Patent Grant
11595217
This disclosure relates to the field of zero touch provisioning of Internet of Things (IoT) devices based on the issuance of cryptographically signed device configuration templates by a device owner, generation of a device configuration by a device manufacturer using a secure element on the device for immutable device identity, signing and encryption certificates, a device provisioning client, and a device management service.
Provisioning of unattended IoT devices poses an emerging challenge because unlike user interactive devices (such as servers, workstations, phones, tablets, etc.) headless field devices (such as for example smart meters, industrial sensors, actuators, controllers, edge gateways, set top boxes, etc.) are deployed on large scale (in the millions) and geographically dispersed. Provisioning of such IoT devices by field operators is expensive, cumbersome and prone to human errors during manual configuration.
Current approaches to provisioning IoT devices requires manual distribution of cryptographic artifacts (such as for example device activation codes, or self-signed certificates) and content (intellectual property) that has no protections against cloning and counterfeiting of devices by professional hackers. Such cryptographic artifacts are issued prior to the establishment of an authoritative and immutable device identity, and content (device firmware, software, applications, data) typically signed but not encrypted for distribution. Emerging innovations, such as for example Intel® Enhanced Privacy ID (or EPID), offer a member private key based signing and a group public key based verification mechanism for transfer of ownership across the supply chain for secure device onboarding.
There are limitations and challenges in the above mentioned approaches, wherein: (a) device provisioning requires a centralized rendezvous service and a redirect based on prior registration by the device owner of device identifiers; (b) device enrollment requires issuance of device certificates based on identity proofing; (c) device updates require data integrity and confidentiality verification based on supply chain provenance and a plurality of signing and issuer certificates to be loaded on the device's key and trust stores; (d) lifecycle management of cryptographic artifacts requires periodic reconfiguration with manual intervention by field operators in production environments.
In sharp contrast to the above-mentioned methods, the proposed system provides a process and workflow for tamper proof large scale manufacturing of IoT devices, with secure element and certificate chain based protections against cloning and counterfeiting of devices.
The method of the disclosed system overcomes serious limitations of current deployment methods by providing zero-touch onboarding into a device management service and remote management of cryptographic artifacts, such as keys and certificates, associated with the device.
The disclosed method can provide significant improvements and efficiencies to retrofit legacy brownfield devices for zero-touch remote device lifecycle management.
In one exemplary embodiment, a method is executed for zero-touch provisioning of devices using device configuration templates by device type from a device owner, a secure element on a device, a provisioning wizard on the device by a device manufacturer, and a provisioning client, an enrollment client, an update client and bootstrap metadata on the device, and an enrollment service, a device owner signing certificate, a device owner encryption certificate and an update publisher service on a device management service. The method includes generating, by the device owner, device configuration templates by device type signed with a device owner signing certificate and sending, by the device owner to a device manufacturer of the device, the signed device configuration templates by device type, the device owner signing certificate, and the device owner encryption certificate. The method further includes installing, by the device manufacturer on the device, a device provisioning client, a device enrollment client, a device update client, and a device provisioning wizard, generating, by the device manufacturer, a device configuration for the device, with an immutable device identity provided by a secure element on the device, and generating, by the device manufacturer, an extended configuration for the device for device unique properties. The method also includes executing, by the device manufacturer, the device provisioning wizard on the device with the received signed device configuration templates for the device type, the generated extended configuration, the received device owner signing certificate, the received device owner encryption certificate, a manufacturer signing certificate, and a signing certificate of the secure element, validating, by the device provisioning wizard, the device owner signing certificate and the device owner encryption certificate and verifying, by the device provisioning wizard, the received signed device configuration templates by device type using the validated device owner signing certificate. The method further includes generating and storing on the device, by the device provisioning wizard, a doubly signed and encrypted device configuration and bootstrap metadata for the device using the device manufacture signing certificate, the secure element signing certificate and the validated device owner encryption certificate. Additionally the method includes configuring, by the device provisioning wizard, the device provisioning client to autostart at power-on; and sending, by the device manufacturer, the configured device to the device owner for field deployment by a field operator and automated zero touch provisioning at power-on.
In an alternative exemplary embodiment, a method is executed for zero-touch provisioning of a network connected device using bootstrap metadata, a doubly signed and encrypted device configuration, a secure element, a provisioning client, an enrollment client and an update client on a device, and an enrollment service, a device owner encryption private key and an update publisher service on a device management service. The method includes powering on the network connected device by a field operator, with the device configured to autostart the device provisioning client and processing, at power-on by the device provisioning client, the bootstrap metadata for a network address of an enrollment service. The method further includes sending, by the device provisioning client to the device enrollment service, the doubly signed and encrypted device configuration, the device manufacturer signing certificate and the secure element signing certificate over a secure transport. The method additionally includes decrypting, by the enrollment service, the received doubly signed and encrypted device configuration with the device owner encryption private key, validating, by the enrollment service, the received device manufacturer and secure element signing certificates, and verifying, by the enrollment service, the decrypted device configuration with the validated device manufacturer and secure element signing certificates. Furthermore, the method includes sending, by the enrollment service to the device provisioning client, the decrypted and verified device configuration over the secure transport, storing, by the device provisioning client, at a designated location on the device a device enrollment configuration for the device enrollment client, and a device update configuration for the device update client based on the received verified device configuration, executing, at power-on by the device provisioning client, the device enrollment client on the device, and executing, at power-on by the device provisioning client, the device update client on the device.
