139 B1 4 / 2013 Ortiz , Jr.
Related U . S . Application Data 8 ,522,013 B2 8 / 2013 Zhang
8 ,526 ,606 B2 9 /2013 Muthaiah
continuation of application No. 14 /039,401, filed on 8 ,555, 067 B2 10 / 2013 Schell et al.
Sep . 27 , 2013 , now Pat. No . 9 , 288 ,059 . 8 ,590 ,028 B2 11/2013 Saxena et al.
8 ,713 ,320 B2 * 4/ 2014 Xu H04W 12 / 06
(51) Int. Ci. 713 /171
H04L 9 /08 ( 2006 .01) 8 ,782 ,774 B1 7 /2014 Pahl et al.
179 B2 9 / 2014 Li et al.
H04L 9 /32 ( 2006 .01) 8 ,924 ,715 B2 12 / 2014 Schell et al.
H04L 9 /00 ( 2006 .01 ) 8 ,948 ,386 B2 2 /2015 Campagna et al.
H04W 8 /08 ( 2009.01) 8 , 965, 366 B1 2/ 2015 Somayajula et al.
H04 ) 11/00 ( 2006 .01) 9 ,002 ,018 B2 4 /2015 Wilkins et al.
H04L 12 /28 ( 2006 .01) 9 ,020 ,479 B1 4 / 2015 Somayajula et al.
9 , 253 ,643 B2 2 /2016 Pattar et al.
H04W 40 /00 (2009.01) 9 , 408 ,012 B2 8 /2016Li et al.
H04W 52 /02 ( 2009 .01) 2001/0029581 A 10 /2001Knauft
H04W 80 /04 ( 2009.01) 2002/0018569 Al 2 /2002Panjwani et al.
H04W 12/02 ( 2009.01) 2003/0003895 AL 1/ 2003Wallentin et al.
H04W 12 / 06 (2009.01) 2003/0211842 A1 11 /2003 Kempf et al.
2004 /0162472 AL 8/ 2004 Berson et al .
G06F 21/ 35 ( 2013 .01) 2004 /0179684 AL 9 /2004 Appenzeller et al .
H04W 4 / 70 ( 2018 .01) 2004 /0221163 A1 * 11/ 2004 Jorgensen ........... H04L 63/0428
H04W 76 /27 ( 2018 .01) 713 / 182
H04L 9 / 14 ( 2006 .01) 2005 /0008159 Al 1/ 2005 Grilli et al.
H04W 12 / 04 ( 2009.01) 2005/ 0021875 Al 1/2005 Bouthemy et al.
2005/0050323 A1 3 / 2005 Mizrah
H04L 29 /08 (2006 .01) 2005 /0120202 A1 6 / 2005 Cuellar et al.
H04W 88/ 12 ( 2009 .01) 2005 /0138353 Al 6 /2005 Spies et al.
H04W 84 / 12 ( 2009.01) 2005/0193199 Al 9 / 2005 Asokan et al.
(52 ) U . S . CI. 2005/0246282 A1 11/ 2005 Naslund et al.
2005/0278787 A1 12 / 2005 Naslund et al.
CPC H04L 9 /085 ( 2013 .01); H04L 9 /088 2006 /0021063 Al 1/2006 Hori
( 2013.01) ; H04L 9 /0816 ( 2013 . 01 ); H04L 2006 /0056355 Al 3 /2006 Love et al.
9 / 0894 ( 2013 .01); H04L 9 / 14 ( 2013 .01); 2006 / 0059344 Al 3 /2006 Mononen
H04L 9 /30 ( 2013 . 01 ); H04L 9 /3066 ( 2013 .01); 2006 / 0095771 A1 5 /2006 Appenzeller et al.
H04L 9 /32 (2013 .01); H04L 9/ 321 (2013 .01 ); 2006 /0206710 Al 9 / 2006 Gehrmann
2006 /0281442 A1 12 / 2006 Lee et al.
H04L 9 /3239 ( 2013 .01) ; H04L 9 /3247 2007/0101400 A1 5 /2007 Freeman et al.
( 2013 .01) ; H04L 9 /3249 ( 2013 .01) ; H04L 2007/0158439 A1 7 /2007 Conner et al.
9 /3263 ( 2013 .01) ; H04L 12 /2854 ( 2013 .01 ) ; 2007/0206799 A1 9 /2007 Wingert et al.
H04L 63 /0272 ( 2013 .01) ; H04L 63/045 2008/ 0016230 A1 1/2008 Holtmanns et al.
2008/ 0022089 Al 1 /2008 Leedom
(2013 .01); H04L 63/ 0435 ( 2013.01) ; H04L 2008/0031204 Al 2 / 2008 Sood
63/ 0442 ( 2013 .01); H04L 63/061 (2013 .01) ; 2008 /0114978 Al 5 /2008 Lehtovirta et al.
H04L 63 / 0807 ( 2013 .01 ); H04L 63/ 123 2008 /0130879 Al 6 /2008 Heinonen et al .
( 2013 .01 ); H04L 63/ 166 ( 2013 .01 ); H04L 2008 /0165698 A1 7 /2008 Dalsgaard et al.
67 /04 (2013 .01) ; H04W 4 / 70 ( 2018 .02 ) ; 2008 / 0307218 Al | 12/2008 Logvinov
2009/ 0028341 A11 / 2009 Hamachi
H04W 8 /082 ( 2013 .01) ; H04W 12 /02 2009 /0041110 A1 2 / 2009 Malladi
( 2013 .01 ) ; H04W 12 /04 ( 2013 .01 ) ; H04W 2009/0060197 A1 3/ 2009 Taylor et al.
12/06 (2013 . 01 ) ; H04W 40 / 005 ( 2013.01); 2009 /0077643 A1 3 / 2009 Schmidt et al.
H04W 52 /0216 ( 2013 .01) ; H04W 52 /0235 2009/0113203 A1 * 4 /2009 Tsuge ............... H04L 29 /12377
( 2013 . 01) ; H04W 52/ 0277 (2013.01); H04W 713 / 151
76 / 27 (2018 .02 ); H04W 80 / 04 ( 2013 .01); 2009 /0116642 A1 5/2009 Yang et al.
2009/0125996 A1 5 /2009 Guccione et al .
G06F 2221/ 2105 (2013.01) ; G06F 2221/2107 2009/0132806 A1 5 /2009 Blommaert et al.
( 2013 . 01); G06F 2221/ 2115 (2013 .01); H04L 2009 /0183541 Al 7 / 2009 Sadighi et al.
63 /0464 ( 2013 .01 ); H04L 2209 /24 (2013 .01 ) ; 2009 /0191857 Al 7 /2009 Horn et al.
2009 /0209232 Al 8 /2009 Cha et al.
H04L 2209 /72 (2013 .01); H04L 2209 /805 2009/ 0217348 Al 8 /2009 Salmela et al.
( 2013 . 01); H04W 84 / 12 ( 2013 .01); H04W 2009 /0268909 Al 10 /2009 Girao et al.
88 / 12 (2013 .01 ); YO2D 70 / 00 (2018 .01 ) ; YO2D 2009/0274306 AL 11/2009 Nolte
70 /1222 ( 2018 .01); YO2D 70 / 1224 (2018 .01); 2009 /0282246 AL 11/2009 Gunther
YO2D 70 /1242 (2018 .01) ; YO2D 70 /1244 2009/ 03 13472 Al 12/ 2009 Guccione et al.
( 2018 .01); YO2D 70 / 1262 (2018 .01 ); YO2D 2010 / 0031042 A1 2 /2010 Di Crescenzo et al.
2010 / 0062808 Al 3 / 2010 Cha et al.
70 / 1264 ( 2018 .01) ; YO2D 70 / 142 ( 2018 .01); 2010 /0098253 Al 4 /2010 Delerablee
YO2D 70 / 144 (2018 . 01 ); YO2D 70 /146 2010 /0166167 A1 7 /2010 Karimi- Cherkandi et al.
 US 10 ,Page
177 ,3911 B2

( 56 ) References Cited 2014 /0143826 A1

2014 /0161113 A1
5 / 2014 Sharp et al.
6 /2014 Cui et al.
U . S . PATENT DOCUMENTS 2014 /0165155 A1 6 /2014 Zhang
2014 /0192976 Al 7 /2014 Yoon et al .
2010 /0195833 AL 8/ 2010 Priestley 2014 / 02 19447 Al 8 /2014 Park et al.
2010 /0199334 AL 8/ 2010 Ehrensvard et al. 2014 /02 19448 A1 8 / 2014 Froels et al.
2010 /0223461 A1 9 / 2010 Drader et al. 2014 /0235210 Al 8 / 2014 Park
2010 /0275028 A1 10 / 2010 Takashima 2014 / 0237101 A1 8 / 2014 Park
2011/0016321 AL 1 / 2011 Sundaram et al. 2014 /0244994 A1 8 / 2014 Yu
2011 /0035584 Al * 2 / 2011 Meyerstein ........... H04W 8 / 265 2014 /0273913 Al 9 /2014 Michel et al.
713 / 155 2014/0287725 A1 9 /2014 Lee
2011/0055553 Al 3 / 2011 Lee et al. 2014 / 0308991 Al 10 / 2014 Lee et al.
2011/0167272 A1 7 / 2011 Kolesnikov 2014 / 0329502 A1 11/ 2014 Lee et al.
2011/0237281 A1 9 / 2011 Busropan et al. 2014 /0337937 AL 11/ 2014 Truskovsky et al.
2011/0268022 A1 1 2011 Xu 2014 / 0351403 A1 11/ 2014 Lin et al.
2011/0269422 Al 11 /2011 Xu et al. 2014 / 0357229 A112 / 2014 Lee et al.
2011/0269461 AL 11/2011 Xu et al. 2015/0012743 A1 1 /2015 Holtmanns et al .
2011/0269472 AL 11/ 2011 Xu et al. 2015 / 0017910 A1 1/2015 Li et al .
2011/ 0270747 Al 11/ 2011 Xu et al. 2015 /0071139 A1 3 / 2015 Nix
2011/0291803 Al 12/ 2011 Bajic et al. 2015 /0089214 Al 3 /2015 Dupre
2011/0314287 AL 12 /2011 Escott et al. 2015 /0092590 A1 4 /2015 Zhu et al.
2012 /0011360 AL 1/ 2012 Engels et al. 2015 / 0095514 A1 4 /2015 Yu
2012 / 0023336 A1 1/2012 Natarajan 2015 /0113275 Al 4 / 2015 Kim et al.
2012 / 0030461 A1 2 /2012 Willey et al. 2015 /0121495 A1 4 / 2015 Gao et al.
2012 /0033613 A1 2/ 2012 Lin et al. 2015 / 0215126 A1 7 /2015 Ashdown
2012 / 0072732 A1 3 / 2012 Canard et al. 2015 /0222604 Al 8 /2015 Ylonen et al.
2012 /0084568 A1 4/ 2012 Sarikaya et al. 2015 /0222619 Al 8 /2015 Hughes et al.
2012/0089568 A1 * 4 / 2012 Manley H04L 47/ 10 2015 /0281964 Al 10 / 2015 Seo et al.
707 /634 2016 / 0014112 AL 1/2016 Gunning et al.
2012 /0108205 Al 5/ 2012 Schell et al. 2016 /0127132 A15 /2016 Lee et al.
2012 /0117635 Al 5 / 2012 Schell et al. 2016 /0294829 Al 10 /2016 Angus
2012 /0159153 Al 6 /2012 Shim et al. 2017 /0206532 AL 7 /2017 Choi
2012 /0170451 A1 7 / 2012 Viswanathan et al.
2012 /0190354 AL 7 /2012 Merrien et al. FOREIGN PATENT DOCUMENTS
2012 /02 14444 A1 8 /2012 McBride et al.
2012 / 0260086 A1 10 / 2012 Haggerty et al. KR 10 - 2013 - 0026352 3 /2013
2012 /0260090 A 10 / 2012 Hauck et al. KR 10 - 2013 - 0026958 3 /2013
2012 / 0260095 Al 10 / 2012 Von Hauck et al. Wo 2013027085 2 /2013
2012 /0278490 A 11/2012 Sennett et al. WO 2013066077 5 / 2013
2012/0300932 AL 11/ 2012 Cambridge et al.
2012/0331292 Al 12/ 2012 Haggerty et al.
2012 /0331298 A1 12/ 2012 Xu et al. OTHER PUBLICATIONS
2013 / 0007442 AL 1 / 2013 Mao et al.
2013 /0012168 A1 1 /2013 Rajadurai Pierre E . Abi-Char, et al , A Fast and Secure Elliptic Curve Based
2013 /0028184 A1 1/ 2013 Lee et al. Authenticated Key Agreement Protocol for Low Power Mobile
2013 /0091556 A1 4 / 2013 Horn et al. Communications , The 2007 International Conference on Next Gen
2013 /0114810 Al 5/ 2013 Kobayashi et al. eration Mobile Applications, Services and Technologies (NGMAST
2013 /0117824 Al 5 / 2013 Naslund et al. 2007 ), pp . 1 -6 .
2013 /0122864 A1 5 / 2013 Haggerty et al. Jun Shao , et al., An Improved Deniable Authentication Protocol,
2013 /0149996 Al 6 /2013 King et al. Department of Computer Science and Engineering, Shanghai Jiao
2013 /0165073 Al 6 / 2013 Madsen Tong University, Shanghai 200030 , People 's Republic of China , pp .
2013 /0166915 A1 6 / 2013 Desai et al. 1-3 .
2013 /0173747 A1 7 / 2013 Kim et al. Chris Foresman , Embedded SIM could caus carrier conflict for
2013 /0173926 A1 7 / 2013 Morese et al. Apple , Nov. 19 , 2010 , pp . 1 - 2 .
2013/0182586 A1 7 /2013 Paladugu et al. Embedded UICC Remote Provisioning Discussion , Source : Rogers
2013 /0183932 A1 7 / 2013 Lemilainen et al. Wireless, 3GPP /SA3-LI# 46 , Quebec City , Canada , Jul. 17 - 19 , 2012 ,
2013 /0212637 Al 8 /2013 Guccione et al. pp . 1-39 .
2013 /0227646 AL 8/ 2013 Haggerty et al. GSMA Launches Embedded SIM Initiative to Support the Con
2013 /0231087 A1 9 /2013 O 'Leary
2013/0294602 AL 11/ 2013 Huxham et al. nected Future, Nov. 18 , 2010 , pp . 1 -4 .
2013 /0305345 AL 11/2013 Bugenhagen Chang - Seop Park , On Certificate -Based Security Protocols for
2013 /0322621 Al 12/2013 Yoon et al. Wireless Mobile Communication Systems, Dankook University,
2013 /0331063 Al 12 / 2013 Cormier et al. IEEE Network Sep ./Oct. 1997 , pp . 50 - 55 .
2013 /0340040 A112/2013 Park M . Prasad , et al , Secure Authentication Key Agreement Protocol
2014 /0003604 A11 / 2014 Campagna et al . for Long Term Evolution Advanced , Research Scholar, Associate
2014 /0040628 A1 2/ 2014 Cod et al. Professor, Departmentof Computer Science & Engineering, Pondicherry
2014 /0049653 Al 2 /2014 Leonard et al. Engineering College, Puducherry, India , Elsevier, 2012 , pp . 158
2014 /0053241 A1 2 /2014 Norrman et al. 162.
2014/ 0073375 Al 3 / 2014 Li et al. Eun - Jun Yoon , et al , Secure Deniable Authentication Protocol
2014 /0082358 Al 3 / 2014 Nakhjiri et al. Based on ElGamal Cryptography, 2008 International Conference on
2014 /0082359 Al 3/ 2014 Nakhjiri et al.
2014 /0087790 Al 3/ 2014 Babbage et al. Information Security and Assurance, pp . 36 - 39 .
2014 /0101444 A1 4 /2014 Lee et al. CSMG , Reprogrammable SIMs: Technology , Evolution and Impli
2014 /0108801 Al 4 /2014 McBride et al . cations, Sep . 25 , 2012 , pp . 1- 95 .
2014 /0115335 Al 4 /2014 Jorden et al. GlobalPlatform Inc ., GlobalPlatform Card Specification , Version
2014 /0122878 A1 5 / 2014 Cho et al. 2 .2 . 1, Jan . 2011, pp . 1 -303 .
2014 /0140507 Al 5 / 2014 Dark et al. GlobalPlatform Inc., GlobalPlatform Card Security Upgrade for
2014 /0140509 Al 5 /2014 Chastain Card Content Management, Card Specification v 2 .2 . — Amendment
2014 /0143534 A15 /2014 Chastain E , Version 1. 0, Nov. 2011, pp . 1 -35 .
 US 10 ,177 ,911 B2
Page 4

( 56 ) References Cited Youngblood , An Introduction to Identity -based Cryptography , 2005.

Zhu et al., Public Key Cryptography for Initial Authentication in
OTHER PUBLICATIONS Kerberos (PPKINIT ), RFC 4556 , 2006 , pp . 1 -42 .
GSMA, Fast Dormancy Best Practices Version 1.0 , Jul. 27 , TS . 18 ,
GSM Association , Embedded SIM Task Force Requirements and pp . 1 - 23 .
Use Cases , Version 1 .0 , Feb . 21, 2011 , pp . 1 - 38 . N . Chu et al. EXALTED : Expanding LTE for Devices, European
Pietre -Cambacedes et al., Cryptographic key management for SCADA Commission for Information Society and Media , Oct. 31, 2012 , pp .
systems- issues and perspectives, 2008 International Conference 1 - 141.
on Information Security and Assurance , IEEE , pp. 156 - 161. J. Huang et al, A close Examination of Performance and Power
Bender et al., Evolution of SIM provisioning towards a flexible Characteristics of 4G LTE Networks, Mobisys ' 12 , Jun . 25 - 29 ,
MCIM provisioning in M2M vertical industries, 16th International
Conference on Intelligence in Next Generation Networks , IEEE, 2012 , pp . 1 - 14 .
2012 , pp . 57 -64. F. Qian et al., TOP: Tail Organization Protocol for Cellular Resource
Park et al., Secure Profile Provisioning Architecture for Embedded Allocation , 18th IEEE International Conference on Network Pro
UICC , 2013 International Conference on Availability, Reliability tocols ( ICNP), 2010 , pp . 285 - 298 .
and Security, IEEE, 2013, pp . 297 -303. Wikipedia, RSA ( algorithm ), http :// en .wikipedia .org /wiki/RSA
3GPP , 3rd Generation Partnership Project; Technical Specification (algorithm ), Sep . 9 , 2013 , pp . 1 - 12 .
Group Core Network and Terminals ; Non - Access - Stratum (NAS) Wikipedia , Elliptic Curve Cryptography, http ://en .wikipedia .org
protocol for Evolved Packet System (EPS ); Stage 3, 3GPP TS wiki/Elliptic _ curve _ cryptography, Sep . 9 , 2013 , pp. 1- 8 .
24 .301 v12 .2 .0 , Sep . 2013 pp . 1 -6 , 63- 100 . L . Larzon , The Lightweight User Datagram Protocol (UDP -Lite ),
3GPP, 3rd Generation Partnership Project;Technical Specification Internet Engineering Task Force RFC 3828, Jul. 2004 , pp . 1 - 12.
Group Services and System Aspects; 3GPP System Architecture Wikipedia , Digital Signature , http :// en .wikipedia . org /wiki/Digital_
Evolution (SAE ); Security architecture, 3GPP TS 33 .401 V12 .9 .0 Signature, Sep . 9 , 2013 , pp . 1- 10 .
(Sep . 2013 ) pp . 1 -75 . D . Cooper , Internet X .509 Public Key Infrastructure Certificate and
Appenzeller et al., Identity -Based Encryption Architecture and Certificate Revocation List ( CRL ) Profile , Internet Engineering
Suporting Data Structures RFC 5408, 2009, pp . 1- 30 . Task Force RFC 5282, pp . 1 -133 .
Baugher et al., Group Key Management Architecture , RFC Draft , ETSI, Machine- to -Machine communications (M2M ), mla , dla, and
2001, pp . 1- 20 . mld interfaces , TS 102 . 921 v1. 1 . 1, Feb . 2012 , pp . 1 - 538 .
Ben Saied , Yosra ; Olivereau , Alexis; Laurent, Maryline ; “ A Dis C . Downey , Migrating Legacy M2M Systems to the Cloud , http ://
tributed Approach for Secure M2M Communications” , 5th Interna www .ecnmag.com /articles/ 2013 /02 /migrating -legacy -m2m -systems
tional Conference on New Technologies, Mobility and Security
(NTMS), May 7 - 10 , 2012 , pp. 1- 7. cloud , Feb . 2013 , pp . 1 - 2 .
Boyen et al., Anonymous Hierarchical Identity -Based Encyrption A . Wander et al, Energy Analysis of Public -Key Cryptography on
(Without Random Oracles ), 2006 . Small Wireless Devices, Sun Microsystems Laboratories, pp. 1- 16 .
Boyen et al., Identity - Based Cryptography Standard (IBCS) # 1: J. Jonsson et al, Public -Key Cryptography Standards (PKCS) # 1:
Supersingular Curve Implementations of the BF and BB1 RSA Cryptography Specifications Version 2. 1, Internet Engineering
Cryptosystems, RFC 5091, 2007, pp . 1-63. Task Force RFC 3447 , Feb . 2003 , pp . 1-72 .
ETSI, Smart Cards; Embedded UICC ; Requirements Specification , D . McGrew et al, Fundamental Elliptic Curve Cryptography Algo
TS 103 383 v12 .1 .0 , Jun . 2013 , pp . 1 - 20 . rithms, Internet Engineering Task Force RFC 6090 , Feb . 2011 , pp .
ETSI, Smart Cards; UICC — Terminal Interfaces; Physical and Logi 1 - 34 .
cal Characteristics , TS 102 221 v11.0 . 0 , Jun . 2012 , pp . 1 - 181. Wikipedia , Elliptic Curve Diffe -Hellman , http :// en . wikipedia.org
ETSI, UMTS ;LTE; SIM /USIM Internal and External Interworking wiki/Elliptic _ surve _ Diffie % E2 % 80 % 93Hellman , Sep . 24 , 2013 , pp .
Aspects, TR 131 900 v. 10 .0 .0 , May 2011 , pp . 1 -41 . 1 - 2.
Harney et al., Group Key Management Protocol (GKMP) Archi V . Martinez et al, A Survey of the Elliptic Curve Integrated
tecture , 1994 , pp . 1 - 19 . Encryption Scheme, Journal ofComputer Science and Engineering,
International Search Report and Written Opinion for PCT/US2014 / vol. 2, Aug . 2010 , pp . 7 -13 .
062435 dated Feb . 6 , 2015 .
Kiltz et al., CCA2 Secure IBE: Standard Model Efficiency through T . Pornin , Deterministic Usage of the Digital Signature Algorithm
Authenticated Symmetric Encryption , 2008 . (DSA ) and Elliptic Curve Digital Signature Algorithm (ECDSA ),
Krylov, What is Kerberos Authtentication ? , 2003, pp . 1 - 4 . Internet Engineering Task Force RFC 6979 , Aug. 2013 , pp . 1 - 79 .
Martin , Introduction to Identity -Based Encryption , ISBN - 13 978 Cakulev et al., “ An EAP Authentication Method Based on Identity
1 -59693 -238 - 8 , 2008. Based Authenticated Key Exchange,” Aug. 2012, pp . 1-32 .
Merrian -Webster, Network , 2014 . Gollmann, “ Authentication - Myths and Misconceptions,” Progress
Park et al., A New Practical Identity -Based Encryption System , in Computer Science and Applied Logic, vol. 20 , 2001, pp . 203 - 225 .
2003, pp . 1 -27. Tin et al., “ Provably Secure Mobile Key Exchange: Applying the
Park et al., Secure Profile Provisioning Architecture for Embedded Canetti-Krawczyk Approach ,” Information Security Research Cen
UICC , 2013 IEEE , pp . 297 - 303 . tre, Queensland University of Technology, Australia, 2003 , pp.
Search Report and Written Opinion for PCT/US2014 /068544 . 166 - 179 .
Shih , Jie-Ren ; Hu, Yongbo ; Hsiao , Ming -Chun ; Chen ,Ming-Shing ; Hegland et al., “ A Framework for Authentication in NBD Tactical
Shen , Wen -Chng; Yang , Bo - Yin ; Wu , An - Yeu ; Cheng, Chen -Mou ; Ad Hoc Networks,” IEEE Communications Magazine, Oct . 2011 ,
“ Securing M2M with Post -Quantum Public -Key Cryptography” , pp. 64 -71.
IEEE Journal on Emerging and Selected Topics in Circuits and Nicholson et al., "Mobile Device Security Using Transient Authen
Systems, Mar. 7 , 2013 , pp . 106 - 116 . tication ,” IEEE Transactions on Mobile Computing , vol. 5 , No. 11 ,
Voltage Security , The Identity -Based Encryption Advantage , 2015 . Nov . 2006 , pp . 1489 - 1502 .
Yang et al., Identity -Based Key Agreement and Encyrption for Schwaiger et al., “ Smart Card Security for Fieldbus Systems,” 2003,
Wireless Sensor Networks, IJCSNS International Journal of Com pp . 398 -406 .
puter Science and Network Security , vol. 6 , No. 5B , May 2006 , pp .
182 - 189 . * cited by examiner
U . S . Patent Jan . 8 , 2019 Sheet 1 of 16 US 10 , 177, 911 B2

wwwwwwwwwwwwwwwwww

100
. 108 114 1056
.

106
.

.
Server AIPd res 1ab2:0341ccdd4e8b SMer2viMce Provider SPKeyeurbvleirc SPKeyerivaetr ku
.

k kkkkkkk
.

.
RAMINA wewe now
W . .
Server Network Firewall
> ma E > < TR X X NI - - E LN X X > > > -> 1* : w< * * - . *

118

Inter t 107
CertifcaeAuthority ublic CA
131
Key
PCA 132
Key
Private

! WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW

m'I K R m ' m
?
Wireless Network Firewall
wwwwww w wwwwwwwwwwwwwwwwwwwwww

n
109
.
120 121
)
o
(

X*W helvin
?

?
.

.PModrivate Key112
PXY Mrodviuler KeyPMuobdluice
X

PKruobveildyecr KProievadyter
102
Module 1 13W WW
1aFigure
?

NWiertwlosk Monitred Unit

*

?
WW W WWWWWWWWWWWWWWW

IN4AL
LULUK

4T1D4I0
U . S . Patent Jan . 8 , 2019 Sheet 2 of 16 US 10 ,177,911 B2

105h
- 1059 het
105€
om
1050 +

105m
105
Storage
10Figure
xu Server IUntserfarce
A
CASpelricvaton Montdrule OSpyersatienmg Dervi cer RAM
CUACAK

wwwwww . .. . . * * * * * * * * ** * **
YO

* ***
1056 CPU
W
IPnhtyesrifcale
LE
1010
-

RAM ROM Actuaor KY

Figure w Module UIntserface
1b
W
101
.

manigan
01X
YYYY w
PMrodgurlaem RDepaortiangSteps SOpyesrateinmg Dreiv ecr tu m
Sensor
IPnhtyesrifcale
U . S . Patent Jan . 8 , 2019 Sheet 3 of 16 US 10 , 177, 911 B2

WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW

EXCIX ** W
ARRA

HAQgomen
Cryptogahic
Test -2Algorithms

Ww
w

W
PKey
-
2
rivate
Server
-
Sub Server MA SPreehcaretd
1
-
Key SPre
-
Key
2heacredt
tThern
Serv w MesagePrepocs r
M MA KAMW w
1eFigure
90m Datbse AN

Cryptogahic
AWAMUA

Private
1
-
Key -1Algorithms.U U 111
5XL Sub-Server Server U
1
-
Key
Public
WMioredluse WMioredluse covKey
-21Public
??????????? ??????????
UEUEUER

??C??????????????????
MYCKS

Bat ery
101 129a Pre-Shared KeySecret
CryptogahicAlgorithms W w Actuaor
W
|
cpul *

WY
KeyCode134
Pre-Sheacredt
MNUL
www We

MWiordeuls Contrle WODY 2016

nnnnnn

CPUWake
1dFigure 13N7XXXIELEZEN
Radio ???????????????????
USB Interfac 152MAK.HUCOW

Random Genrato 1M0em1o8ry KeyPublic IModule denti y? Symetric

!w n
129 114 112 110 127

FMlemaosrhy
Ww BU
Sensor WM
S e r
w
v e r W w MM

X X XXXXXXXXXXXX*
Mod.Wirel s PKeyrivate
W
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW*

BAKKAROKKOKKOKKOKOKOWICHWARYAMKKKKKKKKKKKKKKKKKKKKKKKKKWAKOORMWORKWW .MMCKKNKHACHORYCKKNA WWW .KANACRONOKKRARKIRKKOKKOKKOKKOKKOK

RACHS

UUMUUWW
Cert.
* **
Key

K OKKOKKOKKORKMACROM.MYCKKNICKKOKWKWK
* X WWW
w
U . S . Patent Jan . 8 , 2019 Sheet 4 of 16 US 10 ,177,911 B2

CWU
* * * * ** ** * * *** ** *** ** ** * * * ** ** *** ** ** ** ** * * ** * * * *** ** ** *** * ** *** ** *** **

WKANCH 29b
1
Derived Shared KSecryetMW
Pwarmetwrs NIKAHUL
141
W 157
ECDH159
w
ACrlygpotiahmsc
w

AClsigypomhretnigsc ACSliygpomhretnisgc
154
ECC
153
RSA 155
AES
3
-
SHA

w KBUAL
AHSlegaocriusthmes ASDligonratuhmles 158ECDSA XARNWCH
AGPKlegnaoerityhrmosn DKFeurnicvatyon ? GNReuanmrbdeot
C*WOXUMRVLKYINAE
Adicton .W
W
156
256
-
SHA
160
63
9
.
X
-
ANSI

AKIMI

1416 1416 1410 141e 1411 128

1fFigure
atent Jan . 8 , 2019 Sheet 5 of 16 US 10 , 177, 911 B2

Figure 19
2048 bit RSA Key with SHA1 Signature (" arx " is long text removed )
Certificate :
Data :
Version : 3 (0x2 )
SerialNumber: (1234931064 (Ox499c6c20 )
*

Signature Algorithm : shatWithRSAEncryption

Issuer: C = US , ST?llinois , L = Chicago , O - incharge Systems Inc., OVCA ,
*

CN = lnCharge Systems Root CAlemailAddress = ca @ inchargesys . com

*

Validity
*WWWx X
Not Before : Aug 31 15 :12: 30 2009 GMT
x

Not After : Aug 31 15 : 12 : 30 2024 GMT

W

Subject: C = US , ST = llinois, L = Chicago , O = Module Provider, OU = Modules ,

CN = 1122AABBFFOO
*
Subject Public Key Info :
Public Key Algorithm : rsaEncryption
xw
x
RSA Public Key : (2048 bit )
Modulus ( 2048 bit) :
Xx x 00 : cc : 37:63:ce :95: 08 :07 : 24 :48 :74 : 12 :37 :39: 56 :

10 :cb : 35 :86 :d5 :fd 1e:ff:44 : 03 :77 : 0b :10:2e:59:

WW
*

Exponent: 65537 (0x9001)

X509v3 extensions:
*

WW
*
XX
X509v3 Subject Key Identifier:
X
*
53: 38 :06 :64 : 50 :54:47:31: B6 :0F :67 :75 :40 : 17 :50 :44: 75 : 37 :78: 5B
WWW
*
X509v3 Authority Key Identifier
kevid :53: 38 :06 :6A :50:54 :47 .... 75 :A0 : 17 :50 A4: 75 :3F : 78 :58
DirName:/ C - US /ST - Illinois /L - Chicago / o - nCharge Systems Inc
OU = CA /CN = InCharge Systems Root CA
emailAddress = ca @ inchargesys.com
*

Serial:01
X509v3 CRL Distribution Points :
*
OK

URI:http ://www . inchargesys .com /ca / crt/ ics root ca.ch

W

X509v3 Certificate Policies

XX Policy : 1. 3 .6 . 1 . 4 . 1. 32104 . 2 . 1. 1
CPS : http ://www . inchargesys .com / ca /doc/ICS -RootCA-CP html
Signature Algorithm : sha ?WithRSAEncryption
5a :50 : be : 8c :4a :dc: 28 : 91:20 : 78 :65 :8a :60 :51:be:29:id :02 :
*W X X X a3: 10 : 33:63: 14 : 7d :aa :56 :8e:dd:10:73:55: 50 :5a : 15 :40: 97 :
*

62 :02 :c0 :ee :51:74 :27 :87 :70 :3b : 50 :58 : ce : 16:33:33 : 12 :50 :
*

af:70:26 :eo
- - -- BEGIN CERTIFICATE - -- --
*

*
MIGVTCCBaWgAwIBAGIBATANBgkqhkiG9w0BAQUFADCBPTELMAKGA1UEBHMO
WMX
*

*
ETAPBgNVBAGTCEsbGlub2IzMRAWDgYOVQQHEWdDaGljYWOVMR4WHAYDVQQ
*

124 RJ2afelinimVR +WGapWXWAMOFge +GWK31Gzgur5Gk /Un /cvt91 ZIOY4XfTmic

*
GOUbShckM4IPI8RHeou970w7rvu YhileASGYSLA71F0J4d801y4zh8zMJbr3wr
au.. END CERTIFICATE . . .
U . S . Patent Jan . 8 , 2019 Sheet 6 of 16 US 10 ,177,911 B2

Figure 1h
283 bit Elliptic Curve Key with SHA 256 Signature ( * . xe" is long text removed )
Certificate :
Version : 3 (0x2 )
SerialNumber: 1234931064 (0x499c6c20 )
Signature Algorithm : SHA- 256 ECDSA - 256 ,
Issuer : OU = JNIX , CN = server01
Validity
Not Before : Feb 01 20 :15 :24 2009 GMT
1126 HEHEHEHEEEE NA AF : Jul01 20 :15 :24 2019 GMT
Not After
Subject: C = US , ST = Illinois , L = Chicago , O = Module Provider , OU = 1122AABBEFOO
111a MANAKALANGAN CN = 456
Subject Public Key Info :
Public Key Algorithm ; id - ecPublicKey
1
EC Public Key :
a7:a0 :8a :0e :27:8f:8f:67 : 71:05 : 36 :0c :7e :f4 : 18 :

67:60 : 20 :57 :87:8d: cd :ob :e1: 15 : 3f:ac :aa :81: ea :

ASNI OID : sect28371
X509v3 extensions :
X509v3 SubjectKey Identifier.
8D :F4:51:AB :39 :41: 1FFC : 73 :B3:DB :77: 45 :96 : 15 :54 : 14 : 52 :85 :25
X509v3 Authority Key Identifier:
*

kevid :FC :99 :74:45: 56 : 10 :F1:87:AD EA :56 :70 :67:A2 : 26 :0E :3D : 9E :D6 :66
DirName: 10UJNIX /CN = server41
serial:49 : 9C :6A :ED
X509v3 CRL Distribution Points :
Full Name:
URI:URI:http ://www .inchargesys. com / ca /cri /ics _ root_ ca. cn
X509v3 Key Usage :
*

Digital Signature
Signature Algorithm : ECDSA with SHA256
83:08 :20 : 2a :79 :e3 :03 :60 :50 :2fc2 :89 :04 :22:b7:57: 3e:b6:
* & *
*
wws
*
05 .ce :d3:24 : 34 .cf:d2:et:e3: 03 :60 :00 : 2f:c2 :25
Homem -BEGIN CERTIFICATE -- -
*

BggqgRzXYwzjCCAYKJAWIBAGIESZXSIDKnnjw2CwL8KJIK
*
EBAQUAMCIXDTALMIBegwgOK3Vz62JQ = =
- - - -END CERTIFICATE -- -
U . S . Patent Jan . 8 , 2019 Sheet 7 of 16 US 10 ,177,911 B2

WwWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW

206

1PSMreo02vid8Mcer Server

sky
Server Network Firewall
WWWW W WWW
-SID:M2MMeornvietror1

? ? ??? ?? ? ? ?

