[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2014175721A1 - A system and method for privacy management for internet of things services - Google Patents

A system and method for privacy management for internet of things services Download PDF

Info

Publication number
WO2014175721A1
WO2014175721A1 PCT/MY2014/000034 MY2014000034W WO2014175721A1 WO 2014175721 A1 WO2014175721 A1 WO 2014175721A1 MY 2014000034 W MY2014000034 W MY 2014000034W WO 2014175721 A1 WO2014175721 A1 WO 2014175721A1
Authority
WO
WIPO (PCT)
Prior art keywords
internet
things
client
privacy
access
Prior art date
Application number
PCT/MY2014/000034
Other languages
French (fr)
Inventor
Jamalil-lail AB MANAN
Mohd Faizal MUBARAK
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Publication of WO2014175721A1 publication Critical patent/WO2014175721A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]

Definitions

  • the present invention relates to a system and method for privacy management for Internet of Things (IoT) Services.
  • the invention utilizes Information Privacy Control Module (IPCM) to integrate Internet of Things (IoT) devices and Internet of Things (IoT) gateway for privacy management.
  • IPCM Information Privacy Control Module
  • IoT Internet of Things
  • IPCM Internet of Things
  • US 233 Patent Another mechanism was proposed in the United States Patent No. US 7401233 B2, hereby denoted as US 233 Patent. It relates generally to privacy protection and particularly to dynamic, data-driven privacy protection relating to telematics data.
  • User privacy policy is enforced. However, it does not provide client's platform integrity check as proposed in the present invention. Sensors are used to collect data through direct instruction from Data Protection Manager and it does not provide secure connection or unclonable sensors as in the present invention which utilizes Physically Unclonable Functions (PUFs) to eliminate attempts for cloning and eliminate wrong measurement.
  • PAFs Physically Unclonable Functions
  • Privacy policy specifies rules for selectively releasing items of confidential data to one or more service providers only as compared to the present invention which provide for anonymous signature.
  • Privacy protection for user personal information was proposed in an IEEE paper entitled "Preference-based privacy protection mechanism for the Internet of Things" authored by Hu Tao.
  • User's privacy preferences are evaluated by trusted third party and the results are feedback to the Service Provider.
  • user is verified through mutual platform integrity verification between client and IPCM server which establishes user access right in privacy policy table.
  • user has to comply with user's privacy preferences in Service Provider's privacy policy before utilizing the service from the Internet of Things.
  • the access rights are based on Service Provider's privacy policy.
  • the said paper does not provide anonymous signature, does not provide for Physically Unclonable Functions (PUFs) and challenge response between loT sensors and loT Gateway as provided in the present invention.
  • PAFs Physically Unclonable Functions
  • the subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one exemplary technology area where some embodiments described herein may be practice.
  • the present invention relates to a system and method for privacy management for Internet of Things (loT) Services.
  • the invention utilizes Information Privacy Control Module (IPCM) to integrate Internet of Things (loT) devices and Internet of Things (loT) gateway for privacy management.
  • IPCM Information Privacy Control Module
  • One aspect of the present invention provides a system (300) for privacy management for Internet of Things.
  • the system comprising at least one Access Control Server (302); at least one Information Privacy Control Module (304) within at least one Access Control Server (302); at least one privacy policy table (306) within at least one Access Control Server (302); a plurality of Internet of Things gateways (312); and a plurality of Internet of Things sensors (316).
  • the plurality of Internet of Things sensors (316) are embedded with Physically Unclonable Functions to provide unclonable identity and to eliminate wrong measurements by extracting secret cryptographic keys from physical characteristic of integrated circuit; said secret cryptographic keys are unclonable identity as Physically Unclonable Functions exploit inherent delay characteristics of wires and transistors.
  • Another aspect of the invention provides that said Physically Unclonable Function provides unclonable identity as it is tamper-proof and generated cryptographic keys are known only to Physically Unclonable Function processor.
  • the at least one Information Privacy Control Module (304) within at least one Access Control Server (302) having means for providing access rights to Client for Client to access Internet of Things gateway based on user privacy access rights in Client Privacy Policy Table; providing secure connection for Client access to selected Internet of Things gateway and initiating said Internet of Things gateway to perform challenge response with Internet of Things sensors which provides unclonable identity and enabling Client to make online Internet of Things measurement by determining if Client is registered with Information Privacy Control Module Server; identifying access rights for Client with Client privacy policy table for accessing at least one Internet of Things gateway; imposing privacy restrictions for selected Internet of Things gateway; initiating session challenge response between Internet of Things gateway and Internet of Things sensors; and connecting to selected Internet of Things sensors upon successful challenge response.