In another exemplary embodiment, a method is executed for zero touch provisioning of network connected devices using a secure element, a provisioning client, an enrollment client and an update client on a device, and an enrollment service and an update publisher service on a device management service. The method includes powering on the network connected device, by a field operator, with the device configured to autostart the device provisioning client, executing, at power-on by the device provisioning client, the device enrollment client on the device, and generating, by the device enrollment client, an asymmetric public-private keypair based on the device enrollment configuration using a secure element on the device. The method further includes sending, by the device enrollment client to the enrollment service, a certificate signing request for the generated public key that includes at least an encryption certificate of the secure element on the device, issuing, by the enrollment service, a device certificate encrypted with a symmetric key protected with the encryption certificate of the secure element, unwrapping, by the secure element on the device, the wrapped symmetric key, and extracting, by the device enrollment client, the received encrypted certificate using the unwrapped symmetric key for decryption. Furthermore, the method includes storing, by the device enrollment client, the decrypted device certificate at power on, executing, at power-on by the device provisioning client, the device update client on the device, and sending, by the device update client to the update publisher service, a request for an update package with the device attributes and the device certificate based on the device update configuration. Additionally, the method includes sending, by the update publisher service to the device update client, an update package, signed at least with an update publisher certificate and encrypted with an encryption key that is further wrapped with the public key associated with the device certificate, unwrapping, by the secure element on the device, the wrapped encryption key with the private key associated with the device certificate, and decrypting, by the device update client, the received update package using the unwrapped encryption key. Finally, the method includes verifying, by the device update client, the decrypted update package using the update publisher signing certificate, and applying, by the device update client, the verified update package on the device to update the device at power on.
The disclosure is best understood from the following detailed description when read in connection with the accompanying drawings. According to common practice, various features/elements of the drawings may not be drawn to scale. Common numerical references represent like features/elements. The following figures are included in the drawings:
Further areas of applicability of the present disclosure will become apparent from the detailed description provided hereinafter. It should be understood that the detailed description of exemplary embodiments are intended for illustration purposes only and are, therefore, not intended to necessarily limit the scope of the disclosure.
Although the disclosure is illustrated and described herein with reference to specific embodiments, the disclosure is not intended to be limited to the details shown herein. Rather, various modifications may be made in the details within the scope and range of equivalents of the claims and without departing from the scope of the disclosure.
The secure element may be a hardware (for example, a trusted platform module (TPM), Intel® EPID, Arm® TrustZone), firmware, or software based root of trust. The secure element may be implemented as an application root of trust service in a trusted memory enclave.
The device enrollment configuration template may comprise of at least a device enrollment service network address (for example a uniform resource locator (URL), an IP address and a port number), a device authentication profile (a local database or Lightweight Directory Access Protocol (LDAP) account on the enrollment service, and an encoded password), and a label for tenant and certificate authority attribution.
The device unique subject identifier (or common name) for device enrollment operations may be based on an immutable device identifier provided by a secure element.
The device update configuration may comprise of at least an operation mode (such as, for example, network connected, on demand, air gapped), device update publisher server network address (for example a uniform resource locator (URL), an IP address and a port number), a key store, a trust store, device keys and certificates, update publisher signing certificates, update provider signing certificates, a plurality of issuer signing certificates, device properties, platform properties, update client settings, a schedule for update requests, and a device signing certificate.
The device configuration template may comprise of at least the device type attributes (such as for example, device properties and platform properties), the update publisher service network address (for example a uniform resource locator (URL), an IP address and a port number), the key store and trust store location for keys and certificates.
The extended configuration may comprise of device unique properties (for example a device serial number, a network interface MAC address, etc.) and/or group properties (for example, a functional subsystem, a VLAN identifier, a mission code, etc.).
The device configuration for a device may comprise of at least a device enrollment configuration that may be stored at a designated location on the device, and a device update configuration that may be stored at a designated location on the device.
Referring to
In one exemplary embodiment of the proposed method, the device owner (administrator) 102 may use a client application 114 with service APIs (124) to export the enrollment configuration template by device account at step 148 from the enrollment service 118.
In one exemplary embodiment of the proposed method, the device owner (administrator) 102 may use a client application 114 with service APIs (126) to export the update configuration template by device type at step 146 from the update publisher service 118.