Want

*
44444
4e8b1
codd
034f
:
f1ab2

He
106IPAd res 1ab2:034fccdd4e8b 20544444:Port

??
?? ?? ?? ?? ? ? ? ? ?? ?? ?
:

*
-

.
W
*

208
2Re0spo9nse
*

Inter t 107 Mesage *

*
Server
to
Port
:
IP
SentFromTCP/UDPPacket :portrSIPeocuerivced Inmes age 209a
*

AAR

*: * #* W W * * * * * ** * ** * ** * * # #* # * * * * w * * $

Wireless Network Firewall .

w
210IPAd res
*

wwwwwwwwwwwwwwwwwwww wwwwwwwwwwwwwwww *

*
3710
d329
:
fboa
.
21aa
*

*
FWPortB211inding
. *

.MKWAUHRN
110

2
Figure 201 204
Port
:
IP 202IPAd res
57cd 203
Port:12345
NWiertwloersk 1I:2dAenBtFi0y
12345
)
57cd
1455
Odb8
:
2018
[ 1455
0db8
:
2018

.. . . . .... . . .... .. . . .. . . .. ... +++ RASA E R R HA + + + *+ +++ + + + + TAMU + ALA +X . .. ++ ZA + + + ALAL A AAL
U . S . Patent Jan . 8 , 2019 Sheet 8 of 16 US 10 ,177,911 B2

UKUWAV uU
314 316 )
317
2090

Start
w datbse
inkpMRuoebdcluoyirsced
*
WW

?
onP.PortforiLnicsomtieng Mfeosrduaolgems MfReorscduailgvme SUMDescrivaynegprtKeyorSPyrmivetariec
Ww
ofMIVUdoesrniutlfgeyKeyMod.PWiurbeleisc inDSRaetncsobtarde MwiEnositcdruylpihoetnKeyorSPyumbeltric SwRPerispvtgoanehsrKey
fromIP:portSendResponse
w *
M*WCHAX
Figure
3b
ARCH
WINNNNNNN MWINNY

302 209 3070 308

LE
'
No

?
w 309

Start
Mroidvualte (D)IMdoednutiltey
PStore
and
)
K
.
Priv
(
Key
IaDMniostdrlubaieon SDfWotramoktnme
Wnwem w SfDReransotmadrITER SfDEneracsotypmartCandaddhoadniegl IPPtoSMeosrnvaegtdr SfRerscpovinemsrPiport
MAN

RDescproynste RSPrhalouctdesiowpnr
inRSViegsrnpaovitefusryKeyPSuesbrilvnegcr SHasle p?TimerExpired

3aFigure
w Ww
Recrovredrs PPub
,
D
and
K
.
Priv
SRead .KeyandSeirpvoenr

Ww T
KWA
A

KW

ON

w
haamountament

Yes
7410

Uuuuuuuuuuuuuuuuuuuuuuuuuuu
 atent
Jan.8,2019
Jan . 8 , 2019
Sheet 9 of1
Sheet 9 of 16 US 10 ,177,911 B2

Mesage 208
.mww w i
AddChan el
w
instrucinProcesing 415

PUrocDesPing Coding W
*
WW
.

w Server Instrucion 414

w
.
Nw
-
NOW
*
-

ww

ww
Mod.Ap end 110Identi y 413 w/KeyDecrypt 105cor127wW 412
.
Mod
/
w
Sign Key112Private
WLVuw MDaIVSedcrsniytfvapdegrs
*

404 405 *

.EMnocrbyiptled Data mwyCMhodeuclkePub.Keyw w

ModuleEncrypted Data
*

and306SfDEMenoiracdgsotyunplmatsre *

aChodnisegl 403 315

*

XANRDCOHMLWT 402

NA
305
wwwwwwwwwwwwwwwwwwwwwwwWMWA
ornamet
Pw/SEnuecbrlvyiepcrt Key114OrSym.127
mm
m

Sensor Data 301

W Security Token
Symetric
w
127
Key

Wwwww
W
MRoedaulde110identi yw y

Procesing
SILVER
Mes age
VModerifyw
. Signature
.
Mod
/

Decode
hat
+.
keyPublic
. . . . tt

Chian elCoding!1wow
W ** * K
3

w
410

4aFigure 4bFigure
U.S. Patent dan8,2019 atent Jan . 8 , 2019
Sheet10 of 16
Sheet 10 of 16 US 10, 177,911 B2

KWA
Response MAN
w?
or
/
and
Ack
Read 515
406
2
i
wmanwhopIrnos:tcreucstion
UDP Procesing AddChan elCoding WDiercelyepst
/
w
i !
127
key
or
112
WW

KeyMod.Private

SAeprvenrdI206denti yMWWA
iwai
1
Server
/
w
Sign Key1Pr0i5va0t1e ww www mw m3
wSo WY
Y

on moda
X TY MIVDaedorcsniuftyalpdegs Server DEncarytpaed 504 W

ww ,Encrypted
RSaIEnesictnrpguoyvdeistrn *

*
w
om
Data
.
to * * . X * 1

503 i111
Key
/
w
Encrypt
? 127
key
or ww Verify
Server
WKey
.
Sig
*

511 ISRdernvtaiedry 114PSuebrlviecr

AMSRAM
iw
w
*

mm

V .
3

Procesing
RUM
* * * * ** * *
M

w
we

UDP wwwVL

Coding
Chan.Remove
mw yw TSeocukreitny
Module Instrucion 502
*

www

5Ackno0wledg1mnt
*

Respone
now
*
*
www

209
*

the
on
Emmwm *

PRIT 510

5aFigure Figure
5b
U . S . Patent Jan . 8 , 2019 Sheet 11 of 16 US 10 , 177,911 B2

44444:)4e8b:ccdd :034f:ab21[
Server
nnnnnnnnnnnnnnnnnn

Www # WWWWWWWWWWWWWWWWWW ) *XXXXXXXXXXXX* KUK

210IPAd res 21aa:fb0ad3293710

Figure
6 Wireless Network Firewall

wm
man

605
210 MWAG
HK UMKAWKWK
WW
*

207
WYM MUHA
2Res0pon9se

WXKOIRA MY
to32:SetTI502Mnosetdrumctlipoen 30%DataESncerypvtedr
MAMA
501
ACK

2Mes0a8ge
44444
)
4e8b
ccda
0347
1ab2
[
:
To hh

4UP1DA4TE

206*
KAUTo
:M2M
R-
MSKUoeMEnrNTviARetNIrRoE0r1 -
T1cF:on2sreAcouBr0imFtyO :AholIky8e41nFC
wwwww .
604
105
34
05
13
2013
02
/
28
:
Date
hin
C-25D:TS305mewapginrltsaeionuarsgeKey:ASN127mWyIBeGnmEiSxtZXnrsjtwo2c0
203DEMnaocrdytupaled

":V.IDSM42rikgt6Yno0JGaQTBDud5hWreLxJfz
DC406hoadnteadl MENATVIYW
Pang 22222
37101
d329
fboa
21aa
To
44444
]
4e8b
ccdd
.
034f
1ab2
[
:
From

/acket cuSM-M2MIe:odrnevitri0ot1ry
207
6016
PUDP
TCP
aTm:AohlrIkye8m4ronaf

ARRITAKITWWWWWWWWWWWWWWWWWWW
kan
":iIDS5fsRdeogPOQr0nzya2vwthe6ucrsMDHWU DC406hoadnteadl WMAKU

MWA

thu
444AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 42. 44 ARTE

12345
57cd
1455
Odb8
2048
(
:
From
bulaTCP/UDPPacket
1101I:2dAenBtFiOy wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
*
.

EXTRA Wireless Network Firewall .rewNrw 210IPAd res 3716d329:21a fboa

?? ??? ?? ?? ? ?? ? ? ?? ??? ?? ??? ? ?? ? ? ? ? ? ? ?? ????? ? ? ? ?? ? ? ?? ?? ? ? ? ?? ?? ???

???????????????????????????????????????????????????????????????????????????????????????????????????????????

Module 12345:) 5700: 1455: Odb8:2018[

& Port: IP
U . S . Patent Jan . 8 , 2019 Sheet 12 of 16 US 10 , 177 ,911 B2

44444:4e8b3:codd..034f:ab2 11
Server ?????????????

W w w ** * *

ww
*

?? ?
Wireless Network Firewall 5
? ? ? ?? ?? ? ? ? ? ??? ? + ?? ?? ? ? ? ? ? ? ? ? ? ? ? ??? ? ?? ?? ?? ? ? ? ? ? ??
*

:
w

<
IM IPAd res :3T2b071ad320a9

7015 127

W
u ? w
207

Figure
7 KAM I
.

.7Key:A127mmgNewSWIyBmG0ESZeX1tIDKrnaijwc2C KeyPw/SC-ADEMsinueoypcambrdhtlvuepirancegdU U414PDATETo:M2MM-S.oenrivetro0r1 Keyw!SC-DEMyinompcahrdeyutprilanecgd

WWW

208Mes age 44444

]
4e8b
ccdd
.
034f
1ab2
[
To
J12345
57cd
1455
0db8
2018
(
:
From 105
:
34
05
13
2013
MLe
02
/
28
Date
A604
K AHNAK AM NDA CA151-25DData:S305wegwnrsewoyrso
"-2:V.IDSMkZit6gmJonGVQaTBDtqghZduoWerlxJfz 406CDhoandteadl
*MAXW MA

w TO :1F2rAoBFm0-T:AholIky8e4mnia
*
.

*
WWX

2046UDPDat0g1ra2m
702E8:C3h4eAc2k6sum
1I:2deAnBtEiFOy ULT *WX 206
-
07
$
w
101
Module 12345 :] 57ca: 1455:: Odb8:2048[
Hodid
U . S . Patent Jan . 8 , 2019 Sheet 13 of 16 US 10 , 177 ,911 B2

812
toAWcaoridtng TIReniptomrevianrlg

802 803 804 805 207 and

514 810
wy Meu Www

No

w warvnmA an i

naiw
W tHoeuostiens
w 811

Start
n

W
ter p in K
U A w
1IMwadnoueifct0lrhienyg HWtoaridtwaern 1UMwIaDniostrdnlbituoa9drhen HEMUXALZ w w Key813,S1MinNRoehn0vcaml1roteiWldy2A,S1Pader0mvste76r
Ww*
,andKey112P111DMreuoaibdviluatercs
Hf1IMRadoernouwtdail0mrsey 1MinNPRoen0avcmol1irtdWlyse Maersameategres
1st
PSend
111
Key
Pub
/
w
208
.
Mod
,
126
Key813Sw/1D110,andAueht canrtiecatde
110,NewSI122w/MCRedhortcadineftruicelvatdyeKey809Secret .MI208W/S110deoscntuoailngdey S403,andDE405ingcariytpuareld R105,wS209fehsrcpeovrnisme 502i504w/MDESInoescatrdlyutvcpleiaorsdn 5IMPa2RDnerostc0ndpuey2d9lsiotn 105414toSC208wMoenfisrvmtnaegihdron Hanouacemntsrian E1Corexrtp2ifrceatdIsNewPKey112rivate Required
w

XLZE
W Awamn
LOPBAZERD
? W
ww *

k
w Yes

** ** * * * * ** * *** * * ** * * ** * * * * * * * * * * * * ** ** * ** * * * **** * * * * * ** * * * * * * ** * * * * * * * ** * * *** ** *

Figure
8
U . S . Patent Jan . 8 , 2019 Sheet 14 of 16 US 10 , 177 ,911 B2

%
31

801
.

XXX
803 X
XX
901 902 808
IWForncaomintgDSMweasntgoaers

No
? ALIGE
w
X XULOK
Ww w? Ww
903
WYBXNE WW
wan
WStart w1IMwadnoueifct0lrhienyg
*

110,I208W/MFRdeoiscnreutaislgvtey Key111126,andPaurbmletircs W 9KSu2M1Aehtse0cainr3y8tgadew 110,i208W/M2ndRdeoscneutailgveyEMDS403,and405niocagrdyiutplaerd

de

Mos
menores
Key112Pair,111andPDMreuoibdvluaitecs
toHWaridtwaern MUwIaD|noistnrdlitbuoadlhen S1MinNRoehn0vcaml1roteiwdy 207A126,SKey813Padermevsters MR1IHfodaernutowdil0asmery MinNPRa1oen0vcmnol1iartdWlyse IR,w209toMSneohcsdlpeuonrlesd502i504W/MDESnoescatrdyutvcpleiaordn Mf4Cw2Roenriscd10uotmal48gvmhien Has or122ECexrtpifrceatd Key111IsNewPublic ?Required
WEDA ww
w WYNM
w *

X
XL VW Yes ALE
Figure
9
U . S . Patent Jan . 8 , 2019 Sheet 15 of 16 US 10 , 177 ,911 B2

wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww w w

WW
802
*

*
10 1
AAM
10 2 1005
WforRIe,naptoeirtvtnagl208wMSTeihstneaghde4DEMnocar0dytup3laed
SHXIL
UK S I

WAH Y awmo te .WMM

H

XIMKNYS
*
L

*
W

*
*

No
AWL
* *

811
*

W
VWwM
*

Start toHW1IMwadrnoueiftcwal0rehinyg MwIaDUniostnrdlibuoadthen 813,SMinNRKeyoehnvcamlroteildy207A126,andSPadermvetsr f1IMRHadoernwtuodail0rmsey ,andKey112P111DMreuoaibdviluatercs1MinNPRoen0avcmol1iartdWrlyse UseSKey813E1sttoeDMod.4hnca0ryt3peadt2Key1P126andeiwanuhrcblimy1uepctdbhrs IM105,w208toSFnehicsrleuvnarsdgetDEM1aI4ndoc0ersny3tupild0aey ,C1Sf2RFPoeuinrscb0plvoismn5e9tcrgbySP110wIandMKey1105rdeocntvru1sielbryd

*

*
110I105,w/M208toSdeosrcnuvotailengdry 403DEKey127in2ndMandSnyocmardyeutprlaeidc ES105,w209f2ndRnecirspytovnehmsrdKey127S504uDysmaietnraigc ?Required
w P
or
111
Key
112
r iv a t e
*

IsNewPublic
W
WA M H w
*

*
huk MW.MARK U

WAKO
K
www
w

ww

WAH Gato Yes

wirwwwwwww

10Figure
U . S . Patent Jan . 8 , 2019 Sheet 16 of 16 US 10 ,177,911 B2

44444:]4e8b:ccdd::034f:1ab2[
Server 21111WWWWWWWWWW Www .

*
MMMMMMMMMMM

Wireless Network Firewall & IPA210d res ib0a:d329371021aa

*

*
MW
*

*
EF

.
* wW mmmwmwWwwww www *

*
.

L
?? m

AR
.

.
WO year m

*
Y

NA

44444
)
4e8b
ccdd
034f
1ab2
(
:
TO *

KEY414NEWPUBLIC SUecIt2V8A3 2

5
1416 *

11Figure M2es0a8gwew .Key:1P56fub17ac4l2ed7i6fc32 KSuC-DEMiynehospmcardtuniyelagdc Data408CCodedhan el

*

10 2
*

w To;M2M-MSoenrivetro01 *

KeyID:456P111amuwbilnigc
m

w1toF:2rwAoB0wFm04wT:Ahol0Ikty8e1o4mniq
m

12345
)
57cd
1455
0db8
2018
(
:
From m

12:IdAe0BntEFiOy
m

5TCP/UDPPa0ck1e8t m

206 m

mW
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
WWW
m

WWWWWWWWWWWWW WWWWWWWWW wwwwwwwwwwwwwwwww w

KAKAKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK KKKKKKKKKKKKKKKAKAKK U
wwwwwwwwwwwwwwwwwww