  • Another aspect the invention provides for the at least one privacy policy table (306) within at least one Access Control Server (302) which consist of a list of registered clients and a list of Internet of Things gateway labeled according to Client privacy policy.
  • a plurality of Internet of Things gateways (312) having means for receiving measurements from a plurality of sensors (316).
  • a plurality of Internet of Things sensors (316) is embedded with Physically Unclonable Functions to provide unclonable identity and to eliminate wrong measurements.
  • Another aspect the invention provides a method (400) for privacy management for Internet of Things.
  • the method comprises steps of setting user authentication system for anonymous access (402); setting mutual platform integrity verification between Client and Information Privacy Control Module Server upon set up of user authentication system for execution (406); registering Client with Information Privacy Control Module Server (410); and enabling Client to make online Internet of Things measurement (422).
  • the method for registering Client with Information Privacy Control Module Server (410) further comprises steps of selecting user privacy access rights from Information Privacy Control Module Server by Client and saving user privacy access rights information into Client Privacy Policy Table for accessing Internet of Things measurement (414); providing access rights to Client through Information Privacy Control Module for Client to access Internet of Things gateway based on user privacy access rights in Client Privacy Policy Table (416); providing secure connection for Client access to selected Internet of Things gateway and initiating said Internet of Things gateway to perform challenge response with Internet of Things sensors which provides unclonable identity (418).
  • the method for providing secure connection for Client access to selected Internet of Things gateway and initiating said Internet of Things gateway to perform challenge response with Internet of Things sensors which provides unclonable identity further comprises steps of extracting secret cryptographic keys from physical characteristic of integrated circuit; said secret cryptographic keys are unclonable identity as Internet of Things sensors are embedded with Physically Unclonable Functions that exploit inherent delay characteristics of wires and transistors.
  • the step for setting user authentication system for anonymous access (402).
  • the said step further comprises steps of enabling User Authentication Module (502); determining if anonymous signature exist (504); authenticating user upon confirmation of existence of anonymous signature (510) if anonymous signature exist; determining if user is authentic user (512); proceeding to verify client platform trustworthiness upon confirmation that user is an authentic user (600); determining existence of other types of signature (506) if anonymous signature does not exist; authenticating user upon confirmation of existence of other types of anonymous signature (510); determining if user is authentic user (512); proceeding to verify client platform trustworthiness upon confirmation that user is an authentic user (600); and disabling user authentication module if other types of signature does not exist (508).
  • enabling User Authentication Module (502); determining if anonymous signature exist (504); authenticating user upon confirmation of existence of anonymous signature (510) if anonymous signature exist; determining if user is authentic user (512); proceeding to verify client platform trustworthiness upon confirmation that user is an authentic user (600); determining existence of other types of signature (506) if anonymous signature does not exist; authenticating user upon confirmation of
  • the said step further comprises steps of enabling integrity verification module to verify client platform trustworthiness (602); determining if Trusted Platform Module exist (604); executing mutual platform integrity verification upon confirmation of existence of Trusted Platform Module (610) if Trusted Platform Module exist; determining if platform is verified (612); proceeding to connect Internet of Things gateway to sensors and obtaining measurements from Internet of Things (614); determining if Virtual Trusted Platform Module exist If Trusted Platform Module does not exist; reiterating steps (610), (612) and (614) if Virtual Trusted Platform Module exist; and disabling Integrity Verification Module if Virtual Trusted Platform Module does not exist (508).
  • step for enabling Client to make online Internet of Things measurement which further comprises steps of determining if Client is registered with Information Privacy Control Module Server (702); identifying access rights for Client with Client privacy policy table for accessing at least one Internet of Things gateway (708); imposing privacy restrictions for selected Internet of Things gateway (710); initiating session challenge response between Internet of Things gateway and Internet of Things sensors (712); connecting to selected Internet of Things sensors upon successful challenge response (718); and executing online Internet of Things measurement and providing measured data to Client (720).
  • FIG. 1.0 illustrates the architecture of Internet of Things (loT) based Smart Environment.
  • FIG. 2.0 illustrates the block diagram of the components of the present invention.
  • FIG. 3.0 illustrates the architecture of the present invention.
  • FIG. 4.0 is a flowchart illustrating the methodology for privacy management for Internet of Things of the present invention.
  • FIG. 5.0 is a flowchart illustrating the steps of setting user authentication system for anonymous access.
  • FIG. 6.0 is a flowchart illustrating the steps of setting mutual platform integrity verification between Client and Information Privacy Control Module Server upon set up of user authentication system for execution.
  • FIG. 7.0 is a flowchart illustrating the steps of enabling Client to make online Internet of Things measurement.
