Securing internet of things communications across multiple vendors

摘要

A secure connection between a user mobile device and a “Internet-of-Things” network-connected device (e.g., a home appliance or a vehicle) may be provided using an internet gateway residing in the public internet and a local gateway residing in a private network behind a firewall. The user device may receive an input through a software application and may generate an electronic instruction based on the input. The user device may then encrypt the electronic instruction and send the encrypted electronic instruction to the internet gateway over a secure connection (e.g., SSH, TLS). The internet gateway then sends the encrypted electronic instruction to the local gateway, which decrypts the encrypted electronic instruction, interprets it, and generates and transmits a device instruction to communicate with the network-connected device, either directly or through an intermediary device such as a third-party bridge or hub. Only the user device and local gateway have encryption/decryption keys.

主权项

1. A method for secure communication, the method comprising:
receiving an encrypted electronic instruction at a local gateway from an internet gateway passing through a firewall, wherein the encrypted electronic instruction transmitted from a user device to the internet gateway over a secure session connection is an electronic instruction generated by the user device and then encrypted by the user device based on a first security key stored in a user memory of the user device; decrypting the encrypted electronic instruction at the local gateway using a second security key stored in a local memory of the local gateway, wherein the internet gateway stores neither the first security key nor the second security key; and transmitting a device instruction from the local gateway to a specified network-connected device, the device instruction based on the electronic instruction decrypted by the local gateway using the second security key, the device instruction to trigger the specified network-connected device to perform a device action.