Module
w

12345:) 57cd: 1455 :: 0db8:2018(

A Port: P
 US 10 , 177,911 B2
SECURE PKI COMMUNICATIONS FOR Many M2M applications can leverage wireless network
“MACHINE - TO -MACHINE” MODULES , ing technologies . Wireless technologies such as wireless
INCLUDING KEY DERIVATION BY local area networks and wireless wide area networks have
MODULES AND AUTHENTICATING PUBLIC proliferated around the world over the past 15 years , and
KEYS usage of these wireless networks is also expected to continue
to grow . Wireless local area network (LAN ) technologies
CROSS -REFERENCE TO RELATED include WiFi and wireless wide area network (WAN ) tech
APPLICATIONS nologies include 3rd Generation Partnership Project's
( 3GPP ) 3rd Generation ( 3G ) Universal Mobile Telecommu
This is a continuation of U . S . patent application Ser. No . 10 nications System (UMTS ) and 4th Generation (4G ) Long
15 /043 ,293 filed Feb . 12 , 2016 , which is a continuation of term Evolution (LTE ), LTE Advanced , and the Institute of
U .S . patent application Ser. No . 14 /039, 401 filed Sep . 27 , Electrical and Electronics Engineers ' (IEEE ) 802. 16 stan
2013 , now U . S . Pat. No. 9 ,288,059, each of which is dard , also known as WiMax . The use of wireless technolo
incorporated by reference herein in its entirety . gies with “ machine -to -machine” communications creates
The subject matter of this application is related to the 15 new opportunities for the deployment of M2M modules in
subject matter of U . S . patent application Ser . No . 14 /023 , locations without fixed -wire Internet access, but also creates
181, filed Sep . 10 , 2013 in the name of John Nix , entitled a significant new class of problems that need to be solved .
“ Power Management and Security for Wireless Modules in First, many wireless wide -area networking standards were
‘Machine -to -Machine' Communications,” now U . S . Pat. designed and optimized for mobile phones, which may be
No. 9 ,350 ,550 , which is hereby incorporated by reference 20 continuously connected to the network during the day (i.e .
herein in its entirety . non - sleeping hours for most subscribers while they may
charge phones at night), in order to receive inbound phone
BACKGROUND calls and messages. In this case , the radio may be in an idle
state but utilizing discontinuous reception, but the radio is
Technical Field 25 still active and drawing power in order to receive and
The present methods and systems relate to communica- process incoming signaling from the network such as a
tions between wireless modules and a network , and more Public Land Mobile Network (PLMN ). A need exists in the
particularly , to efficient methods and systems for supporting art to make wireless M2M communications efficient in order
secure , efficient, and flexible communications between a to conserve battery life and radio -frequency spectrum
" machine -to -machine” (M2M ) node and a server using 30 resources.
Internet Protocol networks . Since the packets transmitted and received by a wireless
Description of Related Art module will likely traverse the public Internet for many
The combination of “ machine - to -machine” (M2M ) com applications, a need exists in the art to (i) prevent eaves
munications and using low -cost sensors, Internet connec dropping at intermediate points along the path of packets
tions, and processors is a promising and growing field . 35 transmitted and received , ( ii ) allow endpoints to verify the
Among many potential benefits , M2M technologies allow identity of the source of packets received. A need exists in
the remote monitoring of people , assets, or a ___location where the art for a wireless module and a monitoring server to
manual monitoring is not economic , or costs can be signifi- leverage established public key infrastructure (PKI) tech
cantly reduced by using automated monitoring as opposed to niques and algorithms. A need exists in the art for commu
manual techniques. Prominent examples today include 40 nication to be secured without requiring the established , but
vending machines , automobiles , alarm systems, and remote relatively processing, bandwidth , and energy intensive secu
sensors . Fast growing markets for M2M applications today rity protocols such as IPSec , TLS , and SSL , since the
include tracking devices for shipping containers or pallets, establishment of theses links requires packet handshakes
health applications such as the remote monitoring of a and/ or key exchanges at levels including the network and
person ' s glucose levels or heartbeat, monitoring of industrial 45 transport layer of the traditional Open Systems Interconnec
equipmentdeployed in the field , and security systems. Many tion (OSI) model. M2M applications frequently require
M2M applications leverage either wired Internet connec - small, periodic messages sent between a wireless module
tions or wireless connections, and both types of connections and a monitoring server, where the wireless module sleeps
continue to grow rapidly. M2M applications may also be between the messages . M2M applications may leverage
referred to as " the Internet of things” . 50 wired modules as well which also sleep between messages.
M2M communications can provide remote control over During relatively long periods of sleep such as 30 minutes
actuators that may be connected to a M2M device , such as or more , the a wireless or wired network with intermediate
turning on or off a power switch , locking or unlocking a firewalls will often tear down the network and/ or transport
door , adjusting a speed of a motor, or similar remote control. layer connections, which means the wireless module would
A decision to change or adjust an actuator associated with an 55 need to re -negotiate or reestablish the secure tunnels each
M2M device can utilize one or a series of sensor measure time the wireless module wakes and seeks to send a rela
ments . An M2M device may also be referred to as a tively small message to a server.
“ wireless module” or also simply a module . As one example , Next, a need exists in the art for the communication
if a building or room is too cold , then temperature can be between a module and a monitoring server to be highly
reported to a central server by an M2M device and the server 60 energy and bandwidth efficient in order to reduce energy
can instruct the M2M device to turn on a switch that consumption over the operating lifetime of a module . A
activates heat or adjusts a thermostat. As the costs for limiting factor for a wirelessmodule for M2M applications
computer and networking hardware continue to decline , deployed or installed into the field is the lifetime of the
together with the growing ease of obtaining either wired or battery of the wireless module . If the transmission tech
wireless Internet access for small form - factor devices , the 65 niques for the wireless module are not energy efficient, the
number of economically favorable applications for M2M system will require more frequent manual intervention for
communications grows. the replacement or recharging of batteries . If the battery
 US 10 , 177 ,911 B2
becomes sufficiently low , then communication with the An exemplary embodimentmay take the form ofmethods
wireless module will be lost, or the frequency would have to and systems for a wireless module and a server to securely
be reduced for sensor measurements sent by the wireless communicate in an efficientmanner while using the public
module or actuator commands sent by a monitoring server. Internet. The first exemplary embodiment can address a
The energy saving techniques for transmitting and receiving 5 " bootstrap problem ” related to the automatic generation of
data should leverage established Internet protocols, in order PKI keys by a module , including a module that has already
to utilize the public Internet, in addition to the need for been deployed or distributed , where the resulting module
public key should be authoritatively verified as belonging
secure communications noted above . For wired modules
operating for years or decades , a significant cost will be the 10 with a particular module and module identity. The module
can preferably include a set of cryptographic algorithms that
power consumed from land - line power. comprise a set of asymmetric ciphering algorithms, sym
Further, a need exists in the art for the secure , energy metric ciphering algorithms, secure hash algorithms, digital
efficient communications that support Internet protocols to signature algorithms, key pair generation algorithms, a key
support intermediate firewalls that may exist along the path derivation function , and a random number generator. The
of packets sent and received by both a wireless module and 15 module can read a module identity using a read -only
a monitoring server. Without support for communication address, such as a hardware address or a read -only memory .
through an intermediate firewall , packets may be blocked by A nonvolatile memory in the module can include a set of
the firewall and the M2M application would not properly parameters for generating cryptographic keys, a server
function in this case . A need exists in the art for techniques address, and a pre -shared secret key. Examples for recording
of secure and energy -efficient communications between 20 the pre -shared secret key into the nonvolatile memory can
modules and monitoring servers to support a wide variety of include either (i) loading the pre-shared secret key into the
manufacturers ofmodules andM2M applications . Currently, non - volatile memory by a manufacturer, or (ii) having a
there are dozens of manufacturers and form - factors of distributor, installer , or end -user obtain the pre -shared secret
modules , and this diversity will continue to increase for the key from a server via a secure web connection . The dis
foreseeable future . By leveraging standards such as the 25 tributor, installer , or end- user could visually read from
Internet and PKI technologies, an efficient, secure, and printed codes on the module enclosure (or other paperwork
highly scalable system of communicating could support the or electronic files associated with the module ) both (i) a
wide variety of modules . pre -shared secret key code , and (ii) a module identity . The
In addition , the utilization ofPKItechnologies in modules distributor , installer, or end -user could then submit the
can increase security , but a number of technical challenges 30 pre -shared key code and module identity via a secure web
must be addressed . These challenges increase if a deployed connection and receive the pre- shared secret key from a
module required updated private/public key pairs after server. The distributor , installer, or end -user could then load
operation begins . The typical paradigm of “ swapping out a or record the pre -shared secret key into the nonvolatile
SIM card ” (which also depend on a pre - shared secret key Ki memory of the module using a LAN connection to the
embedded in the card ) with mobile phones may not be 35 module , such as WiFi, Bluetooth , or through a USB con
applicable or cost effective with modules, where swapping nection , or possibly directly into a user interface of the
out the SIM card could be burdensome. A need exists in the module .
art to allow for a deployed module to securely begin using The module can utilize the set of cryptographic algo
new private and public keys. Newer PKI technologies may rithms to securely generate or derive a module private key
offer a wide variety of algorithms for ciphering with public 40 and a module public key . The module private key and
keys, and a need exists in the art for the utilization of new module public key can be generated either ( i) upon initial
public and private keys to support the wide variety of use or installation of themodule, or ( ii ) at a subsequent time
algorithms, even after a module has been installed . In other after initial use such as when a new set of key pairs are
words, a system should preferably both be highly secure and required or are useful for continued operation of the module .
also flexible enough to adopt new security keys and stan - 45 After deriving the module public key and module private
dards . A need exists in the art for a scalable and secure key , the module private key is preferably recorded in a
method of associating a module identity with a module secure ___location in a nonvolatile memory within themodule ,
public key , when the module begins utilizing a new public and the module private key is preferably not shared with
key . A need exists in the art for a module to efficiently be other entities or communicated across a wireless network .
able to utilize multiple public /private key pairs at the same 50 The module may then utilize the recorded pre -shared secret
time, such as with different service providers or different key to authenticate with a server that also records or has
applications simultaneously . access to the pre -shared secret key. The authentication could
And other needs exist in the art as well, as the list recited comprise either using message digest with the pre -shared
above is not meant to be exhaustive but rather illustrative . secret key , or using the pre -shared secret key as a symmetric
55 ciphering key , and the authentication may also utilize a
SUMMARY second key derived by both the module and the server using
the pre -shared secret key. After authentication , the server
Methods and systems are provided for secure and efficient sont can authoritatively record the derived module public key
communication between modules and a server, for support with the module identity in a database . Thus, the use of a
ing “ Machine to Machine " communications. An objective of 60 pre - shared secret key can ensure the submitted module
the invention is to address the challenges noted above for public key is validly associated with themodule and module
securing the deployment of modules that utilize PKI algo - identity . The server can then also optionally generate a
rithms and keys , as well as increasing efficiency in order to certificate for the module and send the certificate back to the
reduce power consumption , including extending the battery module . The server could then also then make the certificate
life of a module , if present . More efficient communication 65 available for other servers on the Internet. Note that the
can also conserve valuable radio - frequency spectrum , certificate may have an expiration date , and thus module
among other benefits. may preferably generate or derive a new public and private
 US 10 , 177,911 B2
key at a later time, also using an authentication with a shared The server can process a response to themessage from the
secret key when submitting a subsequent derived new mod module . The server can (i) utilize the symmetric key to
ule public key . encrypt the acknowledgement and / or module instruction
The server can include a private key associated with the within the response and (ii) utilize the server private key to
server and the derived public key associated with the mod - 5 create and include a digital signature of the server in the
ule . The public keys can leverage established public key response . The server can send the response to the module .
infrastructure (PKI) standards , such as X .509 v3 certificates The response can also include a server identity and a security
and RSA or elliptic curve cryptography ( ECC ) algorithms. token . Themodule can receive the response and (i) verify the
The private and public keys may preferably utilize ECC digital signature of the server by utilizing the server public
10 key and/ or a server certificate with a signature from a
based keys and algorithms in order to increase the security certificate authority , and (ii) decrypt the acknowledgement
for a given key length , compared to RSA , thereby increasing
the efficiency and reducing power and bandwidth consump and /or module instruction by utilizing the symmetric key.
After successfully receiving and processing the response
tion and maximize battery life for a module . The module
may be deployed within a wireless network such as a 4G , from the server, the module can change state from the active
state to the sleep or dormant state , including disconnecting
LTE network or a WiFi network , or may be connected to the from a wireless network and powering down a radio . The
Internet via a wired connection such as Ethernet. The module can include a sleep timer , wherein the module wakes
module can change state between a sleep state and an active upon expiration of the sleep timer, and subsequently repeats
state , wherein the sleep state may utilize a few milliwatts or the process of collecting sensor data and securely sending a
less and the active state may utilize several hundred milli - 20 message to the server.
watts of power or more . After being installed next to a A second exemplary embodiment may also take the form
monitored unit, the wireless module can wake from a sleep ofmethods and systems for a wireless module and a server
or dormant state , utilize a sensor to collect data associated to securely communicate in an efficientmanner while using
with the monitored unit, connect to the wireless network and the public Internet. The second exemplary embodiment can
the Internet, and send the sensor data to a server. 25 also address a " bootstrap problem ” related to the automatic
The sensor data sent from the wireless module to the generation of PKI keys by a module that has already been
server can be transmitted as a message using the User distributed , where the resulting module public key received
Datagram Protocol (UDP ) protocol. The message as a UDP after key derivation by the module should be authoritatively
datagram can be a UDP Lite datagram and also with verified as belonging with a particular module and module
checksums partially disabled , or only applicable to the 30 identity . The module can preferably include a set of cryp
packet header. A UDP Lite datagram with sensor data can tographic algorithms that comprise a set of asymmetric
include channel coding for the body of the datagram to ciphering algorithms, symmetric ciphering algorithms,
mitigate the effect of bit errors. Or, a regular UDP packet secure hash algorithms, digital signature algorithms, key
could be sent in multiple copies in order to provide forward pair generation algorithms, a key derivation function, and a
error correction . The module can utilize the server public 35 random number generator. The module can read a module
key to securely send a symmetric key inside message identity from a read - only address , such as a hardware
encrypted with an asymmetric ciphering algorithm , and the address or a read -only memory. A nonvolatile memory in the
symmetric key can be used to encrypt the sensor data within module can include a set of parameters for generating
the message or a subsequent message . The module can cryptographic keys, a server address, and a pre -shared secret
utilize the module private key to create and include a digital 40 key . The pre - shared key can preferably be unique to a
signature of the module in the message . The message can module , and also associated with a module identity such that
also include a module identity and a security token . The a pre - shared key belonging to a first module and first module
server can receive the message and (i ) verify the digital identity cannot be properly utilized with a second module
signature of the module by utilizing the module public key and second module identity .
and module identity , and ( ii ) decrypt the sensor data by 45 The module can utilize the set of cryptographic algo
utilizing the server private key to decrypt the symmetric key rithms to securely generate or derive a module private key
and then using the symmetric key to decrypt the sensor data . and a module public key . Since the security of the system
After receiving the message , the server can send a may ultimately depend on random numbers input into key
response back to the module , wherein the response can generation algorithms within the module , the module may
include an acknowledgement that the message has been 50 preferably utilize a combination of sensor data , radio data ,
properly received by the server. Since the UDP protocol is and a clock simultaneously as a seed within a random
connectionless, the module may need a confirmation that the number generator when deriving the new module private
message has been properly received by the server. The and public key . Additional input into the seed could include
response sent from the server may optionally include a measurements or states within memory , operating system
module instruction for the module , wherein the module 55 states and files , and reading data from hardware . After
instruction can change parameters or function of the module deriving the new module public key and module private key ,
for collecting data from a monitored unit. The module the module may then utilize the pre -shared secret key to
instruction can be sent from the server to the module after encrypt the derived module public key using a symmetric
the wireless module sends the message . In this manner, the ciphering algorithm , thereby creating a module encrypted
module can receive the module instruction because at other 60 data (which contains the encrypted derived module public
times , such as before the module sends the message, (i) the key ).
module may be in a sleep or dormant state and unable to The module can then send the module encrypted data ,
receive the module instruction , and (ii) a firewall associated which includes the public key, and the module identity to a
with a wireless or wired network providing Internet con - server in the form of a message . The message could com
nectivity to the module may block incoming packets to the 65 prise a UDP packet with forward error correction , such that
module unless the module had first sent a packet to the themodule sends multiple copies of the UDP packet in order
server within a firewall port-binding timeout period . to increase assurance of delivery. The server can listen for
 US 10 , 177,911 B2
incoming UDP messages and also include logic to drop " confidential” public key described in this second exemplary
duplicate packets, or also combinepartially mangled packets embodiment, could be utilized in a certificate and made
in order to recover a fullmessage . The server also records or available to 3rd parties . These as well as other aspects and
has access to the pre - shared secret key . The server can read advantages will become apparent to those of ordinary skill
the message containing the module encrypted data and the 5 in the art by reading the following detailed description , with
module identity . The server can utilize the module identity reference where appropriate to the accompanying drawings .
to select the pre - shared secret key associated with the
module identity . The server can then utilize a symmetric BRIEF DESCRIPTION OF THE DRAWINGS
ciphering algorithm and pre -shared secret key as a symmet
ric ciphering key to decrypt the module encrypted data and 10 Various exemplary embodiments are described herein
read the derived module public key.
Upon successfully receiving and decrypting the derived with reference to the following drawings, wherein like
module public key associated with the module identity, the numerals
FIG . 1a
denote like entities.
is a graphical illustration of an exemplary system ,
server can authoritatively record the new module public key
and module identity . The module encrypted data received in 15 accordance with and
where a server a module connect to the Internet, in
exemplary embodiments ;
the message can also include a set of parameters associated FIG . 1b is a graphical illustration of hardware , firmware ,
with the module public key, and these parameters may also
be recorded in a database associated with the server. The and software components for a module , in accordance with
parameters could include (i ) an elliptic curve selected for use exemplary embodiments ;
with the module public key, and ( ii) settings for use in a key 20 FIG . lc is a graphical illustration of hardware , firmware ,
derivation function using the new module public key and the and software components for a server, in accordance with
server key. The module and the server can subsequently exemplary embodiments;
utilize a key derivation function, the new module public key, FIG . 1d is a graphical illustration of the components
and server public key to derive a new shared secret key . The within a module , in accordance with exemplary embodi
new shared secret key could be utilized as a symmetric 25 ments ;
ciphering key , or to jointly derive another symmetric cipher - FIG . le is a graphical illustration of the components
ing key. Both the module and server can resume secure within a server that communicates with the module, in
communications, after the server receives the new module accordance with exemplary embodiments ;
public key, using the symmetric ciphering key and a sym - FIG . 1f is a graphical illustration of the components in
metric ciphering algorithm . For enhanced security, the sym - 30 cryptographic algorithms utilized by a module and a server.
metric ciphering key may include an expiration time, upon in accordance with exemplary embodiments ;
which the module can send an updated symmetric ciphering FIG . 1g is a graphical illustration of a certificate that
key using asymmetric ciphering algorithms. includes a public key infrastructure (PKI) key, where the
After the server authoritatively receives the new module public key utilizes an RSA algorithm , in accordance with
public key and derives the new shared secret key , the server 35 exemplary embodiments ;
can send the module a new " pre - shared secret key ” such that FIG . 1h is an illustration of a certificate that includes a
themodule can (i) record the new “ pre-shared secretkey ” in PKI public key, where the key comprises an elliptic curve
a nonvolatile memory and (ii) utilize the new " pre -shared
secret key " upon the requirement or need for the module to cryptography ( ECC ) key, in accordance with exemplary
derive new public and private keys . In other words , the first 40 embodiments ;
“ pre- shared secret key ” may be loaded into nonvolatile FIG . 2 is a graphical illustration of an exemplary system ,
memory by a manufacturer, distributor, installer, or end where a module sends a message to a server, and where the
user, in order for the module to securely send an initial server responds to the message , in accordance with exem
derived public key , but subsequent new derivations of keys plary embodiments ;
do not require external intervention , so long as the module 45 FIG . 3a is a flow chart illustrating exemplary steps for a
and server agree on the “ pre - shared secret key ” . module to send sensor data to a server, in accordance with
By securely receiving the module public key in a module exemplary embodiments ;
encrypted data ( using the pre - shared secret key than can be FIG . 3b is a flow chart illustrating exemplary steps for a
uniquely associated with the module and module identity ), server to receive sensor data from a module, in accordance
the security of communication between the module and 50 with exemplary embodiments ;
server can be enhanced . The server and module preferably FIG . 4a a is a flow chart illustrating exemplary steps for
do not need to send the module public key to any other a module to process a message , including encrypting sensor
entities. Consequently, by the server securely receiving the
module public key, the module and server can minimize the data and sending a digital signature, in accordance with
need for server digital signatures (with extra energy required 55 FIG . 4b embodiments
exemplary
a is a flow
;
chart illustrating exemplary steps for
to (i) process digital signatures and ( ii ) bandwidth required a server to process a message , including verifying a mod
to transmit ) in responses sent to the module. With secure ule 's identity and decrypting sensor data, in accordance with
operation and confidentiality for the module public key, only
the server could sendmessages using the module public key so exemplary embodiments ;
( either for asymmetric ciphering or symmetric ciphering 60 FIG . 5a is a flow chart illustrating exemplary steps for a
using a derived shared secret key ), and thus the need for server to process a response for the module, including
server digital signatures in responses to messages can be sending and signing an module instruction , in accordance
reduced . For security purposes , a server digital signature with exemplary embodiments ;
could still periodically be transmitted and included in a FIG . 5b a is a flow chart illustrating exemplary steps for
response , such as an exemplary timeas once a day . Note that 65 a module to process a response from the server, including
the module could also derive multiple sets of public keys and verifying a server's identity and decrypting instructions , in
private keys, such that a different public key than the accordance with exemplary embodiments ;
 US 10 , 177,911 B2
10
FIG . 6 is a simplified message flow diagram illustrating an Generally, the communication techniques described
exemplary message received by a server, and an exemplary herein can be independent of the network technologies
response sent from the server, in accordance with exemplary utilized at the physical and data - link layers, so long as the
embodiments ; underlying network provides access to the Internet 107 and
FIG . 7 is a simplified message flow diagram illustrating an 5 supports Internet Protocols (IP ). The Internet 107 can be an
exemplary message sent by a module , in accordance with IPv4 or an IPv6 packet -switched based network that utilizes
exemplary embodiments; standards derived from the Internet Engineering Task Force ,
FIG . 8 is a flow chart illustrating exemplary steps for a such as RFC 786 (User Datagram Protocol), RFC 793
module to derive a public key and private key, and to obtain ( Transmission Control Protocol), and related protocols. The
10 Internet 107 can be the public Internet comprising globally
a digital certificate , in accordance with exemplary embodi routable IP addresses, or a private network that utilizes
ments;
FIG . 9 is a flow chart illustrating exemplary steps for a private IP addresses . Although Internet 107 is illustrated as
server to communicate with a module that has derived a the globally routable public Internet in FIG . 1, Internet 107
could also be a private Internet that is (i) not globally
public key and private key, in accordance
nce with
with exemplary
exemplary 1515 rout
routable and ( ii ) only accessible to authorized modules and
embodiments ; servers . As one example of a private Internet 107 , Internet
FIG . 10 is a flow chart illustrating exemplary steps for a 107 could use private IP addresses for nodes on the network ,
module to derive a public key and private key , and for a and in this case Internet 107 could be referred to as an
module to send a server the encrypted public key, in accor - intranet or private network . Alternatively , Internet 107 could
dance with exemplary embodiments; 20 be a private network layered on top of the publicly routable
FIG . 11 is a simplified message flow diagram illustrating Internet via secured and encrypted connections.
an exemplary message sent by a module , wherein the When operating in a wireless network configuration ,
message includes an encrypted module public key, in accor module 101 can access the Internet 107 via the wireless
dance with exemplary embodiments. network 102 . In the wireless network configuration , module
25 101 can be a wireless handset, a cellular phone, a smart
DETAILED DESCRIPTION OF EXEMPLARY phone, a tablet computer, a laptop , a computer with a radio ,
EMBODIMENTS OF THE INVENTION a tracking device , or a circuit board with a radio that
accesses wireless network 102 . Examples of wireless mod
FIG . la ules that utilize a wireless WAN such as 2G and 3G
FIG . 1a is a graphical illustration of an exemplary system , 30 networking technologies include the Motorola® G24 - 1 and
where a server and a module connect to the Internet, in Huawei MC323 . Example manufacturers ofwireless mod
accordance with exemplary embodiments. The system 100 ules in 2012 include Sierra Wireless® and Telit® . In a wired
includes a module 101 operating within a wireless network configuration (not shown ), module 101 can be a computer,
102. System 100 can also include a module provider 109 , an security camera, security monitoring device, networked con
Internet 107 , and an M2M service provider 108 , a certificate 35 troller, etc . A more detailed depiction of exemplary compo
authority 118 , and a monitored unit 119 . M2M service nents of a module 101 is included in FIG . 1b and FIG . 1d
provider 108 can include a server 105 . System 100 is below .
illustrated without specific packet transmissions between Wireless network 102 may comprise either a wireless
module 101 and M2M service provider 108 . Examples of the local area network (LAN ) such as an 802 . 11 WLAN , Blu
communications and messages pertaining to the present 40 etooth , or Zigbee among other possibilities , and module 101
invention will be illustrated in later Figures. As contem - operating in wireless mode could communicate with a base
plated herein , machine- to -machine communications may station 103 of a wireless network 102 using a radio and an
comprise communication between a module 101 and a antenna. Wireless network 102 could operate as a Mode II
server 105 , such that data can be transferred between the two device according to FCC Memorandum Opinion and Order
with minimal manual intervention , although manual inter - 45 (FC - 12 - 36 ) and related white space regulation documents . If
vention can be required to set up system 100 and any module 101 supports IEEE 802. 15 . 4 , then wireless network
occasional manual maintenance required . As contemplated 102 could be a Zigbee network , an ISA100. 11a standards
herein , machine - to -machine communications may also be based network , or a 6LOWPAN network as described by
referred to as " the Internet of things ” ( IoT ) . Also note that IETF RFC 4944 . Other possibilities exist as well for the
module 101 may comprise a wireless module , such that 50 wireless technology utilized by a wireless network 102 and
module 101 can communicate with wireless network 102 module 101, operating in a wireless mode, without departing
using a radio and an antenna . Thus, either a wireless or a from the scope of the present invention .
wired configuration for module 101 can be utilized in the Module 101 can collect data regarding a monitored unit
present invention . 119 and periodically report status to an M2M service pro
Ifmodule 101 operates as a wireless module , module 101 55 vider 108 . Examples of a monitored unit 119 can include a
and wireless network 102 can communicate using a base vending machine , an alarm system , an automobile , a stan
station 103 . Module 101 and wireless network 102 can dard 40 - foot or 20 - foot shipping container. Additional
utilize a variety of wireless technologies to communicate , examples of a monitored unit 119 include can also include
including WiFi, WiMax , a 2nd generation wireless wide area a pallet for shipping or receiving goods, an individual box of
network (WAN ) technology such as General Packet Radio 60 pharmaceuticals, a health monitoring device attached to a
Services (GPRS ) or Enhanced Data rates forGSM Evolution person such as a pacemaker or glucose monitor, and a gate
(EDGE), 3rd Generation Partnership Project (3GPP ) tech or door for opening and closing . Other examples exist as
nology such as 3G , 4G LTE , or 4G LTE Advanced , and other well without departing from the scope of the present inven
examples exist as well. A wired module 101 can connect to tion . Module 101 can utilize a sensor to measure and collect
the Internet 107 via a wired connection such as an Ethernet, 65 data regarding a parameter of monitored unit 119 such as
a fiber optic , or a Universal Serial Bus (USB ) connection temperature , physical ___location potentially including geo
(not shown ). graphical coordinates from a Global Positioning System
 US 10 , 177,911 B2
12
(GPS ) receiver, radiation , humidity, surrounding light levels , provider 109 may have its provider public key 120 signed by
surrounding RF signals , weight, vibration and /or shock , and
a certificate authority 118 , and then module provider 109
similar measurements . If monitored unit 119 is a person orcould sign module public key 111 . In this manner, module
a health monitoring device associated with a person , thenprovider 109 can also function as a certificate authority for
relevant health data could be recorded by module 101 in 5 module 101. Thus, the validity of module public key 111
order to transmit to a M2M service provider 108 , which could be checked with module provider 109 , and the wire
could be associated with a health service such as a hospital less module provider 's 109 provider public key 120 could be
or doctor's office.Module 101 could also periodically record checked against certificate authority 118 . Other configura
a picture , image , or video of or around monitored unit 119 . tions for signing public keys and using certificates with
As illustrated in FIG . la , wireless network 102 may 10 public keys are possible as well without departing from the
include a wireless network firewall 104 and M2M service scope of the present invention .
provider 108 may include a server network firewall 124 . Public keys and private keys as contemplated in the
These firewalls may be used to secure communication at the present invention , including module public key 111 and
data link , network , transport, or application layer of com - module private key 112 and additional keys described
munications using the Internet 107 . Firewalls 104 and 124 15 herein , may leverage established standards for Public Key
could perform network address translation (NAT ) routing or Infrastructure (PKI). These keys may be formatted accord
operate as symmetric firewalls , and selectively filter packets ing to the X .509 series of standards, such as X . 509 v3
received through Internet 107 in order to secure system 100 . certificates , and subsequent or future versions, and these
The firewall functionality of firewalls 104 and 124 could be keys may be considered cryptographic keys. The keys can
of many possible types, including a symmetric firewall, a 20 support standards such as the International Organization for
network -layer firewall that filters inbound packets according Standardization ( ISO ) ISO /IEC 9594 series of standards
to pre -determined rules , an application -layer firewall, or a (herein incorporated by reference ) and the Internet Engi
NAT router, as examples . Although a single firewall 104 and neering Task Force (IETF ) RFC 5280 titled “ Internet X .509
124 is illustrated in wireless network 102 and M2M service Public Key Infrastructure Certificate and Certificate Revo
provider 108 , respectively, firewall 104 and 124 may each 25 cation List (CRL ) Profile” (herein incorporated by refer
comprise multiple firewalls that operate in conjunction and ence ), including future updates to these standards.
the combined operation may be considered a single firewall Module public key 111 and module private key 112 , as
104 and 124 , respectively. well as the other private and public keys described within the
According to a preferred exemplary embodiment, module present invention , could be generated using standard soft
101 may preferably record a module private key 112 . As 30 ware tools such as Openssl, and other tools to generate
described in additional figures below , module 112 can gen - public and private keys exist as well. Public and private keys
erate a key pair comprising a module private key 112 and a as contemplated herein could be recorded in a file such as a
module public key 111 , where module private key 112 * .pem file (Privacy -enhanced Electronic Mail ), a file for
resides within module 101 and may not be shared orm atted according to Basic Encoding Rules (BER ), Canoni
transmitted to other parties . Module 101 may also be asso - 35 cal Encoding Rules (CER ), or Distinguished Encoding
ciated with a module provider 109 . Module provider 109 Rules (DER ) , or as text or binary file . Other formats for
could be a manufacturer or distributor of module 101 , or public and private keys may be utilized as well, including
may also be the company that installs and services module proprietary formats , without departing from the scope of the
101 or associates module 101 with monitored unit 119 . present invention . As contemplated herein , a key may also
Although not illustrated in FIG . 1a , module provider 109 40 comprise either a public key or a private key . A public key
could deliver module 101 to an end- user, where the end -user as contemplated herein may also be considered a certificate
associates module 101 with monitored unit 119 . Module or a public certificate . A private key as contemplated herein
provider 109 can record a module public key 111 and a may also be considered a security key or a secret key.
certificate 122 ( illustrated below in FIG . 1g and FIG . 1h ) for Other configurations besides the one illustrated in FIG . 1a
module 101. Module public key 111 may be associated with 45 are possible as well. Server 105 could reside within wireless
a module public key identity 111a , which could be an network 102 in a data center managed by wireless network
identifier of module public key 111 . 102 . Wireless network 102 could also operate as a module
As discussed below , a module 101 may utilize multiple provider 109 . Although a single module 101 and server 105
module public keys 111 over the lifetime of module 101 are illustrated in FIG . la , system 100 could comprise a
(including multiple correspondingmodule private keys 112 ), 50 plurality of each of these elements . Module 101 could also
and module public key identity 111a can be used to select record sensor data pertaining to a plurality of monitored
and / or identify the correct module public key 111 . Module units 119 . Module 101 could be mobile , such as physically
public key identity 111a could be a string or sequence attached to a truck or a pallet, and module 101 could connect
number uniquely associated with module public key 111 . As to a series of different wireless networks 102 or base stations
illustrated in FIG . 1a , module public key identity 111a may 55 103 as module 101 moves geographically. Other configura
preferably not be included in the string or number compris tions are possible as well without departing from the scope
ing module public key 111 , but rather associated with the of the present invention .
string or number comprising module public key 111 , and in FIG . 1b
this case the two together (module public key identity 111a FIG . 1b is a graphical illustration of hardware , firmware ,
and the string or number for module public key 111 ) may be 60 and software components for a module , in accordance with
used to refer to module public key 111 as contemplated exemplary embodiments . FIG . 1b is illustrated to include
herein . many common components within a module 101, and mod
The module public key 111 can optionally be signed by a ule 101 may also operate in a wireless configuration in order
certificate authority 118 in order to confirm the identity of to connect with a wireless network 102 . Module 101 may
module 101 and / or the identity of module provider 109 . 65 consist of multiple components in order to collect sensor
Alternatively, module provider 109 may have its own pro - data or control an actuator associated with a monitored unit
vider public key 120 and provider private key 121. Module 119 . In a wireless configuration , the physical interface 101a
 US 10 , 177,911 B2
13 14
of module 101may support radio - frequency (RF) commu ing the action . Note that module 101 may also optionally
nications with networks including a wireless network 102 include user interface 101; which may include one or more
via standards such as GSM , UMTS ,mobile WiMax , CDMA , devices for receiving inputs and/ or one or more devices for
LTE , and /or other mobile network technologies . In a wire conveying outputs . User interfaces are known in the art and
less configuration , the physical interface 101a may also 5 generally are simple for modules such as a few LED lights
provide connectivity to local networks such as 802. 11 or LCD display, and thus user interfaces are not described in
WLAN , Bluetooth , or Zigbee among other possibilities. In detail here . As illustrated in FIG . 1b , module 101 can
a wired configuration , the physical interface 101a can pro
vide connectivity to a wired network such as through an optionally omit a user interface 101j, since no user input
may be required for many M2M applications, although a
Ethernet connection or USB connection . 10
user interface 101j could be included with module 101.
The physical interface 101a can include associated hard Module 101 may be a computing device that includes
ware to provide the connections such as radio - frequency computer components for the purposes of collecting data
(RF ) chipsets , a power amplifier, an antenna , cable connec from a sensor 101f or triggering an action by an actuator
tors, etc ., and additional exemplary details regarding these
components are described below in FIG . 1d . Device driver 1515 (101y
Oly,. Module 101 may include a central processing unit
CPU ) 101b , a random access memory (RAM ) 101e, and a
101g can communicate with the physical interfaces 101a ,
providing hardware access to higher- level functions on system bus 101d that couples various system components
module 101. Device drivers 101g may also be embedded including the random accessmemory 101e to the processing
into hardware or combined with the physical interfaces. unit 101b . The system bus 101d may be any of several types
Module 101 may preferably include an operating system 20 of bus structures including a memory bus or memory
101h to manage device drivers 101g . The operating systems controller, a peripheral bus , and a local bus using any of a
can also manage other resources such as memory and may variety of bus architectures including a data bus. Note that
support multiple software programs operating on module the computer components illustrated for the module 101 in
101 at the same time. The operating system 101h can include FIG . 1b may be selected in order to minimize power
Internet protocol stacks such as a User Datagram Protocol 25 consumption and thereby maximize battery life , if module
(UDP) stack , Transmission Control Protocol ( TCP ) stack , a 101 includes a battery and is not attached to external power.
___domain name system (DNS) stack , etc ., and the operating In addition , the computer components illustrated for the
system 101h may include timers and schedulers for manag - module 101 in FIG . 1b may also be selected in order to
ing the access of software to hardware resources . The optimize the system for both long periods of sleep relative
operating system shown of 101h can be appropriate for a 30 to active communications and also may be optimized for
low - power device with limited memory and CPU resources. predominantly uplink (i. e . device to network ) communica
An example operating system 101h for module 101 includes tions with small packets or messages .
Linux , Android® from Google® , Windows® Mobile, or Module 101 may include a read - only memory (ROM )
Open AT? from Sierra Wireless® . Additional example 101c which can contain a boot loader program . Although
operating systems 101h for module 101 include eCos, 35 ROM 101c is illustrated as " read -only memory ” , ROM 101c
uC /OS, LiteOs, and Contiki, and other possibilities exist as could comprise long -term memory storage chipsets or physi
well without departing from the scope of the present inven cal units that are designed forwriting once and reading many
tion . times . As contemplated within the present invention , a
A module program 101i may be an application pro read - only address could comprise a ROM 101c memory
grammed in a language such as C , C + + , Java , and /or Python , 40 address or another hardware address for read -only opera
and could provide functionality to support M2M applica - tions accessible via bus 101d . Changing data recorded in a
tions such as remote monitoring of sensors and remote ROM 101c can require a technician have physical access to
activation of actuators . Module program 101i could also be module 101, such as removing a cover or part of an
a software routine, subroutine , linked library, or software enclosure, where the technician can subsequently connect
module , according to one preferred embodiment. As con - 45 equipment to a circuit board in module 101, including
templated herein , a module program 101imay be an appli - replacing ROM 101c . ROM 101c could also comprise a
cation operating within a smartphone , such as an iPhone® or nonvolatile memory , such that data is stored within ROM
Android - based smartphone , and in this case module 101 101c even if no electrical power is provided to ROM 101c .
could comprise the smartphone. The application functioning Although not illustrated in FIG . 1b , but illustrated in FIG . 1d
as a module program 101i could be downloaded from an 50 below , module 101 could also include a flash memory 101w .
" app store ” associated with the smartphone. Module pro - A primary difference between flash memory 101w and RAM
gram 101i can include data reporting steps 101x , which can 101e may be that reading and writing operations to flash
provide the functionality or CPU 101b instructions for memory 101w can be slower whereas reading and writing
collecting sensor data , sending messages to server 105, and operations to RAM 101e may be faster, and faster reading
receiving responses from server 105 , as described in the 55 and writing operations to memory may be required for
present invention . processing sensor 101f signals and securely communicating
Many of the logical steps for operation ofmodule 101 can with a server. For example , module program 101i, data
be performed in software by various combinations of sensor reporting steps 101x, operating system 101h , or device
101f, actuator 101y , physical interface 101a , device driver driver 101g could be stored in flash memory 101w when the
101g , operating system 101h , module program 101i, and 60 module is powered off. These components and/ or instruc
data reporting steps 101x . When module 101 is described tions could be and moved into RAM 101e when the module
herein as performing various actions such as acquiring an IP is powered on . In addition , RAM 101e can function as flash
address , connecting to the wireless network , monitoring a memory , such that module program 101i, power control
port, transmitting a packet, or encrypting or signing a steps 101x , operating system 101h , or device driver 101g
message , specifying herein that module 101 performs an 65 remain resident in random access memory even when the
action can refer to software , hardware , and/ or firmware mobile module 101 is powered off, or powered off for the
operating within module 101 illustrated in FIG . 1b perform - first time after module 101 is installed or becomes active in
 US 10 , 177,911 B2
15
wireless network 102 . Note that ROM 101c could be option with module 101 through a physical interface 101a , and the
ally omitted or included in a memory unit within CPU 1016 camera can comprise a video camera for the wireless device
(not shown ). 101 to collect sensor data that includes video or images . The
Although the exemplary environment described herein camera (not shown ) can be a CCD (charge - coupled device)
employs ROM 101c and RAM 101e , it should be appreci - 5 camera , a CMOS ( complementary metal- oxide - semiconduc
ated by those skilled in the art that other types of computer tor ) camera , or a similar device to collect video input. Other
readable media which can store data that is accessible by a arrangements could be used as well , without departing from
module 101, such as memory cards , subscriber identity the invention .
module (SIM ) cards, local miniaturized hard disks, and the The module 101 , comprising a computer, may operate in
like, may also be used in the exemplary operating environ - 10 a networked environment using logical connections to one
ment without departing from the scope of the invention . The or more remote computers , such as the server 105 illustrated
memory and associated hardware illustrated in FIG . 1b in FIG . 1a . Server 105 can also function as a general purpose
provide nonvolatile storage of computer - executable instruc - server to provide files, programs, disk storage , remote
tions , data structures , program modules , module program memory , and other resources to module 101 usually through
101i, and other data for computer ormodule 101. Note the 15 a networked connection . Additional details regarding server
module 101 may include a physical data connection at the 105 are provided in FIG . 1c below . Additional remote
physical interface 101a such as a miniaturized universal computers with which module 101 communicates may
serial bus adapter, firewire , optical, or other another port and include another wireless module or mobile device , an M2M
the computer executable instructions such as module pro - node within a capillary network , a personal computer, other
gram 101i, data reporting steps 101.x , operating system 20 servers , a client , a router, a network PC , a peer device , or
101h , or device driver 101g can be initially loaded into other common network node. The server 105 or a remote
memory such as ROM 101c or RAM 101e through the computer typically includes many of the elements described
physical interface 101a before module 101 is given to an end above relative to the module 101, including a CPU ,memory ,
user , shipped by a manufacturer to a distribution channel, or and physical interfaces. It will be appreciated that the
installed by a technician . In addition , the computer execut- 25 network connections shown throughout the present inven
able instructions such as module program 101i, data report - tion are exemplary and other means of establishing a wire
ing steps 101x , operating system 101h or device driver 101g less or wired communications link may be used between
could be transferred wirelessly to module 101. In either case mobile devices, computers , servers , corresponding nodes ,
(wired or wireless transfer of computer executable instruc - and similar computers .
tions ), the computer executable instructions such as module 30 The module program 101i and data reporting steps 101x
program 101i, data reporting steps 101x , operating system operating within module 101 illustrated in FIG . 1b can