  • Table 1.0 illustrates the Privacy Policy Table of the present invention.
  • the present invention provides a system and method for privacy management for Internet of Things (loT) Services.
  • the invention utilizes Information Privacy Control Module (IPCM) to integrate Internet of Things (loT) devices and Internet of Things (loT) gateway for privacy management.
  • IPCM Information Privacy Control Module
  • this specification will describe the present invention according to the preferred embodiments. It is to be understood that limiting the description to the preferred embodiments of the invention is merely to facilitate discussion of the present invention and it is envisioned without departing from the scope of the appended claims. Referring to FIGs. 1.0, 2.0 and 3.0, the system (100, 200, 300) according to the present invention is illustrated. FIG.
  • FIG. 2.0 and 3.0 illustrates the block diagram of the components and the architecture of the present invention.
  • the system (300) comprising an Access Control Server (302); an Information Privacy Control Module (IPCM) (304) within the Access Control Server (302); a privacy policy table (306) within the Access Control Server (302); Internet of Things (loT) gateways (312); and Internet of Things (loT) sensors (316).
  • IPCM Information Privacy Control Module
  • the Internet of Things sensors (316) are embedded with Physically Unclonable Functions to provide unclonable identify and to eliminate wrong measurements by extracting secret cryptographic keys from physical characteristic of integrated circuit; said secret cryptographic keys are unclonable identity as Physically Unclonable Functions exploit inherent delay characteristics of wires and transistors.
  • the said Physically Unclonable Function provides unclonable identity as it is tamper-proof and generated cryptographic keys are known only to to Physically Unclonable Function processor.
  • the Information Privacy Control Module (IPCM) (304) within the Access Control Server (302) provides access rights to Client wherein client's trusted remote medium (308) is provided with access to Internet of Things gateway based on user privacy access rights in Client Privacy Policy Table; providing secure connection for Client access to selected Internet of Things gateway and initiating said Internet of Things gateway to perform challenge response with Internet of Things sensors which provides unclonable identity; and enabling Client to make online Internet of Things measurement.
  • Table 1.0 illustrates the Privacy Policy Table wherein said privacy policy table (306) consists of a list of registered clients and a list of Internet of Things gateway labeled according to Client privacy policy.
  • the network (310) is a trusted network wherein clients are verified as trusted using trusted computing method.
  • the Internet of Things gateways (312) receive measurements from the sensors (316) which are embedded with Physically Unclonable Functions to provide unclonable identity and to eliminate wrong measurements. Further, Internet of Things (loT) measurement is stored in an loT database storage (314) of said system.
  • the invention includes the steps of setting user authentication system for anonymous access (402). Thereafter, mutual platform integrity verification is set up between Client and Information Privacy Control Module Server (IPCM) upon setting up of user authentication system for execution to verify client platform trustworthiness for components of the system (406). Upon successful set up of mutual platform integrity verification between Client and Information Privacy Control Module Server (IPCM), Client registers with the Information Privacy Control Module Server (IPCM) (410) which enables Client to make online Internet of Things measurement (422).
  • IPCM Information Privacy Control Module Server
  • the Client To register with the Information Privacy Control Module Server (IPCM), the Client first selects user privacy access rights from Information Privacy Control Module (IPCM) Server and save the said user privacy rights information into a Client Privacy Policy Table for accessing Internet of Things (loT) measurement (414). Thereafter, the Information Privacy Control Module (IPCM) provides access rights to Client to access the Internet of Things (loTs) gateway based on user privacy access rights in Client Privacy Policy Table (416). Upon setting up access rights to Client, the Information Privacy Control Module (IPCM) provides secure connection which enables Client to access to selected Internet of Things (loTs) gateway and initiating said Internet of Things (loT) gateway to perform challenge response with Internet of Things (loT) sensors which provides unclonable identity (418).
  • IPCM Information Privacy Control Module
  • Secure connection for Client access is provided to selected Internet of Things gateway and said Internet of Things gateway is initiated to perform challenge response with Internet of Things sensors which provides unclonable identity by extracting secret cryptographic keys from physical characteristic of integrated circuit; said secret cryptographic keys are unclonable identity as Internet of Things sensors are embedded with Physically Unclonable Functions that exploit inherent delay characteristics of wires and transistors.
  • the Internet of Things (loT) sensors are embedded with Physically Unclonable Functions to provide unclonable identity for protecting the originals. Thereafter, the Internet of Things (loTs) system enables Client to make online Internet of Things (loT) measurement.
  • FIG. 5.0 A more detailed description of setting user authentication system for anonymous access is illustrated in FIG. 5.0.