Referring to
Referring to
Referring to
In one exemplary embodiment of the proposed method, the extended configuration may be provided via a dynamic plugin module and exported APIs (not shown in
In one exemplary embodiment of the proposed method, the bootstrap metadata 330 may comprise of a device authentication profile (a local database account or a Lightweight Directory Access Protocol (LDAP) account on a directory service (not shown in
Referring to
Referring to
Referring to
Referring to
Referring to
Referring to
In one exemplary embodiment of the proposed method, the update publisher and update provider signing certificates may be explicitly loaded into the trust store on device 108.
In one exemplary embodiment of the proposed method, at step 620 the device publisher service 122 may fetch from an update provider service 618 an update package signed with an update provider signing key, co-sign the update package with an update publisher signing key and associate the doubly signed update package for a device type.
In one exemplary embodiment of the proposed method, the device update client 208 may send a list of updates packages applied on device 108 to the update publisher service 122, and query the update publisher service 122 for a list of additional update packages to be applied on device 108.
In yet another exemplary embodiment of the proposed method, the update publisher service 122 may provide a replacement update package for an applied update package on device 108 for zero-touch patch management.
Referring to
Referring to
Referring to
If programmable logic is used, such logic may execute on a commercially available processing platform or a special purpose device. One of ordinary skill in the art may appreciate that embodiments of the disclosed subject matter can be practiced with various computer system configurations, including multi-core multiprocessor systems, minicomputers, mainframe computers, computers linked or clustered with distributed functions, as well as pervasive or miniature computers that may be embedded into virtually any device.
For instance, at least one processor device and a memory may be used to implement the above-described embodiments. A processor device may be a single processor, a plurality of processors, or combinations thereof. Processor devices may have one or more processor “cores.”
Various embodiments of the disclosure are described in terms of this example computer system 1000. After reading this description, it will become apparent to a person skilled in the relevant art how to implement the disclosure using other computer systems and/or computer architectures. Although operations may be described as a sequential process, some of the operations may in fact be performed in parallel, concurrently, and/or in a distributed environment, and with program code stored locally or remotely for access by single or multi-processor machines. In addition, in some embodiments the order of operations may be rearranged without departing from the spirit of the disclosed subject matter.
Processor device 1002 may be a special purpose or a general-purpose processor device. As will be appreciated by persons skilled in the relevant art, processor device 1002 may also be a single processor in a multi-core/multiprocessor system, such system operating alone, or in a cluster of computing devices operating in a cluster or server farm. Processor device 1002 is connected to a communication infrastructure 1026, for example, a bus, message queue, network, or multi-core message-passing scheme.
The computer system 1000 also includes a main memory 1004, for example, random access memory (RAM) or flash memory, and may include a secondary memory 1006. Secondary memory 1006 may include, for example, a hard disk drive 1008, removable storage drive 1010. Removable storage drive 1010 may be a floppy disk drive, a magnetic tape drive, an optical disk drive, a flash memory, or the like.
The removable storage drive 1012 reads from and/or writes to a removable storage unit 1012 in a well-known manner. Removable storage unit 1012 may be a floppy disk, magnetic tape, optical disk, etc. which is read by and written to by removable storage drive 1010. As will be appreciated by persons skilled in the relevant art, removable storage unit 1012 includes a non-transitory computer usable storage medium having stored therein computer software and/or data.
In alternative implementations, secondary memory 1006 may include other similar means for allowing computer programs or other instructions to be loaded into computer system 1000. Such means may include, for example, a removable storage unit 1016 and an interface 1014. Examples of such means may include a program cartridge and cartridge interface (such as that found in video game devices), a removable memory chip (such as an EPROM, or PROM) and associated socket, and other removable storage units 1016 and interfaces 1014 which allow software and data to be transferred from the removable storage unit 1016 to computer system 1000.
The computer system 1000 may also include a communications interface 1418. Communications interface 1018 allows software and data to be transferred between computer system 1000 and external devices. Communications interface 1018 may include a modem, a network interface (such as an Ethernet card), a communications port, a PCMCIA slot and card, or the like. Software and data transferred via communications interface 1018 may be in the form of signals, which may be electronic, electromagnetic, optical, or other signals capable of being received by communications interface 1018. These signals may be provided to communications interface 1018 via a communications path 1020. Communications path 1020 carries signals and may be implemented using wire or cable, fiber optics, a phone line, a cellular phone link, an RF link or other communications channels.
The computer system 1000 may also include a computer display 1024 and a display interface 1022. According to embodiments, the display used to display the GUIs and dashboards shown in
In this document, the terms “computer program medium,” “non-transitory computer readable medium,” and “computer usable medium” are used to generally refer to media such as removable storage unit 1012, removable storage unit 1016, and a hard disk installed in hard disk drive 1008. Signals carried over communications path 1020 can also embody the logic described herein. Computer program medium and computer usable medium can also refer to memories, such as main memory 1004 and secondary memory 1006, which can be memory semiconductors (e.g., DRAMs, etc.). These computer program products are means for providing software to computer system 1000.