101h , or device driver 101g could be stored remotely on a provide computer executable instructions to hardware such
disk drive , solid state drive, or optical disk ( external drives as CPU 101b through a system bus 101d in order for a
not shown ). module 101 to (i) collect data from a sensor, ( ii ) change the
A number of program modules may be stored in RAM 35 state of an actuator 101y , and (iii ) send or receive packets
101e , ROM 101c , or possibly within CPU 101b , including with a server 105 , thus allowing server 105 to remotely
an operating system 101h , device driver 101g, an http client monitor or control a monitored unit 119 . The module pro
(not shown ), a DNS client, and related software . Program gram 101i and /or data reporting steps 101x can enable the
modules include routines, sub - routines , programs, objects, module 101 to transmit or send data from sensor 101f or
components , data structures, etc ., which perform particular 40 module 101 by recording data in memory such as RAM
tasks or implement particular abstract data types. Aspects of 101e , where the data can include as sensor data , a destination
the present invention may be implemented in the form of a IP : port number, a packet or packet header value, an encryp
module program 101i and / or data reporting steps 101x tion or ciphering algorithm and key , a digital signature
which are executed by the module 101 in order to provide algorithm and key , etc ., and the data can be subsequently
remote monitoring using a sensor 101f and / or remote control 45 read by the operating system 101h or the device driver 101g .
using an actuator 101y . In addition , the module program The operating system 101h or the device driver 101g can
101i and/ or data reporting steps 101x can include routines, write the data to a physical interface 101a using a system bus
sub - routines, and similar components to support secure and 101d in order to use a physical interface 101a to send data
bandwidth and radio - frequency (RF ) efficient communica - to a server 105 . Alternatively, the module program 101i
tion with a server 105 utilizing the techniques described in 50 and /or data reporting steps 101x can write the data directly
the present invention . Further, the module program 101i to the physical interface 101a using the system bus 101d .
and / or data reporting steps 101x can perform the various The module program 101i and /or data reporting steps
actions described in the present invention for the module 101x , or operating system 101h can include steps to process
through instructions the module program 101i and / or data the data recorded in memory such as encrypting data ,
reporting steps 101x provide to the CPU 1015 . 55 selecting a destination address , or encoding sensor data
Auser may enter commands and information into module acquired by a sensor 101f or through a physical interface
101 through an optional user interface 101j, such as a 101a such as a thermocouple , shock or vibration sensor,
keypad , keyboard (possibly miniaturized for a mobile phone light sensor , or global positioning system (GPS ) coordinates,
form - factor ), and a pointing device . Pointing devices may etc . The module 101 can use the physical interface 101a
include a trackball , an electronic pen , or a touch screen . A 60 such as a radio to transmit or send the data from a sensor to
user interface 101j may also include a display (not shown ) a base station 103. For those skilled in the art , other steps are
such as a module screen . A display may also be connected possible as well for a module program 101i or operating
to system bus 101d via an interface . The display can system 101h to collect data from a sensor 101f and send the
Sy
comprise any type of display devices such as a liquid crystal data in a packet without departing from the scope of the
display (LCD ), a plasma display , and an organic light- 65 present invention .
emitting diode (OLED display. Module 101 may also Conversely, in order for module 101 to receive a packet
include a camera (not shown) connected to or integrated or response from server 105 , the physical interface 101a can
 US 10 , 177,911 B2
17
use a radio to receive data from a base station 103 . The operating system appropriate for a server such as Linux ,
received data can include information from a server 105 and Solaris® , or Windows® Server. Server 105 can preferably
may comprise a datagram , a source IP :port number, a packet have a wired Ethernet connection with high bandwidth that
or header value , an instruction for module 101, an acknowl- is persistently connected to the Internet 107 illustrated in
edgement to a packet module 101 sent, a digital signature , 5 FIG . 1a , while the Internet 107 connection for module 101
and/ or encrypted data . The operating system 101h or device may be transient as module 101 changes between sleep and
driver 101g can use a system bus 101d and CPU 101b to active states. Server application 105i can provide the server
record the received data in memory such as RAM 101e , and side logic for managing communications and controlling
the module program 101i or operating system 101h may module 101 in a module controller 101x .
access the memory in order to process the received data and 10 A server application 105i and/or module controller 101x
determine the next step for the wireless module after receiv - may be an application programmed in a language such as C ,
ing the data . Processing the received data could include C + + , Java , or Python and could provide functionality to
deciphering or decrypting received data with a key , verifying support M2M applications such as remote monitoring of
a digital signature with a key , reading an instruction from a sensors and remote activation of actuators . Server applica
server 105 , or similar transformations of the received data . 15 tion 105i can include a module controller 105x . Server
The steps within this paragraph may also describe the steps application 105i and /or module controller 105x could also be
a module program 101i or data reporting steps 101x can a software routine, subroutine , linked library, or software
perform in order to receive a packet. For those skilled in the module , according to one preferred embodiment. Server
art, other steps are possible as well for a module program application 105i can include a module controller 105x,
101i, data reporting steps 101x , or module 101 to receive a 20 which can provide the functionality or CPU 105b instruc
packet or response from a server 105 without departing from tions for the module controller 105x described in the present
the scope of the present invention . invention . Many of the logical steps for operation of server
Moreover, those skilled in the art will appreciate that the 105 or server application 105i can be performed in software
present invention may be implemented in other computer by various combinations of physical interface 105a , device
system configurations, including hand -held devices , net - 25 driver 105g, operating system 105h , module controller 101i,
books, portable computers , multiprocessor systems, micro - and data reporting steps 101x . When server 105 is described
processor based or programmable consumer electronics, herein as performing various actions such as acquiring an IP
network personal computers , minicomputers , mainframe address , monitoring a port , transmitting a packet, or encrypt
computers , and the like . The invention may also be practiced ing or signing a message , specifying herein that server 105
in distributed computing environments , where tasks are 30 performs an action can refer to software , hardware, and / or
performed by remote processing devices that are linked firmware operating within server 105 performing the action .
through a communications network . In a distributed com - The server 105 may also include a user interface 105j such
puting environment, program modules may be located in as a display ( not shown ) which could also comprise any type
both local and remote memory storage devices. In addition , of display devices such as a liquid crystal display (LCD ), a
the terms "mobile node ” , “ mobile station " , "mobile device ” , 35 plasma display , and an organic light- emitting diode (OLED )
“M2M module ”, “ M2M device” , “ networked sensor” , or display , or a cathode ray tube (CRT). A user interface 105j
“ industrial controller " can be used to refer to module 101 or for the server 105 may optionally be provided remotely such
its functional capabilities of collecting sensor data regarding as (i) via a web browser or a secure terminal such as secure
a monitored unit 119 , changing state of an actuator 101y shell (SSH ) with (ii) another computer operated by an
associated with monitored unit 119, or communicating the 40 administrator (not shown ) . A user or administratormay enter
data associated with a monitored unit 119 with a wireless commands and information into server 105 through a user
network 102. The function of module 101 and sensor 101f interface 105j, such as a keypad , keyboard , and a pointing
could be integrated , and in this case module 101 could also device . Pointing devices may include a trackball , an elec
be referred to as a " sensor ” , or an “ intelligent sensor ” . tronic pen , or a touch screen . In addition , the server 105 may
Further, the term “ module ” or “ monitoring device " can be 45 store computer executable instructions such as server appli
used to refer to the module program 101i when module cation 105i on storage 105m . Storage 105m may comprise a
program 101iprovides functional capabilities such as report disk drive , a solid - state drive , an optical drive, or a disk
ing data from a sensor 101f to a server 105 or receiving array. The server application 105i and /or module controller
instructions for an actuator 101y from a server 105 . The 101x can manage communications with module 101 and
device driver 101i, operating system 101i, and/ or module 50 may be downloaded and installed on the server 105 . As
program 101i could optionally be combined into an inte noted previously and elsewhere herein , module program
grated system for providing the module 101 functionality . 101i and server application 105i can preferably interoperate
FIG . 1c with each other in order to collect sensor data and control an
FIG . 1c is a graphical illustration of hardware , firmware , actuator associated with a monitored unit 119 .
and software components for a server, in accordance with 55 The server program 105i and/ or module controller 101x
exemplary embodiments . The illustrated components for the operating within server 105 illustrated in FIG . 1c can
server 105 in FIG . 1c include a central processing unit provide computer executable instructions to hardware such
(CPU ) 105b, a random access memory (RAM ) 105e, a as CPU 105b through a system bus 105d in order to (i )
system bus 105d , storage 105m , an operating system 105h , receive a message from the module 101 and ( ii) send a
and a server application 105i. These elements can provide 60 response , wherein the message can include sensor 101f data
functions equivalent to the central processing unit (CPU ) and the response can include an acknowledgement of the
1016 , RAM 101e , system bus 101d , flash memory 101w , message and /or an instruction to the module 101 . The server
and an operating system 101h described above in FIG . 16 , program 105i can enable the server 105 to send a response
respectively . In general, a server 105 will have higher - end to a message from module 101 by recording data associated
components such as a larger CPU 101b and greater RAM 65 with module 101 in memory such as RAM 105e , where the
105e in order to support communications with a plurality of data can include an instruction from module 101, a desti
modules 101. Operating system 101h can comprise an nation IP :port number, a packet or packet header value, an
 US 10 , 177 ,911 B2
20
encryption or ciphering algorithm or key, a digital signature The CPU 101b can comprise a general purpose processor
algorithm or key , etc . The operating system 105h or the appropriate for the low power consumption requirements of
device driver 105g can write the data from RAM 105e to a a module 101, and may also function as a microcontroller . In
physical interface 105a using a system bus 105d and an a preferred exemplary embodiment, the CPU 101b is
Ethernet connection in order to send the data via the Internet 5 responsible for maintaining a state machine for network and
107 illustrated in FIG . 1a . Alternatively , the software pro transport layer commands with an external network such as
gram 105i and /or module controller 105x can write the data the wireless network 102 illustrated in FIG . 1a , where CPU
directly to the physical interface 105a using the system bus 101b can manage the overall connection of radio 101z with
a wireless network 102 . CPU 101b can include additional
105d .
The server 105 can utilize the physical interface 105a to arithmeticnot
to 10 elements shown, such as registers, cache memory , an
receive data from a module 101 using a local area network logical operationsunit
logic ( ALU ), which performs arithmetic and
, and a control unit (CU ) , which extracts
such as Ethernet . The server 105 can listen for data from the instructions from memory and decodes and executes them ,
Internet 107 using port number and /or a TCP/UDP socket. calling on the ALU when necessary. The CPU 101b wake
The received data can be a message formatted according to 15 and dormant or sleep states may be controlled by a CPU
an Internet packet or datagram inside an Ethernet packet and wake controller 101u to put the module 101 in a dormant
include information from a module 101 such as a source IP state in order to conserve battery life in battery 101k when
address and port number, an identity of the module, sensor sensor measurements, actuator control, or radio communi
data that may be encrypted , and a digital signature of the cations are not needed . The CPU wake controller 101u could
module . The operating system 105h or device driver 1058 20 optionally be integrated into CPU 1016 . The CPU wake
can record the received data from module 101 via physical controller 101u can also include a timer to periodically wake
interface 105a in memory such as RAM 105e, and the server the CPU 101 in order to perform sensor measurements or
program 105i or operating system 105h may access the communicate with a wireless network 102 or server 105 .
memory in order to process the data received . The server The flash memory 101w can be a non -volatile memory and
program 105i and / or module controller 105x, or operating 25 may contain a bootloader program 125 and a module pro
system 105h can include steps to process the data recorded gram 101i. Bootloader program 125 can comprise a software
in memory and received from the module 101 such as program or application that is initially read by CPU 1016
parsing the received packet, decrypting data , verifying a upon power up ofmodule 101 in order to configure inter
digital signature with a key, or decoding sensor data faces and begin operations including loading module pro
included in a message from the wireless module . The server 30 gram 101i. Module program 101i is depicted and described
105 can use the physical interface 105a such as an Ethernet in connection with FIG . 1b above .
connection to receive the data from the Internet 107 . For Note that CPU wake controller 101u can monitor sensor
those skilled in the art, other steps are possible as well for 101f in order to determine a wake condition for CPU 101b ,
a server program 105i or operating system 105h within a wherein the CPU 101b remains dormant until sensor 101 /
server 105 to receive a packet or message with data from a 35 reads a state that requires sending a message to a server 105 .
module 101 and process the data without departing from the An example could be sensor 101f comprising a shock and
scope of the present invention . vibration detector or a temperature measuring device such as
The device drivers 105g, operating systems 105h , and/ or a thermocouple , and other examples exist as well . The CPU
server application 105i could optionally be combined into an wake controller 101u can leave CPU 101b in a dormant state
integrated system for providing the server 105 functionality . 40 until a certain threshold of shock and vibration or tempera
Although a single physical interface 105a , device -driver set ture is recorded by the sensor 101f, and in this manner
105g , operating system 105h , server application 105i, and battery 101k can be conserved so that CPU 101b wakes
user interface 105j are illustrated in FIG . 1c for server 105 , when a threshold sensor measurement or an alarm condition
server 105 may contain multiple physical interfaces , device is reported . The exemplary certain threshold of shock and
drivers , operating systems, software programs, and/or user 45 vibration or temperature recorded by the sensor 101f can
interfaces . Server 105 may operate in a distributed environ - also comprise an alarm condition . When CPU 101b is
ment, such that multiple computers operate in conjunction dormant, CPU wake controller 101u can monitor a voltage
through a network to provide the functionality of server 105 . level output by sensor 101f, and once a threshold voltage
Also , server 105 may operate in a “ virtualized ” environ level is read by CPU wake controller 101u , CPU wake
ment, where server 105 shares physical resources such as a 50 controller 101u can change CPU 101b from the dormant
physical CPU 105b with other processes operating on the state to an active state in order to run a module program
same computer. And other arrangements could be used as 101i.
well , without departing from the invention . Even without an alarm condition , CPU wake controller
FIG . 1d 101u can periodically wake CPU 101b to collect sensor data ,
FIG . 1d is a graphical illustration of the components 55 connect to an external network such as a wireless network
within a module , in accordance with exemplary embodi- 102 , and send sensor data to server 105 . CPU 101b can
ments . FIG . 1d is illustrated to show a combination of include one or more cores of the processor, where each core
components useful for leveraging the efficient and secure is an independent actual central processing unit, and the
communication techniques described in the present inven - cores can be the units that read and execute program
tion . In addition to the components illustrated in FIG . 1b 60 instructions. The instructions can be ordinary CPU instruc
above, module 101 can include a battery 101k , a server tions such as add , move data , and branch . The dormant state
public key 114 , a wireless module private key 112 , a ofCPU 101b can comprise a sleep state where a power level
connection to an actuator 101y , a USB interface 101v , a CPUused by a core in the processor is less than 0 . 010 milliwatts
wake controller 101u, a flash memory 101w , a symmetric during a one second measurement sample , such as when the
key 127 , a pre - shared secret key 129a, a random number 65 power supply is essentially removed from the core but
generator 128 , cryptographic algorithms 141, a radio 101z , power is supplied to memory 101e in order to allow a rapid
and other components illustrated in FIG . 1d . waking of the CPU 101b or core .
 US 10 , 177 ,911 B2
21 22
Sensor 101f could be a device to collect environmental 152 could also be used with a single actuator 101y . Sensors
data or data regarding a monitored unit 119 . Sensor 101f and actuators are well known to those of ordinary skill in the
could collect data such as temperature, humidity , pressure, art, and thus are not described in detail herein .
visible light levels, radiation, shock and /or vibration , volt - Module 101 can include a Universal Serial Bus (USB )
age, current, weight, pH levels , orientation /motion , or the 5 interface 101v, which could provide a general and standards
presence of specific chemicals. Sensor 101f could also based interface for external connection to a wide variety of
collect biometric data such as heart rate , glucose levels, sensors 101f, actuators 101y , and external computers such as
body temperature , or other health measurements and in this laptops or mobile phones . Module 101 could also obtain
case monitored unit 119 could be a person . The sensor 101f power or recharge a battery 101k through the USB interface
can provide data to the CPU 101b in the form of analog or 10 101v . Software programs or instructions to wireless module
digital data , which can be communicated via a system bus 101 could be provided locally through USB interface 101v ,
101d or physical interface 101a and other electrical inter including the initial loading of a pre -shared secret key 129a
faces are possible as well . A sensor measurement can
comprise the analog or digital data collected by CPU 101b and /or shared secret key 813 described in FIG . 8 below .
from sensor 1014. A sensor measurement can include pro - 15 Module program 11 , Operating system in , or modi
cessing of the analog or digital data input CPU 101b by private key 112 could be loaded into module 101 via USB
sensor 101f, such as averaging over time, using mathematic interface 10lv . In order to support a preferred small form
formulas to convert the raw data from sensor 101f into a factor of a module 101 , the USB interface 101v could
usable form . Module 101 may also collect sensor data or preferably utilize either a micro -USB or mini -USB physical
sensor values using a sensor 101f and CPU 101b , where the 20 interface , or future similar miniature USB interfaces related
data or values are derived from electrical signals output by to these standard interfaces. Although a USB interface 101v
a sensor 101f. A sensor measurement can comprise the is illustrated in FIG . 1d , alternative interfaces for external
sensor data or sensor values . communication could be provided , such as a Joint Test
As contemplated herein , the terms “ sensormeasurement” Action Group ( JTAG ) connection , optical, or a proprietary
and “ sensor data ” can be used interchangeably, and can also 25 interface such as a “ Lightning" connection from Apple , Inc .
be considered functionally equivalent. Although a single In accordance with an exemplary embodiment, module
sensor 101fis shown in FIG . 1d , a module 101 could include 101 can comprise a wireless module and include a radio
multiple sensors . Each of the multiple sensors 101f could 101z . Note that the use of a radio 101z is not required for
include a sensor identity 151, which could comprise a module 101, which could also obtain a connection to the
number or string to identify the sensor 1018. Or, a sensor 30 Internet 107 via a wired line such as Ethernet. Although not
identity 151 could also be used with a single sensor 101f. In illustrated , radio 101z could include antennas for reception
addition , although sensor 101f is shown as integrated into and transmission of RF signals, and even multiple antennas
module 101, sensor 101f could be external to module 101, could be used . Although a single radio 101z is illustrated in
and connected via an external interface such as through a module 101 ,module 101 could also contain multiple radios
USB interface 101v . 35 101z , such that a first radio 101z connects with a WiFi
Note that sensor 101f could also connect to module 101 network or functions as a WiFi base station , a second radio
via a WiFi or similar wireless LAN connection such as 101z connects with a PLMN mobile network , and a third
Zigbee . Radio 101z within module 101 can operate as a WiFi radio 101z connects with a wireless network operating in
base station in addition to radio 101z connecting to a white -space spectrum , etc . Or, a single radio 101z could be
wireless network 102 ), and sensor 101f could contain its 40 utilized to connect with multiple wireless networks 102
own radio and WiFi chipset, such that sensor 101f could operating in different frequencies with different RF modu
send sensor data to module 101 via the WiFi connection ( or lation techniques and / or different RF standards.
other wireless LAN connection ). In thismanner, by utilizing Radio 101z can support wireless LAN standards such as
WiFi to connect with sensor 101f, module 101 could connect WiFi, Bluetooth , and Zigbee , or similar wireless LAN
with a plurality of sensors 101f located in a vicinity of 45 standards. Radio 101z, if present in a module 101, could also
module 101, such as within an exemplary 50 meters. support communication through " white space ” spectrum
Although a WiFi network was primarily described , sensor white space spectrum recently approved for use by the
101f and /or actuator 101y could connect with module 101 Federal Communications Commission ( FCC ), and in this
via any suitable wireless local area networking technology case radio 101z in module 101 could operate as a Mode I or
including , IEEE 802 . 11 , IEEE 802 . 15 . 4 , an ISA100 . 11a 50 Mode II device according to FCC Memorandum Opinion
standards-based network , and /or a 6LOWPAN . and Order (FC - 12 -36 ) and related white space regulation
Actuator 101y could be a device to control a parameter or documents . Radio 101z can also be selected to support the
state for a monitored unit 119 , such as changing a voltage or desired wireless wide area network (WAN ) standards asso
current, activating a switch or relay , turning on or off a ciated with a public land module network ( PLMN ) such as
microphone or speaker, activating or deactivating a light, 55 GPRS , UMTS , LTE and the appropriate frequency band ,
and other examples are wellknown in the art. Actuator 101y such at 700 Mhz (LTE ), 900 or 1800 Mhz (GPRS ), and 2100
could be controlled by module 101 via a digital or analog Mhz (UMTS), etc . When connecting to a wireless network
output from CPU 101b , which could also be transmitted or 102 , a module 101 can (i) send or transmit data and (ii)
sent via system bus 101d or a physical interface 101a . receive data using the steps depicted and described in
Although actuator 101y is illustrated as external to wireless 60 connection with FIG . 1c of U . S . patent application Ser. No.
module 101 in FIG . 1c , actuator 101y could also be internal 14 /023 , 181 (the contents of which are hereby incorporated
to module 101, and module 101 could include multiple by reference in their entirety ). In general, the radio compo
actuators 101y . Although a single actuator 101y is shown in nents of radio 101z are well known to one of ordinary skill
FIG . 1d , a module 101 could include multiple actuators in the art, and the present invention leverages this wide
101y . Each of the multiple actuators 101y could include an 65 spread commercial use and knowledge of a radio 101z in a
actuator identity 152 , which could comprise a number or novel manner , in order to increase efficiency , flexibility , and
string to identify the actuator 101y . Or, an actuator identity security of a system 100 .
 US 10 , 177,911 B2
23 24
Note that module 101 may also operate as a base station the Elliptic Curve Integrated Encryption Scheme (ECIES )
in a wireless LAN , such as an 802. 11 base station . When and /or ECDH 159 , discussed in FIG . 1f below , using module
module 101 operates a wireless LAN , radio 101z can func - public key 111 , server public key 114 , and a random number
tion as either a client/node or a base station to support from random number generator 128 . ECIES could be
communication from other wireless nodes in physical prox - 5 included in cryptographic algorithms 141 . A summary of
imity , such as other nodes within an exemplary 50 meters. ECIES shared key derivation is described the Wikipedia
The other wireless nodes could comprise a sensor 101f article “ Integrated Encryption Scheme" from Sep . 18 , 2013
and / or actuator 101y , and in this case a sensor could be (herein incorporated by reference ) . Other possibilities for
referred to as a “ networked sensor ” and an actuator could be shared key derivation function using public keys are pos
referred to as a “ networked actuator” . When radio 101z 10 sible as well, including a Diffie -Hellman key exchange .
functions as a base station , module 101 can operate as a Using a derived symmetric key from the exemplary key
gateway, providing Internet access to these other nodes or derivation function ECIES, module 101 could derive a
modules 101 within the wireless LAN . Radio 101z can second symmetric key 127 after the expiration time 133 of
simultaneously function (i) as a base station in a wireless the first symmetric key 127 had transpired .
LAN , such as WiFi, and ( ii ) a client/ subscriber on a wireless 15 Note that a key derivation function using public keys is
WAN such as a PLMN . Radio 101z can be selected to not required to generate a shared symmetric key 127 , and
support multiple different wireless LAN technologies in alternatively a shared symmetric key 127 could be generated
addition to WiFi, such as the IEEE 802. 15 .4 standard or by any ofmodule 101 , server 105 , module provider 109, or
Bluetooth . If radio 101z supports IEEE 802 . 15 .4 , then M2M service provider 108 . If module 101 generates shared
wireless network 102 could be a Zigbee network , an 20 symmetric key 127 for symmetric ciphering 141b within a
ISA100 . 1la standards- based network , or a 6LOWPAN net- cryptographic algorithms 141, then module 101 can send
work as described by IETF RFC 4944 . shared symmetric key 127 to server 105 using an asymmet
In accordance with exemplary embodiments, module 101 ric ciphering depicted and described in connection with FIG .
can store module private key 112 , server public key 114 , and 4a below . In this case ,module 101 preferably uses a random
module identity 110 , and a symmetric key 127 in memory ! 25 number generator 128 to generate a random number for
RAM 101e during operation , such as when CPU 101b is input into cryptographic algorithms 141, and the seed 129 in
active and the module 101 is connected to a network such as random number generator 128 could utilize data from a
a wireless network 102 during data transmissions. Module sensor 101f in order to generate a random number with high
private key 112 preferably is recorded in nonvolatile entropy in the creation of symmetric key 127 . If server 105
memory such as flash memory 101w , so thatmodule 101 has 30 or M2M service provider 108 generates the symmetric key
access to its private key 112 after the private key has been 127 , server 105 can send module 101 the symmetric key 127
derived or loaded , including times when a battery 101k has securely using asymmetric ciphering 141a depicted and
been fully drained or removed from module 101 (ifmodule described in connection with FIG . 5a and FIG . 1f below .
101 does not utilize a persistent power source such as Module identity 110 is preferably a unique identifier of
land - line power ). Module private key 112 and module 35 module 101, and could comprise a number or string such as
identity 110 could be written into ROM 101c upon manu - a serial number, an international mobile subscriber identity
facture or distribution ofmodule 101 , although module 101 number ( IMSI), international mobile equipment identity
can also derive module private key 112 in accordance with (IMEI), or an Ethernet media access control (MAC ) address .
exemplary embodiments and store the module private key According to an exemplary embodiment, module identity
112 in a flash memory 101w . The CPU 101b preferably 40 110 can also comprise a serial number or string that is
moves module private key 112 and module identity 110 from written into hardware of module 101 upon manufacturing or
nonvolatile memory into volatile memory before sending distribution ofmodule 101. In this case,module identity 110
data through an Internet 107 illustrated in FIG . 1a , in order could be recorded a read only memory 101c, where read
to speed computations. As a minimum , module private key only memory 101c could not be easily erased or otherwise
112 and module identity 110 will need to be loaded into 45 tampered with . Or, module 101 could read module identity
registers of CPU 101b during computations or use of cryp . 110 , which could be written into hardware by a manufac
tographic algorithms that require module private key 112 turer, distributor, or module provider 109 , by using a device
and / or module identity 110 , and this move of the data into driver 101g that reads a hardware address containing the
registers of CPU 101b constitutes a move or copy ofmodule module identity 110 using the bus 101d . Module 101 can
private key 112 and module identity 110 into volatile 50 read the module identity 110 by accessing a read -only
memory . address using the bus 101d . In either case , module identity
Symmetric key 127 can be a secure, shared private key for 110 may preferably be permanently or persistently associ
use with symmetric encryption or symmetric ciphering a ted with the physical hardware of module 101 , which can
algorithms 141b . Symmetric key 127 can be derived by be helpful for the security procedures contemplated herein .
using module public key 111 and/or server public key 114 , 55 Module identity 110 can function as a basic identifier for
possibly through the use of a key derivation function 141f. services from M2M service provider 108 or server 105 in
Symmetric key 127 can be used for both encryption and order to properly identify module 101 among a plurality of
decryption with symmetric cryptographic algorithms 141b modules . Module private key 112 and module public key 111
described in FIG . 1f below , where a shared secret key can be could be unique to module 101 and uniquely associated with
used to both encrypt/cipher and decrypt/decipher. Symmet- 60 module identity 110 , according to a preferred embodiment.
ric key 127 may also include an expiration time 133, such As contemplated herein , a module identity 110 can also
that symmetric key 127 may only be used by module 101 have more than one use . A first module identity 110 could
during a limited period of time, such symmetric key 127 comprise a serial number for the physical hardware of
remaining only valid for a day , or a week , or during a session module 101, as described in the paragraph above . A second
(where the session comprises multiple messages and/ or 65 module identity 110 could also comprise a session identifier,
responses between a module 101 and a server 105 ), etc . for data sessions between module 101 and server 105 , where
Module 101 can also derive symmetric key 127 according the session identifier can be uniquely associated by a server
 US 10 , 177,911 B2
25 26
105 to module 101. In the case where module identity 110 asymmetric encryption/ ciphering , such as used with RSA
has more than one use, format, or representation , themodule and ECC cryptography, cryptographic algorithms 141 can
identity 110 associated with or written into hardware of provide symmetric ciphering where a shared private key is
module 101 ( and potentially read from a read -only address utilized to both encrypt and decrypt, such as with the
in module 101) would preferably comprise the module 5 Advanced Encryption Standard (AEC ) cipher suite .
identity 110 used in a certificate 122 . Since a module 101 As illustrated in FIG . 1d , module 101 may also contain a
may utilize multiple module public keys 111 and module random number generator 128 . Random number generator
private keys 112 over its lifetime, a certificate 122 for 128 may contain a seed 129 . The creation of random
module 101 can preferably include both (i) the module numbers with a high degree of entropy may be important the
identity 110 ( such as a serial number for the physical 10 use of cryptographic algorithms 141 . However, obtaining
hardware of module 101 ) and (ii) a module public key random numbers with high entropy in module 101 with
identity 111a in order to specify the particular module public limited processing resources may be a challenge using
key 111 associated with certificate 122 . The use of a module conventional technology. Since much of the operation of
public key identity 111a in a certificate 122 is also described module 101 requires a CPU 101b following a pre - deter
in FIG . 1g and FIG . 1h below . 15 mined series of steps , such as the programmatic steps in an
Further, as contemplated herein , a module identity 110 operating system 101h , module program 101i, etc., the
could also comprise more than one physical string or num - random number generator seed 129 should preferably be
ber, such as a first string when module 101 connects with a populated with data that is close to random “ noise” and not
first M2M service provider 108 or first wireless network subject to replay . According to a preferred exemplary
102, and module identity 110 could comprise a second string 20 embodiment, module 101 utilizes data input from sensor
when module 101 connects with a second M2M service 101f and radio 101z into a seed 129 within a random number
provider 108 or second wireless network 102 . The first M2M generator 128 . As one example , the sensor data input into
service provider 108 or first wireless network 102 may have seed 129 could comprise the least significant digits of a
a first requirement or specification for the format, length , sensor measurement or series of sensor measurements,
structure , etc . ofmodule identity 110 , and the second M2M 25 where the least significant digits would otherwise be effec
service provider 108 or second wireless network 102 may tively considered " noise" . In this example , if sensor 101f
have a second requirement or specification for the format, comprised a temperature measuring device such as a ther
length , structure , etc . of module identity 110 . mocouple or thermistor with a stated accuracy of 0 . 1
Server public key 114 in module 101 could be obtained degrees, module 101 could take a series of measurements
from downloading the key over the Internet 107 , or option - 30 with 0 .0001 degree resolution and utilize the last two digits
ally also written into nonvolatile memory of module 101 appended from a series of measurements for input into a
upon manufacture or distribution . Server public key 114 seed 129 in order to generate a random number. Random
could be obtained using a ___domain name or Internet address number generator 128 could also utilize data input from the
that is recorded in nonvolatile memory upon the configura other components illustrated in FIG . 1c in order to generate
tion of module 101, such as during installation or distribu - 35 a random number, where the data input from the other
tion , and module 101 could fetch the server public key 114 components comprise a signal with a high level of “ noise "
upon connecting to wireless network 102 . Server public key or high entropy . The seed 129 could comprise multiple seeds
114 can be the public key associated with server 105 or 129 or also a random number generator 128 could derive a
M2M service provider 108 . Although a single server public random number using input from other components illus
key 114 is illustrated in FIG . 1d , module 101 could record 40 trated in FIG . 1c and without using a seed 129 .
a plurality of server public keys 114 , where each server Other possibilities exist as well, such as if sensor 101fwas
public key 114 is associated with a different server 105 . a camera , module 101 could take a series of pictures and
Server public key 114 can optionally be signed by a certifi- process the image to input data from the image into a seed
cate authority 118 in FIG . 1a , such that when module 101 129 . Likewise , module 101 could utilize numerous radio
communicates with server 105 , module 101 can verify a 45 frequency (RF ) measurements from radio 101z in order to
signature 123 within a certificate 122 associated with server populate seed 129 , including " noise" measurements on
105 . Successful verification of the signature 123 can provide unused frequencies, or other data received by a radio 101z ,
a high level of certainty that server 105 is properly identified including apparently random RF data . Although not illus
and belongs to M2M service provider 108 , as opposed to trated in FIG . 1d , module 101 preferably includes a timing
being an imposter or part of a “man in the middle " attack . 50 source such as a clock , and the clock could also be utilized
Module 101 may also contain cryptographic algorithms to input data into a seed 129 . Data from radio 101z , a clock
141, which may comprise a suite of algorithms or subrou - ( not shown ), and/ or sensor 101f, and /or radio 101z could be
tines that can be utilized for (i ) deriving a pair of keys combined in order to input data into a seed 129 . Additional
comprising a public key and a private key , ( ii ) encrypting input into the seed could include measurements or states
data using public keys , ( iii) decrypting data using private 55 within memory 101e and 101w , operating system 101h
keys, (iv ) processing secure hash signatures using private states and files, and reading data from hardware through a
keys, and (v ) verifying secure hash signatures using public bus 101d . A plurality of the data as a source for a random
keys , and related software , firmware , or subroutines for number seed could be appended together into a “ temporary
implementing a cryptographic system . Cryptographic algo - random seed file” with a long series of states (i.e . a plurality
rithms 141 ( also described below in FIG . 11) could utilize 60 of sensor 101; measurements , radio 101z measurements ,
publicly available software libraries within tools such as clock times, memory 101e and 101w states, operating sys
OpenSSL maintained by The OpenSSL Project (http ://ww - tem 101h states , and /or hardware 101a and 101d states ). The
w .openssl.org /) , libgcrypt maintained by The Free Software “ temporary random seed file” can then be input into the
Foundation (http ://www . gnu .org /software/ libgcrypt/), and secure hash algorithm 141c described in FIG . 1f below , and
similar libraries such as libmcrypt and Crypto + + . Note that 65 the output of the secure hash algorithm 141c could then be
cryptographic algorithms 141 could also use proprietary used in the input as a seed 129 within random number
cryptographic libraries as well. In addition to implementing generator 128 . Also , this combined data ( such as the “ tem
 US 10 , 177, 911 B2
28
porary random seed file " ) could be utilized by random manufacturer, distributer, installer, or end user of module
number generator 128 directly in order to process a random 101 . Pre -shared secret key 129a can be moved by CPU 101b
number. Other possibilities exist as well without departing from the nonvolatile memory 101w into a RAM 101e for
from the scope of the present invention . further processing during the use of cryptographic algo
Note that the term " public key ” as contemplated herein 5 rithms 141.
includes a key that may be shared with other elements , Note that pre - shared secret key 129a can be different than
where the other elements may notbe under the direct controla pre -shared secret key used with conventional technology
of the same entity that holds the corresponding private key. such as SIM cards in PLMN networks, such as the key Ki,
However, the term “ public key ” as used herein does not where the pre -shared secret key in a SIM card is designed to
require that the public key is made available to the general 10 not be available for movement or loading into a RAM 101e
public or is publicly disclosed . An additional layer of for processing by CPU 101b . Alternatively , pre - shared secret
security may be maintained in the present invention by key 129a could be derived using a second pre -shared secret
preferably only sharing public keys on a confidential basis key Ki within a SIM card , but then server 105 would need
with other entities. For example,module public key 111 may to be able to derive the same pre - shared secret key 129a ,
be created by module 101 when generating module private 15 even though server 105 may not have pre - shared secret key
key 112 , and module 101 may share module public key 111 Kiavailable . Although not shown in FIG . 1d , a module 101
with M2M service provider 108 in order to record module may also include a SIM card that includes a pre - shared
public key 111 in server 105 , butmodule 101 could choose secret key, wherein the pre -shared secret key in a SIM card
to not share module public key 111 with other entities, such is different than pre -shared secret key Ki, since the pre
as wireless network 102 or make a certificate 122 available 20 shared secret key in the SIM card cannot be moved into
on the Internet 107 . The benefits of confidentially sharing RAM 101e for processing with a cryptographic algorithms.
module public key 111 with server 105 are also further Pre -shared secret key 129a as illustrated in FIG . 1d can be
described in connection with FIG . 10 below . loaded by a manufacturer , distributor, installer , or end user
Although a single public key and private key for ( i) of module 101 using a physical interface 101a , such as ( i) a
module 101 and ( ii ) server 105 are illustrated in FIG . 1c and 25 USB interface 101v , or ( ii ) a local WiFi network if module
also FIG . 1d below , respectively , both module 101 and 101 includes a WiFi client. Pre- shared secret key 129a may
server 105 may each utilize several different pairs of public optionally be uniquely bound to module identity 110 , such
keys and private keys. As one example, module 101 may that another module 101 with a differentmodule identity 110
record a first private key 112 used for creating a digital could not utilize pre - shared secret key 129a . Or, pre - shared
signature and a second private key 112 for decryption using 30 secret key 129a could be used by any module 101 , but only
asymmetric ciphering algorithms 141a . In this example , a used one time and thus a second module 101 could not
server 105 could utilize a first module public key 111 to utilize the exact same key within a pre -shared secret key
verify the digital signature , and a second module public key 129a for authentication with server 105 at a subsequent time.
111 could be utilized to encrypt messages sent to module Alternatively, pre -shared secret key 129a could be shared by
101 . Similarly, either module 101 or server 105 may use 35 a plurality of modules 101, and for example compiled into
private key 112 or 105c, respectively , to derive secondary a module program 101i, such thatmultiple modules utilize
shared keys such as a derived shared key 129b below . Thus, the same pre -shared secret key 129a.
one key pair could be used with digital signatures, a second Pre - shared secret key 129a could be obtained by a dis
key pair used for asymmetric ciphering, and a third key pair tributor, installer, or end user of module 101 by (i) using a
to derive shared secret keys . Each of the three illustrated 40 local computer to access a web page from a web server,
pairs of keys could comprise a set of keys . where the web page can be user password protected , ( ii)
In addition , module 101 could utilize a first set of keys to entering, submitting, or typing information including a mod
communicate with a first server 105 and a second set ofkeys ule identity 110 into the web page , and subsequently (iii )
to communicate with a second server 105 . Likewise , M2M downloading pre -shared secret key 129a from a web server.
service provider 108 illustrated in FIG . la could utilize a 45 The web server could be a server equivalent to server 105
first pair of secondary private and public keys with a first illustrated in FIG . 1c, where the server application 105i can
server 105 , and a second pair of secondary private and include a web server application such as Apache . The web
public keys with a second server 105 . As contemplated server could be operated by an entity such as module
herein , the term “ private key ” can also refer to secondary provider 109 ,M2M service provider 108 , or even certificate
non - shared keys derived from a “ parent” private key such as 50 authority 118 (since pre - shared secret key 129a could be
key 112 or key 105c, and the term “ public key ” can also refer used to authenticate the submission of module public key
to (i) secondary, shared keys derived using a private key 1 11 ). Note that the pre -shared secret key 129a could also be
such as key 112 , or ( ii ) secondary , shared keys associated presented visually on a response web page to the submis
with a public key such as key 111 . Other possibilities exist sion , and the a manufacturer, distributor, installer, or end
as well for a key to represent derived or associated keys 55 user could record the pre - shared secret key 129a visually
without departing from the scope of the present invention presented on the response web page . Pre - shared secret key
According to exemplary embodiments, module 101 may 129a could comprise a string of an exemplary set of char
also include a pre - shared secret key 129a . Pre -shared secret acters or numbers such as 10 - 16 digits or characters ,
key 129a can comprise a secret key that is shared between although other lengths for pre -shared secret key 129a could
module 101 and server 105 before module 101 begins (i) 60 be possible as well.
communicating with server 105 and/or a certificate authority According to a preferred exemplary embodiment, in order
118 , ( ii ) or utilizing PKI-based encryption and authentica - to obtain the pre -shared secret key 129a from a web page as
tion to communicate with M2M service provider 108 . As described in the above paragraph, the distributor, installer, or
illustrated in FIG . le below , server 105 could also record the end user of module 101 could read a pre -shared secret key
pre -shared secret key 129a . A pre - shared secret key 129a 65 code 134 . Pre - shared secret key code 134 could be physi
could be a secure key comprising a string or number loaded cally printed on module 101, such as next to a serial number
into a nonvolatile memory 101w of module 101 by a printed on the enclosure of the device . Pre - shared secret key
 US 10 , 177,911 B2
29 30
code 134 could be a unique and /or randomized string such using the techniques illustrated in FIG . 3 through FIG . 7 ,
as an exemplary 8 byte number or 10 character string (and then server 105 can securely send keys for use with future
other possibilities exist as well), where upon (a ) successful communication including a symmetric key 127 or other
submission to a web page of both the pre - shared secret key shared secret keys for authorizing any subsequent submis
code 134 with a module identity 110 , then (b ) the release of 5 sion of a new module public key 111 with module identity
pre-shared secret key 129a would be authorized for the 110 by module 101.
distributor, installer, or end user of module 101. Pre -shared Note that the use of a pre - shared secret key 129a and
secret key 129a could be transmitted through a secure web pre -shared secret key code 134 is also optional, such that a
session such as SSL or TLS from the web server to a module program 101i could cipher of obfuscate the initial
computer operated by the distributor , installer , or end -user. 10
The distributor, installer, or end -user could then load the submission of a derived module public key 111 and module
pre - shared secret key 129a into the nonvolatile memory of identity to a server 105 , so that server 105 could be reason
the module using ( i) a LAN connection such as WiFi to the ably assured only a valid module 101 submitted the module
module (and in this case radio 101z in module 101 could public key 111 . Alternatively, the module manufacturer
support an 802 . 11 type connection ) or ( ii ) a USB interface 15 could load the pre- shared secret key 129a in non - volatile
101v. memory such as flash 101w upon manufacturing, and in this
Pre -shared secret key 129a could be utilized by a module case a distributor, installer, or end-user may not need to
101 (i ) as a shared secret key 813 in FIG . 8 through FIG . 10 access the pre - shared secret key 129a . However, the steps
below , or ( ii ) to derive a shared secret key 813 also recorded for a distributor, installer, or end -user to read a pre -shared
by server 813 in FIG . 8 through FIG . 10 below . Note that 20 secret key code 134 and submit the code to a web server to
module program 101i preferably includes a verification obtain pre -shared secret key 129a may still be useful, such
process for any pre-shared secret key 129a loaded by a as if module 101 needs the equivalent of a “ factory reset”
distributor, installer, or end user, where a hash value or after deployment, reconfiguration such as loading new firm
combination of the pre - shared secret key 129a and module ware , or otherwise reset or returned to a default state .
identity 110 could be verified . As one example , the last few 25 Although ( A ) a pre -shared secret key 129a may be useful
digits or characters in a pre - shared secret key 129a could for sending module public key 111 to server 105 or other
comprise a checksum for a string comprising both module entities connected to the Internet 107, such as a certificate
identity 110 and pre - shared secret key 129a , such that authority 118 , (B ) pre -shared secret key 129a could be used
module 101 could calculate the checksum after entry of for other purposes as well , such as input into a key derivation
pre - shared secret key 129a , and module 101 can reject the 30 function 141f so that module 101 and server 105 could
pre - shared secret key 129a if the checksum failed . In this obtain common derived shared secret keys 129b . In this
manner, or through the use of similar techniques , system 100 case, a derived shared secret key 129b could be utilized as
can be designed so that pre - shared secret key 129a can only a shared secret key 813 depicted and described in connection
reasonably be utilized by a correct module 101 with the with FIG . 8 through FIG . 10 below . In addition , after the first
correct module identity 110 for the pre - shared secret key 35 use of pre - shared secret key 129a , a manufacturer, distribu
129a . tor, installer, or end user may also upload a second pre
Since module 101 may have multiple module identities shared key 129a into module 101 at a future date , such as
110, a first module identity 110 could be used with a upon reconfiguration of a module 101 .
pre -shared secret key code 134 and printed on an enclosure According to a preferred exemplary embodiment, module
ofmodule 101, while a second and more secure (i.e . longer 40 101 can derive its own module private key 112 and module
length or more randomized bits ) module identity 110 could public key 111 , and utilize pre - shared secret key 129a in
be used as a module identity 110 in a message 208 as order to securely and/ or authoritatively communicate the