  • User Authentication Module is enabled (502). Thereafter, it is determined if anonymous signature exist (504). User is authenticated with the existence of an anonymous signature (510) and it is further determined if user is an authentic user (512). Client platform is verified for trustworthiness upon confirmation that user is an authentic user (600). If anonymous signature does not exist; existence of other types of signature is determined (506) and user is authenticated upon confirmation of existence of other types of anonymous signature (510). Subsequently, it is determined if user is authentic user (512) and client platform trustworthiness is verified upon confirmation that user is an authentic user (600). User authentication module is disabled if other types of signature does not exist (508).
  • Integrity verification module is first enabled to verify client platform trustworthiness (602) and it is determined if Trusted Platform Module (TPM) exist (604). If Trusted Platform Module (TPM) does not exist, it is further determined if Virtual Trusted Platform Module (VTPM) exist (606). Integrity Verification Module is disabled if Virtual Trusted Platform Module (VTPM) does not exist (608).
  • Trusted Platform Module TPM
  • VTPM Virtual Trusted Platform Module
  • Mutual platform integrity verification is executed upon confirmation of existence of Trusted Platform Module and Virtual Trusted Platform Module (610) and it is determined if platform is verified (612). Upon verification of the said platform, it proceeds to connect Internet of Things (loT) gateway to sensors to obtain measurements from said Internet of Things (loT) (614).
  • FIG. 7.0 A more detailed description to enable Client to make online Internet of Things (loT) measurement (700) is further illustrated in FIG. 7.0 wherein it is first determined if Client is registered with the Information Privacy Control Module (IPCM) Server (702). Upon confirmation of Client's registration with the Information Privacy Control Module (IPCM) Server, the Information Privacy Control Module (IPCM) identifies access rights for Client by referring to Client privacy policy table for accessing the Internet of Things (loT) gateway (708). Privacy restrictions are imposed for selected Internet of Things gateway (710). Thereafter, a session challenge response is initiated between Internet of Things (loT) gateway and Internet of Things (loT) sensors (712). It is further determined if said challenge response is successful (714).
  • IPCM Information Privacy Control Module
  • the said process is terminated if challenge response is not successful (716)lnternet of Things (loT) gateway is further connected to selected Internet of Things (loT) sensors upon successful challenge response (718) and Internet of Things (loT) measurement is executed and measured data is provided to Client (720).
  • LoT Internet of Things
  • the present invention addresses the issue of data privacy management in Internet of Things (loT) based services wherein genuine users utilize Internet of Things (loT) services anonymously for protection of identity and genuine users have control over personal private data through privacy access policy. Further, for trust establishment, integrity verification protects against phising and rootkits and Internet of Things sensors embedded with Physically Unclonable Functions provides unclonable identity and eliminates wrong measurements. Unless the context requires otherwise or specifically stated to the contrary, integers, steps or elements of the invention recited herein as singular integers, steps or elements clearly encompass both singular and plural forms of the recited integers, steps or elements.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A system and method for privacy management for Internet of Things (loT) Services is provided by utilizing Information Privacy Control Module (IPCM) to integrate Internet of Things (loT) devices and Internet of Things (loT) gateway. Genuine users utilize Internet of Things (loT) services anonymously for protection of identity and genuine users have control over personal private data through privacy access policy. The system of the present invention includes at least one Access Control Server (302); at least one Information Privacy Control Module (304) within at least one Access Control Server (302); at least one privacy policy table (306) within at least one Access Control Server (302); a plurality of Internet of Things gateways (312); and a plurality of Internet of Things sensors (316). The at least one Information Privacy Control Module (304) provides access rights to Client for Client to access the Internet of Things gateway based on user privacy access rights in Client Privacy Policy Table. Further, secure connection is provided by the Information Privacy Control Module for Client to access to selected Internet of Things gateway and Internet of Things gateway is initiated to perform challenge response with Internet of Things sensors to provide unclonable identity. The unclonable identity is provided by the Physically Unclonable Functions embedded within the sensors to eliminate wrong measurements by extracting secret cryptographic keys from physical characteristic of integrated circuit. In short, for trust establishment, integrity verification protects against phising and rootkits and Internet of Things sensors embedded with Physically Unclonable Functions provides unclonable identity and eliminates wrong measurements.

Description

A SYSTEM AND METHOD FOR PRIVACY MANAGEMENT FOR INTERNET OF
THINGS SERVICES
FIELD OF INVENTION
The present invention relates to a system and method for privacy management for Internet of Things (IoT) Services. In particular, the invention utilizes Information Privacy Control Module (IPCM) to integrate Internet of Things (IoT) devices and Internet of Things (IoT) gateway for privacy management.