Computer programs (also called computer control logic) are stored in main memory 1004 and/or secondary memory 1006. Computer programs may also be received via communications interface 1018. Such computer programs, when executed, enable computer system 1000 to implement the present disclosure as discussed herein. In particular, the computer programs, when executed, enable processor device 1002 to implement the processes of the present disclosure, such as the stages in the methods illustrated by the flowcharts in
Embodiments of the disclosure also may be directed to computer program products comprising software stored on any computer useable medium. Such software, when executed in one or more data processing device, causes a data processing device(s) to operate as described herein. Embodiments of the disclosure employ any computer useable or readable medium. Examples of computer useable mediums include, but are not limited to, primary storage devices (e.g., any type of random access memory, etc.), secondary storage devices (e.g., hard drives, floppy disks, CD ROMS, ZIP disks, tapes, magnetic storage devices, and optical storage devices, MEMS, nanotechnological storage device, etc.), and communication mediums (e.g., wired and wireless communications networks, local area networks, wide area networks, intranets, etc.).
It is to be appreciated that the Detailed Description section, and not the Summary and Abstract sections, is intended to be used to interpret the claims. The Summary and Abstract sections may set forth one or more but not all exemplary embodiments of the present disclosure as contemplated by the inventor(s), and thus, are not intended to limit the present disclosure and the appended claims in any way.
Embodiments of the present disclosure have been described above with the aid of functional building blocks illustrating the implementation of specified functions and relationships thereof. The boundaries of these functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternate boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed.
The foregoing description of the specific embodiments will so fully reveal the general nature of the disclosure that others can, by applying knowledge within the skill of the art, readily modify and/or adapt for various applications such specific embodiments, without undue experimentation, without departing from the general concept of the present disclosure. Therefore, such adaptations and modifications are intended to be within the meaning and range of equivalents of the disclosed embodiments, based on the teaching and guidance presented herein. It is to be understood that the phraseology or terminology herein is for the purpose of description and not of limitation, such that the terminology or phraseology of the present specification is to be interpreted by the skilled artisan in light of the teachings and guidance. Reference to an element in the singular is not intended to mean “one and only one” unless explicitly so stated, but rather “one or more.” Moreover, where a phrase similar to “at least one of A, B, or C” is used in the claims, it is intended that the phrase be interpreted to mean that A alone may be present in an embodiment, B alone may be present in an embodiment, C alone may be present in an embodiment, or that any combination of the elements A, B and C may be present in a single embodiment; for example, A and B, A and C, B and C, or A and B and C. No claim element herein is to be construed under the provisions of 35 U.S.C. 112(f) unless the element is expressly recited using the phrase “means for.” As used herein, the terms “comprises,” “comprising,” or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although the present disclosure is illustrated and described herein with reference to specific embodiments, the disclosure is not intended to be limited to the details shown. Rather, various modifications may be made in the details within the scope and range equivalents of the claims and without departing from the disclosure.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5546492 | Ansley | Aug 1996 | A |