described in FIG . 2 below . Note that when using the exem - derived module public key 111 with server 105 and/or a
plary embodiment illustrated in FIG . 10 below , (x ) the certificate authority 118 . The use of pre -shared secret key
module identity 110 submitted with a web page and pre - 45 129a can be particularly useful if module 101 has already
shared secret key code 134 is preferably different than (y ) an been deployed with a monitored unit 119 and connects to
unencrypted module identity 110 within a message 208 server 105 though the Internet 107 for the very first time.
illustrated in FIG . 6 , FIG . 7, and FIG . 10 . A module identity Server 105 could preferably utilize pre-shared secret key
110 submitted by a distributor, installer, or end user in a web 129a in order to confirm that a received module public key
page could preferably be easy to manually type into a web 50 111 and module identity 110 from module 101 authorita
page , such as 10 or 12 decimal digits or characters , while an t ively belong to module 101, as opposed to being an
unencrypted module identity 110 within a message 208 unauthorized or even fraudulent submission of module pub
could be significantly longer, such as 16 or 24 extended lic key 111 and module identity 110 .
ASCI characters. Server 105 could utilize a pre -shared secret key 129a and
Server 105 could (i) record a table of triplets including 55 the step depicted and described in connection with FIG . 4b
module identities 110 , pre -shared secret key codes 134 , and below in order to securely receive module public key 111
pre -shared secret keys 129a , and ( ii ) return via a web page and module identity 110 from module 101 , including the first
the pre - shared secret key 129a upon a successful match and timemodule 101 sendsmodule public key 111 to server 105 .
entry of the submitted pre - shared secret key code 134 and As one example , pre - shared secret key 129a could be
module identity 110 . Once the pre - shared secret key 129a 60 utilized as a symmetric ciphering 141b key , described in
has been utilized to authorize a module public key 111 with FIG . 1f below . After the first submission of module public
a server 105 (such as using subsequent Steps 803 through key 111 to server 105 , any subsequent submissions of new
807 in FIG . 8 or Steps 803 through 901 in FIG . 9 , or Steps module public keys 111 derived by module 101 could either
803 through 1002 in FIG . 10 below ), then that particular (i) continue to use the pre -shared secret key 129a , or (ii) use
pre -shared secret key 129a may be “ discarded ” and not used 65 a symmetric key 127 derived after the first module public
again for security purposes contemplated herein . After mod - key 111 has been received . Securing the submission of
ule 101 obtains an initial secure connection to server 105 , module public key 111 with server 105 , including both the
 US 10 , 177,911 B2
31 32
first submission and subsequent submissions , is also sub -server 105w can process messages and responses with a
depicted and described in connection with FIG . 8 through module 101 using a second set of security keys and algo
FIG . 10 below . rithms, such as using ECC -based security . Consequently ,
FIG . le message pre -processor 105y could route incoming messages
FIG . le is a graphical illustration of the components 5 to the appropriate sub - server 105w depending on the encryp
within a server that communicates with the module , in tion algorithm used in the incoming message (which could
accordance with exemplary embodiments . Server 105 can be determined by message pre -processor 105y by querying
include a database 105k, a sub - server 105w , and a message the database 105k using a module identity in the incoming
preprocessor 105y. The elements illustrated within a server message ). Sub - servers 105w may utilize separate server
105 in FIG . le may be stored in volatile memory such as 10 private keys 105c, or the sub - servers 105w can share a
RAM 105e, and / or storage 105m , and may also be accessible common private key 105c. Sub - servers 105w may utilize
to a processor CPU 105b . Database 105k , sub - server 105w , separate cryptographic algorithms 141 , or the sub -servers
and message preprocessor 105y could represent either dif - 105x can share common cryptographic algorithms 141 .
ferent processes or threads operating on a server 105 , or Although separate sub - servers 105w are illustrated in FIG .
physically separate computers operating in conjunction over 15 ld , the sub - servers may optionally be combined with a
a network to perform the functions of a server 105 . Since server 105 , or omitted , with the corresponding server private
server 105 can preferably support communications with a key 105c and cryptographic algorithms 141 stored directly
plurality of modules 101 , server 105 can utilize database in a server 105 .
105k to store and query data regarding a plurality ofmodules Server 105 may also comprise a collection of individual
101, monitored units 119, and the overall M2M service . The 20 computers , where the individual computers could be either
server 105 can store a plurality of module public keys 111 centrally located or geographically dispersed , but the indi
associated with a plurality of devices in the database 105k . vidual computers may function in a coordinated manner
The server 105 can use the module identity 110 of device over a network to operate as a server 105 . Server 105 may
101, received in a message such as a UDP packet, to query be a “ virtualized” server, with computing resources shared
the database 105k and select the public key 111 associated 25 with other processes operating on a computer .
with the module 101. Although not illustrated in FIG . le , FIG . 1f
database 105k can also record a pre - shared secret key 129a , FIG . 1f is a graphical illustration of the components in
a pre - shared secret key code 134 , and a module identity 110 cryptographic algorithms utilized by a module and a server,
for each module 101. In addition , although not illustrated in in accordance with exemplary embodiments. As contem
FIG . le , database 105k could store a symmetric key 127 for 30 plated herein , communications between a module 101 and a
each module 101, if cryptographic algorithms 141 utilize a server 105 can be secured by using cryptographic algorithms
symmetric cipher 141b such as AES for communication with 141 . The cryptographic algorithms 141 used by both module
module 101. Examples of database 105k could include 101 and server 105 can comprise a set of steps , procedures ,
MySQL , Oracle® , SQLite , hash tables , distributed hash or software routines for accomplishing steps to cipher,
tables, text files , etc . Database 105k could reside within 35 decipher, sign , and verify messages, including the genera
RAM 105e or storage 105m . tion of public keys , private keys, and derived shared keys.
Message preprocessor 105y can process incoming packets Cryptographic algorithms can be implemented in software
and route them to an appropriate sub -server 105w using operating on (i) module 101 in the form of a module
information contained in an incoming message , such as a program 101i, or ( ii ) server 105 in the form of a software
module identity 110 , a server identity 206 illustrated in FIG . 40 application 105i. Example software for a cryptographic
2 below , and /or a destination IP address . Message prepro - algorithms includes the libraries within the openssl, libm
cessor 105y can include rules for processing and routing , crypt, and / or and Crypto + + discussed in FIG . 1d . Other
such a dropping malformed incomingmessages or incoming possibilities for the ___location of cryptographic algorithms
messages without correct cryptographic data . Message pre within a module 101 or server 105 exist as well , including
processor 105y could also optionally be combined with a 45 possibly module operating system 101h or server operating
server firewall 124 in order to provide firewall functionality system 105h .
and security at the network layer. Message preprocessor In addition , cryptographic algorithms 141 may be imple
105y may preferably remain “ silent” to incoming packets mented in hardware or firmware on either module 101 or
without proper cryptographic data contained in an incomingserver 105 . Note thatmodule 101 and server 105 could each
message , such as one example of a properly formatted 50 utilize a different set of cryptographic algorithms 141,
message 208 illustrated in FIG . 6 below . although the two sets of algorithms should preferably be
Sub - server 105w can include a server private key 1050 fully interoperable (i. e. ciphering with a first symmetric
and cryptographic algorithms 141. A plurality of sub - servers ciphering algorithm 141b and a symmetric key 127 on
105w can be utilized by a server 105 in order to support module 101 could be deciphered by a second symmetric
communication with a plurality of wireless modules 101 . 55 ciphering algorithm 141b on server 105 using the symmetric
The server private key 105c and module public key 111 can key 127 ). As illustrated in FIG . 1f, cryptographic algorithms
be utilized by server 105 to secure communication with 141 may comprise an asymmetric ciphering algorithm 141a ,
module 101 , including the steps depicted and described in a symmetric ciphering algorithm 141b , a secure hash algo
connection with FIG . 4b through FIG . 5a below . Crypto - rithm 141c , a digital signature algorithm 141d , a key pair
graphic algorithms 141 may comprise a suite of algorithms 60 generation algorithm 141e , a key derivation function 141f,
or subroutines and can be utilized for (i ) encrypting data and a random number generator 128 .
using public keys, ( ii ) decrypting data using private keys, Asymmetric ciphering algorithms 141a can comprise
( iii) processing secure hash signatures using private keys, algorithms utilizing public key infrastructure (PKI) tech
and (iv ) verifying secure hash signatures using public keys. niques for both (i) encrypting with a public key and (ii )
A first sub -server 105w can process messages and responses 65 decrypting with a private key. Example algorithms within
with a module 101 using a first set of security keys and asymmetric algorithms 141a include the RSA algorithms
algorithms, such as using RSA -based security, and a second 153 and the Elliptic Curve Cryptography (ECC ) algorithms
 US 10 , 177,911 B2
33 34
154, and other asymmetric algorithms could be utilized as asymmetric ciphering algorithm 141a to encrypt or cipher
well . For example , either the ECC algorithms 154 or RSA data with a public key, such as module public key 111 or
algorithms 153 can be used for encryption and decryption , server public key 114 .
including encryption elements 403 and 503 discussed below , Cryptographic algorithms 141 may also include a set of
as well as decryption elements 413 and 514 discussed below . 5 secure hash algorithms 141c in order to compute and output
A set of parameters 126 can include input into asymmetric a secure hash value or number based on a string or file input
ciphering algorithms 141a , such as specifying key lengths, into the secure hash algorithms 141c. Example secure hash
elliptic curves to utilize (if ECC ) , or other parameters or algorithms include SHA256 156 ( also known as SHA - 2 ) and
settings required. As contemplated herein and described in SHA -3 157 . SHA256 156 is specified in the National
additional detail below , the algorithms illustrated in FIG . 1f 10 Institute of Standards and Technology (NIST ) Federal Infor
can perform both ciphering and deciphering, using the mation Processing Standards Publication ( FIPS PUB ) 180 -2
appropriate keys . titled “ Secure Hash Standard ” . SHA - 3 157 is scheduled to
The use and application ofRSA algorithms and cryptog be published in FIPS PUB 180 -5 . Parameters 126 input into
raphy are described within IETF RFC 3447 titled " Public secure hash algorithms 141c can include the selection of the
Key Cryptography Standards (PKCS ) # 1 : RSA Cryptogra - 15 length of the secure hash , such as either 224 , 256 , or 512 bits
phy Specifications Version 2 . 1" , herein incorporated by with either SHA - 2 or SHA - 3 .
reference , among other published standards for the use of Cryptographic algorithms 141 may also include a set of
RSA algorithms 153. The use of an RSA algorithm 153 for digital signature algorithms 141d , in order to sign and verify
encryption and decryption , including with cryptographic messages between module 101 and server 105 , or verify
algorithm 101n and other description of encryption or 20 signatures such as comparing that (i) a first secure hash value
decryption algorithms, can also be processed according to in the form of a signature 123 in a certificate 122 and a
the description of the RSA algorithm according to the certificate authority public key 132 matches ( ii ) a second
Wikipedia entry for “ RSA (algorithm )” as of Sep . 9 , 2013 , secure hash value in the certificate 122 . Digital signature
which is incorporated by reference herein . algorithms 141d can utilize algorithms in National Institute
The use and application of ECC algorithms 154 within 25 of Standards (NIST) “ FIPS 186 - 4 : Digital Signature Stan
asymmetric ciphering algorithms 141a within cryptographic dard ” , or IETF RFC 6979 titled “ Deterministic Usage of the
algorithms 141 are described within IETF RFC 6090 titled Digital Signature Algorithm (DSA ) and Elliptic Curve Digi
“ Fundamental Elliptic Curve Cryptography Algorithms” tal Signature Algorithm (ECDSA )" . The use of ECDSA
(herein incorporated by reference ), among other published algorithm 158 within a set of digital signature algorithms
standards using ECC . ECC algorithms 154 can also utilize 30 141d may be preferred if keys such as module public key 111
elliptic curve cryptography algorithms to the Wikipedia and server public key 114 are based on elliptic curve
entry for “ Elliptic curve cryptography ” as of Sep . 9 , 2013, cryptography. Other PKI standards or proprietary techniques
which is incorporated by reference herein . ECC algorithms for securely verifying digital signatures may be utilized as
154 may utilized according to exemplary preferred embodi well in digital signature algorithms 141d . Parameters 126
ments in order to maintain high security with smaller key 35 input into digital signature algorithms 141d can include the
lengths, compared to RSA , thereby helping to comparably selection of a secure hash algorithms 141c to utilize with
reduce the message lengths, radio frequency spectrum uti digital signature algorithms 141d , or the algorithm to utilize ,
lization , and processing power required by module 101 . such as ECDSA shown or an RSA -based alternative for
Thus , the use of ECC algorithms 154 within various steps digital signatures is possible as well .
requiring ciphering or digital signatures may help conserve 40 Cryptographic algorithms 141 may also include key pair
battery life of module 101 while maintaining the objective of generation algorithms 141e , a key derivation function 141f,
securing system 100 . Note that as contemplated herein , other and a random number generator 128 . Key pair generation
algorithms besides with ECC algorithms 154 and RSA algorithms 141e can be utilized by module 101 or server 105
algorithms 153 may be also be used in asymmetric algo to securely generate private and public keys. The key pair
rithms 141a . 45 generation algorithms 141e can also use input from a
Cryptographic algorithms 141 may also include a set of parameters 126 , such as the desired key lengths, or an ECC
symmetric ciphering algorithms 141b . Symmetric ciphering curve if the public key will support ECC algorithms 154 .
algorithms 141b can utilize a symmetric key 127 by one According to an exemplary preferred embodiment , module
node such as a module 101 to encrypt or cipher data , and the 101 can derive a pair ofmodule public key 111 and module
encrypted data can be decrypted or deciphered by server 105 50 private key 112 using key pair generation algorithms 141e.
also using the symmetric key 127. Examples of symmetric Software tools such as openssl and libcrypt include libraries
ciphers include Advanced Encryption Standard 155 (AES ), for the generation key pairs , and these and similar libraries
as specified in Federal Information Processing Standards can be used in a key pair generation algorithm 141e . Key
( FIPS ) Publication 197 , and Triple Data Encryption Stan - derivation function 141f can be used by module 101 and
dard ( Triple DES), as described in NIST Special Publication 55 server 105 in order to determine a common derived shared
800 -67 Revision 1 , " Recommendation for the Triple Data secret key 129 , using their respective public keys as input .
Encryption Algorithm (TDEA ) Block Cipher (Revised Janu - An exemplary algorithm within a key derivation function
ary 2012 ) ” . Parameters 126 input into symmetric ciphering 141f can be the Diffie -Hellman key exchange , which is used
algorithms 141b can include symmetric key 127 length , such by tools such as secure socket layer (SSL ) with RSA
as the selection of 128, 192 , or 256 bits with AES 155 60 algorithms 153. When using ECC algorithms 154 , module
symmetric ciphering . Other examples of symmetric cipher - 101 and server 105 can utilize Elliptic Curve Diffie -Hellman
ing algorithms 141b may be utilized as well within crypto - (ECDH ) algorithms 159, and a summary of ECDH is
graphic algorithms 141 . Also note that as contemplated included in the Wikipedia article titled “ Elliptic Curve
herein , the term “ symmetric ciphering" contemplates the use Diffie -Hellman ” (http :// en .wikipedia .org /wiki/ Elliptic curv
of a symmetric ciphering algorithm 141b in order to encrypt 65 e _ Diffie % E2 % 80 % 93Hellman ” from Sep . 24 , 2013 , which
or cipher data with a symmetric ciphering algorithm 141b , is herein incorporated by reference . Other algorithms to
and “ asymmetric ciphering " contemplated the use of an derive a shared secretkey 129 using public keys may also be
 US 10 , 177,911 B2
35 36
utilized in a key derivation function 141f , such as the the key length could be selected depending on the security
American National Standards Institute ( ANSI) standard requirements and processing resources of a module 101 .
X - 9.63 160 . Parameters 126 input into key pair generation Certificate 122 for module 101 could optionally include a
algorithms 141e can include the type of asymmetric cipher- signature 123 , which could be signed by a certificate author
ing algorithms 141a used with the keys, the key length in 5 ity 118 or a module provider 109 (where module provider
bits , an elliptic curve utilized for ECC , a time-to -live for a 109 also functions as a certificate authority 118 ). The
public key that is derived , and similar settings . Additional signature 123 can provide reasonable assurance that module
parameters 126 for a public key can include a supported public key 111 is associated with module 101 using module
point formats extension , where the supported point formats identity 110 . The signature 123 can be generated using a
extension could comprise uncompressed , compressed prime, 10 hash algorithm with an input of a private key such as
or " compressed char2 ” formats , as specified in ANSI certificate authority private key 131 and wireless module
X - 9.62 . In other words, an ECC public key can have several public key 111 . The hash algorithm could utilize an algo
formats and a parameters 126 can be useful to clarify the rithm from the SHA -1 , SHA -2 , and SHA -3 family of hash
format. The various algorithms within cryptographic algo - algorithms, or future secure hash algorithms. The signature
rithms 141 may utilize a random number generator 128 , 15 algorithm illustrated in certificate 122 is according to the
which is also depicted and described in connection with FIG . SHA -1 algorithm . Module public key 108, server public key
1d above . 114 , provider public key 120 , provider private key 121, and
FIG . 1g associated keys derived from these keys can be stored or
FIG . 1g is a graphical illustration of a certificate that communicated in the form of a certificate 122 . Certificate
includes a public key infrastructure (PKI) key, where the 20 122 can be stored or communicated in the text format
public key utilizes an RSA algorithm , in accordance with illustrated in FIG . lg , or also a privacy enhanced mail
exemplary embodiments. Public or shared public keys for (PEM ) 124 format, which may comprise a base64 encoding
module 101, server 105 , and module provider 109 can be of binary distinguished encoding rules (DER ) of the data for
recorded and distributed in the form of a certificate 122 . certificate 122 . Note that the use of a certificate 122 is not
Certificate 122 can be formatted according to the X .509 25 required for the format of a public or shared key, and the
ITU - T standard . Certificate 122 in FIG . 1g is illustrated public keys could optionally omit a signature from a cer
according to version 3 of this standard , although other tificate authority . In this case , the public keys such as module
formats of certificate 122 could be implemented as well, public key 111 and/ or server public key 114 could be
including future versions of the X .509 standards. In addi- recorded in the format of a string , without the additional
tion , public keys as described in the present invention do not 30 fields illustrated in FIG . 1g . Server public key 114 may also
require being recorded in a certificate 122 , and the public be recorded in a certificate 122 with a signature 123 from a
keys could be communicated or recorded in other formats. certificate authority 118 . Other possibilities exist as well
The module identity 110 , or a value associated with the without departing from the scope of the present invention .
module identity 110 can preferably be included in certificate FIG . 1h
122, such as the “ Common Name” (CN ) field of a X .509 35 FIG . 1h is an illustration of a certificate that includes a
certificate 122 , as illustrated in FIG . 1g . The module identity PKI public key , where the key comprises an elliptic curve
110 could alternatively be included in other fields within a cryptography key, in accordance with exemplary embodi
certificate 122 , such as the " Organizational Unit” (OU ) field , ments. Public and private keys in system 100 can utilize PKI
such that if multiple certificates 122 may be associated with techniques other than RSA , such as the elliptic curve cryp
module 101, and in this case the module public key identity 40 tography (ECC ) public key 111 illustrated in FIG . 1h . One
111a in a certificate 122 may be used in the CN field . benefit of using ECC is that an equivalent level of security
Alternatively, both the module identity 110 and the module can be obtained for a much smaller key length . Also, energy
public key identity 111a can be appended and used together may be conserved using ECC algorithms 154 compared to
in the CN field . A module identity 110 utilized in a CN RSA algorithms 153. An analysis of the energy conserved
and/ or OU field of a X . 509 certificate can preferably be read 45 for ciphering, deciphering, signing, and verifying messages
from and persistently or permanently associated with physi - using ECC versus RSA is included in the paper titled
cal hardware in module 101 . “ Energy Analysis of Public -Key Cryptography on Small
According to a preferred exemplary embodiment, a mod - Wireless Devices” by Wander et al (herein incorporated by
ule identity 110 , as used in a CN and/or OU field of a X . 509 reference ). Smaller key lengths save bandwidth , memory ,
certificate , could be written into a ROM 101c or another 50 processing resources , and power, which are all valuable for
read -only hardware address upon manufacturing or distri - a module 101 to conserve a battery 101k and usage of
bution ofmodule 101. Also , a certificate 122 for module 101 radio - frequency spectrum . For example, an ECC key length
may also preferably include a public key identity 111a , such of 283 bits provides security similar to an RSA key length
that module 101 may utilize multiple module public keys of approximately 2048 bits. Module public key 111 can
111 over the lifetime of module 101, and the module public 55 comprise an ECC key in an X .509 certificate , as illustrated
key identity 111a in a certificate 122 can specify which in FIG . 1g .
module public key 111 is associated with the certificate 111 . Certificate 122 could include a signature 123 , where
Themodule public key identity 111a can also be included in signature 123 can be signed using ECC signature tech
the CN field , and in this case the module identity 110 can be niques, such as the Elliptic Curve Digital Signature Algo
included in the Organizational Unit (OU ) field . Although a 60 rithm (ECDSA ) 158 with a secure hash such as SHA256
public key is shown in FIG . 1g, a second key associated with 156 . In order to generate signature 123 , the private key
a certificate 112 could comprise the private key . The private associated with either CA 118 or module provider 109 may
key could be a file containing a cryptographic string. also be an ECC -based private key. Note that the public key
Module public key 111 is illustrated in FIG . 1g using the 111 in a certificate 122 could use a different asymmetric
RSA algorithm with a 2048 bit key , where wireless module 65 ciphering algorithm 141a than the algorithm used for sign
public key 111 comprises a modulus and an exponent. Other ing, such that the public key 111 can be an ECC key , while
key lengths are possible as well , such as a 4096 bit key, and the signature 123 could be generated with RSA algorithm
 US 10 , 177,911 B2
37 38
153 and /or key. Certificate 122 may also include parameters ment, communicating with server 105 , and controlling an
126 , where parameters 126 can specify an elliptic curve actuator 101y . If module 101 is connected to land - line power
utilized with the module public key 111 . Parameters 126 or a long-lasting external power source such solar power,
could also include the start and end times for the validity ofthen module 101 may remain in an active state and bypass
either public key 111 or certificate 122 . Other parameters 5 a dormant state , although transmitting RF signals 201 may
126 can be utilized in a certificate 122 as well . preferably only be utilized when communicating with wire
Certificate 122 illustrated in FIG . 1g also illustrates an less network 102 or sending and receiving data from server
exemplary embodiment of the present invention . Over the 105 . Upon waking from the dormant state and starting
lifetime of a module 101, which could be a decade or longer , communication with a server 105 , wireless module 101 can
multiple module public keys 111 may be utilized . The 10 begin transmitting RF signals 201 to base station 103 . The
potential use of multiple different module public keys 111 wireless module can acquire an IP address 202 from the
include (i) the expiration of a certificate 122 (including wireless network 102 . IP address 202 is illustrated as being
expiration of a public key associated with a certificate an IPv6 address , but IP address 202 could also be an IPv4
authority used in signature 123 ), ( ii) a need to change an address . IP address 202 could also be a subset of IPv6
elliptic curve specified in a parameters 126 , (iii ) adding a 15 addresses such as the last 32 or 64 bits in a full 128 bit IPv6
new public /private key pair for connection with a different address , and wireless network 102 could append the begin
wireless network 102 , (iv ) as increasing a key length utilized ning 96 or 64 bits , respectively , of the IPv6 address when
in a public /private key pair , (v ) the transfer of ownership or wireless module 101 sends packets to the Internet 107 .
control ofmodule 101, and /or (vi) module 101 connecting to In order to transmit or send data from wireless module
a new server that utilizes a different asymmetric ciphering 20 101 to server 105 , wireless module 101 can use module
algorithm (i.e. RSA instead of ECC ). Other possibilities program 101i to collect data from a sensor 101f in order to
exist as well for reasons a module to derive a new module update server 105 . Module program 101i can request a port
public key 111 . Note that the multiple module public keys number 203 from operating system 101h in order to have a
111 may also be utilized concurrently , such that (i) a first source IP :port for sending data using IP protocols such as
module public key 111 in a first certificate 102 can be 25 TCP and UDP. The terminology " IP :port” as described
utilized with a first server 105 , and ( ii) a second module herein refers to combining an IP address with a port number.
public key 111 (possibly derived using a different set of Wireless module IP address 202 and port number 203 can be
parameters 126 including using a different elliptic curve) can combined to form IP :port number 204 . IP :port number 204
be utilized with a second server 105 and / or wireless network can be utilized as a source IP :port number for packets
102. 30 transmitted from wireless module 101, as well as a destina
In either case of (i) module 101 using multiple module tion IP :port number for packets received by wireless module
public keys 111 concurrently, or ( ii) module 101 using 101 , when communicating with server 105 .
different module public keys 111 in sequence , a certificate In order to utilize Internet 107 , wireless module 101 may
122 can preferably include a module public key identity also need a destination IP address and port number in order
111a to specify the module public key 111 utilized in a 35 to send packets to server 105 . Before sending data to server
certificate 122 . As illustrated in FIG . 1a , the module public 105 , wireless module 101 preferably retrieves server IP
key identity 111a could be included in the CN field , and the address 106 and server port number 205 from RAM 101e .
module identity 110 can be included in the OU field . Server IP address 106 could be recorded in RAM 101e via
Alternatively, the module public key identity 111a and (i) a DNS query using server name 206 or (ii) queries to
module identity 110 can be appended together and used in 40 M2M service provider 108 or wireless network 102 . CPU
the CN field . In this manner and according to preferred 101b may copy server IP address 106 and server port
exemplary embodiments , a module public key identity 111a number 205 from nonvolatile memory into volatile memory
is utilized with both a module identity 110 and a module such as a register for processing to send a packet to server
public key 111 within a certificate 122 . Also , as noted 105 . Server name 206 could also be a server identity . ( A )
previously herein , the use of a certificate 122 may optionally 45 Server IP address 106 or server name 206 and ( B ) server port
be omitted , such that module 101 and server 105 share number 205 could be recorded in a nonvolatile memory such
public keys without using certificates 122 . as flash memory 101w so that wireless module 101 can store
FIG . 2 the proper destination of packets transmitted even when
FIG . 2 is a graphical illustration of an exemplary system , wireless module is dormant or shutdown , which avoids the
where a module sends a message to a server, and where the 50 processing and bandwidth requirements of obtaining server
server responds to the message , in accordance with exem - IP address 106 and server port number 205 every time the
plary embodiments. Module 101 as depicted and described wireless module 101 wakes from the dormant or shutdown
in FIG . 2 can operate as a wireless module 101, although a state . Server IP address 106 and server port number 205 can
wired connection to the Internet 107 could alternatively be be combined into a server IP : port number 207 .
utilized . System 100 as illustrated in FIG . 2 includes RF 55 After collecting data from a sensor, wireless module 101
signals 201 , module IP address 202 , port number 203 , can send a packet from IP :port 204 to IP :port 207 , and the
module IP : port 204 , server port number 205 , server ID 206 , packet could comprise a message 208 thatmay include the
server IP :port number 207 , message 208 , response 209 , data from a sensor 101f. Note that message 208 does not
wireless network firewall address 210 , and firewall port need to include sensor data , and message could potentially
binding packet 211 . The elements illustrated within system 60 be a periodic registration message or keep - alive message . As
100 in FIG . 2 are also depicted and described in connection contemplated herein , the term “ sensor measurement” can
with FIG . 2 of U . S . patent application Ser. No. 14 / 023 , 181 refer to data associated with or derived from a sensor 101f.
(the contents of which are hereby incorporated by reference A sensor measurement, as described below including ele
in their entirety ) . ment 305 of FIG . 3 , can comprise a string containing data
Wireless module 101 can wake from a dormant state in 65 regarding a parameter of a monitored unit 119 and collected
order perform (i) remote and automated monitoring and (ii )by a sensor 101f. The sensor measurement as sent in a
control functions such as collecting a sensor 101f measure message 208 can also represent a string (alphanumeric ,
 US 10 , 177 ,911 B2
39 40
binary , text, hexadecimal, etc.), where the string comprises of TCP messages that can include a TCP SYN , SYN ACK ,
a transformation or processing of sensor data collected by a ACK , ACK w /data , FIN ACK , etc .
CPU 101b , such including formatting, compressing, or According to an exemplary embodiment, module 101
encrypting, etc . of sensor data . sends the same sensor data in multiple copies of the same
In order to minimize bandwidth and time required for RF 5 UDP packet. Each of the multiple copies of the same UDP
signals 201 to be active , module 101 can send the message packet can also optionally be formatted according to the
208 as a single UDP datagram in accordance with a preferred UDP Lite protocol. As one example , wireless module sends
exemplary embodiment. The single UDP datagram can three identical copies of the UDP or UDP Lite packet that
preferably be the only packet sent from module 101 to server include the same sensor data . The benefit of sending three
105 or M2M service provider 108 during a wake state for the 10 copies ofUDP Lite include (i) the RF signals 201 received
module 101 when the radio 101z is active and transmitting, by the base station 103 could include bit errors, which could
such as in a radio resource control (RRC ) connected state . In result in a regular (RFC 768) UDP packet being dropped ,
other words , according to this preferred exemplary embodi- since a bit error could result in a UDP checksum mismatch ,
ment, themessage 208 sent by module 101 can preferably be as received and processed by wireless network 102 . Note
the only message or packet sent by the wireless module to 15 that the use of checksums is mandatory in IPv6 , and thus
the server 105 between dormant periods of module 101. By checksumscannot be fully disabled in IPv6 . With UDP Lite
sending message 208 as a single UDP datagram , both a packets transmitted by wireless module 101, where the
battery 101k is conserved and utilization of valuable RF mandatory checksum for IPv6 can cover the packet header ,
spectrum is reduced . Message 208 could also comprise a wireless network 102 can forward all packets received ,
series of associated UDP messages. 20 potentially including bit errors , to server 105 over the
Also , as contemplated herein , message 208 could com - Internet 107.
prise a related series of packets, so that message 208 could Server 105 can receive the multiple copies of the UDP or
comprise multiple datagrams. As one example, if TCP is UDP Lite packets, which could include bit errors received ,
utilized as the transport protocol for message 208 , then the and server 105 could compare or combine the multiple
series of TCP messages including the initial handshake, one 25 copies or each individual UDP Lite packet in order to
or more packets of payload data , and the closing of the remove bit errors. Note that UDP Lite is not required , and
connection could together comprise message 208 . As wireless module 101 could send the message 208 using a
another example , if UDP or UDP Lite is utilized for the single UDP packet, or multiple copies of a regular UDP (i. e .
transport protocol, and payload data exceeds a maximum non UDP Lite ) packet. However, using UDP Lite with
transmission unit (MTU ) size for the UDP packet and the 30 multiple packets sent can provide benefits such as if the
payload data is spread across multiple packets , then the sensor data is encrypted in the packet, then a single bit error
multiple packets would comprise a message 208 . Further, a would normally break the receiver 's ability to decipher the
related series of packets comprising a message 208 could be data using a cryptographic key, unless the encrypted data
identified by using the same source port number for module was channel coded and the channel coding could recover
101. In addition , a related series ofpackets comprising a first 35 from the bit error in order to present an error- free input of
message 208 could be identified as a series of packets sent the encrypted data to a deciphering algorithm .
by module 101 before receiving a response 209 from a Further, between periods of sleep when the wireless
server, and packets sent after receiving a response 209 could module 101 becomes active and transmits RF signals 201,
comprise a second message 208 . Other possibilities for a module 101 , which may also comprise a wireless module
message 208 to comprise multiple packets or datagramsmay 40 101, could send the sensor data in a single UDP Lite packet
exist without departing from the scope of the present inven - where the packet includes channel coding , which can also be
tion. referred to forward error correction . Forward error correc
The UDP datagram for message 208 could also be for tion could also be implemented by sending multiple copies
matted according to the UDP Lite protocol, as specified in of the same UDP packet. Note that since large segments of
IETF RFC 3828 , which is also incorporated by reference 45 message 208 could include encrypted or hashed data , those
herein . The term “ UDP Lite” described in the present segments may not be appropriate for compression since the
invention may also refer to any connectionless protocol data is often similar to random strings which are not readily
widely supported on Internet 107 where checksumsmay be compressed . Channel coding techniques for the data in
partially disabled , thereby supporting the transfer of bit message 208 could include block codes and convolution
errors within a datagram . The advantages of UDP over TCP 50 codes . Block codes could include Reed -Solomon , Golay ,
is that UDP can be quickly sent, while TCP requires a BCH , Hamming , and turbo codes . According to a preferred
“ handshake” with the server which requires more time and exemplary embodiment, data within message 208 is sent as
bandwidth , which would utilize more energy from battery a UDP Lite packet using a turbo code to correct multiple bit
101k . Weak or “ noisy ” RF signals between wireless module errors within a packet or datagram sent by module 101 and
101 and wireless network 102 may degrade or slow TCP 55 received by server 105 .
transmissions , resulting in unwanted and unnecessary In system 100 illustrated in FIG . 2 , server 105 can use
retransmission of individual TCP messages in the standard IP : port 207 to receive the packet from wireless module 101
TCP “ handshake” and connection close procedures. Also , and sent from source IP : port 204 to IP :port 207, and the
the sensor data may be relatively small, such as a dozens of packet could comprise a message 208 that may include the
bytes, and UDP can provide significantly less signaling 60 data from a sensor associated with wireless module 101 or
overhead than TCP, especially with small messages for the monitored unit 119 . Note that server 105 can use IP :port 207
duration of the session . However, some M2M applications to receive a plurality of messages 208 from a plurality of
may prefer or require TCP and in this case message 208 can wireless modules 101 . Server 105 preferably listens forUDP
be formatted according to TCP. Thus, according to an packets on IP : port 207, although TCP packets could be
exemplary embodiment, both message 208 and response 209 65 supported as well. If server 105 receives multiple copies of
can be TCP messages . In this exemplary embodiment, the sameUDP packet from wireless module 101, server 105
message 208 and response 209 could each comprise a series preferably includes a timer. The timer can start when the first
 US 10 , 177 ,911 B2
41 42
packet in the series of same packets is received , and packets firewall 124 . Without firewall portbinding packet 211 , if ( A )
received outside the expiration of the timer would be dis a response 209 sent from server 105 at an exemplary 180
carded . In this manner, server 105 would be protected from seconds after receiving message 208 , such as after a firewall
replay attacks. The timer could be a relatively short value port binding timeout value of firewall 104 of an exemplary
such as less than 5 seconds. 5 60 seconds, then ( B ) response 209 would be dropped by
After receiving the message 208 and processing the firewall 104 and the response 209 would not be received by
message according to the techniques described below , server module 101.
105 can send a response 209 . Since wireless module 101 FIG . 3a
may belong to a wireless network 102 which includes a FIG . 3a is a flow chart illustrating exemplary steps for a
firewall 104 , the source IP : port of themessage 208 received 10 module to send sensor data to a server, in accordance with
could be different from the source IP : port 204 utilized by exemplary embodiments . As illustrated in FIG . 3a , FIG . 3a
wireless module 101. The source IP :port in message 208 may include the data reporting steps 101x used by a module
could be changed if firewall 104 performs network address 101 in a module program 101i, where data reporting steps
translation (NAT ), as one example . Server 105 may not 101x and a module program 101i are depicted and described
readily know if a NAT translation hasbeen performed on the 15 in connection with FIG . 1b above . The processes and
message 208 . Alternatively , firewall 104 may not perform operations, including data reporting steps 101x , described
NAT, but could still block data from the Internet 107 which below with respect to all of the logic flow diagrams may
does not properly match the firewall rules . As one example, include the manipulation of signals by a processor and the
firewall 104 could be a symmetric firewall (butwithout NAT maintenance of these signals within data structures resident
functionality ), where only packets from IP :port 207 to 20 in one ormore memory storage devices. For the purposes of
IP :port 204 are allowed to pass the firewall after message this discussion , a process can be generally conceived to be
208 has been sent by wireless module 101 . In either case, a sequence of computer-executed steps leading to a desired
where firewall 104 may or may not perform NAT routing, result.
server 105 preferably sends the response 209 from the server These steps usually require physical manipulations of
IP : port 207 to the source IP : port it receives in message 208 . 25 physical quantities. Usually , though not necessarily , these
According to a preferred exemplary embodiment, response quantities take the form of electrical, magnetic , or optical
209 is a UDP packet sent from server 105 with (i) a source signals capable of being stored , transferred , combined , com
IP : port 207 and (ii) a destination IP :port equal to the source pared , or otherwise manipulated . It is convention for those
IP : port received in message 208 , as illustrated in packet skilled in the art to refer to representations of these signals
209a . The example use of source and destination IP : ports in 30 as bits, bytes, words , information , elements, symbols , char
message 208 and response 209 are also illustrated in FIG . 6 acters , numbers , points , data , entries, objects, images , files ,
below . In this manner, the UDP packet can traverse a firewall or the like . It should be kept in mind , however, that these and
104 , if firewall 104 is present. If firewall 104 is present and similar terms are associated with appropriate physical quan
performs NAT routing, then firewall 104 can receive the tities for computer operations, and that these terms are
response 209 and change the destination IP address and port 35 merely conventional labels applied to physical quantities
within response 209 to equal IP :port 204 . that exist within and during operation of the computer .
According to exemplary preferred embodiments , module It should also be understood that manipulationswithin the
101 may also obtain power from a land -line source , such as computer are often referred to in terms such as listing,
a traditional 120 volt wall socket, or possibly power over creating, adding , calculating, comparing ,moving, receiving,
Ethernet, and other non -transient power sources could be 40 determining, configuring, identifying , populating , loading,
utilized as well. In this case , module 101 may remain performing, executing, storing etc . that are often associated
persistently connected to the Internet through either a wire with manual operations performed by a human operator. The
less network 102 or a wired connection such as Ethernet. In operations described herein can be machine operations per
other words, module 101 may omit entering periods of sleep formed in conjunction with various input provided by a
or dormancy where inbound packets from the Internet would 45 human operator or user that interacts with the computer.
not be received due to the sleep state of module 101 . In addition , it should be understood that the programs,
Consequently ,module 101 may preferably periodically send processes , methods , etc . described herein are not related or
a firewall port binding packet 211 from IP :port 204 to IP :port limited to any particular computer or apparatus . Rather,
207 in order to keep ports and addresses within a firewall various types of generalpurposemachines may be used with
104 and/ or firewall 124 open to communications between 50 the following process in accordance with the teachings
module 101 and server 105 . Firewall port binding packet 211 described herein .
can comprise a packet that is sent periodically using a timer The present invention may comprise a computer program
interval that is shorter than the port-binding timeout period or hardware or a combination thereof which embodies the
on a firewall 104 and firewall 124 . functions described herein and illustrated in the appended
If UDP is utilized for message 208 and response 209 , then 55 flow charts . However, it should be apparent that there could
a small UDP packet comprising firewall port binding packet be many different ways of implementing the invention in
211 can be sent periodically such as every 45 seconds. If computer programming or hardware design , and the inven
TCP is utilized for message 208 and response 209 , then a tion should not be construed as limited to any one set of
small TCP packet comprising firewall port binding packet computer program instructions.
211 can be sent periodically such as every 4 minutes . Other 60 Further, a skilled programmer would be able to write such
possibilities for the timing of sending firewall port binding a computer program or identify the appropriate hardware
packet 211 are possible as well . By sending firewall port circuits to implement the disclosed invention without diffi
binding packet 211 periodically , server 105 (i) can send culty based on the flow charts and associated description in
module 101 a response 209, which could include a module the application text, for example . Therefore, disclosure of a
instruction 502 as explained in FIG . 5a , at (ii) time intervals 65 particular set of program code instructions or detailed hard
between message 208 and response 209 that are longer than ware devices is not considered necessary for an adequate
the firewall port binding timeouts of firewall 104 and/ or understanding of how to make and use the invention . The
 US 10 , 177 , 911 B2
43 44
inventive functionality of the claimed computer imple - After installation of the module 101, module 101 can
mented processes will be explained in more detail in the wake from a dormant state in step 303 . The dormant state
following description in conjunction with the remaining can comprise a state of low power usage as described in FIG .
Figures illustrating other process flows. 1c, in order to conserve battery life and wired bandwidth or
Further, certain steps in the processes or process flow 5 wireless spectrum resources . As noted in FIG . 1c , module
described in all of the logic flow diagrams below must 101 can utilize a bootloader program 125 in order to initiate
operations from a sleep or dormant state . At step 303, the
naturally precede others for the present invention to function module private key 112 ,module identity 110 , server identity
as described . However, the present invention is not limited 206 , and/ or server address 106 could be moved from non
to the order of the steps described if such order or sequence volatile memory 101w into RAM 101e . At step 304 , the
does not alter the functionality of the present invention. That 10 module 101 can read themodule private key 112 and module
is, it is recognized that some steps may be performed before ,
identity
after, or in parallel other steps without departing from the server public 110 recorded in RAM 10le , and also record the
scope and spirit of the present invention . key 114 and server IP :port 207 . The server
public key 114 and server IP :port 207 could also be either
The processes , operations, and steps performed by the 15 locally stored previous to step 304 in a non - volatile memory
hardware and software described in this document usually 101w , or obtained through the Internet 107 via a query to
include the manipulation of signals by a CPU or remote M2M service provider 108 . As one example, module 101
server and the maintenance of these signals within data could obtain the server public key 114 by establishing an
structures resident in one or more of the local or remote Internet connection through a network such as a wireless
memory storage devices . Such data structures impose a 20 network 102 and downloading the server public key 114
physical organization upon the collection of data stored from server 105 .
within a memory storage device and represent specific If module 101 utilizes a sleep or dormant state (according
electrical or magnetic elements. These symbolic represen - to exemplary sleep or dormant states depicted and described
tations are the means used by those skilled in the art of in connection with FIG . 1c of U .S . patent application Ser.
computer programming and computer construction to most 25 No . 14 /023 , 181, which is herein incorporated by reference )
effectively convey teachings and discoveries to others in order to conserve power consumption or energy utiliza
skilled in the art . tion , then according to a preferred exemplary embodiment at
At step 301, before final distribution of the module to a step 304 , after waking ,module 101 can preferably read from
sales channel, equipment distributors, or end users , a module nonvolatile such as a flash memory 101w each of ( i ) module
private key 112 and module identity 110 could be recorded 30 private key 112, ( ii ) module identity 110 , ( iii ) the server
in non -volatile memory 101w of the module 101 . The public key 114 , ( iv ) server IP : port 207 ,and (v ) data reporting
module private key 112 could be a private key formatted steps 101x. The ___location of server 105 could be obtained via
according to the X . 500 series of standards published by the a DNS query using the server identity 206 . Although not
International Organization for Standardization (ISO ) in ISO / illustrated in FIG . 3a , server identity 206 and server IP :port
IEC 9594 or similar and subsequent standards, or alterna - 35 207 could also be recorded in non -volatile memory at step
tively according to another format including a propriety 301. Other means are possible as well for module 101 to
format. The module private key 112 could be formatted obtain server public key 114 and server IP :port 207.
using RSA encryption algorithms or ECC encryption algo - At step 305 , the module 101 can read data from a sensor
rithms, and other possibilities exist as well for the format of 101f. The data can comprise information regarding a moni
encryption and / or decryption keys without departing from 40 tored unit 119, as illustrated in FIG . la . As referenced
the scope of the present invention . Note that step 301 herein , the data collected at step 305 may comprise a sensor
contemplates an alternative to the case where a module 101 measurement 305 or sensor data 305 . At step 306 , the
derives its own public and private keys using key pairm odule can utilize cryptographic algorithms 141 to (i )
generation algorithms 141e . Thus, the present invention also encrypt the data from sensor 101f using the server public key
contemplates that a module private key 112 is derived 45 114 and ( ii ) sign the encrypted data using themodule private
outside module 101 and loaded into nonvolatile memory key 112 . Note that a symmetric ciphering algorithm 141b
101w . Note that in this case , where module private key 112 may be used at step 306 , but since the symmetric key 127
is loaded from an external source to module 101 , that may be derived using the server public key 114 , the sensor
module 101 could still utilize other features contemplated data 305 can be encrypted using the server public key
herein , such as if module 101 needed to derive public and 50 (indirectly ) at step 306 . According to a preferred exemplary
private keys in the future after the initial step 301. embodiment, themodule can add channel coding to the data
Module identity 110 can be a unique identifier associated resulting from the steps taken in the previous sentence ,
with module 101, and can represent a number or a string . although the channel coding can optionally be omitted . A
The module private key 112 and module identity 110 could more detailed description of the steps for encrypting and
be recorded in non - volatile memory 101w by the manufac - 55 signing data from the sensor are included in FIG . 4a below .
turer, or a service provider. Alternatively , the module private After encrypting and signing sensor data , the module can
key 112 and module identity 110 could be recorded in send the data to the server 105 in message 208, where
