Module for "Machine-to-Machine" Communications using Public Key Infrastructure

摘要

Methods and systems are provided for efficient and secure “Machine-to-Machine” (M2M) between modules and servers. The module and server can utilize public key infrastructure (PKI) such as public keys to encrypt messages. The module and server can use private keys to generate digital signatures for datagrams sent and decrypt messages received. The module can internally derive pairs of private/public keys using cryptographic algorithms and a set of cryptographic parameters. The module can authenticate the submission of derived public keys. The module and server can mutually derive shared secret keys using the PKI keys. Data can be encrypted and decrypted using a set of cryptographic algorithms, the secret shared keys, and the set of cryptographic parameters. A module can send and receive sets of cryptographic parameters in order to flexibly and securely communicate with a variety of servers over time.

主权项

1. A method for a module to derive a public key infrastructure (PKI) key pair, the method performed by a module, the method comprising:
reading a first module private key and an identity from a nonvolatile memory, and sending the identity; receiving a symmetric key, wherein the symmetric key is decrypted using the first module private key; receiving a set of cryptographic parameters, wherein at least a portion of the set of cryptographic parameters is decrypted using the symmetric key selecting a subset of the set of cryptographic parameters, and sending the subset; deriving a second module private key and a module public key using the subset, wherein the derived module public key is associated with a module public key identity; and, sending the derived module public key and the module public key identity, wherein the module authenticates using the first module private key.