BACKGROUND ART
Internet of Things (IoT) services offers great potential in many different sectors of the community specifically applications in areas for improving enterprise applications from efficiency gains to completely new business processes and business models. The future scenario predicts that IoT smart environment will dominate our community in advanced nations. Examples of smart environment are Smart Health, Smart Transport, Smart Precision Agriculture and Smart Environment Monitoring. Existing IoT services provide weak processing devices that are persistent and require a new method to handle physical and digital data in the IoT based Smart Environment. Further, current IoT systems are vulnerable to various types of attacks such as sybil attacks in which the adversary gains access by influencing system, DoS attack where the adversaries make access to data impossible; capturing in which the adversaries hijack devices and change behavior and cloning where the adversaries making copies of devices. Numerous issues are determined in management of security and privacy in current IoT systems due to the complex nature of IoT systems and the gap between integrating physical resources and business process management. One example of enforcement of data privacy was proposed in United States Patent Publication No. US 2012/0222083 A1 hereby denoted as the US 083 Publication provides a method and apparatus for enforcing data privacy. Privacy policy objects are remotely configurable and accessible by trusted external third party policy provider only. In contrast, in the present invention user is verified through mutual platform integrity verification between client and Information Privacy Control Module (IPCM) server which establishes user access right in privacy policy table. Sensors, devices or user personal data are accessed based on privacy profile and security level or by generating user alert or a prompt requesting an approval from user whereby in the present invention IPCM identify access rights through privacy policy table and challenge response session is initiated to ensure that Internet of Things (loT) sensors are unclonable. Further, user access rights are based on privacy profile and security level. There is no guarantee for anonymity as proposed in the present invention.
Another mechanism was proposed in the United States Patent No. US 7401233 B2, hereby denoted as US 233 Patent. It relates generally to privacy protection and particularly to dynamic, data-driven privacy protection relating to telematics data. User privacy policy is enforced. However, it does not provide client's platform integrity check as proposed in the present invention. Sensors are used to collect data through direct instruction from Data Protection Manager and it does not provide secure connection or unclonable sensors as in the present invention which utilizes Physically Unclonable Functions (PUFs) to eliminate attempts for cloning and eliminate wrong measurement. Privacy policy specifies rules for selectively releasing items of confidential data to one or more service providers only as compared to the present invention which provide for anonymous signature.
Privacy protection for user personal information was proposed in an IEEE paper entitled "Preference-based privacy protection mechanism for the Internet of Things" authored by Hu Tao. User's privacy preferences are evaluated by trusted third party and the results are feedback to the Service Provider. In the present invention, user is verified through mutual platform integrity verification between client and IPCM server which establishes user access right in privacy policy table. Further, user has to comply with user's privacy preferences in Service Provider's privacy policy before utilizing the service from the Internet of Things. However, it does not disclose any specific authentication technique as provided in the present invention. The access rights are based on Service Provider's privacy policy. In brief, the said paper does not provide anonymous signature, does not provide for Physically Unclonable Functions (PUFs) and challenge response between loT sensors and loT Gateway as provided in the present invention. The subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one exemplary technology area where some embodiments described herein may be practice.
SUMMARY OF INVENTION
The present invention relates to a system and method for privacy management for Internet of Things (loT) Services. In particular, the invention utilizes Information Privacy Control Module (IPCM) to integrate Internet of Things (loT) devices and Internet of Things (loT) gateway for privacy management.
One aspect of the present invention provides a system (300) for privacy management for Internet of Things. The system comprising at least one Access Control Server (302); at least one Information Privacy Control Module (304) within at least one Access Control Server (302); at least one privacy policy table (306) within at least one Access Control Server (302); a plurality of Internet of Things gateways (312); and a plurality of Internet of Things sensors (316). The plurality of Internet of Things sensors (316) are embedded with Physically Unclonable Functions to provide unclonable identity and to eliminate wrong measurements by extracting secret cryptographic keys from physical characteristic of integrated circuit; said secret cryptographic keys are unclonable identity as Physically Unclonable Functions exploit inherent delay characteristics of wires and transistors. Another aspect of the invention provides that said Physically Unclonable Function provides unclonable identity as it is tamper-proof and generated cryptographic keys are known only to Physically Unclonable Function processor.
In another aspect of the invention there is provided that the at least one Information Privacy Control Module (304) within at least one Access Control Server (302) having means for providing access rights to Client for Client to access Internet of Things gateway based on user privacy access rights in Client Privacy Policy Table; providing secure connection for Client access to selected Internet of Things gateway and initiating said Internet of Things gateway to perform challenge response with Internet of Things sensors which provides unclonable identity and enabling Client to make online Internet of Things measurement by determining if Client is registered with Information Privacy Control Module Server; identifying access rights for Client with Client privacy policy table for accessing at least one Internet of Things gateway; imposing privacy restrictions for selected Internet of Things gateway; initiating session challenge response between Internet of Things gateway and Internet of Things sensors; and connecting to selected Internet of Things sensors upon successful challenge response.