non - volatile memory 101c by the end users . Module private message 208 is formatted and sent according to a either a
key 112 and module identity 110 could be recorded in a TCP or UDP packet. An exemplary format ofmessage 208
Subscriber Identity Module (SIM ) card that is inserted into 60 is also depicted and described in connection with FIG . 6
module 101 . At step 302, the module is distributed and below . Message 208 could be sent using the UDP Lite
installed in physical proximity to a monitored unit 119 . protocol, although the message could also be sent in a TCP
Although step 301 is illustrated as occurring before step 302 datagram , after completing the initial TCP " handshakes"
according to an exemplary embodiment, step 301 can take with server 105 . Message 208 in the form of a UDP or TCP
place after step 302 or concurrently with step 302 , and other 65 datagram can be sent from the module IP : port 204 to the
possibilities exist as well without departing from the scope server IP :port 207. Message 208 can also comprise sending
of the present invention . the sensor data in multiple datagrams, including two or more
 US 10 , 177 ,911 B2
45 46
copies of the same data . Although not illustrated in FIG . 3a , tificate 122 to server 105 , where certificate 122 would
upon the first communication with a server 105 , according normally include module public key 111. Server 105 could
to an exemplary embodiment, module 101 can send a utilize a certificate 122 to verify a module identity 110 , as
certificate 122 to server 105 , where certificate 122 would described in FIG . 4b below at step 412 .
normally include module public key 111. Server 105 could 5 An exemplary format of message 208 is depicted and
utilize a certificate 122 to verify a module identity 110 , as described in connection with FIG . 6 below . Although not
described in FIG . 4b below . illustrated in FIG . 3b , after receiving message 208, server
As illustrated in FIG . 3a , the module 101 can then receive 105 may also process any channel coding present in message
reply from server 105 to the message 208 in the form of a 208 in order to eliminate any bit errors received. The channel
response 209 . Response 209 can be encrypted with the 10 coding could be included in a message 208 that utilizes the
module public key 111 and signed with the server private UDP Lite protocol. At step 314 , server 105 can decrypt a
key 105c , as depicted and described in connection with FIG . message 208 using a cryptographic algorithm 141 and server
4b below . An exemplary format of the response 209 is also private key 105c. Additional details regarding step 314 are
depicted and described in connection with FIG . 6 below . The depicted and described in connection with FIG . 4b below . At
module 101 can receive the encrypted response 209 to 15 step 315 , server 105 can verify that message 208 was sent by
message 208 in a datagram 209a that is sent from server module 101 using a module identity 110 , module public key
IP :port 207 and received at module IP :port 204 . 111 , and a cryptographic algorithm 141. Additional details
At step 307a , the module 101 can process the response regarding step 315 are depicted and described in connection
209 by decrypting the response 209 using themodule private with FIG . 4b below . Note that step 315 can take place before
key 112 and cryptographic algorithms 141 . At step 307b , 20 step 314 if the module identity 110 and /or a digital signature
module 101 can verify a digital signature of response 209 is not encrypted within message 208 ( i.e . a sensor measure
using the server public key 114 and cryptographic algo - ment in message 208 could be encrypted but a module
rithms 141. Additional details regarding step 307a and 3076 identity 110 or digital signature may not be encrypted ).
are depicted and described in connection with FIG . 56 After verifying the identity of module 101 in step 315 ,
below . Note that encryption of response 209 may be option - 25 server 105 can record sensor data or sensor measurements
ally omitted and a digital signature in response 209 may also within message 208 in a database 105k . The sensor data
be optionally omitted . Although not shown in FIG . 3a , if the recorded in database 105k can be made available for sub
module 101 cannot decrypt the response 209 or verify the sequent processing by server 105 or other servers or appli
digital signature of response 209, then the module 101 can cations associated with an M2M service provider 108 in
drop the response 209 and optionally send message 208 30 order to manage the function and operation of module 101
again . or monitored unit 119 . After receiving message 208, server
After the module 101 successfully processes response 209 1 05 can process a response 209 at step 317a . Step 317a can
in steps 307a and 307b , as shown in step 308, the module comprise encrypting an instruction, where the instruction
101 can sleep the CPU 101b and /or shutdown the radio 101z . could include an acknowledgement of themessage received ,
Step 308 could comprise the module 101 entering the “ radio 35 a command or setting for an actuator, and / or another control
off ” state 505a as depicted and described in connection with message for wireless module 101 . Server 105 can utilize a
FIG . 6b of U . S. patent application Ser. No . 14 /023 , 181 (the module public key 111 and cryptographic algorithms 141 in
contents of which are hereby incorporated by reference in order to encrypt the instruction . Step 317b can comprise
their entirety ), and/ or entering the “ CPU off " state 505b as creating a digital signature for the response 209 using the
described in FIG . 6c of U . S . patent application Ser. No. 40 server private key 105c and cryptographic algorithms 141.
14 /023 , 181. Step 308 could also comprise the module 101 Additional details regarding steps 317a and 317b are
sending a detach message to a wireless network 102 as depicted and described in connection with FIG . 5a below .
depicted and described in connection with FIG . 6a of U . S . Note that step 317a and / or step 317b may optionally be
patent application Ser. No. 14 /023 , 181. Thus, according to a omitted , such that response 209 is transmitted without
preferred exemplary embodiment, module 101 can omit 45 encryption and a signature, and security could be obtained
sending or receiving any further radio resource control through other means, such as through firewalls 104 and 124 ,
messages after processing the encrypted and /or signed or using a secured network link between module 101 and
response 209 , when completing step 308 . server 105 , such as setting up a VPN or SSH tunnelbetween
After entering the sleep state in step 308 , the module can the two endpoints . These alternative means for security at
then periodically check a sleep timer at step 309 , and wake 50 the network layer would likely require additional bandwidth
from sleep if the timer has expired and report subsequent and power consumption for a module 101 and thus may not
data from a sensor 101f to a server 105 by returning to step be adequately efficient. As one example , if module 101 is a
305 . wireless module that sleeps for relatively long periods such
FIG . 35 as every hour ( and obtains a new IP address for every wake
FIG . 3b is a flow chart illustrating exemplary steps for a 55 period ), setting up a new VPN between module 101 and
server to receive sensor data from a module , in accordance server 105 in order to receive send a message from module
with exemplary embodiments . As illustrated in FIG . 3b , 101 may not be practical due to the extra drain on a battery
FIG . 3b can represent the steps used by a server application 101k for re -establishing the VPN .
105i in a server 105 as illustrated in FIG . 1c. At step 312 , the After completing steps 317a and 317b , at step 209a ,
server 105 can open a TCP /UDP socket associated with an 60 server 105 can send response 209 from the source port
IP : port number 207 and listen for incoming message from utilized to receive message 208 to a destination IP :port. The
wireless modules. At step 313 , server 105 can receive a destination IP :port can comprise the source IP :port in mes
message 208 sent by module 101 , using the IP :port number sage 208 as received by server 105 , and the destination
207 . Although not illustrated in FIG . 3b , upon the first IP :port can represent the external interface of a firewall 104 .
communication from module 101 by server 105 where the 65 In other words, server 105 may send response 209 from
communication could include step 313 , according to an server IP : port 207 to the source IP : port received in message
exemplary embodiment, module 101 can also send a cer- 208 , which could represent the source IP :port on a wireless
 US 10 , 177,911 B2
47 48
network firewall 104, wherein the source IP : port on the generated text, binary, or hexadecimal string. Security token
wireless network firewall 104 contains the firewall IP 401 could be created using random number generator 128
address 210 . The wireless network firewall 104 could for - and included in message 208 in order to make each message
ward the response 209 to module IP :port 204 . The response 208 unique and thus avoid any replay attacks when message
in step 209a can comprise a UDP packet or a UDP Lite 5 208 traverses Internet 107 in order to securely reach server
packet, and the packet can optionally include channel cod - 105 . A random number in security token 401 could be
ing . As contemplated herein , server 105 can send response processed by module 101 using a seed 129 in a random
209 as soon as practical after receiving message 208 , and in number generator 128, where the seed utilizes data from
any case response 209 should be sent before the expiration sensor 101f as input into the seed , as illustrated in FIG . 1d
of a firewall port binding timeout value associated with 10 above. Security token 401 could alternatively be a non
firewall 104 . According to a preferred exemplary embodi- random number used to make message 208 unique , such as
ment, response 209 is sent by server 105 within 1 second of a timestamp with significant digits to milliseconds or micro
receiving message 208 . After completing step 209a as s econds, and other possibilities for security token 401 exist
illustrated in FIG . 3b , server 105 can return to step 312 and as well. In other words, the use of security token 401 can
listen for additional incoming messages 208 from modules 15 ensure to a high level of certainty that each message 208 will
101. be different and thus the same data within message 208
FIG . 4a would not be sent more than once ( other than a short
FIG . 4a a is a flow chart illustrating exemplary steps for timeframe such as within a few seconds where the same
a module to process a message , including encrypting sensor UDP packet for a message 208 could be intentionally sent
data and sending a digital signature , in accordance with 20 more than once in order to implement and support forward
exemplary embodiments . The steps illustrated in FIG . 4a error correction ).
may comprise step 306 illustrated in FIG . 3a above. Since At step 401a , if (i) module 101 is sending message 208 to
message 208 and response 209 may traverse the public server 105 for the first time, or ( ii ) expiration time 133 for
Internet 107 , according to an exemplary preferred embodi- a previous symmetric key 127 has transpired , then module
ment, a module 101 and a server 105 can take additional 25 101 may preferably include a symmetric key 127 within
steps in order to maintain security of a system 100 . Since message 208 , where the symmetric key 127 would be
module 101 could connect from a wide variety of networks, encrypted using an asymmetric ciphering algorithm 141a
such as LAN , wireless LAN , wireless WAN , etc ., server 105 with the module private key 112 at step 402 . In this case of
may preferably support module 101 connecting from any (i ) or ( ii ) in the previous sentence, module 101 can securely
valid IP address . Securely supporting module 101 connect - 30 send the symmetric key 127 to server 105 , which could then
ing to server 105 from any valid IP address may required the utilize symmetric key 127 in a symmetric ciphering algo
additional security steps described herein . In other words, rithms 141b at later steps. As noted in FIG . 1d , symmetric
server 105 may not be able to operate a whitelist of allowed key 127 could be derived using cryptographic algorithms
IP addresses in a firewall 124 since the IP addresses may not 141 and a random number from random number generator
be known before module 101 attempts to send a message 35 128 . If ( a ) module 101 has already sent a message 208 to
208 . Module 101 can process a message 208 using the server 105 , or (b ) expiration time 133 for a symmetric key
sequence of steps illustrated in FIG . 4a . For additional 127 has not transpired (and thus symmetric key 127 would
clarification , an exemplary format of a message 208 , using remain valid ), then module 101 can omit including sym
the exemplary steps of FIG . 4a , is illustrated in FIG . 6 metric key 127 at step 401a .
below . Note that the security methods described herein are 40 At step 402, module 101 could utilize the sensor data 305 ,
optional, and message 208 and response 208 can be sent security token 401 , server public key 114 , server instruction
without the additional security steps described herein , but 414 (not shown ) and the cryptographic algorithms 141 to
the use of these security steps may be preferred . FIG . 4a can encrypt the sensor data 305 and security token 401 . The
contain the messages and steps shown within step 306 of output of step 402 can be module encrypted data 403. As one
FIG . 3a , where a module 101 processes message 208 before 45 example , if (i ) cryptographic algorithms 141 comprise the
sending it to server 105 through the Internet 107 . openssl libraries and (ii) asymmetric ciphering is utilized ,
As illustrated in FIG . 4a , in preparing a message 208 to security token 401 can be appended to sensor data 305 , and
send to server 105 , module 101 can utilize a sensor mea - at step 402 the openssl encryption function using server
surement 305 , where the sensor measurement 305 comprises public key 114 can generate module encrypted data 403 . If
sensor data acquired by a sensor 101f associated with 50 a symmetric key 127 is included within message 208 , such
module 101. A sensor measurement 305 is also depicted and as illustrated in the exemplary message 208 illustrated in
described in connection with FIG . ld above, and may FIG . 6 below , then module 101 preferably utilizes asym
comprise a string or number containing data regarding a metric ciphering 141a with private key 112 at step 402. The
parameter of amonitored unit 119 . Sensor measurement 305 asymmetric ciphering 141a at step 402 may be processed
can also comprise a plurality of measurements or processed 55 according to RSA algorithms, elliptic curve cryptography
sensor measurements 305 such as an average value over (ECC ) algorithms, or other asymmetric ciphering algorithms
time, high and low values, etc . Sensor measurement 305 for either public key cryptography or proprietary methods .
could be either raw or processed data collected by a sensor Note that if ( A ) a symmetric key 127 is utilized for
101f. Although not illustrated in FIG . 4a, module 101 could symmetric ciphering 141b between module 101 and server
also include a server instruction 414 , which could be a 60 105 at step 402, such utilizing as a symmetric key 127 which
command for server 105 such as an update , query , notifica - could be derived using ECDH , then (B ) AES 155 , Triple
tion , and server instruction 414 is described in FIG . 4b . A DES , or other symmetric ciphering algorithms 141b can be
server instruction 414 could also be used by module 101 as used at step 402 to generate module encrypted data 403 . If
input into step 402 below , where the server instruction 414 symmetric ciphering 141b is utilized in step 402, exemplary
can be encrypted . 65 symmetric ciphers AES 155 and Triple DES are depicted
Module 101 may optionally add a security token 401, and described in connection with FIG . 1f above . If symmet
which could also be a random number, or a randomly ric ciphering 141b with ECIES is utilized in step 402 , then
 US 10 , 177,911 B2
49 50
step 402 could utilize the steps outlined in FIG . 2 , titled (ECDSA )” (which is hereby incorporated herein by refer
“ ECIES Encryption Functional Diagram " in " A Survey of ence ). The use of a module digital signature 405 can be
the Elliptic Curve Integrated Encryption Scheme” by Mar processed according to the description of a digital signature
tinez et al in the Journal of Computer Science and Engi according to the Wikipedia entry for “ Digital Signature ” as
neering , Volume 2 , August 2010 , page 10 , (herein incorpo - 5 of Sep . 9 , 2013 , which is incorporated by reference herein in
rated by reference ). The use of (i) symmetric ciphering its entirety. Module digital signature 405 may also comprise
algorithms 141b , such as with AES 155 , Triple DES , and a Message Authentication Code (MAC ) or tag . Also note
similar secure symmetric ciphers, with (ii) symmetric key that other uses of a digital signature as contemplated within
127 may be preferred at step 402, if symmetric key 127 is the present invention may refer to the above three references
available . 10 and related standard techniques for processing and creating
After processingmodule encrypted data 403, module 101 digital signatures .
can add a module identity 110 . Module identity 110 is Other PKI standards or proprietary methods for securely
illustrated in FIG . 4a as being added after the module 101 generating a module digital signature 405 may be utilized as
processes module encrypted data 403 , although module well. According to a preferred exemplary embodiment, ECC
identity 110 may optionally only be included in module 15 algorithms for generating module digital signature 405 may
encrypted data 403 if symmetric ciphering 141b with cryp - be utilized in order to minimize the key length compared to
tographic algorithms 141 and symmetric key 127 is utilized , RSA algorithms. Module digital signature 405 may com
(i.e . module identity 110 could be included before step 402 , prise a secure hash signature using a secure hash algorithm
where module identity could be included as an input into 141c related to the secure hash algorithm 1 (SHA - 1 ), or
step 402 as opposed to being added after step 402 ). By 20 subsequent standards such as SHA - 2 156 and SHA -3 157 ,
including module identity 110 as external to module and other possibilities exist as well . Module digital signature
encrypted data 403 as illustrated in FIG . 4a at step 404 , 405 is illustrated in FIG . 4a as being processed after module
server 105 can use the unencrypted module identity 110 to encrypted data 403 , but module digital signature 405 may
pre - process or route a message before decrypting module also optionally be included in module encrypted data 403 .
encrypted data 403 . For example , server 105 could utilize a 25 However , since module digital signature 403 can represent
message preprocessor 105y and module identity 110 outside a secured hash signature that can contain limited useful
of module encrypted data 403 to select a sub -server 105w . information to a potential eavesdropper, module processing
By including module identity 110 as external to module resources and energy can be conserved by including module
encrypted data 403 , server 105 can use the unencrypted digital signature 405 after and external to module encrypted
module identity 110 to select either (i) a module public key 30 data 403 (i.e . the benefits of encrypting module digital
111 or ( ii ) a symmetric key 127 from a database 105k in signature 405 may be limited ). Also note thatmodule digital
order to decrypt module encrypted data 403 or verify a signature 405 and the other secure digital signatures con
digital signature . The exemplary message 208 illustrated in templated herein may be calculated with input from either (i)
FIG . 6 below shows one example of a message 208 where the plaintext in an encrypted message such as module
module identity 110 is included as external to module 35 encrypted data 403 or ( ii ) the ciphered data before conver
encrypted data 403, which is also illustrated in FIG . 4a . sion to plaintext, such as module encrypted data 403 before
Note that a module identity 110 in message 208 but decryption at step 413 .
external to module encrypted data 403 , then module identity M odule 101 can then continue processing message 208 by
110 could be obfuscated or otherwise ciphered according to including channel coding 406 . Channel coding techniques
a pre -agreed algorithm with server 105 . In other words, 40 for channel coding 406 could include block codes and
module identity 110 in a message 208 can represent the use convolution codes. Block codes could include Reed - Solo
of multiple unique strings or numbers over time that are mon , Golay , BCH , Hamming , and turbo codes . According to
uniquely associated with module 101, such as a first string a preferred exemplary embodiment, channel coding 406 can
for module identity 110 as recorded by module 101 and a utilize a turbo code , so that server 105 can correct bit errors
second string formodule identity 110 as recorded by a server 45 received by server 105 in message 208 . Alternatively , mod
105 . Module identity 110 could also comprise a session ule 101 could implement channel coding by simply trans
identifier, where the session identifier is uniquely associated mitting the same packet more than once and the use of block
with module identity 110 for a limited period of time, and a codes or convolution codes could be bypassed . Or, module
new session identifier is periodically generated by either 101 could implement channel coding by both transmitting
module 101 or server 105 . Thus, the use of a module identity 50 the same packetmore than once and also using a block code
110 in a message 208 may comprise a different format or or convolution code in the body of the packet. The use of
string than the module identity 110 preferably read from channel coding 406 can be preferred , since any bit errors
hardware , where the module identity 110 read from hard received by server 105 within module encrypted data 403 or
ware could be a serial number, Ethernet MAC address , module digital signature 405 in message 208 could break a
IMEI, etc . However, both can be utilized to uniquely identify 55 decryption or signature verification algorithm such as cryp
a module 101 and thus are referred to herein as a “ module tographic algorithms 141 used by server 105 . Thus, the use
identity ” 110 . of channel coding 406 (with a transport protocol that sup
After appending module identity 110 , module 101 can ports the transmission of bit errors such as UDP with
generate a module digital signature 405 using as input (i) the checksums disabled in IPv4 or UDP Lite ) can ensure the
module private key 112 and (ii ) module encrypted data 403 60 decryption ofmessage 208 is robust to bit errors . Bit errors
and module identity 110 . The module digital signature 405 may potentially generated by intermediate network links and
can be processed according to public key infrastructure nodes as message 208 traverses a wireless network 102 or
(PKI) standards such as the National Institute of Standards Internet 107. Channel coding 406 may optionally be omit
(NIST ) “ FIPS 186 - 4 : Digital Signature Standard ” (which is ted , as illustrated in FIG . 4a.
hereby incorporated herein by reference ), or IETF RFC 6979 65 As illustrated in FIG . 4a , module 101 can then format
titled “ Deterministic Usage of the Digital Signature Algo - message 208 according to a transport protocol such as UDP
rithm (DSA ) and Elliptic Curve Digital Signature Algorithm within UDP processing 407 to create message 208 . Other
 US 10 , 177,911 B2
51 52
options besides the UDP processing illustrated in FIG . 4a are noted above , the use of channel coding 408 can be preferred ,
available as well , including TCP formatting, but UDP for since any bit errors received within module encrypted data
matting may be preferred in order to minimize the number 403 in message 208 could break (i) a cryptographic algo
of packets transmitted as well as TCP overhead . Note that rithms 141 used by server 105 at subsequent steps 413 ,
TCP overhead when using IPv6 can be significant, since the 5 and /or ( ii ) the verification of module digital signature 405 at
full series of TCP messages to establish a TCP session and step 410 below .
transmit the message 208 may include about 4 -6 packets, At step 409 , the server 105 can read and record the
where each packet in the message includes a TCP header and module identity 110 , if module 110 is included in message
a full 128 bit address for both the source IP address and the 208 as external to module encrypted data 403 as illustrated
destination IP address . In contrast , UDP may preferably 10 in message 208 in FIG . 6 below . Although not illustrated in
require only a single packet for message 208 and a single FIG . 4b , server 105 can select a module public key 111 for
packet for response 209 , thus significantly reducing the module 101 by querying a database 105k with module
overhead and conserving either (i) a battery 101k life or ( ii ) identity 110 . As noted above in FIG . 4a ,module identity 110
energy usage by module 101 by reducing the data transmit could comprise a string or session identifier, whereby server
ted and received by module 101. 15 105 could derive or track a module identity 110 from one
According to a preferred exemplary embodiment, UDP message 208 to the next message 208 using the string or
formatting 407 can be formatted according to the UDP Lite session identifier. By including module identity 110 in a
protocol (IETF RFC 3828 ) with IPv6 , whereby UDP check message 208 , but external to module encrypted data 403
sums can be partially disabled and channel coding 406 can such as illustrated in FIG . 6 below , a server 105 can utilize
be included in the UDP datagram to correct for bit errors . 20 module identity 110 in order to select a server private key
Note that the UDP and UDP Lite protocols may be updated 105c or symmetric key 127 for decrypting module encrypted
in the future with subsequent standards , but the UDP for data 403 . According to an exemplary embodiment, a plu
matting 407 may preferably continue to include both (i) rality of server private keys 1050 could be utilized , where a
partially or fully omitted packet checksums within the first private key 105c is used with a first set ofmodules 101
packet header and (ii) channel coding within the packet 25 and a second private key 105c is used with a second set of
body . Also note that if IPv4 is utilized by module 101 and modules 101 . By reading the module identity 101 outside of
server 105 , regular UDP (i.e . according to RFC 768 ) for module encrypted data 403, the module identity 110 can be
matting may be utilized with channel coding 406 and read before decryption , in order to identify which of the first
checksums in the packet header may be disabled . or second set server private keys 105c that module 101 is
As illustrated in FIG . 4a , after adding UDP formatting 30 associated with , and thus server 105 can subsequently select
407 , module 101 may record a fully formatted message 208 . the first or second set of server private keys 1050 to use when
As illustrated in FIG . 2 , message 208 can be sent by module decrypting module encrypted data 403 .
101 using a physical interface 101a such as radio 101z and Alternatively, if server 105 operates in a distributed
a wireless network 102 and the Internet 107. Additional environment (such as comprising multiple sub - servers 105w
details regarding the structure ofmessage 208 after taking 35 as illustrated in FIG . 1e ), an unencrypted module identity
the steps in FIG . 4a are shown in FIG . 6 below . The security 110 , including a session identifier, within a message 208 can
and efficiency features of message 208 can be useful for b e utilized by a message preprocessor 105y to select the
module 101 to efficiently balance potentially competing appropriate sub -server 105w to process themessage 208 and
priorities of conserving battery life /bandwidth utilization server 105 could forward the message 208 to the correct
energy while maintaining security . 40 sub -server 105w . At step 410 , server 105 can validate and
FIG . 4b verify the module identity 110 using the module digital
FIG . 4b a is a flow chart illustrating exemplary steps for signature 405 inserted by module 101 in message 208 . As
a server to process a message , including verifying a mod described in FIG . 4a above , module digital signature 405
ule 's identity and decrypting sensor data , in accordance with can comprise a secure hash signature or tag, where module
exemplary embodiments . The steps illustrated in FIG . 45 45 101 generated the hash signature using the module private
may comprise step 315 and step 316 illustrated in FIG . 3b key 112 and digital signature algorithms 141d . As one
above . Server 105 can receive message 208 using IP : port example , server 105 can utilize the module public key 111
207, as illustrated in FIG . 2 . Message 208 can be formatted recorded in memory 105e to securely validate the module
according to the UDP protocol or UDP Lite protocol, digital signature 405 receive in a message 208 .
although other possibilities exist as well without departing 50 The module digital signature 405 can be verified accord
from the scope of the present invention ing to public key infrastructure (PKI) standards such as the
At step 407, server 105 can process the packet using the National Institute of Standards (NIST) “ FIPS 186 - 4 : Digital
appropriate transport layer protocol, such as UDP ( the Signature Standard " , or IETF RFC 6979 titled “ Determin
equivalent of step 407 in FIG . 4a above ). In this step 407 , istic Usage of the Digital Signature Algorithm (DSA ) and
the body of the packet comprising message 308 can be 55 Elliptic Curve Digital Signature Algorithm (ECDSA )" .
extracted , and a checksum , if any, can be calculated to verify Other PKI standards or proprietary techniques for securely
the integrity . Note that if the UDP Lite protocol is utilized , verifying a module digital signature 405 may be utilized as
the checksum may optionally only apply to the packet well. If message 208 comprises an initial communication
header. At step 408 , server 105 can remove channel coding, from module 101, at step 412 server 105 can verify that
if present in message 208 . Channel coding techniques uti- 60 module public key 111 is associated with module identity
lized in step 408 could include block codes and convolution 110 using a module certificate 122 , where certificate 122
codes, and can use the same channel coding algorithmsused includes a signature 123 from a certificate authority, as
in channel coding 406 implemented by module 101, as illustrated in FIG . 1g . Server 105 could receive certificate
depicted and described in connection with FIG . 4a above . 122 before module 101 sends message 208 , or server 105
By processing channel coding in step 408 , server 105 can 65 could query module 101 for certificate 122 after receiving
correct potential bit errors received in message 208 , message 208 . Server 105 could use digital signature algo
although channel coding 408 may be optionally omitted . As rithms 141d to compare a secure hash calculated using (i) a
 US 10 , 177,911 B2
53 54
first certificate 122 and /or public key from module 101 and encrypted data at step 413 by using the stepsoutlined in FIG .
( ii ) a second certificate and /or public key from certificate 3 , titled “ ECIES Encryption Functional Diagram ” in “ A
authority 118 , in order to confirm thatmodule public key 111 Survey of the Elliptic Curve Integrated Encryption Scheme"
is associated with module identity 110 . The secure hash by Martinez et al in the Journal of Computer Science and
could also be calculated using module public key 111 and a 5 Engineering , Volume 2 , August 2010 , page 11, (herein
public key from certificate authority 118 , and other possi- incorporated by reference ). Other possibilities exist as well
bilities using PKI exist as well for server 105 to confirm without departing from the scope of the present invention .
module public key 111 is associated with module identity Server 105 can utilize step 413 illustrated in FIG . 4b to
110 at step 412 . extract the plaintext , or decrypted data within module
Steps 409 and 410 are not required to utilize the efficient 10 encrypted data 403 .
techniques described herein , and may optionally be omitted . After decrypting module encrypted data 403 , server 105
As one example , security could be maintained at the network can read the resulting data within message 208 , which could
layer through the use of wireless network firewall 104 and comprise a server instruction 414 . The server instruction 414
server network firewall 124 , such that only an inbound can represent the purpose of the message 208 for server 105 .
message 208 to server 105 could be received by server 105 15 Server instruction 414 could comprise a plurality of different
after security methods are applied at the network layer . Note procedures for server 105 , such as an " update” with sensor
that if module encrypted data 403 includes module identity data , a “ query ” for data or instructions from server 105 or
110 and module digital signature 405 , then steps 409 and M2M service provide 108 , a “ notification ” of state or
410 may take place after step 413 , where server 105 first condition at module 101 such as an alarm or error, a
decrypts module encrypted data 403 and can then verify 20 " configuration request where module 101 seeks configu
module identity 110 by performing steps 409 and 410 after ration parameters, a “ software request" where module 101
step 413 . If module encrypted data 403 utilizes a symmetric request updated software or routines , a " registration ” mes
cipher 141b , then a module identity 110 can preferably be sage where module 101 periodically registers with server
external to module encrypted data 403 so that server 105 can 105 , etc . Thus, server instruction 414 can comprise the
select the appropriate symmetric key 127 used by module 25 purpose module 101 sends message 208 . In addition , server
101 in order to decipher module encrypted data 403 (since instruction 414 could comprise a " confirmation " , where
a plurality of modules 101 may communicate with server module 101 sends a " confirmation " in a second message 208
105 at the same time) . after receipt of a response 209 , where response 209 could
After verifying module digital signature 405 in step 410 , include a module instruction 502 (below ), and the " confir
server 105 can record an authenticated module encrypted 30 mation " in this second message 208 could signal server 105
data 403 from module 101 received in message 208 . At step that the module instruction 502 had been properly executed .
413, server 105 can decrypt module encrypted data 403 As contemplated herein , the term “Message ( update )” can
using cryptographic algorithms 141 and either ( i) server comprise a message 208 that includes a server instruction
private key 105c as a decryption key with asymmetric 414 of “ update ” , and the term “Message (confirmation )” can
ciphering 141a or ( ii) symmetric key 127 with symmetric 35 comprise a message 208 that includes a server instruction
ciphering 141b . A symmetric key 127 may be stored in a 414 of “ confirmation " , etc .
database 105k , as noted in FIG . le above. As examples for server instruction 414 , an “ update” could
With an asymmetric ciphering 141a scheme used in a be used to periodically notify server 105 of regular, periodic
module encrypted data 403 and by cryptographic algorithms sensor data 305 acquired by a sensor 101f. An " update ” for
141 at step 413, server 105 can decrypt module encrypted 40 server instruction 414 may also comprise a periodic report
data 403 using (i) server private key 105c and (ii) RSA regarding monitored unit 119 or information regarding a
algorithms 153 , elliptic curve cryptography (ECC ) algo - state , condition , or level for an actuator 101y . A " query " for
rithms 154 , or other algorithms for public key cryptography. server instruction 414 could comprise module 101 querying
The use and application of RSA algorithms 153 and cryp - server 105 for data from a database 105k , where the data
tography are described within IETF RFC 3447, among other 45 could be associated with monitored unit 119 , wireless net
published standards. The use and application of ECC cryp work 102, an element within module 101 such as an actuator
tography and algorithms are described within IETF RFC setting . A “ notification ” for server instruction 414 could
6637, among other published standards. ECC algorithms comprise module 101 notifying server 105 that an alarm or
154 may be preferred in order to maintain high security with error condition has occurred , such as a sensor measurement
small key lengths, compared to RSA , in order to minimize 50 exceeds a threshold value or another error condition such as
the message lengths, radio frequency spectrum utilization , loss of contact with monitored unit 119 . A “ configuration
and processing power required by wireless module 101. request" for server instruction 414 could comprise module
Thus, the use of ECC algorithms within a decryption algo 101 requesting server 105 for configuration parameters or a
rithm at step 413 may help conserve the life of a battery 101k configuration file . Other possibilities for server instruction
ofmodule 101 while maintaining the objective of securing 55 414 exist without departing from the scope of the present
system 100 . Note thatmodule encrypted data 403 may also invention .
include a security token 401 , which could comprise a At step 415 , server 105 can process the server instruction
random string , and thus each module encrypted data 403 414 . If server instruction 414 comprises an “ update” , then
received by server 105 in message 208 may be reasonably sensor data 305 , or other data in server instruction 414
considered unique and thus robust against replay attacks. 60 including potentially a new symmetric key 127 generated by
With a symmetric ciphering 141b scheme used in a module 101, could be recorded in database 105k , Other
module encrypted data 403 and by cryptographic algorithms applications may subsequently access the sensor data 305
141 at step 413 , server 105 can decryptmodule encrypted for generating reports or making decisions regarding moni
data 403 using (i ) symmetric key 127 and ( ii) a symmetric tored unit 119 . If server instruction 414 comprises a " query " ,
cipher 141b such as AES 155 , Triple DES , or similar secure 65 then server 105 could execute the query at step 415 . If server
symmetric ciphers . As one example, by using ECC cryp - instruction 414 comprises a " notification ” of an alarm , then
tography and ECIES , server 105 could decrypt module step 415 could initiate procedures for alarm notification to
 US 10 , 177 ,911 B2
55 56
3rd parties or alarm resolution . Other possibilities for pro Server 105 may also optionally add a module instruction
cessing a server instruction 414 at step 415 exist without 502 when preparing a response 209 . The module instruction
departing from the scope of the present invention . 502 could be a string that contains instructions or configu
FIG . 5a ration parameters formodule 101 , such as an order to change
FIG . 5a is a flow chart illustrating exemplary steps for a 5 state , parameters regarding the monitoring ofmonitored unit
server to process a response for the module, including 119 , server names or addresses, radio frequency parameters,
sending and signing a module instruction , in accordance keys wireless network 102 authentication parameters or keys ,
with exemplary embodiments . The steps illustrated in FIG . for communication with server 105 or M2M service
5a may comprise step 317a and step 317b illustrated in FIG . provider 108 , etc . Module instruction 502 may also com
3b above . Sincemessage 208 and response 209 may traverse 10 timer
prise an instruction to change the state of actuator 101y, a
value, a sensor threshold value , the threshold for an
the public Internet 107 , a module 101 and a server 105 may alarm state , and information for display at a user interface
prefer to take additional steps in order to maintain security 101 ), an instruction to sleep , etc . Module instruction 502
of a system 100 . Server 105 can process a response 209 to may further comprise an updated module private key 112 ,
a message 208 from module 101 using a module public key 15 and updated server public key 114 . or the address or name
111 and a server private key 105c, according to a preferred of a new server 105 added to M2M service provider 108 .
exemplary embodiment. If a symmetric cipher 141b is According to an exemplary preferred embodiment, a module
utilized within cryptographic algorithms 141 , then server instruction 502 could comprise a “key generation ” instruc
105 may also utilize a symmetric key 127 to encrypt data tion , where module 101 generates a new set of module
within a response 209 . Note that the security methods 20 private key 112 and module public key 111 , utilizing the
described herein are optional, and message 208 and response exemplary steps and procedures illustrated in FIG . 8 through
208 can be sent without the additional security steps FIG . 10 below . The “ key generation ” module instruction
described herein , but the use of these security stepsmay be could create new keys for a new purpose (such as connecting
preferred . to a new wireless network 102 or communicating with a new
After receiving message 208 as illustrated in FIG . 2 , 25 server 105 ), while the existing keys used to communicate
server 105 can prepare an acknowledgement 501. The with server 105 could remain operable or be deprecated .
acknowledgement 501 can be a simple text, binary, or In order to control module 101 , server 105 would nor
hexadecimal string to confirm that message 208 has been mally need to include module instruction 502 in the response
received by server 105 . Since message 208 may be trans- 209 only after receiving message 208 , since the server 105
mitted via a UDP or UDP Lite packet, module 101 may 30 would normally not be able to send messages to a module
preferably utilize a reply message from server 105 contain 101 at arbitrary times, such as before a message 208 has
ing acknowledgement 501, in order to confirm message 208 been received by the server 105 . The reasons are (i) the
has been received by server 105 . Alternatively , if TCP is module may normally be in a sleep or dormant state , in order
used to transmit message 208 , an acknowledgement 501 to conserve battery life or power consumption , where an
may be used at the application layer of the Open Systems 35 unsolicited incoming Internet packet from server 105 would
Interconnection (OSI) model , wherein a simple TCP ACK not be received by module 101, and ( ii ) a wireless network
message may operate at the lower transport layer. UDP may 102 (or equivalent wired network that a wired module 101
be preferred over TCP in order to reduce processing could connect with ) may frequently include a firewall 104 .
resources for module 101 and server 105 , especially con - Firewall 104 could prevent packets from the Internet 107
sidering the relatively small and comparably infrequent 40 from reaching module 101 unless module 101 had previ
messages sent between a module 101 and a server 105 (when ously first sent a packet to server 105 within a port-binding
compared to web browsing and considering module 101 timeout period of firewall 104 . The port- binding timeout
may have a battery that should last for weeks or longer period of a firewall 104 may be an exemplary period such as
without recharging ). In processing a response 209, server 20 -60 seconds for UDP packets and several minutes for TCP
105 may optionally add a security token 401 , which could be 45 packets . Note thatmodule instruction 502 may optionally be
a random number, or a randomly generated text, binary, or omitted , such that (b ) some response 209 messages may
hexadecimal string. Security token 401 could be a random include module instruction 502, and (b ) other response 209
number or string that is included in response 209 in order to messages may omit module instruction 502 , but include an
make each response 209 unique and thus avoid any replay acknowledgement 501 to message 208 . Also note that
attacks when response 209 traverses Internet 107 . 50 according to an exemplary embodiment described herein ,
In other words , the use of security token 401 can ensure the use of optional strings or steps can be depicted in FIGS.
to a high level of certainty that each response 209 will be 4a - 5b through the use of dashed lines for the various
different and thus the data within response 209 would not be elements illustrated .
sent more than once . Note that security token 401 may be Server 105 may then use as input the acknowledgement
generated by module 101 in message 208 , and in this case 55 501 , security token 401 , and module instruction 502 , includ
server 105 can use the same security token received in ing optional data and parameters, into cryptographic algo
message 208 . Security token 401 can alternatively be gen - rithms 141 at step 503 . The cryptographic algorithms 141 at
erated by server 105 and different than any security token step 503 can utilize either (i) module public key 111 as an
received in message 208 . As one example , server 105 could encryption key if asymmetric ciphering 141a is utilized , or
use a first security token 401 received in message 208 to 60 ( ii) a shared symmetric key 127 if a symmetric cipher 141b
process a second security token 401, where the second is utilized, such as AES 155 ciphering. The output of
security token 401 is generated using (i) a pre - agreed cryptographic algorithms 141 at step 503 , using acknowl
algorithm between module 101 and server 105 and ( ii ) the edgement 501 , security token 401, and module instruction
first security token 401 as input into the pre -agreed algo - 502, plus optional data and parameters , as input, can be
rithm . Security token 401 illustrated in FIG . 5a can be 65 server encrypted data 504, as illustrated in FIG . 5a . Server
derived or processed by using message 208 in accordance encrypted data 504 could be a string or number, including a
with preferred exemplary embodiments . text, binary, or hexadecimal string or series of numbers or
 US 10 , 177,911 B2
57 58
bits, and other possibilities for the formal of server and external to server encrypted data 504 (i.e. the benefits of
encrypted data 504 exist as well, including a file, without encrypting server digital signature 506 are limited ). Step 506
departing from the scope of the present invention . By using may also take place before step 505 .
module public key 111 and /or symmetric key 127 in the Also note that server digital signature 506 may preferably
cryptographic algorithms 141 at step 503 , server encrypted 5 be included in a response 209 before module 101 begins
data 504 may only be reasonably decrypted by module 101 utilizing symmetric key 127 in step 514 below to process a
using module private key 112 and /or symmetric key 127, as module instruction 502. After including server digital sig
described below in FIG . 56 . Thus the response 209 trans nature 506 in a first response 209 that uses asymmetric
mitted across an Internet 107 may be reasonably considered ciphering 141a , server 105 may omit server digital signature
secure . 10 506 in a second subsequent response . The second subse
Server 105 can then process server encrypted data 504 by quent response could be a case where (i) server encrypted
appending or including server identity 206 . Note that server data 504 utilizes a symmetric key 127 for ciphering (where
identity 206 can be appended or included after the operation server 105 received the symmetric key 127 in a message 208
of step 503 , since the server identity 206 may optionally be that utilized asymmetric ciphering 141a as illustrated in
openly readable within a response 209 transmitted or sent to 15 FIG . 4a above ) and (ii) expiration time 133 of symmetric
module 101 . As one example , server identity 206 could key 127 has not transpired . According to an exemplary
comprise IP address 106 as a source IP address in response preferred embodiment, response 209 may include both (i) a
209, which would be openly readable on the Internet 107 server digital signature 506 , and ( ii ) server encrypted data
since a valid packet must have a source and destination IP 504 , where ( x ) the server encrypted data 504 is processed
address . Additional details on an exemplary structure of 20 using a symmetric key 127 and a symmetric ciphering
response 209 are illustrated in FIG . 6 below . By including algorithm 141b , where the symmetric key 127 was received
server identity 206 after encryption at step 503 , the module in a message 208 , and (y ) the server encrypted data 504 can
can read the server identity 206 and verify a digital signature include a security token 401. In this manner, a response 209
within response 209 without having to first decrypt data can be more efficient than conventional technology includ
within response 209 using the module private key 112 or 25 ing SSL , TLS , SSH , because (i) utilizing the symmetric key
symmetric key 127 as described in FIG . 5b below . Note that 127 in response 209 will require less processing resources
server identity 206 could alternatively be included within by module 101 than receiving a response ciphered with an
server encrypted data 504 , such that step 505 takes place asymmetric cipher 141a , and ( ii) combining a server digital
before step 504 . In other words, including server identity signature 506 with server encrypted data 504 can securely
206 after encryption algorithm 503 can be used by module 30 reduce the packets transmitted and received , which con
101 to select the proper server public key 114 when veri- serves energy for a module 101, including the lifetime of a
fying a digital signature in response 209 . battery 101k . Response 209 illustrated in FIG . 6 includes an
Server 105 can then process a server digital signature 506 exemplary response 209 comprising server encrypted data
using the server private key 105c. The server digital signa - 504 , server identity 206 , and a server digital signature 506
ture 506 can be processed according to public key infra - 35 within the same datagram . The server digital signature 506
structure ( PKI) standards such as the National Institute of may be useful, because otherwise the module public key
Standards (NIST) “ FIPS 186 -4 : Digital Signature Standard ” may be public and another entity besides the server 105 may
(which is hereby incorporated herein by reference ), or IETF attempt to sent response 209 .
RFC 6979 titled “Deterministic Usage of the Digital Signa - Although energy may be conserved for a module 101
ture Algorithm (DSA ) and Elliptic Curve Digital Signature 40 utilizing the exemplary steps illustrated in FIG . 5a and
Algorithm (ECDSA )” (which is hereby incorporated herein elsewhere herein , a high level of security is desirable for
by reference ). The use of a server digital signature 506 can many “machine- to -machine ” applications. A module 101
be processed according to the description of a digital sig - may be utilized for industrial applications or health moni
nature according to the Wikipedia entry for “ Digital Signa toring, where the receipt of unauthorized module instruc
ture ” as of Sep . 9 , 2013 , which is incorporated by reference 45 tions 502 from 3rd parties could results in damages or losses .
herein in its entirety . Also note that other uses of a digital Without proper security, response 209 could include a mod
signature as contemplated within the present invention may ule instruction 502 , and module 101 could potentially
refer to the above three references and related standard receive commands or instructions from sources other than
techniques for processing and creating digital signatures. server 105 , such as hackers .
Other PKI standards or proprietary methods for securely 50 FIG . 5b
generating a server digital signature 506 may be utilized as FIG . 5b a is a flow chart illustrating exemplary steps for
well. a module to process a response from the server, including
According to a preferred exemplary embodiment, ECC verifying a server' s identity and decrypting instructions, in
algorithms for generating server digital signature 506 may accordance with exemplary embodiments . Module 101 can
be utilized in order to minimize the key length compared to 55 perform the steps illustrated in FIG . 5b in order to securely
RSA algorithms. Server digital signature 506 may comprise and efficiently process a response 209 from server 105 . The
a secure hash signature using a hash algorithm such as steps illustrated in FIG . 5b may comprise steps 307a and
secure hash algorithm 1 (SHA - 1), or subsequent standards 307b illustrated in FIG . 3a . Module 101 can receive
such as SHA - 2 and SHA - 3 , and other possibilities exist as response 209 using IP :port 204 , as illustrated in FIG . 2 .
well. Server digital signature 506 is illustrated in FIG . 5a as 60 Response 209 can be formatted according to the UDP
being processed after server encrypted data 504 , but server protocol or UDP Lite protocol, although other possibilities
digital signature 506 may also optionally be included in exist as well for the transport layer formatting of response
server encrypted data 504 . However, since server digital 209, including TCP.
signature 506 can represent a secured hash signature which At step 509 , module 101 can process the packet using the
preferably contains limited useful information to a potential 65 appropriate transport layer protocol, such as UDP. In this
eavesdropper in a plaintext form , processing resources can step 509, the body of the packet comprising response 209
be conserved by including server digital signature 506 after can be extracted , and a checksum , if any, can be calculated
 US 10 , 177,911 B2
59 60
to verify the integrity. An exemplary format ofresponse 209 response 209 . In other words, after module 101 receives a
is depicted and described in connection with FIG . 6 below . valid server digital signature 504, server 105 may then
Note that if the UDP Lite protocol is utilized , the checksum transmit a subsequent server digital signature 504 periodi
may optionally only apply to the packet header. At step 510 , cally according to rules based upon the security require