| 5841869 | Merkling et al. | Nov 1998 | A |
| 6249866 | Brundrett et al. | Jun 2001 | B1 |
| 6546492 | Walker | Apr 2003 | B1 |
| 7207041 | Elson et al. | Apr 2007 | B2 |
| 7328259 | Srinivasan et al. | Feb 2008 | B2 |
| 7420933 | Booth et al. | Feb 2008 | B2 |
| 7512965 | Amdur et al. | Mar 2009 | B1 |
| 7778199 | Booth et al. | Aug 2010 | B2 |
| 7870399 | Bryant et al. | Jan 2011 | B2 |
| 8059527 | Townsley et al. | Nov 2011 | B2 |
| 8327441 | Kumar et al. | Dec 2012 | B2 |
| 8555348 | Khosravi et al. | Oct 2013 | B2 |
| 8745372 | Orsini et al. | Jun 2014 | B2 |
| 8756423 | Djordjrvic et al. | Jun 2014 | B2 |
| 8782393 | Rothstein et al. | Jul 2014 | B1 |
| 8788805 | Herne et al. | Jul 2014 | B2 |
| 8839363 | Spiers et al. | Sep 2014 | B2 |
| 8843997 | Hare | Sep 2014 | B1 |
| 8898746 | Gregg et al. | Nov 2014 | B2 |
| 8898761 | Barkle et al. | Nov 2014 | B2 |
| 8904178 | Wilding et al. | Dec 2014 | B2 |
| 9015482 | Baghdasaryan et al. | Apr 2015 | B2 |
| 9043480 | Barton et al. | May 2015 | B2 |
| 9077709 | Dall et al. | Jul 2015 | B1 |
| 9143976 | Raleigh et al. | Sep 2015 | B2 |
| 9152794 | Sanders et al. | Oct 2015 | B1 |
| 9172687 | Baghdasaryan et al. | Oct 2015 | B2 |
| 9240923 | Vohra et al. | Jan 2016 | B2 |
| 9258331 | Dyer et al. | Feb 2016 | B2 |
| 9424421 | Aissi et al. | Aug 2016 | B2 |
| 9489498 | Cha et al. | Nov 2016 | B2 |
| 9578028 | Mattson et al. | Feb 2017 | B2 |
| 9615224 | Durnov | Apr 2017 | B2 |
| 9715380 | Ramachandran et al. | Jul 2017 | B2 |
| 9954851 | Ahn et al. | Apr 2018 | B2 |
| 10057243 | Kumar et al. | Aug 2018 | B1 |
| 10109028 | Ranney | Oct 2018 | B2 |
| 10162968 | Kumar et al. | Dec 2018 | B1 |
| 10250383 | Kumar et al. | Apr 2019 | B1 |
| 10341321 | Kumar et al. | Jul 2019 | B2 |
| 10419931 | Sohail et al. | Sep 2019 | B1 |
| 10469480 | Kumar et al. | Nov 2019 | B2 |
| 10492045 | Li | Nov 2019 | B2 |
| 10505920 | Kumar et al. | Dec 2019 | B2 |
| 10587586 | Kumar et al. | Mar 2020 | B2 |
| 10657261 | Kumar et al. | May 2020 | B2 |
| 10764040 | Kumar et al. | Sep 2020 | B2 |
| 10979419 | Kumar et al. | Apr 2021 | B2 |
| 11153155 | Perez | Oct 2021 | B1 |
| 11206134 | Kumar et al. | Dec 2021 | B2 |
| 11303616 | Kumar et al. | Apr 2022 | B2 |
| 11403402 | Kumar et al. | Aug 2022 | B2 |
| 20030172090 | Asunmaa et al. | Sep 2003 | A1 |
| 20030216143 | Roese | Nov 2003 | A1 |
| 20030236748 | Gressel et al. | Dec 2003 | A1 |
| 20040001593 | Reinold et al. | Jan 2004 | A1 |
| 20040003231 | Levenson et al. | Jan 2004 | A1 |
| 20040003232 | Levenson et al. | Jan 2004 | A1 |
| 20040003237 | Puhi et al. | Jan 2004 | A1 |
| 20040003243 | Fehr et al. | Jan 2004 | A1 |
| 20040043758 | Sorvari | Mar 2004 | A1 |
| 20050081055 | Patrick et al. | Apr 2005 | A1 |
| 20050152542 | Zheng et al. | Jul 2005 | A1 |
| 20050198170 | LeMay et al. | Sep 2005 | A1 |
| 20050235363 | Hibbard et al. | Oct 2005 | A1 |
| 20060106718 | Spellman et al. | May 2006 | A1 |
| 20060106920 | Steeb | May 2006 | A1 |
| 20060236083 | Fritsch | Oct 2006 | A1 |
| 20070027506 | Stender | Feb 2007 | A1 |
| 20070157295 | Mangalore | Jul 2007 | A1 |
| 20070223702 | Tengler et al. | Sep 2007 | A1 |
| 20070254630 | Maloney | Nov 2007 | A1 |
| 20070283423 | Bradley | Dec 2007 | A1 |
| 20090037736 | Djordjrvic et al. | Feb 2009 | A1 |
| 20090150968 | Ozzie et al. | Jun 2009 | A1 |
| 20090210702 | Welingkar | Aug 2009 | A1 |
| 20100233996 | Herz et al. | Sep 2010 | A1 |
| 20110138164 | Cha et al. | Jun 2011 | A1 |
| 20110213956 | Mukkara et al. | Sep 2011 | A1 |
| 20110296180 | Paeschke et al. | Dec 2011 | A1 |