Another aspect the invention provides for the at least one privacy policy table (306) within at least one Access Control Server (302) which consist of a list of registered clients and a list of Internet of Things gateway labeled according to Client privacy policy.
In another aspect of the invention there is provided a plurality of Internet of Things gateways (312) having means for receiving measurements from a plurality of sensors (316).
In yet another aspect of the invention is a plurality of Internet of Things sensors (316) is embedded with Physically Unclonable Functions to provide unclonable identity and to eliminate wrong measurements.
Another aspect the invention provides a method (400) for privacy management for Internet of Things. The method comprises steps of setting user authentication system for anonymous access (402); setting mutual platform integrity verification between Client and Information Privacy Control Module Server upon set up of user authentication system for execution (406); registering Client with Information Privacy Control Module Server (410); and enabling Client to make online Internet of Things measurement (422). The method for registering Client with Information Privacy Control Module Server (410) further comprises steps of selecting user privacy access rights from Information Privacy Control Module Server by Client and saving user privacy access rights information into Client Privacy Policy Table for accessing Internet of Things measurement (414); providing access rights to Client through Information Privacy Control Module for Client to access Internet of Things gateway based on user privacy access rights in Client Privacy Policy Table (416); providing secure connection for Client access to selected Internet of Things gateway and initiating said Internet of Things gateway to perform challenge response with Internet of Things sensors which provides unclonable identity (418). The method for providing secure connection for Client access to selected Internet of Things gateway and initiating said Internet of Things gateway to perform challenge response with Internet of Things sensors which provides unclonable identity further comprises steps of extracting secret cryptographic keys from physical characteristic of integrated circuit; said secret cryptographic keys are unclonable identity as Internet of Things sensors are embedded with Physically Unclonable Functions that exploit inherent delay characteristics of wires and transistors. In another aspect of the invention there is provided the step for setting user authentication system for anonymous access (402). The said step further comprises steps of enabling User Authentication Module (502); determining if anonymous signature exist (504); authenticating user upon confirmation of existence of anonymous signature (510) if anonymous signature exist; determining if user is authentic user (512); proceeding to verify client platform trustworthiness upon confirmation that user is an authentic user (600); determining existence of other types of signature (506) if anonymous signature does not exist; authenticating user upon confirmation of existence of other types of anonymous signature (510); determining if user is authentic user (512); proceeding to verify client platform trustworthiness upon confirmation that user is an authentic user (600); and disabling user authentication module if other types of signature does not exist (508).
In yet another aspect of the invention is the step for setting mutual platform integrity verification between Client and Information Privacy Control Module Server upon set up of user authentication system for execution (406). The said step further comprises steps of enabling integrity verification module to verify client platform trustworthiness (602); determining if Trusted Platform Module exist (604); executing mutual platform integrity verification upon confirmation of existence of Trusted Platform Module (610) if Trusted Platform Module exist; determining if platform is verified (612); proceeding to connect Internet of Things gateway to sensors and obtaining measurements from Internet of Things (614); determining if Virtual Trusted Platform Module exist If Trusted Platform Module does not exist; reiterating steps (610), (612) and (614) if Virtual Trusted Platform Module exist; and disabling Integrity Verification Module if Virtual Trusted Platform Module does not exist (508). ln still another aspect of the invention there is provided with the step for enabling Client to make online Internet of Things measurement (700) which further comprises steps of determining if Client is registered with Information Privacy Control Module Server (702); identifying access rights for Client with Client privacy policy table for accessing at least one Internet of Things gateway (708); imposing privacy restrictions for selected Internet of Things gateway (710); initiating session challenge response between Internet of Things gateway and Internet of Things sensors (712); connecting to selected Internet of Things sensors upon successful challenge response (718); and executing online Internet of Things measurement and providing measured data to Client (720).
The present invention consists of features and a combination of parts hereinafter fully described and illustrated in the accompanying drawings, it being understood that various changes in the details may be made without departing from the scope of the invention or sacrificing any of the advantages of the present invention.
BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS
To further clarify various aspects of some embodiments of the present invention, a more particular description of the invention will be rendered by references to specific embodiments thereof, which are illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail through the accompanying drawings in which: FIG. 1.0 illustrates the architecture of Internet of Things (loT) based Smart Environment.