module 101 can process and remove channel coding, if 5 ments of the application . As one example , if (a ) after sending
channel coding is present in response 209 . Note that if a a symmetric key 127 in a message 208 to server 105 and
wireless network 102 comprises a IEEE 802. 15 .4 network , receiving a response 209 to the message 208 with (i) a valid
then UDP Lite may preferably utilized , and UDP Lite may server digital signature 504 and ( ii ) a server encrypted data
preferably be utilized if wireless network 102 is a PLMN 503 using symmetric key 127 , then (b ) module 101 can
mobile network and the PLMN mobile network supports 10 subsequently have reasonable assurance that subsequent
UDP Lite . Channel coding techniques utilized in step 510 responses 209 using symmetric key 127 are also from server
could include block codes and convolution codes , and can 105 . Requirements for higher security could result in a
use related algorithms as used in channel coding 406 . By response 209 including a server digital signature 504 more
processing channel coding in step 510 , module 101 can frequently , including possibly within every response 209 ,
correct potential bit errors received in response 209 . As 15 and requirements for lower security could result in a
noted above , the use of channel coding 510 can be preferred , response 209 including a server digital signature 504 less
since any bit errors received within server encrypted data frequently , such as an exemplary every few hours or every
504 in response 209 could break (i) a cryptographic algo day . According to a preferred exemplary embodiment, when
rithms 141 used by module 101 at subsequent step 514 , module 101 sends a new symmetric key 127 using an
and /or ( ii ) the verification of server digital signature 506 at 20 asymmetric ciphering algorithms 141b , the response 209
step 512 . from server 105 with server encrypted data 504 (where the
At step 511 , module 101 can read and record the server server encrypted data 504 was created using the new sym
identity 206 . Server identity 206 may preferably be a string metric key 127 ) can preferably include a server digital
that is external to server encrypted data 504 within response signature 506 .
209, as illustrated in FIG . 6 below . The server identity 206 25 In addition , security could be further enhanced at the
can preferably match a server identity 206 used in message network layer through the use of network firewall 104 and
208 . The server identity 206 could also comprise the source server network firewall 124 , such that only an inbound
IP address 106 of response 209, or a ___domain name resolving response 209 to module 101 could be received from server
to the source IP address 106 , or a ___domain name associated 105 after module 101 sends message 208 , and note this
with IP address 206 . Server identity 206 may also be 30 configuration may often be the case with module 101 on
uniquely associated with an identity in the “ Common Name” commercial wireless networks 102 . However , the at least
(CN ) field of a certificate 122 for server 105. Receiving or periodic use of steps 511 and 512 may be preferred , such as
processing a server identity within a response 206 may the case when module provider 109 or module 101 may not
optionally be omitted , if module 101 can select the appro - control or know the presence or configuration of any net
priate server public key 114 without first obtaining server 35 work firewall 104 . As one example , if IPv6 is used in system
identity 206 . At step 512 , module 101 can validate and verify 100 and all IP addresses are publicly routable, then any node
the server identity 206 using the server digital signature 506 with an IPv6 address connected to the Internet 107 could
inserted by server 105 in response 209 . As described in FIG . potentially send a response 209, and in this case steps 511
5a above , server digital signature 506 can comprise a secure and 512 may be preferred . Even if steps 511 and 512 are
hash signature , where server 105 generated the hash signa- 40 omitted , subsequent steps such as 514 may be used to ensure
ture using as input into a digital signature algorithms 141d response 209 was sent by server 105 .
(i) the server private key 105c and ( ii ) server encrypted data Although not illustrated in FIG . 5b , upon completing step
504 . Module 101 can utilize the server public key 114 512 ,module 101 may also preferably also verify the server
recorded in memory to securely validate the server digital identity 206 of server 105 using a certificate 122 associated
signature 504 , also by using digital signature algorithms 45 with server 105 and the public key of a certificate authority
141d . 118 . To verify the server identity 206 , module 101 could
The server digital signature 504 can be verified according utilize the steps depicted and described in connection with
to public key infrastructure (PKI) standards such as the step 412 illustrated in FIG . 4b . Module 101 could request a
National Institute of Standards (NIST ) “ FIPS 186 - 4 : Digital certificate 122 associated with server 105 and calculate a
Signature Standard ” , or IETF RFC 6979 titled “ Determin - 50 secure hash signature 123 using cryptographic algorithms
istic Usage of the Digital Signature Algorithm (DSA ) and 141 and a certificate authority public key 131. Other possi
Elliptic Curve Digital Signature Algorithm (ECDSA )" . bilities exist as well for module 101 to verify the identity of
Other PKI standards or proprietary methods for securely server 105 without departing from the scope of the present
verifying a server digital signature 504 may be utilized as invention. As one alternative, module 101 could utilize
well . Module 101 can verify server digital signature 504 55 Domain Name System Security Extensions (DNSSEC ), as
using steps equivalent to the steps a server 105 utilizes to specified in multiple IETF RFCs including RFC 4033 , 4034 ,
verify a module digital signature 405 in step 410 depicted and 4035 to securely resolve server identity 206 into IP
and described in connection with FIG . 4b above . Also , address 106 . For example,module 101 could verify that the
server digital signature 506 could optionally be included in source IP address within response 209 matches a DNSSEC
server encrypted data 504 , where step 512 could take place 60 record for server name 206 .
after step 514 . But, since server digital signature 506 may After verifying server digital signature 506 in step 512 ,
comprise a secure hash signature , any benefits from cipher module 101 can record an authenticated server encrypted
ing the secure hash may be small while requiring additional data 504 from server 105 . Authenticated server encrypted
processor resources . data 504 may comprise an acknowledgement that server 105
Note that if module 101 had previously received server 65 received message 208 . Authenticated server encrypted data
digital signature 504 in a previous response 209, then steps 504 may be useful if the UDP or UDP Lite protocol is used
511 and 512 may optionally be omitted within a subsequent to send message 208 , since UDP is a connectionless protocol
 US 10 , 177,911 B2
62
and module 101 may need confirmation that server 105 embodiments. FIG . 6 illustrates exemplary details within
received message 208 . Note that if steps 511 and 512 are message 208 sent by module 101 and also response 209 sent
omitted, then authenticated server encrypted data 504 may by server 105 . Message 208 may comprise a TCP/UDP
comprise a simple acknowledgement that server 105 packet 601a sent from module 101 source IP :port 204 to
received message 208 . Although not illustrated in FIG . 5b , 5 server 105 destination IP :port 207. According to an exem
if module 101 does not receive response 209 or server plary embodiment, UDP or UDP Lite formatting for TCP /
encrypted data 504 before a timer expires , such as within an UDP packet 601a may be preferred . Source IP :port 204 and
exemplary duration of 2 seconds, then module 101 can destination IP :port 207 in message 208 may be included
resend message 208 . within a header in TCP /UDP packet 601a . Although a single
At step 514 , module 101 can decrypt server encrypted 10
data 504 using either (i) module private key 112 as a message 208, response 209 , module 101 , and server 105 are
shown in FIG . 6 , system 100 as illustrated in FIG . 2 may
decryption key if asymmetric ciphering 141a is utilized to comprise a plurality of each of these elements. As contem
process server encrypted data 504 , or ( ii) symmetric key 127 plated herein , the term " datagram ” may also refer to a
if symmetric ciphering 141b is utilized to process server phic 15 “ packet” , such that referring to an element as datagram 601a
encrypted data 504 . Module 101 can utilize cryptographic 15 pa
algorithms 141 and the key in order to decrypt the server can be equivalent to referring to packet 601a .
encrypted data 504 at step 514 . Module 101 can utilize TCP /UDP packet 601a may include a body 602, which
techniques to decrypt server encrypted data 504 that are can represent the data payload of TCP /UDP packet 601a .
described in connection with creating module encrypted data The data payload of message 208 can preferably include
403 described in FIG . 4a above . If server encrypted data 504 20 channel coding 406 as described in FIG . 4a above, if the
uses an asymmetric ciphering, the cryptographic algorithms transport protocol for TCP /UDP packet 601a supports the
141 used in step 514 may be processed according to RSA transmission of bit errors in the body 602 (as opposed to
algorithms, elliptic curve cryptography (ECC ) algorithms, entirely dropping the packet), such as with the UDP Lite
or other algorithms for public key cryptography, as protocol. Support for the transmission of bit errors in body
described previously herein . ECC algorithms may be pre - 25 602 by wireless network 102 would be preferred over
ferred with asymmetric ciphering in order to maintain high entirely discarding a packet, since the applications such as
security with small key lengths , compared to RSA , in order module program 101i and server application 105i could
to minimize the message lengths, radio frequency spectrum include support for and utilization of channel coding 406 .
utilization , and processing power required by wireless mod Without UDP Lite formatting,message 208 can alternatively
ule 101. If server encrypted data 504 uses symmetric cipher - 30 sent by module 101 as a UDP datagram , such as if wireless
ing 141b , the cryptographic algorithms 141 can use sym - network 102 (or a wired connection ) does not support the
metric key 127 to decrypt server encrypted data 504 at step UDP Lite protocol. Note that in this case ( no support for the
514 . transmission of bit errors in a body 602 ), wireless network
Module 101 and server 105 could utilize a pre - agreed 102 and nodes within Internet 107 would preferably include
protocol in order to select the use of asymmetric ciphering 35 channel coding on the data link layers of the OSI stack in
141a or symmetric ciphering 141b in a response 209 . order to maintain robustness to bit errors at the physical
According to an exemplary embodiment, module 101 and layers of various hops along the path between module 101
server 105 (i) utilize asymmetric ciphering 141a when and server 105 . Note that if ( A ) message 208 comprises (i)
transmitting symmetric keys 127 or other keys such as regular UDP or TCP formatting (i.e . not UDP Lite or similar
pre -shared secret keys , new private keys , etc ., and ( ii) utilize 40 variations ) within an IPv6 network , or (ii ) a UDP or TCP
symmetric ciphering 141b at other times (i.e . when not format within an IPv4 network with checksums enabled ,
sending/ receiving a key ) . Since the exemplary response 209 then (B ) channel coding 406 may optionally be omitted .
illustrated in FIG . 6 does not contain a symmetric key, The body 602 can include a module identity 110 , a
module 101 can utilize symmetric ciphering at step 514 with module digital signature 405 , module encrypted data 403 ,
symmetric key 127 to decrypt server encrypted data 504 at 45 and channel coding 406 .Module identity 110 is illustrated in
step 514 . FIG . 6 as external to module encrypted data 403 , although
As noted in FIG . 5a above , response 209 may include a module identity 110 may optionally only be included in
module instruction 502 . By including module instruction module encrypted data 403 , and in this case module identity
502 in server encrypted data 504 and response 209 , the 110 would not be external to module encrypted data 403 in
module instruction 502 can be read and processed by device 50 a body 602 . By including module identity 110 as external to
101 at step 515 , after the server encrypted data 504 is module encrypted data 403, server 105 can use the unen
decrypted at step 514 . Module 101 can subsequently per - crypted module identity 110 in order to select either (i) the
form the module instruction 502 in step 515 . Note that server appropriate module public key 111 to verify module digital
encrypted data 504 may optionally include an acknowledge - signature 405 if an asymmetric cipher 141a is used within
ment 501 that message 208 was received by server 105 . In 55 cryptographic algorithms 141 , or (ii) the appropriate sym
this manner, an “ ACK ” response to message 208 can be metric key 127 within cryptographic algorithms 141 to
securely transmitted by server 105 and received by module decrypt the module encrypted data 403 . Module public key
101. Upon completion of the processing of response 209 111 and symmetric key 127 may preferably be recorded in
illustrated in FIG . 5b , module 101 can perform functions a database 105d , such that server 105 can access a plurality
such entering the sleep or dormant states illustrated at step 60 of public keys using module identity 110 in body 602 for a
308 in FIG . 3a , thus conserving battery life (if present in plurality of modules 101. Thus, by including module iden
module 101 ) or energy while maintaining a secure , robust, tity 110 external to module encrypted data 403 , server 105
and highly scalable system 100 . can utilize the module identity 110 to query a database 105d
FIG . 6 and select the appropriate module public key 111 or sym
FIG . 6 is a simplified message flow diagram illustrating an 65 metric key 127. As noted previously , module identity 110
exemplary message received by a server , and an exemplary could comprise a string or number that is uniquely associ
response sent from the server, in accordance with exemplary ated with module identity 110 , such as a session identity , as
 US 10 , 177,911 B2
63 64
opposed to being a module identity 110 that is read from message 208 shown can comprise the case of the previous
hardware in module 101 such as an IMEI number, Ethernet sentence , where a new series of messages begins (possibly
MAC address , etc . upon the expiration time 133 of a symmetric key 127 ), and
According to an exemplary embodiment where asymmet- a new symmetric key can be included in a module encrypted
ric ciphering 141a ofmodule encrypted data 403 is utilized , 5 data 403 . Although not illustrated in FIG . 6 , module digital
such as (i ) the first message 208 sent by module 101 and ( ii ) signature 405 may also optionally be included within mod
where a symmetric key 127 had not been previously ule encrypted data 403 , and in this case a server 105 can first
exchanged , module identity 110 can be (a ) within module utilize a server private key 105c to decrypt module
encrypted data and (b ) not external to module encrypted data encrypted data 403 and then verify a module digital signa
403. In this case , server 105 can utilize server private key 10 ture 405 . Other possibilities exist as well without departing
1050 to , in sequence , decrypt module encrypted data 403 , from the scope of the present invention .
extract module identity 110 from the decrypted module Using a message 208 with a module digital signature 405
encrypted data 403, and then used the module identity 110 can be both more efficient and overall more secure than
to select module public key 111 from database 105k in order digest authentication ( such as the digest authentication
to verify a module digital signature 405 . Note that if a 15 described in IETF RFC 2069), although using digest-based
module identity 110 is in body 602 and external to module authentication may be alternatively used . First, the use of a
encrypted data 403, then module identity 110 could be module digital signature 405 requires only a single packet
obfuscated or otherwise ciphered according to a pre - agreed for message 208 and a single packet for response 209 for
algorithm with server 105 , such that server 105 can utilize secure communication between module 101 and server 105 .
the obfuscated or ciphered module identity 110 to select a 20 The alternative digest- based authentication would normally
module public key 111 from database 105 . According to an require at least 4 packets comprising: (i) message 208 , ( ii ) a
exemplary embodiment where (1 ) symmetric ciphering of challenge to message 208 from server 105 with a security
module encrypted data 403 is utilized , such as after a first token 401, (iii) a second message from module 101 with a
message 208 had already been sent by module 101 and a hashed string generated using (i) the challenge, (ii) crypto
symmetric key 127 had previously been exchanged , then ( ii ) 25 graphic algorithms 141, and ( iii ) the module private key 112 ,
module identity 110 can be external to module encrypted and then (iv ) an acknowledgement from server 105 . Thus ,
data 403 and in body 602 in order for server 105 to utilize digest-based authentication would require approximately
module identity 110 and select symmetric key 127 from a twice the time for module 101 to actively transmit data ,
database 105k , thereby enabling server 105 to decrypt the since two round -trip pair of messages are required with
module encrypted data 403 using the selected symmetric key 30 digest- based authentication compared to the single round
127 . trip pair of messages illustrated in FIG . 4 . The additional
The module digital signature 405 can be calculated using messages with digest-based authentication would thereby
the steps and algorithmsdescribed in FIG . 4a above .Module drain battery life faster or utilize more energy compared to
digital signature 405 can be a secure hash string or number, using module digital signature 405 .
and can be calculated using module private key 112 and 35 Second, the use of module digital signature 405 allows a
digital signature algorithms 141d . Server 105 can verify system 100 to be more highly secured since (i ) server 105
module digital signature 405 using module public key 111 may need to be connected to the Public Internet 107 and
according to the standard techniques for verifying digital receive packets from a wide range of IP addresses that are
signatures using PKI as described at step 410 in FIG . 4b . not known before messages 208 arrive , and ( ii ) by using
Note that module digital signature 405 can be useful for 40 module digital signature 405 , server 105 can then preferably
server 105 to maintain security , since server public key 114 not respond to incoming packets and messages without a
may be shared and potentially other nodes besides module properly signed module digital signature 405 (where the
101 could attempt to send in encrypted data using server module identity 110 associated with module digital signa
public key 114 . ture 405 could also be verified using a certificate 122 and a
In addition , although a module digital signature 405 is 45 certificate authority public key 131 ). By server 105 remain
illustrated as included in a body 602 , the module digital ing silent to all packets except packets with a properly
signature 405 may optionally be omitted from body 602 signed module digital signature 405 , system 100 can thereby
after module 101 has previously sent symmetric key 127 in remain more secure . In other words, according to preferred
a message 208. In other words , in a series of messages 208 , exemplary embodiments , server 105 does not send a
module 101 can preferably change from ( i) using asymmet - 50 response 209 to a message 208 that does not include a
ric ciphering 141a with an initial message 208 that includes validated module digital signature 405 (where the validated
symmetric key 127 in a module encrypted data 403 (where module digital signature 405 includes a verified module
the initial message 208 also includes module digital signa - identity 110 ), thereby increasing security .
ture 405 ) to ( ii ) using symmetric ciphering with subsequent Module encrypted data 403 can be processed using the
messages 208 without module digital signature 405 in the 55 steps and algorithmsdescribed in FIG . 4a .Note that module
series (where the subsequentmessages 208 include module encrypted data 403 as illustrated in FIG . 6 is shown in a
identity 110 external to module encrypted data 403 for plaintext form for ease of illustration , but actual module
server 105 to select the appropriate symmetric key 127 ) . The encrypted data 403 within body 602 of a packet 601a could
series of messages 208 could begin when the initialmessage be transmitted as binary , hexadecimal, Base64 binary -to -text
208 is sent by module 101 and end when expiration time 133 60 encoding, or other encoding rules. Note that encryption by
of symmetric key 127 has transpired , and subsequently a module 101 may optionally be omitted , and the server
new series of messages 208 could begin where the first instruction 414 with corresponding data could be included
message 208 in the new series ofmessages changes back to within a message 208 without encryption , such as if security
asymmetric ciphering 141a with initial message 208 that could be maintained at the network level. As one example in
includes symmetric key 127 in a module encrypted data 403 65 this case without encryption , server instruction 414 could be
(where the initial message 208 also includes a new module included in body 602 as plaintext. The encryption and /or
digital signature 405 ) . As illustrated in FIG . 6 , the exemplary security could be applied through other means, such as a
 US 10 , 177 ,911 B2
65 66
secure tunnel between module 101 and server 105 , although Module identity 110 within module encrypted data 403
setting up and maintaining a secure tunnel and similar or can represent the identity ofmodule 110 , and could represent
other means of security may require more processing and a serial number read by module 101 from a read - only
bandwidth resources than the efficient techniques described hardware address. Module identity 110 is described in FIG .
herein . 5 lc and can represent a unique identifier of module 101.
Module encrypted data 403 can include a server instruc - Security token 401 within module encrypted data 403 can
tion 414 , a server identity 206 , a module identity 110 , a represent a random string in order to make message 208
security token 401 , a timestamp 604, a sensor measurement reasonably unique and thus system 100 in FIG . 2 robust
305 , and a symmetric key 127 . Although not illustrated in against replay attacks. If module encrypted data 403
FIG . 6 , module encrypted data 403 could also include an 10 includes symmetric key 127 , then security token 401 could
expiration time 133 , which could represent a time value for optionally be omitted since symmetric key 127 can also
symmetric key 127 to remain valid . The server instruction function as a security token 401. Security token 401 is
414 can represent the purpose of the message 208 for server described in FIG . 4a . Timestamp 604 can represent a time
105 , and FIG . 6 illustrates an " update ” for server instruction value that module 101 sends message 208 or a time value
414 . An update for server instruction 414 could be used to 15 thatmodule 101 acquired sensor data 305 .Note thatmultiple
periodically notify server 105 of regular, periodic sensor timestamps 604 could be included in message 208 , such that
measurements 305 acquired by a sensor 101f. An update for a series of measurements from sensor 101f over time are
server instruction 414 may also comprise a periodic report transmitted in a single message 208 , and a separate time
regardingmonitored unit 119 , and a server instruction 414 is stamp 604 could be included for each sensormeasurement.
described in FIG . 4b . Other server instructions 414 besides 20 Sensor data 305 is described in FIG . 3a and also with the
an “ update ” may be included in a module encrypted data 403 description of sensor 101f in FIG . 1d , and sensor data 305
within a body 602 . The “ update ” illustrated in message 208 can represents data module 101 acquires using sensor 101f.
in FIG . 6 can also include a new symmetric key 127 , and the Sensor data 305 within message 208 may be stored by server
module encrypted data illustrated in FIG . 6 may comprise 105 in a database 105k , or potentially forwarded to another
the use of either an asymmetric ciphering 141a with public ! 25 server (not shown ) for additional processing .
private keys , or ( ii ) symmetric ciphering 141b with a sym - Although not illustrated in FIG . 6 , body 602 or module
metric key 127 . The initial transmission or negotiation of a encrypted data 403 may also include an (i) identity of
symmetric key 127 may preferably utilize asymmetric monitored unit 119 , which may be associated with sensor
ciphering 141a and the use of a public key as an encryption data 305 , and/ or ( ii ) a sensor identity 151 associated with
key and a private key as a decryption key . Subsequent 30 sensor data 305 , such that data from potentially multiple
transmission of a new symmetric key 127 may utilize either sensors 101f could be properly identified and recorded . As
(i) a symmetric cipher 141b with a previously negotiated but one example, module 101 could collect sensor data for a
still valid symmetric key 127 ( i.e . expiration time 133 has plurality ofmonitored units 119 , and in this case message
not transpired ), or ( ii ) asymmetric ciphering 141a . If the data 208 would preferably include an identity of monitored unit
within instruction 414 is longer than the maximum data 35 119 associated with the sensor data 305 . Or, a sensor 101f
length supported by a selected asymmetric ciphering algo - could have a sensor identity 151, and message 208 could
rithm 141a and the public /private key pair, then module include the sensor identity 151 with the corresponding
encrypted data 403 within message 208 can be broken up sensor data 305 . As described above, message 208 could
into several sections , such that the data within each section also include a symmetric key 127 , as illustrated in FIG . 6 .
is less than the maximum data length supported by the 40 Note that if ( A ) module encrypted data 403 exceeds an
asymmetric ciphering algorithm 141a and key . acceptable length for input or output into asymmetric cipher
Server identity 206 within module encrypted data 403 can ing algorithms 141a , such as data within a module encrypted
be useful for properly identifying that server 105 is the data 403 comprising an exemplary 3000 bits but only a 2048
proper recipient and final destination ofmessage 208 . Server bit key length is utilized in an exemplary module private key
identity 206 can be useful if a plurality of servers 105 is 45 112 processed with an RSA algorithm 153, then ( B ) module
utilized by an M2M service provider 108 with potentially encrypted data 403 within body 602 could comprise multiple
hundreds of thousands or millions of modules 101 . In this separate sub -sections for module encrypted data 403 . In this
case, with a plurality of servers 105 , server private key 1050 case, each sub - section could comprise data less than the
may represent a private key that is shared among a plurality maximum acceptable length for encryption , and the sub
of servers 105 , since otherwise server 105 may not be able 50 sections could be combined in order to form a module
to decrypt module encrypted data 403 if each server 105 in encrypted data 403 within body 602 . An example ofmultiple
the plurality of servers 105 did not share the common server sub -sections for module encrypted data 403 is illustrated in
private key 105c . Continuing in this example of a plurality FIG . 7 below (where one sub - section for module encrypted
of servers 105 , a server identity 206 may represent a server data 403 is ciphered with an asymmetric ciphering algorithm
that associated with M2M service provider 108 but not the 55 141a and a second sub -section is ciphered with a symmetric
recipient of message 208 . In this case , ( i) a first server 105 ciphering algorithm 141b ) .
could receive message 208 and decrypt message 208 using FIG . 6 also illustrates exemplary details within response
a common server private key 105c or symmetric key 127 , 209 sent by server 105 . Response 209 may comprise a
and (ii) the first server 105 can forward message 208 to the TCP /UDP packet 601b sent from server 105 IP : port 207 the
second server 105 ( not shown ) with server identity 206 . In 60 IP address 210 and port number 605 , where IP address 210
this case , the first server 105 can forward message 208 to the represents the external IP address of wireless network fire
second server (not shown ) without the encryption applied to wall 104 and port number 605 is the source port in message
module encrypted data 403 , since (i) the second server 105 208 as received by server 105 (i.e . the source port in
may not have access to the server private key 105c and /or message 208 after traversing the firewall 104 illustrated in
symmetric key 127 , or ( ii ) the first server 105 could have 65 FIG . 6 ). Thus, IP :port with IP address 210 and port number
already decrypted the module encrypted data 403 in order to 605 may be different than IP :port 204 in response 209 , since
read server identity 206 within module encrypted data 403 . the presence of a wireless network firewall 104 may perform
 US 10 , 177,911 B2
67
NAT routing, which could change the source IP address and server digital signature 506 itself and ( ii ) channel coding 406
source port number from IP :port 204 to IP address 210 and as input into the cryptographic algorithms 141 used to
port number 605 in message 208 , as received by server 105 . process or verify server digital signature 506 . In this manner ,
The use of wireless network firewall 104 in wireless network module 101 can utilize server digital signature 506 to
102 may require that response 209 be sent from IP :port 207 5 authenticate that response 209 was sent by server 105 .
to IP address 210 and port number 605 in order to be Channel coding 406 in body 606 is also depicted and
properly processed by firewall 104 and forwarded to module described in connection with FIG . 5a above , and channel
101 at IP :port 204 . Source IP :port 207 and destination IP coding 406 can be utilized by module 101 to correct any
address 210 and port number 605 in response 209 may be potential bit errors propagated in body 606 as response 209
included within a header in TCP /UDP packet 6016 . TCP / 10 traverses the Internet 107 and wireless network 102. As
UDP packet 601b could comprise a regular UDP packet, a noted above in FIG . 5a , any uncorrected bit errors in body
UDP Lite packet, or a TCP datagram , or similar protocols 606 may break the ability of module 101 to decrypt server
supported by an Internet 107 . TCP /UDP packet 601a and encrypted data 504 or server digital signature 506 .
TCP /UDP packet 601b can preferably utilize the same Body 606 may include server encrypted data 504 . Server
protocol. 15 encrypted data 504 is depicted and described in connection
As noted previously, the use of checksumsmay be man - with FIG . 5a above. Server encrypted data 504 may include
datory in IPv6 networks, and thus a UDP Lite packet as an acknowledgement 501 , wherein acknowledgement 501
packet 601a can include a checksum value 702 ( illustrated can notify module 101 thatmessage 208 has been received
below in FIG . 7 ) for the header, and note the use of firewalls by server 105 . As illustrated in FIG . 6 , server encrypted data
such as firewall 104 can change the header values in a packet 20 504 may optionally also include a module instruction 502
601a . In accordance with a preferred exemplary embodi- for module 101 . The module instruction 502 could be a
ment, a first checksum value 702 within a response 209 sent string that contains instructions or configuration parameters
by server 105 is different and/ or not equal to a second for module 101, such as an order to change state , parameters
checksum value 702 within the response 209 received by regarding the monitoring of monitored unit 119 , server
module 101 . Likewise , a first checksum value 702 within a 25 names or addresses, radio frequency parameters, timer val
message 208 sent by a module 101 is different and / or not u es , settings for actuator 101y, etc . A module instruction 502
equal to a second checksum value 702 within the message is depicted and described in connection with FIG . 5a above .
208 received by server 105 . The exemplary module instruction 502 illustrated in FIG . 6
AUDP, TCP, or UDP Lite datagram as a TCP /UDP packet comprises an instruction for module to set a temperature to
601b within response 209 may include a body 606 . Body 30 32 degrees. This exemplary instruction could be for an
606 may comprise the payload or data within a UDP, TCP, actuator 101y which could comprise a thermostat for moni
or UDP Lite packet. Body 606 can include a server identity tored unit 119 . Other possibilities for a module instruction
206 , a server digital signature 506 , server encrypted data 502 within a response 209 are possible as well without
504 , and channel coding 406 . Server identity 206 is illus - departing from the scope of the present invention . Although
trated in FIG . 6 as external to server encrypted data 504 35 not depicted in FIG . 6 or FIG . 2 , if response 209 includes a
within body 606 , but server identity 206 may optionally be module instruction 502 , according to an exemplary embodi
included in server encrypted data 504 instead . By including ment, module 101 can preferably send a second message 208
server identity 206 as external to server encrypted data 504 , to server 105 , where the second message 208 includes a
module 101 can use the unencrypted server identity 206 in confirmation that module instruction 502 was successfully
order to select the appropriate server public key 114 to 40 executed by module 101. This confirmation could be
decrypt server encrypted data 504 ( if asymmetric ciphering included in a server instruction 414 for server 105 within a
141a is utilized ). second message 208 .
Likewise , module 101 may communicate with a plurality Also , although a server encrypted data 504 may prefer
of servers 105 , and server identity 206 as external to server ably be included within a body 606 , body 606 may option
encrypted data 504 can allow module 101 to select the 45 ally omit server encrypted data 504 and include data from
appropriate symmetric key 127 to utilize for decrypting server 105 that is not encrypted , such as plaintext. As one
server encrypted data 504 ( since each of the multiple servers example in this case , acknowledgement 501 could be
105 that module 101 communicates with may utilize a included in body 606 as plaintext. In addition , although a
different symmetric key 127) . Also note that the server server digital signature 506 is included in body 606 and
identity 206 can be similar to module identity 110 , such that 50 external to server encrypted data 504 , the server digital
multiple different values for server identity 206 could be signature 506 may (i) optionally be omitted as well, or ( ii )
utilized in a system 100, but each of the different values included within server encrypted data 504 . Also , although
could preferably be uniquely associated with server 105 . As not illustrated in FIG . 6 , server encrypted data 504 could
one example , server identity 206 , outside server encrypted include a symmetric key 127 for module 101 to utilize with
data 504 as illustrated in FIG . 6 , may comprise a session 55 symmetric ciphering 141b in cryptographic algorithms 141
identity or session identifier, as opposed to a different server for processing a module encrypted data 403 in subsequent
identity 206 that could comprise a hardware serial number messages 208 and / or responses 209. If server encrypted data
for server 105 . Thus, server identity 206 outside a server 504 includes a symmetric key 127, then server 105 prefer
encrypted data 504 may be a different string or representa - ably can utilize an asymmetric ciphering 141a with crypto
tion than server identity 206 within server encrypted data 60 graphic algorithms 141 to process the server encrypted data
504 , but both strings /numbers used for server identity 206 in 504 containing the symmetric key 127 . An example for the
response 209 could be associated with server 105 . previous sentence could be if message 208 was received
Server digital signature 506 in body 606 can comprise a without a symmetric key 127 and server 105 can issue the
secure hash signature of a subset of body 606 , where the symmetric key 127. As contemplated herein , more than one
subset of body 606 can comprise server encrypted data 504 , 65 symmetric key 127 may be used concurrently in a system
and /or server identity 206 as illustrated in FIG . 6 . In other 100 , such as a first symmetric key 127 utilized in symmetric
words , processing the secure hash signature can omit (i) ciphering 141b for a message 208 , and a second symmetric
 US 10 , 177,911 B2
69 70
key 127 utilized in symmetric ciphering 141b for a response Server 105 can subsequently (i) utilize module identity 110
209. Other possibilities exist as well without departing from in body 602 to select the module public key 111 of module
the scope of the present invention . 101 ( for use with module digital signature 405 below ), and
Acknowledgement 501 within server encrypted data 504 ( ii) decipher this first set 701a ofmodule encrypted data 403
may include a security token 401. Security token 401 may 5 using the server private key 105c, as depicted and described
be a random string and may also be generated by either in connection with FIG . 4b at step 413 . Upon deciphering
server 105 or module 101. If security token 401 is generated the first set 701a of module encrypted data 403 , which
by module 101 , then security token 401 may be included in comprises the symmetric key 127 in FIG . 7 , server 105 can
message 208 and also utilized by server 105 in response 209, record symmetric key 127 in a database 105k for use both
as illustrated in FIG . 6 . By including security token 401 in 10 with the second set 701b ofmodule encrypted data 403 and
acknowledgement 501 , system 100 can be made robust to subsequentmessages 208 from module 101. Symmetric key
replay attacks since each response 209 can be reasonably 127 could remain valid until an expiration time 133 asso
unique for each response 209 sent by server 105 . ciated with the key transpired .
FIG . 7 Although a symmetric key 127 is illustrated in the first set
FIG . 7 is a simplified message flow diagram illustrating an 15 701a of module encrypted data 403 , the first set 701a of
exemplary message sent by a module , in accordance with module encrypted data could alternatively include a value
exemplary embodiments . FIG . 7 illustrates exemplary used to derive symmetric key 127 instead of the actual
details within a message 208 sent by module 101 . Asnoted symmetric key 127 . In other words, module 101 and server
previously , a module 101 may prefer to communicate with 105 could utilize a key derivation function 141f with the
server 105 in both an efficient and secure manner. Efficiency 20 module public key 111 and server public key 114 to obtain
is important in order to reduce energy consumption and also a derived shared secret key 129b. Instead of transmitting the
conserve the life of a battery 101k , ifmodule 101 is powered symmetric key 127 directly in a message 208 ( such as the
from a battery . As illustrated in FIG . 7 , module 101 can use first set 701a ),module 101 could transmit a value such as a
a message 208 in the format of a UDP datagram 601a to send random number in the first set 701a of module encrypted
two sets ofmodule encrypted data 403 . UDP datagram 601a 25 data 403, and both module 101 and server 105 could use the
can include a body 602, where body 602 can comprise (i) value and device shared secretkey 129b to derive symmetric
two sets of module encrypted data 403 , ( ii ) a module digital key 127. This derived symmetric key 127 can be used for
signature 405 , and (iii) option channel coding 406 if a UDP subsequent communicationsbetween module 101 and server
Lite protocol is used for UDP datagram 601a. Similar to 105 , such as in a response to message 208 , where a response
FIG . 6 above, the encrypted data illustrated in FIG . 7 is 30 209 could include server encrypted data 504 that is ciphered
shown in plaintext form , although the actual encrypted or using the derived symmetric key 127 .
ciphered data within a message 208 would not normally be After acquiring the deciphered symmetric key 127 , server
human readable . The two sets ofmodule encrypted data 403 105 can subsequently process the second set 701b ofmodule
may comprise a first set 701a of module encrypted data 403 encrypted data 403 in message 208, which could include
and the second set 701b of module encrypted data 403, as 35 server instruction 414 , sensor data 305 , and the additional
illustrated in FIG . 7 . information shown within the second set 701b of module
FIG . 7 illustrates a difference with conventional technol encrypted data illustrated in FIG . 7 . Server 105 could
ogy such as IPSec , TLS , SSL , etc ., wherein by utilizing the decipher the second set 701b of module encrypted data 403
exemplary embodiment of the invention illustrated in FIG . using the symmetric key 127 illustrated in FIG . 7 , also
7 , a module can reduce the number of packets (and therefore 40 depicted and described in connection with FIG . 4b at step
also energy required to communicate with a server 105 4 13 . The second set 701b of module encrypted data 403
while still maintaining a highly secured system . FIG . 7 illustrated in FIG . 7 also includes sensor data 305 with the
illustrates module 101 utilizing a single UDP packet to send sensor identity 151, and in this case the sensor data 305 is
( i) a symmetric key 127 via an asymmetric ciphering 141a , from " sensor A ” .
( ii )module encrypted data 403 using the symmetric key 127, 45 Message 208 could also include a module digital signa
and (iii) a module digital signature 405 . The number of ture 405 , which could be processed by module 101 using ( i )
packets required to communicate the same data with con - the first set 701a ofmodule encrypted data 403 and /or the
ventional technology would be significantly more than the second set 701b of module encrypted data 403 illustrated in
single packet illustrated (perhaps as many as a dozen packets FIG . 7 , (ii ) a digital signature algorithm 141d , and (iii )
with conventional technology ) , and thus would require 50 module private key 112 . The processing ofmodule digital
module 101 to remain in an active state longer than required signature 405 by module 101 is also described in FIG . 4a
and thus drain a battery 101k faster. Note that after sending above. Before ( A ) utilizing symmetric key 127 in the first set
message 208 and receiving a confirmation in a response 209 , 701a ofmodule encrypted data 403 to send a response 209
module 101 could then return to a sleep state to conserve to module 101 , (B ) server 105 could validate module digital
either energy used from a land -line power source or energy 55 signature 405 using (i) the module identity 110 to select a
used from a battery 101k . As described in Step 308 of FIG . module public key 111 , ( ii ) the selected module public key
3a above , module 101 could send a detach message to a 111 , and ( iii) digital signature algorithms 141d .
wireless network 102 upon receiving a response 209 to the Other configurations are possible for message 208 as well.
message 208 illustrated in FIG . 7 , and thus enter a dormant Note that a message 208 could include only the first set 701a
or sleep state more quickly and conserve energy . 60 ofmodule encrypted data 403 . In this manner, the symmetric
As illustrated in FIG . 7 , the first set 701a of module key 127 could be securely transmitted to server 105 without
encrypted data 403 can comprise a symmetric key 127 , including sensor data 305 , and the second set 701b of
where the symmetric key 127 is encrypted using an asym - module encrypted data 403 could be omitted from the packet
metric ciphering algorithm 141a with cryptographic algo 601a (and sensor data 305 could be sent in a subsequent
rithms 141 . As depicted and described in connection with 65 message 208 ). In addition , although FIG . 7 illustrates mod
FIG . 4a , module encrypted data 403 can utilize server public u le 101 as sending symmetric key 127 in a message 208 ,
key 114 to cipher the first set ofmodule encrypted data 403. module 101 could alternatively receive a symmetric key 127
 US 10 , 177,911 B2
71 72
in a response 209 from server 105 . This alternative response public key 111 and module private key 112 . The steps
209 from server 105 , with a symmetric key 127 , would illustrated in FIG . 801 include both (i) an “ initial” or
preferably utilize (i) an asymmetric cipher algorithm 141a to " startup ” case where module 101 has not previously derived
send module 101 the symmetric key 127 and ( ii ) the steps keys , and ( ii) a subsequent or " follow on ” time where
outlined in FIG . 5a . 5 module 101 can generate or derive keys after the initial
FIG . 8 derivation of keys.
FIG . 8 is a flow chart illustrating exemplary steps for a At step 801, during manufacturing ofmodule 101, includ
module to derive a public key and private key, and to obtain ing manufacturing of sub -components such as a circuit
a digital certificate , in accordance with exemplary embodi- board , assembly of hardware components illustrated in FIG .
ments. In order to utilize communications secured with PKI 10 1d , etc ., a module identity 110 could be written into the
techniques such as private keys , public keys, certificates , hardware , and could comprise a serial number, International
and identities , a module 101 may preferably obtain or Mobile Equipment Identity ( IMEI) number, Ethernet MAC
generate these keys and certificate in a secure manner. Given address , etc . For security purposes , the module identity may
that a plurality of modules 101 may be deployed in poten - preferably be written into a read -only ___location , such as a
tially remote places, without frequent contact with end users 15 readable ___location on a system bus 101d , which could also
or technicians, the use of secure PKI techniques for a comprise a ROM 101c. Recording and utilizing module
module 101 can create a significant set of challenges for the identity 110 is also depicted and described in connection
generation ofmodule public key 111 and module private key with FIG . 1d , FIG . 2 , and elsewhere herein . Alternatively,
112, as well as properly and securely obtaining a certificate module identity 101 could be recorded in a non - volatile
122 with an module identity 110 . Using conventional tech - 20 memory such as a flash memory 101w .
nology , significant challenges and costs can be incurred At step 802, module 101 can be distributed to end users
when (i) module 101 has already been deployed , such as and also installed with a monitored unit 119 . At step 803 , a
collecting data from a monitored unit 119 , and ( ii ) module shared secret key 813 , parameters 126 , and a server address
101 needs to utilize a new set of module private key 112 and 207 can be recorded in a nonvolatile memory 101w . Param
module public key 111. 25 eters 126 may comprise settings for a cryptographic algo
The proper use of a new set ofmodule private key 112 and rithms 141 as illustrated in FIG . 1f, including (i) key lengths,
module public key 111 may utilize the particular steps and (ii) algorithms to utilize for key generation or ciphering,
procedures contemplated herein , in order to minimize any such as the specification of an elliptic curve utilized illus
potential human intervention (with related costs ) while trated as parameters 126 in FIG . 1h , ( iii ) a specific secure
continuing to maintain security . Over a long period of 30 hash algorithm 141c to utilize , such as SHA - 256 or SHA -3 ,
operating time for a module 101, such as a decade or longer, ( iv ) an expiration date of the public key 111 , ( v ) a maximum
there may be many reasons module 101may need a new pair time value for an expiration time 133 associated with
of PKI keys , such as (i) expiration of a certificate , or the symmetric keys 127, etc . Although not illustrated in FIG . 8 ,
certificate of a parent signature authority, ( ii ) the transfer of at step 802 a configuration file could also be loaded into
ownership or control ofmodule 101, where the prior own - 35 non - volatile memory , where the configuration file includes a
ership could have direct or indirect access to the module plurality of fields specifying the operation of module 101.
private key 112 , ( iii) supporting a new server 105 that has The shared secret key 813, parameters 126 , and server
different security requirements (longer keys , different ECC address 207 could be included in a configuration file .
curves, etc .), and /or ( iv ) revocation of a public key in a chain Continuing at step 802 , server name 206 could be utilized
of signatures 123 within a certificate 122 . In the case of ( ii ), 40 in place of or in addition to server address 207 , and in this
new ownership of module 101 may require a module 101 to case module 101 can later perform a DNS or DNSSEC
utilize a new module private key 112 . In the case of (iii) a lookup using server identity 206 in order to obtain server
new server 105 may require a pair of public /private keys address 207 for use in a message 208 . Shared secret key 813
incompatible with a prior set of public /private keys utilized and server address 207 (or server identity 206 ) could also be
by module 101 and/ or a certificate 122 for module 101 . 45 recorded in a ROM 101c at step 803 . Step 803 may also be
The general approach adopted by most mobile phone performed concurrently with step 801 or step 802 . Note that
networks over the past two decades has been founded upon step 803 may take place multiple times during the lifetime
the use of a pre -shared secret key recorded in SIM cards , of a module 101, and in this case (a ) the first time step 803
such as the Ki secret key in 2G networks. That approach may is conducted , step 803 could be conducted concurrent with
work for mobile phones , where the SIMs can often be easily 50 steps 801 or 802 , and (b ) a subsequent time step 803 is
replaced , but the use of a pre - shared secret key in a SIM may conducted , step 803 could be conducted after the receipt of
not be suitable for a module 101 and M2M service provider a response 209 , where the response 209 includes a second
108 . As one example , significant costs may be incurred by shared secret key 813 , server address 207 , and also poten
swapping out a SIM card for already deployed modules 101 , tially a new module identity 110 . In other words , although
especially if they are in remote locations or continually 55 not illustrated in FIG . 8 , a module 101 could return to step
moving such as a tracking device on a container or pallet. 803 from later steps upon the equivalent of a " factory reset” ,
Next, a module 101 may preferably record multiple pairs of or similar command where flash memory 101w and other
public / private keys 111 / 112 for various functions, such as nonvolatile memory would be cleared . One example could
connecting to different servers 105 , connecting to different potentially be the transfer of ownership of module 101 , or a
wireless networks 102 , etc . The number of pairs of public ! 60 second example could be the upload of new firmware that is
private keys useful to a module 101 concurrently could be incompatible with a previous configuration file . In any case ,
many, such as an exemplary five or more actively used shared secret key 813 can preferably be uniquely associated
public /private keys. Trying to change or add a new SIM card with module 101 (i.e . any given shared secret key 813 can
each time a new security key is required may not be efficient belong only to an individual module 101).
or feasible . FIG . 8 illustrates exemplary steps that can be 65 Shared secret key 813 may comprise a pre - shared secret
performed with module 101 , including using a module key 129a , as described in FIG . 1d . Ifmodule 101 has already
program 101i , for generating and /or updating a module derived a module private key 112 and module public key 111
 US 10 , 177,911 B2
73
( such as when step 803 is being conducted at a subsequent key within a SIM card for mobile phones is usually designed
time as contemplated in the previous paragraph ), then shared to prevent movement of the pre - shared secret key within a
secret key 813 may comprise (i) a key received in a server SIM into RAM 101e .
encrypted data 504 including possibly a symmetric key 127, If a SIM card is present within module 101 , and the SIM
or ( ii ) a derived shared secret key 1296 . Derived shared
toria
5 card contains a pre -shared secret key , such as Ki, then as
secret key 129 could be obtained from using a key deri contemplated herein , shared secret key 813 may be derived
vation function 141f and module public key 111 and server using the SIM card and Ki. As one example , module 101
public key 114 , using a module public key 111 that has could (i) utilize a RAND message , potentially received from
already been derived (such as if at least onemodule private a 3G or 4G mobile network such as wireless network 102 ,
key 112 and module public key 111 had already been derived " and ( ii ) input the RAND into the SIM card and receive a
before step 803 ). response RES (or SRES ) , and utilize the string in RES to
Shared secret key 813 could be obtained and loaded by a process or derive a shared secret key 813 . Server 105 could
distributor, installer , or end user into a nonvolatile memory also submit the same RAND associated with the SIM card
such as flash memory 101w in the form of a pre - shared to and Ki to wireless network 102 , and receive the same RES
secret key 129a, where pre- shared secret key 129a was as obtained by module 101 . By both module 101 and server
obtained using a module identity 110 and pre -shared secret 105 having the same RES value , they can follow a pre