| 20120084565 | Wittenberg et al. | Apr 2012 | A1 |
| 20120265979 | Yegin et al. | Oct 2012 | A1 |
| 20120311328 | Wang et al. | Dec 2012 | A1 |
| 20130031366 | Simske et al. | Jan 2013 | A1 |
| 20130055384 | Shulman et al. | Feb 2013 | A1 |
| 20130121492 | Vacon et al. | May 2013 | A1 |
| 20130133032 | Li et al. | May 2013 | A1 |
| 20130145429 | Mendel | Jun 2013 | A1 |
| 20130156189 | Gero et al. | Jun 2013 | A1 |
| 20130179991 | White et al. | Jul 2013 | A1 |
| 20130185552 | Steer | Jul 2013 | A1 |
| 20130283056 | Lin et al. | Oct 2013 | A1 |
| 20140016781 | Geiger et al. | Jan 2014 | A1 |
| 20140033188 | Beavers et al. | Jan 2014 | A1 |
| 20140079217 | Bai et al. | Mar 2014 | A1 |
| 20140089660 | Sarangshar et al. | Mar 2014 | A1 |
| 20140095883 | Kirillov et al. | Apr 2014 | A1 |
| 20140181504 | Almahallawy et al. | Jun 2014 | A1 |
| 20140181513 | Marek | Jun 2014 | A1 |
| 20140227976 | Callaghan | Aug 2014 | A1 |
| 20140273854 | Breckman et al. | Sep 2014 | A1 |
| 20140280828 | Keung Chan et al. | Sep 2014 | A1 |
| 20140282916 | Gast | Sep 2014 | A1 |
| 20140379173 | Knapp et al. | Dec 2014 | A1 |
| 20150046352 | Blitz et al. | Feb 2015 | A1 |
| 20150046710 | Clish et al. | Feb 2015 | A1 |
| 20150052352 | Dolev et al. | Feb 2015 | A1 |
| 20150074407 | Palmeri | Mar 2015 | A1 |
| 20150104073 | Rodriguez-Serrano et al. | Apr 2015 | A1 |
| 20150149767 | Oualha et al. | May 2015 | A1 |
| 20150163222 | Pal | Jun 2015 | A1 |
| 20150215126 | Ashdown | Jul 2015 | A1 |
| 20150222621 | Baum et al. | Aug 2015 | A1 |
| 20150271188 | Call | Sep 2015 | A1 |
| 20150281219 | Kostiainen et al. | Oct 2015 | A1 |
| 20150288679 | Ben-Nun et al. | Oct 2015 | A1 |
| 20150332283 | Witchey | Nov 2015 | A1 |
| 20150372997 | Lokamathe et al. | Dec 2015 | A1 |
| 20160087801 | Jones et al. | Mar 2016 | A1 |
| 20160098723 | Feeny | Apr 2016 | A1 |
| 20160112206 | Cizas et al. | Apr 2016 | A1 |
| 20160219077 | Pandya | Jul 2016 | A1 |
| 20160253517 | Mori et al. | Sep 2016 | A1 |
| 20160255076 | Lee et al. | Sep 2016 | A1 |
| 20160261690 | Ford | Sep 2016 | A1 |
| 20160277362 | Baumgarte et al. | Sep 2016 | A1 |
| 20160283402 | Schulz et al. | Sep 2016 | A1 |
| 20160285863 | Canavor et al. | Sep 2016 | A1 |
| 20160301695 | Trivelpiece et al. | Oct 2016 | A1 |
| 20170005798 | Chow | Jan 2017 | A1 |
| 20170012965 | Hurst et al. | Jan 2017 | A1 |
| 20170013047 | Hubbard et al. | Jan 2017 | A1 |
| 20170046652 | Haldenby | Feb 2017 | A1 |
| 20170063846 | Mohamad Abdul et al. | Mar 2017 | A1 |
| 20170111177 | Oguma et al. | Apr 2017 | A1 |
| 20170116693 | Rae et al. | Apr 2017 | A1 |
| 20170168859 | Watsen | Jun 2017 | A1 |
| 20170180314 | Walker et al. | Jun 2017 | A1 |
| 20170180341 | Walker et al. | Jun 2017 | A1 |
| 20170185814 | Smith et al. | Jun 2017 | A1 |
| 20170232300 | Tran et al. | Aug 2017 | A1 |
| 20170236123 | Ali et al. | Aug 2017 | A1 |
| 20170250814 | Brickell | Aug 2017 | A1 |
| 20170302663 | Nainar et al. | Oct 2017 | A1 |
| 20170331635 | Barinov | Nov 2017 | A1 |
| 20170331828 | Caldera et al. | Nov 2017 | A1 |
| 20170346640 | Smith et al. | Nov 2017 | A1 |
| 20170353983 | Grayson et al. | Dec 2017 | A1 |
| 20180006822 | Brickell | Jan 2018 | A1 |
| 20180006829 | Kravitz et al. | Jan 2018 | A1 |
| 20180007040 | Thom | Jan 2018 | A1 |
| 20180011703 | Planche | Jan 2018 | A1 |
| 20180019879 | Kravitz et al. | Jan 2018 | A1 |
| 20180097639 | Gulati et al. | Apr 2018 | A1 |
| 20180097790 | Caldera et al. | Apr 2018 | A1 |
| 20180109506 | Helsen et al. | Apr 2018 | A1 |
| 20180109538 | Kumar et al. | Apr 2018 | A1 |
| 20180109650 | Berdy | Apr 2018 | A1 |
| 20180131706 | Anderson et al. | May 2018 | A1 |
| 20180137512 | Georgiadis et al. | May 2018 | A1 |
| 20180183586 | Bhargav-Spantzel et al. | Jun 2018 | A1 |
| 20180183587 | Won et al. | Jun 2018 | A1 |
| 20180191695 | Lindemann | Jul 2018 | A1 |