FIG. 2.0 illustrates the block diagram of the components of the present invention.
FIG. 3.0 illustrates the architecture of the present invention.
FIG. 4.0 is a flowchart illustrating the methodology for privacy management for Internet of Things of the present invention. FIG. 5.0 is a flowchart illustrating the steps of setting user authentication system for anonymous access.
FIG. 6.0 is a flowchart illustrating the steps of setting mutual platform integrity verification between Client and Information Privacy Control Module Server upon set up of user authentication system for execution.
FIG. 7.0 is a flowchart illustrating the steps of enabling Client to make online Internet of Things measurement.
Table 1.0 illustrates the Privacy Policy Table of the present invention.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The present invention provides a system and method for privacy management for Internet of Things (loT) Services. In particular, the invention utilizes Information Privacy Control Module (IPCM) to integrate Internet of Things (loT) devices and Internet of Things (loT) gateway for privacy management. Hereinafter, this specification will describe the present invention according to the preferred embodiments. It is to be understood that limiting the description to the preferred embodiments of the invention is merely to facilitate discussion of the present invention and it is envisioned without departing from the scope of the appended claims. Referring to FIGs. 1.0, 2.0 and 3.0, the system (100, 200, 300) according to the present invention is illustrated. FIG. 1.0 illustrates the general architecture of Internet of Things (loT) based Smart Environment while FIG. 2.0 and 3.0 illustrates the block diagram of the components and the architecture of the present invention. The system (300) comprising an Access Control Server (302); an Information Privacy Control Module (IPCM) (304) within the Access Control Server (302); a privacy policy table (306) within the Access Control Server (302); Internet of Things (loT) gateways (312); and Internet of Things (loT) sensors (316). The Internet of Things sensors (316) are embedded with Physically Unclonable Functions to provide unclonable identify and to eliminate wrong measurements by extracting secret cryptographic keys from physical characteristic of integrated circuit; said secret cryptographic keys are unclonable identity as Physically Unclonable Functions exploit inherent delay characteristics of wires and transistors. The said Physically Unclonable Function provides unclonable identity as it is tamper-proof and generated cryptographic keys are known only to to Physically Unclonable Function processor.
The Information Privacy Control Module (IPCM) (304) within the Access Control Server (302) provides access rights to Client wherein client's trusted remote medium (308) is provided with access to Internet of Things gateway based on user privacy access rights in Client Privacy Policy Table; providing secure connection for Client access to selected Internet of Things gateway and initiating said Internet of Things gateway to perform challenge response with Internet of Things sensors which provides unclonable identity; and enabling Client to make online Internet of Things measurement. Table 1.0 illustrates the Privacy Policy Table wherein said privacy policy table (306) consists of a list of registered clients and a list of Internet of Things gateway labeled according to Client privacy policy. The network (310) is a trusted network wherein clients are verified as trusted using trusted computing method. The Internet of Things gateways (312) receive measurements from the sensors (316) which are embedded with Physically Unclonable Functions to provide unclonable identity and to eliminate wrong measurements. Further, Internet of Things (loT) measurement is stored in an loT database storage (314) of said system.
Referring to FIG. 4.0, an embodiment of the method (400) of the invention is illustrated. Generally, the invention includes the steps of setting user authentication system for anonymous access (402). Thereafter, mutual platform integrity verification is set up between Client and Information Privacy Control Module Server (IPCM) upon setting up of user authentication system for execution to verify client platform trustworthiness for components of the system (406). Upon successful set up of mutual platform integrity verification between Client and Information Privacy Control Module Server (IPCM), Client registers with the Information Privacy Control Module Server (IPCM) (410) which enables Client to make online Internet of Things measurement (422). To register with the Information Privacy Control Module Server (IPCM), the Client first selects user privacy access rights from Information Privacy Control Module (IPCM) Server and save the said user privacy rights information into a Client Privacy Policy Table for accessing Internet of Things (loT) measurement (414). Thereafter, the Information Privacy Control Module (IPCM) provides access rights to Client to access the Internet of Things (loTs) gateway based on user privacy access rights in Client Privacy Policy Table (416). Upon setting up access rights to Client, the Information Privacy Control Module (IPCM) provides secure connection which enables Client to access to selected Internet of Things (loTs) gateway and initiating said Internet of Things (loT) gateway to perform challenge response with Internet of Things (loT) sensors which provides unclonable identity (418). Secure connection for Client access is provided to selected Internet of Things gateway and said Internet of Things gateway is initiated to perform challenge response with Internet of Things sensors which provides unclonable identity by extracting secret cryptographic keys from physical characteristic of integrated circuit; said secret cryptographic keys are unclonable identity as Internet of Things sensors are embedded with Physically Unclonable Functions that exploit inherent delay characteristics of wires and transistors.