key code 134 as depicted and described in connection with agreed series of steps to use the same RES in order to derive
FIG . ld above . Module 101 could also utilize a first pre - a commonly shared secret key 813. As one example ,module
shared secret key 129a , including a first pre -shared secret 20 101 and server 105 could both utilize a key derivation
key 129a entered by potentially a distributor, installer, or function 141f, using the same RES as input, in order to
end - user discussed in FIG . 1d , to derive shared secret key derive the same shared secret key 813 .
813 . Other possibilities exist as well for shared secret key At step 804 , module 101 can read module identity 110
813, and shared secret key 813 can be useful for the proper using a read -only address . Module 101 can read module
identification ofmodule 101 upon module 101' s generation 25 identity 110 directly from read -only hardware address by
of a private key 112 and public key 111, as described below , using system bus 101d, including from a ROM 101c , or
module 101 can read module identity 110 from a nonvolatile
including step 806 , and step 902 in FIG . 9 , and step 1002 in memory
FIG . 10 . such as a flash memory 101w . Thus, the read -only
Also note that as contemplated herein , an initial module address could comprise an address accessible on system bus
private key 112 and initial module public key 111 could he be 3030 module
101d that is designated read -only for a period of time. The
recorded into nonvolatile memory at step 803 . For example , 101w byidentity 110 could be recorded into a flash memory
module 110 after a prior read of module identity
a manufacturer, distributor, installer, technician , or end -user 110 from a read -only address. In this case (module 101
could load the initial module private key and initial module taking the step described in the previous sentence ), reading
public key 111 , where the initial module ute public key
public key 111
m 35 module identity 110 from the nonvolatile memory at step
would be utilized to authenticate at step 806 a subsequent set 804 can also comprise module 101 reading module identity
of public /private keys derived by module 101 at step 805 . In 110 using a read -only address . Thus, although module 101
this case, the initial module public key 111 and /or initial may read module identity 110 from a flash memory 101w , if
module private key 112 described in the previous two (a ) module 101 initially utilized a read -only address to
sentences could comprise the shared secret key 813 . The 40 record the module identity 110 into the flash memory 101w ,
reason the initial module private key 112 with the initial then (b ) reading module identity 110 from the flash memory
module public key 111 would comprise a shared secret key 101w would comprise using a read -only address to read
813 is that (i) the initial module private key 112 and initial module identity 110 . Other possibilities exist aswell , such as
module public key 111 together have been “ shared ” in the the address that includes module identity 110 in either (i ) a
sense that the initialmodule private key 112 has been located 45 nonvolatile memory such as a ROM 101c or ( ii ) an address
outside module 101 and in possession of an entity such as accessible on system bus 101d , could be designated for a
the manufacturer, distributor, installer, technician , or end - period of time as available for a read - only operation .
user in order to load the initial module private key ( and At Step 805 , module 101 can derive module private key
initial module public key 111 is shared with server 105 ), (ii) 112 and a corresponding module public key 111 using (i)
the initial module private key 112 and initial module public 50 random number generator 128, ( ii ) parameters 126 , ( iii)
key 111 can be used to authenticate a subsequent message cryptographic algorithms 141, and (iv ) a key pair generation
208 containing a public key internally derived by the module algorithm 141e. Module private key 112 and corresponding
at step 805 below ,and ( iii) the initial module private key 112 module public key 111 can be derived according to a wide
would remain " secret” and not publicly shared . Thus, FIG . range of parameters 126 , and can utilize different algo
8 through FIG . 10 contemplate an embodiment where shared 55 rithms, such as RSA 153 or ECC 154 . Key derivation at step
secret key 813 at step 803 comprises an initial public /private 805 could generate keys of different lengths, such as 2048
key pair that is not internally derived by module 101. bits with RSA 153 or 283 bits with ECC 154 , and other
Note that the contemplation of the use of shared secret key possibilities exist as well. If using ECC 154 to derive a pair
813 as a pre -shared secret key 129a within the present of keys for module 101 , step 805 could also accommodate
invention may be different than the use of a pre -shared secret 60 the use of different elliptic curves for compatibility with
key within a SIM card . Specifically, as depicted and server 105 , such as the use of odd -characteristic curves ,
described in connection with FIG . 1d and elsewhere herein , Koblitz curves, etc . Additional example elliptic curves uti
the shared secret key 813, either (i) comprising a pre- shared lized in the generation or derivation of a key pair include the
secret key 129a or ( ii ) derived from a pre - shared secret key curves sect283k1, sect283r1 , sect409k1 , sect409r1 , etc .,
129a , may be moved by CPU 101b into a volatile memory 65 which are identified as example curves in IETF RFC 5480 ,
such as RAM 101e , with subsequent access by crypto - titled “ Elliptic Curve Cryptography Subject Public Key
graphic algorithms 141 . In contrast, the pre - shared secret Information ” .
 US 10 , 177 ,911 B2
75 76
The curve for module 101 to utilize in deriving module module 101 where valid or acceptable module private /public
public key 111 and module private key 112 at step 805 could keys are not available , and, (Case B ) a generation of keys by
be specified in parameters 126 . Consequently, the param module 101 while priormodule private /public keys are valid
eters of keys generated by module 101 at step 805 ( including and available . Note that the initial startup and deployment of
key length or algorithms utilized ) may be selected based 5 module 101 can comprise a Case A . After generating keys in
upon the requirements of the application and can be included step 805 , in step 806 module 101 can authenticate with
in a parameters 126 . When deriving keys at step 805 , module server 105 even though the payload of message 208 in this
101 may also preferably utilize data from sensor 101f, radio case comprises information that would be publicly available
101z , a bus 101d , a physical interface 101a , memory 101e, in a certificate : module public key 111 , parameters 126 , and
and / or a clock in order to generate a seed 129 for random 10 module identity 110. A purpose of shared secret key 813 can
number generator 128 , or random number generator 128 be to ensure that module public key 111 properly belongs to
could utilize these inputs directly . A random number can be module identity 110 , thereby preventing imposters ofmod
input into key pair generation algorithm 141e in order to ule identity 110 . Server 105 can uniquely associate a par
derive the module public key 111 and module public key ticular shared secret key 813 with a particular module
112 . 15 identity 110 , and utilize the unique association to authenti
Upon key derivation at step 805 , module private key 112 cate module 101.
and module public key 111 can be recorded in a nonvolatile In Case A mentioned in the paragraph above (no accept
memory 101w . Module private key 112 is preferably not able existing module public /private keys ), a server 105 can
transmitted or sent outside module 101. Note that module utilize shared secret key 813 to authenticate module 101 at
101' s internal derivation , or processing or creation , of 20 step 806 , such that after authentication the contents of
module private key 112 and corresponding module public message 208 can be further processed . Server 105 can
key 111 can have many benefits. First, module private key authenticate module 101 using the module identity 110 in
112 does not need to be recorded in any other ___location than message 208 and a message digest, such as described in
within module 101 , and thus may also be considered not IETF RFC 2617 , titled "HTTP Authentication : Basic and
shared . Recording module private key 112 only within 25 Digest Access Authentication " , and other authentications
module 101 avoids potential security risks of (i) storing or techniques using a shared secret key 813 could be utilized
recording module private key 112 in other locations, such as without departing from the scope of the present invention .
with module provider 109, M2M service provider 108, or an Module 101 can properly respond to a challenge /nonce in
installer or end user of module 101, and (ii) transferring message digest by sending a secure hash value using (i) the
module private key 112 from these other locations. A 30 challenge/nonce and ( ii) the shared secret key 813 . Or,
primary security risk from storage ofmodule private key 112 module 101 could authenticate by generating a module
outsidemodule 101 is that unauthorized 3rd parties may gain digital signature 405 in message 208 using the shared secret
access to the module private key 112 . key 813 . Or, module 101 could utilize the shared secret key
Also note that over a potential lifetime of a decade or 813 as a symmetric key 127 to encrypt a module encrypted
more of operation of module 101, each time a new module 35 data 403 with symmetric ciphering 141b , and if server 105
private key 112 may be required ( for various potential could properly decrypt the module encrypted data 403 using
reasons outlined above ), the external recording and /or trans the same shared secret key 813 on the server, then server 105
ferring ofmodule private key 112 incurs a potential security would know the correct module 101 sent themessage 208
risk . Security risks can be compounded if the external and thereby would be authenticated . In addition to the
___location records private keys 112 for a plurality ofmodules 40 authentication procedures mentioned above , in Case B ,
101. Also , by internally generating private key 112 at step where valid module public /private keys are available when
805 , module 101 can overcome significant limitations and module 101 generates new keys, module 101 could send the
costs requiring the distribution of a pre -shared secret key Ki new public key 111 , and parameters 126 in a message 208
in the form of a SIM card or similar physical distribution of using the techniques illustrated in FIG . 3 through FIG . 7
a pre -shared secret key . Module 101' s key derivation could 45 above , where module 101 can utilizes the existing module
be triggered by either (i) a bootloader program 125 , where public /private keys to authoritatively sent the new public
the bootloader program 125 determines that memory within key 111 .
module 101 does not contain a module private key 112 , or At step 807 , after successful authentication of module 101
(ii) via a module instruction 502 such as a “ key generation ” at step 806 , a server 105 could generate a digital certificate
command in a response 209 from a server. 50 122 and send it to module 101 , and also optionally publish
Note that module 101 's generation of keys after deploy . it on the Internet 107 for use by other entities, such as
ment and installation may create challenges for authentica - wireless networks 102, M2M service providers 108 , servers
tion of a new module public key 111 with module identity 105 , end users , etc . A server 105 could also optionally
110 , since module 101 may be connecting to server 105 or securely send in a response 209 a new shared secret key 813 ,
M2M service provider 108 via the Internet 107. Conse - 55 which could be utilized in subsequent iterations of step 806
quently , shared secret key 813 can be used by module 101 above . At step 807 a digital certificate 122 could be sent to
after the generation of new keys at step 805 in order to module 101 in a response 209 message, where the body 606
securely associate new module public key 111 with module of the message could be plaintext since the digital certificate
identity 110 (and thereby the correct module 101 ). At step 122 may not normally need to be ciphered . Note that the
806 , module 101 can send a message 208 to a server 105 , 60 server 105 ( i) authenticating module 101 at step 806 and ( ii )
where themessage includes public key 111 , at least a subset sending digital certificate 122 can be a different server than
of parameters 126 ( such as an ECC 154 algorithm used in a server 105 discussed below at Steps 808 and Steps 809 ,
the public key ), and module identity 110 . In accordance with which could be a server for collecting sensor data 305 , as
preferred exemplary embodiments , there may be two pri- one example .
mary cases of Step 806 to consider where module 101 65 Within Step 807, the server 105 sending a digital certifi
generates or derives keys at step 805 connects to a server cate 122 could belong to a certificate authority 118 , and /or
105 via the Internet 107 , (Case A ) a generation of keys by M2M service provider 108 , module provider 109, etc . If
 US 10 , 177,911 B2
77 78
server 105 belongs to module provider 108, then module module 101 in step 805 , to encrypt server encrypted data 504
provider 108 may function as a certificate authority , and in in one of two ways . First, server 105 can encrypt server
turn would likely have its public key 120 signed by an encrypted data 504 using an asymmetric ciphering algorithm
external certificate authority 118 and recorded in a second 141a by ciphering with the new module public key 111 , as
certificate 122 . According to a preferred exemplary embodi- 5 described in step 503 of FIG . 5 . Second , server 105 can
ment, module provider 109 or M2M service provider oper - encrypt server encrypted data 504 using a symmetric cipher
ates a server 105 to (i) receive a message 208 containing a ing algorithm 141b by utilizing a key derivation function
newly generated module public key 111 and module identity 141f such as ECDH and (i) the new module public key 111
110 and ( ii ) authenticates the message 208 using the shared and ( ii ) the server public key 114 in order to derive a
secret key 813 . After authentication , server 105 associated 10 commonly shared symmetric key 127 , which could utilize a
with module provider 109 or M2M service provider 108 derived shared secret key 129b . In this second instance ,
sends a digital certificate 122 to (i)module 101 in a response server 105 can encrypt server encrypted data 504 in step 809
209. Note that the generation of certificate 122 may option using a symmetric ciphering algorithm 141b and the com
ally be bypassed , such that if module 101 would not nor - monly shared symmetric key 127 .
mally communicate with any servers except a server 105 15 After receiving response 209 in Step 809 ,module 101 can
within a M2M service provider 108 network . In this case , then utilize steps 514 and 515 described in FIG . 5b to
where Step 807 can be bypassed , module 101 may still decrypt server encrypted data 504 in response 209 and
preferably perform Step 806 and send the new module process the module instruction 502 contained in server
public key 111 with authentication using shared secret key encrypted data 504 . As described in FIG . 5b ,module instruc
813, because a server 105 would need to know that the new 20 tion 502 could be an acknowledgement that message 208 in
module public key 111 (generated at step 805 above ) actu step 808 was received by server 105 , or also module
ally belongs to module 101 with module identity 110 . instruction 502 for an actuator 101y , or another instruction
Without authentication as step 806 , an unauthorized 3rd formodule 101. At step 810 ,module 101 can send a message
party could send a module public key 111 claiming its 208 with a confirmation 414 to server 105 . Confirmation 414
associated with a module identity 110 , and without proper 25 can be used to signal proper execution of module instruction
authorization , a server 105 would not know the difference 502 , if module instruction 502 comprised an instruction
between valid incoming new public keys 111 w /module other than an “ ACK ” . Ifmodule instruction 502 in Step 809
identity 110 and unauthorized 3rd parties sending in new (but was an acknowledgement from server 105 , then the confir
faked ) public keys 111 w /module identity 110 . mation 414 may omitted and in this case Step 810 could be
At Step 808 , module 101 can begin utilizing the new 30 skipped .
module public key 111 and module private key 112 derived At Step 811 , module 101 can determine or evaluate if a
in step 805 , where new public key 111 was authenticated in new module private key 112 and module public key 111 are
Step 806 . As one example , module 101 could begin follow - required for continued operation . The need for the genera
ing normal operations of a data reporting steps 101x illus tion of new keys by a module 101 was explained at the
trated in FIG . 3a . Although not illustrated in FIG . 8 ,module 35 beginning of the discussion of FIG . 8 . One reason could be
101 could optionally send certificate 122 (that was received the expiration of a certificate 122 for module 101. A second
by module 101 in Step 807 ) to server 105 prior to Step 808 reason could be thatmodule 101 may wish to connect with
(such as if step 806 was performed with a different server a new wireless network 102 that requires the use of PKI
105 ), and module 101 could send the certificate in a message techniques for authentication , but also specific parameters
208 as plaintext and without using a module encrypted data . 40 126 or algorithms in a certificate 122 for module 101 to be
Server 105 could verify a signature 123 in the certificate 122 acceptable with a new wireless network 102 . Other
using a certificate authority public key 131 . Sending certifi- examples for reasons that a module 101 may need new
cate 122 to server 105 prior to Step 808 (not shown ) could public /private keys after deployment exist as well, and any
also signal the use of a new public key 111 for module 101, could be a reason for module 101 to determine to utilize new
and server 105 could verify the certificate authority signa - 45 public /private keys . Upon determining new keys are desir
ture 123 . A server 105 utilized in Step 808 can be different able at Step 811 , then module 101 can proceed back to Step
than a server 105 utilized in Step 806 , since (i ) the server 105 805 an derive the new keys . If module 101 determines that
in Step 806 could belong to a module provider 109 and / or a new keys are not required at Step 811 , module 101 can then
certificate authority 118 , and (ii ) the server 105 at Step 808 proceed to Step 812 and wait for a specified interval before
could belong to a M2M service provider 109 , as illustrated 50 taking further action , such as sending a message 208 to
in FIG . 1a . In addition to module 101 (a ) beginning to use server 105 , and the message 208 could contain a sensor data
new public key 111 generated at step 805 ,module 101 could 305 , or other data for the remote monitoring and /or control
also (b ) send server 105 a server instruction 414 of " query of a monitored unit 119.
certificate " . This " query certificate ” server instruction 414 FIG . 9
could be sent as plaintext in a message 208 , where server 55 FIG . 9 is a flow chart illustrating exemplary steps for a
105 sends back the certificate 122 , without ciphering , so that server to communicate with a module that has derived a
module 101 can confirm the correct certificate 122 is being public key and private key , in accordance with exemplary
utilized . embodiments . As depicted and described in connection with
At Step 809 , server 105 can send a response 209, where FIG . 8 above , for enhanced security, a module 101 can
the response 209 includes server encrypted data 504, and the 60 preferably generate its own module private key 112 and
server encrypted data 504 can include a module instruction corresponding module public key 111 . In addition, multiple
502. Server encrypted data 504 can utilize a new module combinations of these key pairs may be useful as module
public key 111 received prior to Step 808 , such described in 101 communicates potentially with multiple servers 105
the paragraph above where module 101 can send server 105 during the lifetime ofmodule 101, which could be a decade
the certificate 122 which was received by module 101 in 65 or longer. Having module 101 generate the multiple com
Step 807 . In this step 809 server 105 can utilize the new binations of key pairs is more secure than generating the
module public key 111 , resulting from the key generation by keys elsewhere and then transmitting or transferring a mod
 US 10 , 177,911 B2
79 80
ule private key 112 to module 101 . Although security may for server 105 to use a shared secret key 813 in order to
be enhanced by module 101 creating its own public and authenticate a message 208 that contains a new module
private key , the internal creation of public and private keys public key 111 (where module 101 contains a new module
in module 101 does create additional security challenges, private key 112 ). After receiving authenticated new module
especially related to the proper identification ofmodule 101 5 public key 111 in steps 901 and 902 , according to a preferred
and/or association ofmodule 101 with the derived module exemplary embodiment, server 105 can preferably only
public key 111 . These challenges of proper identification of accept and process (A ) either incoming (i) a symmetric keys
module 101 may be especially important after manufactur- 127 ciphered with a asymmetric ciphering algorithm 141a ,
ing and distribution , when module 101 operates on a net- and /or (ii) incoming server instructions 414 , when ( B ) the
work connected to the Internet 107 and utilizes the Internet 10 incoming message 208 also includes a valid module digital
107 to communicate with a server 105 . FIG . 8 through FIG . signature 405 verified by using the new module public key
10 , including FIG . 9 , illustrate exemplary embodiments for 111 , received at step 901.
the proper identification ofmodule 101 and /or association of Although not illustrated in FIG . 9 , server 105 could
module identity 110 with a derived module public key 111 operate with a certificate authority 118 in order to utilize a
in accordance with exemplary embodiments . 15 new module public key 111, as described in this paragraph .
As illustrated in FIG . 9, before a server 105 receives the At step 901, new module public key 111 could be received
new module public key 111 at step 901, module 101 can by server 105 in the form of a uniform resource locator
follow the series of Steps 801 through Steps 805 depicted (URL ) or ___domain name for download of a certificate 122
and described in connection with FIG . 8 . The steps include corresponding to the new module public key 111 . If new
(i) the recording of a shared secret key 813 at step 803, 20 module public key 111 is included in a certificate 122 at step
where the shared secret key 813 can be later used to 901 (or a URL to the certificated 122 ), then module 101
authenticate a new module public key 111 , and ( ii ) module could also take steps 806 and 807 , depicted and described in
101 deriving module private key 112 and module public key connection with FIG . 8, prior to step 901. At step 901,
112 at step 805 using cryptographic algorithms 141 and/ or module 101 could send server 105 a URL or address on the
key pair generation function 141e . Note that by using a 25 Internet 107 where server 105 could download the new
shared secret key 813 to authenticate the creation of a new module public key 111 , such as if module 101 had a
module public key 111, a security risk addressed is the risk certificate authority 118 sign the new module public key 111 .
that an unauthorized 3rd party attempting to submit a new In this case , ( i) the certificate authority 118 could perform
module public key 111 using module identity 110 . By the steps of 901 and 902 before server 105 conducts step 808
module 101 creating its own module private key 112 (and 30 below , and ( ii) certificate authority 118 would need some
avoiding the storage of any module private key 112 in any confirmation module 101 using module identity 110 was the
other locations over the lifetime of module 101), then only correct owner of new module public key 111 . Certificate
module 101 can reasonably read messages encrypted using authority 118 could authenticate module 101 using the
module public key 111 . In other words ,module 101 creating shared secret key 813 instead of server 105 authenticating
or deriving its own module private key 112 can ensure that 35 module 101 directly with the shared secret key 813 ).
a “ real” module 101 only receives messages that were After steps 901 and 902, server 105 can update a database
created using its true module public key 111 . Any unauthor- 105k using the module identity 110 to insert or update the
ized 3a party attempting to submit a new (“ fake ” ) module new module public key 111 , and parameters 126 associated
public key 111 using module identity 110 (i) could attempt with new module public key 111 . Server 105 may commu
to be an imposter for a “ real” module 101, but (ii) could not 40 nicate with a plurality ofmodules 101, and thus could utilize
reasonably either (a ) read messages to the real module 101 a database 105k in order to record the new module public
or (b ) have unwanted module instructions 502 sent to the key 111 and parameters 126 with the module identity 110 .
“ real” module 101 (by a system 100 using a message 208 The module identity 110 could preferably operate as an
and response 208 as illustrated in FIG . 2 through FIG . 6 ). index within a table of database 105k in order to speed reads
After module 101 creates new module public key 111 and 45 and writes from the table used with module public key 111
module private key 112 at step 805 , at step 901 server 105 and parameters 126 . As discussed in step 803 of FIG . 8 ,
can receive a message 208 with the module identity 110 , the parameters 126 can include data useful for the operation of
new module public key 111 , and parameters 126 . The cryptographic algorithms 141 and module public key 111 .
sub - steps for a server 105 to receive a message 208 are also According to a preferred exemplary embodiment, param
depicted and described in connection with FIG . 2 above . 50 eters 126 can identify an elliptic curve utilized with new
Parameters 126 within a message 208 can comprise descrip - module public key 111. As one example , the curve utilized
tive values for new module public key 111 . Note that at step by module 101 in cryptographic algorithms 141 with new
901, server 105 does not need to receive new module public module public key 111 could be selected from one of the 15
key 111 in the form of a certificate 122 ( although it could be standard published curves recommended by the National
in the form of a certificate 122 ). New module public key 111 55 Institute of Standards and published in FIPS 186 -3 , and
could be received by server 105 within a string of field parameters 126 could select one of the exemplary 15 stan
within a body 602 of a TCP/UDP packet 601a . dard curves . Some modules 101 in a system 100 could
At step 902 , server 105 can authenticate the message utilize a first elliptic curve within a parameters 126 , and
using a shared secret key 813. Server 105 can authenticate other modules 101 could utilize a second and different
the message 208 according to message digest, or using the 60 elliptic curve within a parameters 126 .
shared secret key 813 as a symmetric key 127 within a After updating thenew module public key 111 , in step 808
symmetric ciphering algorithm 141b , where the successful of FIG . 9 , server 105 could receive a second message 208 ,
encryption and decryption of data within message 208 using and the second message 208 can include a module identity
the shared secret key 813 on both ends could be confirmation 110 , module encrypted data 403, and a module digital
that message 208 is authenticated , since both parties would 65 signature 405 , wherein the module digital signature is cre
only be able to mutually encrypt and decrypt by sharing the a ted with the new module public key 111 received in step
same shared secret key 813 . Other possibilities exist as well 901. Server 105 could then utilize the steps illustrated in
 US 10 , 177,911 B2
82
FIG . 4b in order to process the incoming message 208 with incoming messages 208 from module 101 or other modules .
the new module public key 111 , including using the module Step 312 is also depicted and described in connection with
identity 110 received in the second message to select the new FIG . 3b .
module public key 111 and subsequently verify module FIG . 10
digital signature 405 using the new module public key 111 5 FIG . 10 is a flow chart illustrating exemplary steps for a
and digital signature algorithm 141d . Also as discussed in module to derive a public key and private key, and for a
FIG . 4b in connection with processing a received message module to send a server the encrypted public key , in accor
208 , server 105 could decrypt the module encrypted data dance with exemplary embodiments . As discussed in FIGS .
403 in the second message 208 by using server private key 8 and 9 above , over the course of many years of operation
105c. 10 of module 101 it may be desirable for module 101 to
The module encrypted data 403 could include a symmet - generate or derive new public and private keys . As a
ric key 127 for utilization with a symmetric cipher 141b , as minimum and also discussed above , module 101 may pref
illustrated by the first set 701a of module encrypted data 403 erably generate they keys before the repeated transfer of
in FIG . 7 . Module 101 could also send sensor data in a sensor 101f and actuator data 101y between a module 101
module encrypted data 403 at step 808 . Or, Step 808 of FIG . 15 and a server 105 . Note that important additional security and
8 and FIG . 9 , the second message 208 could be a signal for features may be obtained in a system 100 by securely
server 105 to use a new key derivation function 141fwith the transmitting a module public key 112 to server 105 . As
server public key 114 and the new module public key 111 to contemplated herein , the term “ public key” may comprise a
create a new derived shared key 129b for use with symmet- key that is shared between endpoints such as a module 101
ric ciphering algorithms 1416 in subsequent messages 208 . 20 and a server 105 , but the key does not need to be either (i)
If the second message 208 in step 808 comprises a signal for publicly disclosed to 3rd parties, or (ii ) submitted to an
server 105 to derive a new derived shared key 129b , then this external certificate authority 118 for validation or signature ,
second message 208 could then optionally leave off module including verification that the module public key 111
encrypted data 403 and /or a module digital signature 405 . belongs with module identity 110 . Additional security in a
The successful use of a new derived shared key 129b (using 25 system 100 may be maintained by only server 105 and
the new module public key 111 and existing server public module 101 recording module public key 111 , and thus
key 114 ) with symmetric ciphering algorithms 141b at module public key 111 could be transmitted to server 105
subsequent steps by both module 101 and server 105 can securely as illustrated in FIG . 10 , after module 101 derives
indicate to each the communications are mutually authenti - a set of private and public keys.
cated . 30 Steps 801 through 805 in FIG . 10 can comprise the
At step 809, server 105 can send a response 209 to module equivalent Steps 801 through 805 depicted and described in
101, where the response 209 includes server encrypted data connection with FIGS. 8 and 9 . Note that steps 803 through
504 and a module instruction 502 . Server 105 could take the 805 may comprise the first time module 101 has generated
steps to create and send response 209 as depicted and or derived module public key 112 , and the steps illustrated
described in connection with FIG . 5a . Response 209 could 35 in FIG . 10 provide an exemplary preferred embodiment
be formatted according to response 209 illustrated in FIG . 6 . within the present invention for authoritatively and securely
The module instruction 502 could be an acknowledgement sending module public key 112 to server 105 both the very
501 that the message 208 sent in step 808 was received by first time and also subsequent times after module 101 had
server 105 . At step 810 , module 101 can send a message 208 initially derived a module public key 111 and corresponding
with a confirmation 414 to server 105 . Confirmation 414 can 40 module private key 112 . The term “ very first time” as
be used to signal proper execution of module instruction contemplated herein can mean that since manufacturing,
502, if module instruction 502 comprised an instruction module 101 had not previously recorded a module private
other than an “ ACK ” or acknowledgement 501. If module key 112 in either nonvolatile memory or volatile memory .
instruction 502 in step 809 was an acknowledgement 501 At Step 1001, module 101 can create a module encrypted
from server 105 , then the confirmation 414 may omitted and 45 data 403a using the shared secret key 813 , which could be
in this case step 810 could be skipped . recorded in nonvolatile memory earlier at step 803. Note that
At step 903 server 101 can determine or evaluate if a new if module 101 is deriving keys for the very first time, then
module public key 111 and/or certificate 122 are required for shared secret key 813 could comprise a pre -shared secret
continued operation . FIG . 8 included example cases for the key 129a , which could be installed by a module provider
need by a module 101 to generate a new module public key 50 109 or end user before module 101 connects with a server
111 (which would also usually require a new private key 105 . As one example , shared secret key 813 used in Step
112 ). One reason could be the expiration of a certificate 122 1001 could have been recorded with a bootloader program
for module 101, or the desire to utilize a different set of 125 formodule 101 in a nonvolatile memory such as a flash
parameters 126 such as a longer key length for increase memory 101w . If module 101 is deriving keys for a subse
security or the use of a different elliptic curve within an 55 quent time after the very first time ( such as after module 101
asymmetric algorithms 141a . Upon determining new keys had already derived module private key 112 at least one
are desirable at step 903 , then server 105 could instruct time), then shared secret key 813 may be different than a
module 101 to derive new private and public keys by pre -shared secret key 129a (i.e . shared secret key 813 could
returning to step 805 . Although not illustrated in FIG . 9 , be securely transferred to module 101 after the initial time
upon determining “ yes” at step 903 , server 105 could send 60 keys were derived ).
a module instruction 502 of “ new key generation ” and also Module encrypted data 403a is shown in FIG . 10 as
a new set of parameters 126 to utilize with the new module different to module encrypted data 403 because module
private key 112 and module public key 111, and module encrypted data 403a can include public key 111b , where
instruction 502 could be sent in a response 209 after a module 101 encrypts public key 111b using the shared secret
message 208 had been received . If server 105 determines 65 key 813 . Thus, module encrypted data 403a can include an
that new keys are not required or desirable at step 903, server encrypted public key 1116 . New module public key 111b can
105 can then proceed to Step 312 and wait for additional comprise an encrypted new module public key 111, as
 US 10 , 177,911 B2
83 84
illustrated in FIG . 10 . Note thatmodule 101 's encryption of secret key 129b was created by server 105 using the new
new module public key 111b in a message 208 is different module public key 111b . Successful processing of response
than contemplated by conventional technology , because 209 at step 1003 by module 101 (using steps outlined in FIG .
module public keys 111 would normally not be encrypted 5b ) could confirm to module 101 that new module public
and could also be openly shared in the form of a certificate 5 key 111b was properly implemented on server 105 .
122 (and thus the term " public " in the key name). As At step 1004 ,module 101 can return to routine messaging
contemplated herein , module public key 111b can be module and reporting routines with a server 105 , since server 105
public key 111 in an encrypted form . has indicated the new module public key 111b has been
However, as illustrated in FIG . 10 , module 101 creates an applied in the previous step . Step 1004 could comprise
encrypted new module public key 111b using shared secret 10 module 101 sending a second message 208 where a sym
key 813 . The shared secret key 813 could be utilized (i) as metric key 127 is ciphered using an asymmetric ciphering
a symmetric key 127 for ciphering the new module public algorithm 141a . An exemplary format of the module
key 111 to produce new module public key 111b , ( ii ) to encrypted data 403 in the second message 208 , with a
derive a symmetric key 127 used to cipher module public symmetric key 127 , could include encrypted data 701a in
key 111b , or ( iii ) as a public key within an asymmetric 15 FIG . 7 . Alternatively and not shown in FIG . 10 , at step 1004
ciphering algorithm 141a , where the module public key module 101 could send the second message 208 to server
111b is encrypted using the shared secret key 813 . Other 105 in order to signal that server 105 should change to a
possibilities exist as well for using a shared secret key 813 symmetric ciphering algorithm 141b , where the symmetric
to encrypt a new module public key 111b , without departing key 127 would be a derived shared secret key 129b using the
from the scope of the present invention . Also as illustrated 20 new module public key 111b delivered in step 1002 above .
in FIG . 10 at step 1001, the parameters 126 associated with At step 1005 , server 105 can send a second response 209,
new module public key 111b can preferably also be included where the second response 209 includes server encrypted
in a module encrypted data 403b . The reason is that by data 504 , and the server encrypted data 504 can include a
securely transmitting parameters 126 , system 100 can be module instruction 502 . Server encrypted data 504 could be
further secured since unauthorized 3 " parties could not then 25 ciphered using the symmetric key 127 specified in step 1004
observe any plaintext parameters 126 associated with new above. At step 1004 , module 101 can process the second
module public key 111b . response 209 according to the steps outlined in FIG . 5b
At step 1002, module 101 can then send a first message above . The second response 209 could comprise a response
208 to server 105 , where the first message 208 includes the 209 illustrated in FIG . 6 . At step 811 , module 101 can
module encrypted data 403a and module identity 110 . Mod - 30 determine or evaluate if a new module private key 112 and
ule encrypted data 403a can include the encrypted param - module public key 111 are required for continued opera
eters 126 and module public key 111b , as discussed in step tions . Determining if new keys are required could include
1001. An exemplary firstmessage 208 sent according to step reasons discussed in FIG . 8 , including potentially the expi
1002 is depicted and described in connection with FIG . 11 ration of a certificate 122 , or the expiration of a time- to - live
below . Although not illustrated in FIG . 11 below or at step 35 value that module 101 or server 105 specified for a module
1002, the first message 208 can also preferably include a public key 111 .
field or data to indicate to server 105 that module encrypted Upon determining new keys are desirable at step 811 in
data 403a should be decrypted using shared secret key 813 . FIG . 10 , then module 101 can proceed back to step 805 an
Alternatively, if the first message 208 is the very first derive the new keys . If module 101 determines that new
message from module 101 after the creation of keys in step 40 keys are not required at step 811 , module 101 can then
805 , including potentially the very first message 208 proceed to step 1006 and wait for a specified intervalbefore
received by server 105 from module 101 using module taking further action , such as sending a message 208 to
identity 110 , then server 105 could be programmed to server 105 , and the message 208 could contain module
automatically use shared secret key 813 to decrypt module encrypted data 403 with sensor data 305 , or other data for the
encrypted data 403a . Similarly, both server 105 and module 45 remote monitoring and /or control of a monitored unit 119 .
101 can utilize shared secret key 813 as the “backup” or After step 1006 , module 101 can return to step 1005 and
" default” key for secured communication if subsequent receive a response 209 and continue operating as specified
encryption /decryption and security signatures fail (including in module program 101i and /or data reporting steps 101x .
the propagation of bit errors into encrypted data or signa - As described in steps 1001 through 1003 of FIG . 10 ,
tures ). According to an exemplary preferred embodiment, 50 according to a preferred exemplary embodiment, server 105
module 101 and server 105 temporarily change to (i) a can receive a new module public key 111b in a message 208
symmetric ciphering algorithm 141b using shared secretkey at step 1002 , where the new module public key 111b is both
813 from using ( ii ) a symmetric ciphering algorithm 1416 encrypted and not sent by module 101 to any other server or
using symmetric key 127 if symmetric ciphering algorithm ___location . In other words for this preferred exemplary
141b fails for either endpoint ( either module 101b or server 55 embodiment, the (i) new module public key 111b is not
105 ). signed by a certificate authority and also (ii ) new module
At step 1003, module 101 can receive a response 209 public key 111 is held confidentially within both module 101
from server 105 confirming that server 105 properly and server 105 , except for the single encrypted distribution
received and processed the message 208 with the module to server 105 at step 1002 .
encrypted data 403a . The response 209 at Step 1003 could 60 If server 105 receives new module public key 111b in an
signal to module 101 that server 105 properly recorded the encrypted form using secure shared secret key 813 , then
new module public key 111b associated with module iden - server 105 can optionally omit the usage of a server digital
tity 110. Response 209 at step 1003 could comprise a signature 506 in many subsequent responses 209. The reason
module instruction 502 or an acknowledgement 501. is that new module public key 111b has only been transmit
Response 209 at step 1003 could also be ciphered using a 65 ted in an encrypted form to server 105 , and thus no other
symmetric key 127 , where the symmetric key 127 comprises entity connected to the Internet 107 could have new module
a derived shared secret key 129b , where the derived shared public key 111b to send encrypted messages using asym
 US 10 , 177,911 B2
85 86
metric ciphering 141a . The use of steps 1001 and 1002 could FIG . 11 include (i) a secure hash algorithm 141c to utilize in
eliminate the routine use of a server digital signature 506 in signatures, which could comprise the SHA256 algorithm as
a response 209 as illustrated in FIG . 5a and FIG . 5b . A shown (which may also be known as the SHA - 2 algorithm ),
secure system 100 could still periodically use a server digital (ii ) a selected elliptic curve for use with ECC algorithms 154
signature 506 , such as when module 101 receives a module 5 or a modulus to use with RSA algorithms 153, and ( iii) a
instruction from server 105 to utilize a new server public key time- to - live value for the public key , such as the illustrated
114 or new symmetric key 127 . Other possibilities exist as “ time to live " value of 1 year shown in FIG . 11 . The time
well , but the use on an encrypted module public key 111b value for the validity of new module public key 111b could
can reduce the frequency of server digital signature 405 alternatively be specified in a set expiration date . Other
messages in a secured system 100. Module 101 could also 10 values associated with cryptographic algorithms 141 could
use steps 1001 and 1002 to securely send new module public be included in parameters 126 as well .
key 111b to a server 105 , while module 101 uses a second Additional values or fields within a message 208 associ
module public key 111 associated with a different module a ted with communicating a new module public key 111b
private key 112 in a certificate 122 . In other words , module with server 105 could include a server instruction 414 of
101 can utilize multiple pairs of private /public keys , and the 15 “ new public key ” . This server instruction could inform
secure transmission and recording of a module public key server 105 to utilize the new module public key 111b within
111b could also be utilized for many of the pairs of private the message 208 . Module public key sequence number 111a
public keys . can include a sequence number or identity for the new
Note that over the course of years a system 100 could save module public key 111b , such thatmodule 101 or server 105
considerable energy by minimizing or avoiding the require - 20 can properly reference and/or select the key from a plurality
ments for a server digital signature 506 , and power con - of module public keys 111b that could be associated with
sumption can be a critical engineering constraint for a module identity 110 . Although module public key sequence
module 101 and /or a battery life 101k. As one example , number 111a is illustrated as a separate field in module
verifying a digital signature using a digital signature algo - encrypted data 403a , module public key sequence number
rithms 141d such as ECDSA with 224 bits can require 122 25 111a could optionally be included in parameters 126 , such
mJ of energy (“ Energy Analysis of Public -Key Cryptogra - that the value within parameters 126 specifies the current
phy on Small Wireless Devices ” , Wander et al, Table 2 , Page sequence number for the current module public key 111b .
8 , herein incorporated by reference ). Assuming a module (i) Other fields and features within a message 208 as illus
operates for 10 years, (ii ) performs 10 verifications a day trated in a FIG . 11 can be similar to the fields presented in
without using steps 1001 and 1002, and ( iv ) reduces the 30 FIGS. 6 and 7 above. Since ( a ) FIG . 11 can also illustrate a
number of verifications (i. e . step 512 ) to an exemplary 1 very first message 208 sent by a module 101 to a server 105 ,
verification a week by using steps 1001 and 1002, then such as after keys are derived in a Step 805 , then (b ) module
approximately 3500 joules of battery energy ( or landline 101 can read multiple values from RAM 101e or a nonvola
power ) can be saved . Note this does not include the addi- tile memory 101w or 101c in order properly construct or
tional savings in energy by avoiding transmitting the secure 35 format message 208 . Each of ( i) destination IP :port number
hash signature and related overhead , which would often be 207 , (ii) parameters 126 , and ( iii ) shared secret key 813 can
transmitted wirelessly for many modules 101 . In this case of preferably be written into nonvolatile memory at step 802 of
utilizing wireless transmission for module 101 with a radio FIG . 8 through FIG . 10 , if message 208 in FIG . 11 represents
1012 , the energy savings would likely be several fold the the very first message 208 sent by module 101. The source
exemplary amount of 3500 joules from ( i) sending public 40 IP :port number 204 can represent a number assigned by an
key 111b securely in steps 1001 and 1002 so that server operating system 101h . Ifmessage 208 in FIG . 11 comprises
digital signatures 506 can be optionally omitted , and (ii) a subsequent time message 208 is transmitted by module
avoiding the additional bandwidth required for transmitting 101 (i. e . not the very first time), such as after Step 811 , then
the secured hash signatures . each of (i) destination IP : port number, ( ii ) parameters 126 ,
FIG . 11 45 and (iii) shared secret key 813 could be updated by server
FIG . 11 is a simplified message flow diagram illustrating 105 using a module instruction 502 within a server
an exemplary message sent by a module, wherein the encrypted data 504 . In this manner , shared secret key 813
message includes an encrypted module public key, in accor- could change from (i) comprising a pre - shared secret key
dance with exemplary embodiments . As discussed in FIG . 8 129a ( for a very first message 208 after module key deri
through FIG . 10 , there can be cases where module 101 50 vation ) to ( ii ) comprising a shared secret key that is sent by
derives a new module public key 111 and new module server 105 within a server encrypted data 504 ( for a subse
private key 112 . On example would be the initial creation of quent message 208 after module key derivation ).
the key pairs by module 101 , and many other examples After receiving message 208 , server 105 can use the
could exist as well. FIG . 11 can illustrate an exemplary unencrypted identity 110 illustrated in a body 602 of FIG . 11
format and contents of a message 208 in Steps 1001 and 55 to select the shared secret key 813 in order to decipher
1002 of FIG . 10 , and this exemplary format can also help to module encrypted data 403a . Server 105 could also read the
illustrate the significant differences from conventional tech other data shown inside a module encrypted data 403a . The
nology by utilizing the secured and efficient communication use of a channel coding 406 is described in connection with
techniques contemplated herein . FIGS. 4 and 6 , and channel coding may optionally be
A message 208 illustrated in FIG . 11 using steps 1001 and 60 omitted . If message 208 comprises a UDP Lite packet, then
1002 can include (i) sending new module public key 111b in channel coding may optionally be applied within the body
an encrypted format within a module encrypted data 403a , 602 . If message 208 comprises a UDP packet, then channel
( ii ) using a shared secret key 813 with a symmetric ciphering coding may comprise sending the exact same UDP packet
algorithm 141b for encryption , (iii) a set of parameters 126 601a multiple times , such as an exemplary 3 packets 601a
within module encrypted data 403a, where the set of param - 65 sent at the same time. Although not illustrated in FIG . 11 ,
eters 126 includes information for server 105 to utilize server 105 can also send a response 209 confirming the
public key 111b . Exemplary parameters 126 illustrated in receipt and processing of message 208 .
 US 10 , 177,911 B2
87 88
Conclusion second elliptic curve Diffie -Hellman key exchange
Various exemplary embodiments have been described based at least, in part, on the derived module public
above. Those skilled in the art will understand,however, that key ; and
changes and modifications may be made to those examples (f) decrypting , by the module , the encrypted data using
without departing from the scope of the claims. the third set of parameters and the derived second
shared secret key.
What is claimed is : 2 . The method of claim 1 , wherein first public key is
1. A method of generating keys for a module to securely received upon connecting to the wireless network .
33 . The method
communicate over a wireless network comprising the steps
of claim 1 , wherein between steps ( b ) and
(d ), the module further generates a first secure hash of the
of: 10 first public key using the first set of parameters ; and the
(a ) recording in memory of the module at least the message in step ( d ) comprises the first secure hash .
following : 4 . The method of claim 3, wherein the first secure hash
( i) a first set of parameters for a secure hash algorithm ; utilizes a SHA - 256 hash algorithm .
( ii ) a second set of parameters for an elliptic curve 5 . The method of claim 1 , wherein after step (f), the
algorithm ; and 15 module further generates a first secure hash of the module
(iii) a first public key which corresponds to a first public key using the first set of parameters; and the
private key ; encrypted data comprises the first secure hash .
(b ) deriving, by the module , a module private key and a 6 . The method of claim 5 , wherein the first secure hash
corresponding module public key using the second set utilizes a SHA - 256 hash algorithm .
of parameters ; 20 7. The method of claim 1, wherein the first computing
(c ) generating , by the module , a first shared secret key device is a server.
using a first elliptic curve Diffie -Hellman key key8 . isThederived method of claim 1 , wherein a symmetric ciphering
using at least the first shared secret key and
exchange, and based at least in part, on the first public
key ; a first random number .
(d ) sending , from the module to a first computing device 2525 ing9 .key
The method of claim 8 , wherein the symmetric cipher
is derived also using the second shared secret key
which is connected to the wireless network , a first and a second random number.
message including the derived module public key, 10 . The method of claim 1 , wherein the method further
wherein at least a portion of the first message is
encrypted using a third set of parameters that is based comprises the steps of:
on a symmetric ciphering algorithm and the derived 30 (8 ) generating, at the module , a configuration request;
first shared secret key ; ( h ) transmitting, from the module to the first computing
(e ) receiving, by the module from the first computing device , the configuration request; and
device , a second message comprising encrypted data , (i) receiving , at the module , encrypted configuration
which is encrypted , by the first computer device , using information .
the symmetric ciphering algorithm and a derived sec - 3535 nonvolatile memory .
11. The method of claim 1 , wherein the memory is
ond shared secret key, wherein the second shared secret
key is derived by the first computer device using a * * * * *