| 20180198764 | Kumar et al. | Jul 2018 | A1 |
| 20180324148 | Watts | Jul 2018 | A1 |
| 20180248887 | Sayed et al. | Aug 2018 | A1 |
| 20180255074 | Li et al. | Sep 2018 | A1 |
| 20180316673 | Shah | Nov 2018 | A1 |
| 20180332014 | Kravitz et al. | Nov 2018 | A1 |
| 20190044732 | Reinders et al. | Feb 2019 | A1 |
| 20190163912 | Kumar et al. | May 2019 | A1 |
| 20190166116 | Kumar et al. | May 2019 | A1 |
| 20190166117 | Kumar et al. | May 2019 | A1 |
| 20220179640 | Fassino | Jun 2022 | A1 |
| Number | Date | Country |
|---|---|---|
| 104683112 | Dec 2017 | CN |
| 3718036 | Oct 2020 | EP |
| 3718252 | Oct 2020 | EP |
| 3718282 | Oct 2020 | EP |
| 3769464 | Jan 2021 | EP |
| 3888292 | Oct 2021 | EP |
| 2540987 | Feb 2017 | GB |
| 2021504865 | Feb 2021 | JP |
| 2021505097 | Feb 2021 | JP |
| 2021505098 | Feb 2021 | JP |
| 2021519529 | Aug 2021 | JP |
| 10-1796690 | Nov 2017 | KR |
| 20170134804 | Dec 2017 | KR |
| 2020-0097744 | Aug 2020 | KR |
| 2020-0098561 | Aug 2020 | KR |
| 2020-0099543 | Aug 2020 | KR |
| 2020-0123484 | Oct 2020 | KR |
| WO 2016099644 | Jun 2016 | WO |
| WO 2017065389 | Apr 2017 | WO |
| WO 2019108435 | Jun 2019 | WO |
| WO 2019108436 | Jun 2019 | WO |
| WO 2019108438 | Jun 2019 | WO |
| WO 2019183032 | Sep 2019 | WO |
| WO 2020112516 | Jun 2020 | WO |
| WO 2020117549 | Jun 2020 | WO |
| Entry |
|---|
| Boudguiga, et al., “Towards Better Availability and Accountability for IoT Updates by Means of a Blockchain”,2017 IEEE European Symposium on Security and Privacy Workshops (EUROS&PW), Apr. 2017. |
| Bissmeyer, et al., “A Generic Public Key Infrastructure for Securing Car-To-X Communication”, Communication-,18th World Congress on Intelligent Transport Systems, ResearchGate, Oct. 2011, pp. 1-12. |
| Boohyung, et al., “Blockchain-based secure firmware update for embedded devices in an Internet of Things environment”, Journal of Supercomputing, Kluwer Academic Publishers, Dordrecht, NL, (Sep. 13, 2016),vol. 73, No. 3, pp. 1152-1167. |
| David W. Chadwick, et al., “The PERMIS X.509 Role Based Privilege Management Infrastructure”, Future Generation Computer Systems. 936, Dec. 2002, 10 pgs. |
| Ching-Hu, et al., A Secure Firmware Upgrade Scheme with Private-Tracker-Governed and Smart-Contract-Driven Design for Blockchain-Enabled IoT Devices, (Jan. 1, 2017), Retrieved from the Internet: URL:http://maselab318.˜fu.edu.tw/tsing/CACS/CACS/1078.pdf [retrieved on Mar. 11, 2021]. (6 pages). |
| “Cryptoproof Cryptographic Proof of Association”, Retrieved from the Internet: https://bitcointalk.org/index.php?topic=1579977.0, Oct. 17, 2022, 9 pgs. |
| Extended European Search Report dated Nov. 19, 2021, by the European Patent Office in corresponding European Patent Application No. 18882857.8-1218. (22 pages). |
| Extended European Search Report dated Oct. 18, 2021, by the European Patent Office in corresponding European Patent Application No. 19772626.8-1218. (45 pages). |
| Extended European Search Report dated Jul. 14, 2021, by the European Patent Office in corresponding European Patent Application No. 18882934.5-1218 (11 pages). |
| Extended European Search Report dated Jan. 5, 2022, by the European Patent Office in corresponding European Patent Application No. 18884828.7-1218. (26 pages). |
| N. Asokan, et al., “Mobile Platform Security”, Aalto University and University of Helsinki Summer School, Retrieved from the Internet: http://asokan.org/asokan/Padova2014/tutorial-mobi leplatsec. pdf, 2014,122 pgs. |
| Javier Gonzalez, “Operating System Support for Run-Time Security with a Trusted Execution Environment”, Ph.D Thesis, IT University of Copenhagen, Jan. 31, 2015, 194 pgs. |
| Liang Gu, et al., “Security model oriented attestation on dynamically reconfigurable component-based systems”, Journal of Network and Computer Applications, Retrieved from the Internet: http://sei.pku.edu.cn/˜yaoguo/papers/Gu-JNCA-11.pdf, 2011, 8 pgs. |
| Intel, Product Brief, Intel Secure Device Onboard, More secure, automated IoT device onboarding in seconds, pp. 1-4, Intel Corporation, USA, 2017. |
| Intel, Demo Brief, IoT, Zero Touch Onboarding for IoT, “Marshal Point”—An EPID Enhanced Privacy ID POC, 2016, pp. 1-2, Intel Corporation, USA. |
| Kuppusamy, et al., “Uptane: Securing Software Updates for Automobiles”, pp. 1-11, Nov. 2016. Munich, Germany. |
| Jamie Nguyen, “OpenSSL Certificate Authority”, Retrieved from the Internet: https://jamielinux.com/docs/openssl-certificate-authority/createthe-intermediate-pair.html, Dec. 9, 2015, 5 pgs. |
| Nikitin, et al., “CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds”, IACR, International Association for Cryptologic Research, (Jun. 30, 2017), vol. 20170705:212210, pp. 1-18.Retrieved from the Internet: URL:hllp://eprinl.iacr.org/2017/648.pdf [retrieved on Jun. 30, 2017]. |
| Shailesh Mota, “Secure Certificate Management and Device Enrollment at IoT Scale”, Jun. 30, 2016, Retrieved from the Internet: URL: https://aaltodoc.aalto.fi/bitstream/handle/123456789/23159/master_Mota_Shailesh_2016.pdf?sequence=1. |
| Seewald, “Blockchain-Based Confirmation of Endpoint State in Networks”, IP.Com, IP.Com Inc., West Henrietta, NY, US, (Apr. 18, 2017), pp. 1-4. |
| Jeremy D. Wendt, et al., “Trusted Computing Technologies, Intel Trusted Execution Technology”, Sandia National Laboratories, UnitedStates Department of Energy, Jan. 2011, 35 pgs. |
| Xu, et al., “A Policy Enforcing Mechanism for Trusted Ad Hoc Networks”, Abstract, 2011, 1 pg. |
| Xu, “Trusted Application Centric Ad hoc Network”, Abstract, 2008, 1 pg. |
| Yong Yuan; Towards Blockchain-based Intelligent Transportation Systems; IEEE (Year: 2016). |
| International Search Report and Written Opinion for PCT Application No. PCT/US2019/063179 dated Mar. 17, 2020 in 8 pages. |
| International Search Report and Written Opinion for PCT Application No. PCT/US2019/062722 dated Mar. 24, 2020 in 7 pages. |
| International Search Report and Written Opinion for PCT Application No. PCT/US2019/022874 dated Jul. 2, 2019 in 7 pages. |
| International Search Report and Written Opinion for PCT Application No. PCT/US2018/061907 dated May 1, 2019 in 12 pages. |
| International Search Report and Written Opinion for PCT Application No. PCT/US2018/061913 dated Mar. 15, 2019 in 14 pages. |
| International Search Report and Written Opinion for PCT Application No. PCT/US2018/061921 dated Mar. 4, 2019 in 7 pages. |
| Notification of Transmittal of the International Search Report (Forms PCT/ISA/220 and PCT/ISA/210) and the Written Opinion of the International Searching Authority (Form PCT/ISA/237) dated Mar. 17, 2020, by the International Application Division Korean Intellectual Property Office in corresponding International Application No. PCT/US2019/063179. (10 pages). |
| Anonymous, Zero Touch Provisioning—TechLibrary—Juniper Networks, https://www.juniper.net/documentation/en_US/junos/topics/concept/software-image-and-configuration-automatic-provisioning-understanding.html, Sep. 22, 2019, downloaded Nov. 26, 2019, 25 pages. |
| Anonymous, RFC 8572—Secure Zero Touch Provisioning (SZTP), https://rp1cloud.com/zero-touch-provisioning, dated Apr. 30, 2019, downloaded Nov. 26, 2019, 4 pages. |
| Ogenstad, Zero-Touch Provisioning with Patrick Ogenstad (Part 2) « ipSpace, https://blog.ipspace.net/2018/12/zero-touch-provisioning-with-patrick_20.html, dated Dec. 20, 2018, downloaded Nov. 26, 2019, 5 pages. |
| Anonymous, What is Zero Touch Provisioning, https://rp1cloud.com/zero-touch-provisioning, dated approx. Jan. 26, 2019, downloaded Nov. 26, 2019, 2 pages. |
| Number | Date | Country | |
|---|---|---|---|
| 20200186365 A1 | Jun 2020 | US |
| Number | Date | Country | |
|---|---|---|---|
| 62775949 | Dec 2018 | US |