The Internet of Things (loT) sensors are embedded with Physically Unclonable Functions to provide unclonable identity for protecting the originals. Thereafter, the Internet of Things (loTs) system enables Client to make online Internet of Things (loT) measurement.
A more detailed description of setting user authentication system for anonymous access is illustrated in FIG. 5.0. In order to set up user authentication system for anonymous access, User Authentication Module is enabled (502). Thereafter, it is determined if anonymous signature exist (504). User is authenticated with the existence of an anonymous signature (510) and it is further determined if user is an authentic user (512). Client platform is verified for trustworthiness upon confirmation that user is an authentic user (600). If anonymous signature does not exist; existence of other types of signature is determined (506) and user is authenticated upon confirmation of existence of other types of anonymous signature (510). Subsequently, it is determined if user is authentic user (512) and client platform trustworthiness is verified upon confirmation that user is an authentic user (600). User authentication module is disabled if other types of signature does not exist (508).
The method for setting mutual platform integrity verification between Client and Information Privacy Control Module (IPCM) Server upon set up of user authentication system for execution is further illustrated in FIG. 6.0. Integrity verification module is first enabled to verify client platform trustworthiness (602) and it is determined if Trusted Platform Module (TPM) exist (604). If Trusted Platform Module (TPM) does not exist, it is further determined if Virtual Trusted Platform Module (VTPM) exist (606). Integrity Verification Module is disabled if Virtual Trusted Platform Module (VTPM) does not exist (608). Mutual platform integrity verification is executed upon confirmation of existence of Trusted Platform Module and Virtual Trusted Platform Module (610) and it is determined if platform is verified (612). Upon verification of the said platform, it proceeds to connect Internet of Things (loT) gateway to sensors to obtain measurements from said Internet of Things (loT) (614).
A more detailed description to enable Client to make online Internet of Things (loT) measurement (700) is further illustrated in FIG. 7.0 wherein it is first determined if Client is registered with the Information Privacy Control Module (IPCM) Server (702). Upon confirmation of Client's registration with the Information Privacy Control Module (IPCM) Server, the Information Privacy Control Module (IPCM) identifies access rights for Client by referring to Client privacy policy table for accessing the Internet of Things (loT) gateway (708). Privacy restrictions are imposed for selected Internet of Things gateway (710). Thereafter, a session challenge response is initiated between Internet of Things (loT) gateway and Internet of Things (loT) sensors (712). It is further determined if said challenge response is successful (714). The said process is terminated if challenge response is not successful (716)lnternet of Things (loT) gateway is further connected to selected Internet of Things (loT) sensors upon successful challenge response (718) and Internet of Things (loT) measurement is executed and measured data is provided to Client (720).
In short, the present invention addresses the issue of data privacy management in Internet of Things (loT) based services wherein genuine users utilize Internet of Things (loT) services anonymously for protection of identity and genuine users have control over personal private data through privacy access policy. Further, for trust establishment, integrity verification protects against phising and rootkits and Internet of Things sensors embedded with Physically Unclonable Functions provides unclonable identity and eliminates wrong measurements. Unless the context requires otherwise or specifically stated to the contrary, integers, steps or elements of the invention recited herein as singular integers, steps or elements clearly encompass both singular and plural forms of the recited integers, steps or elements.
Throughout this specification, unless the context requires otherwise, the word "comprise", or variations such as "comprises" or "comprising", will be understood to imply the inclusion of a stated step or element or integer or group of steps or elements or integers, but not the exclusion of any other step or element or integer or group of steps, elements or integers. Thus, in the context of this specification, the term "comprising" is used in an inclusive sense and thus should be understood as meaning "including principally, but not necessarily solely".
It will be appreciated that the foregoing description has been given by way of illustrative example of the invention and that all such modifications and variations thereto as would be apparent to persons of skill in the art are deemed to fall within the broad scope and ambit of the invention as herein set forth.

Claims

A system (300) for privacy management for Internet of Things comprising:
at least one Access Control Server (302);
at least one Information Privacy Control Module (304) within at least one Access Control Server (302);
at least one privacy policy table (306) within at least one Access Control Server (302);
a plurality of Internet of Things gateways (312); and
a plurality of Internet of Things sensors (316)
characterized in that
the plurality of Internet of Things sensors (316) are embedded with Physically Unclonable Functions to provide unclonable identity and to eliminate wrong measurements by
extracting secret cryptographic keys from physical characteristic of integrated circuit; said secret cryptographic keys are unclonable identity as Physically Unclonable Functions exploit inherent delay characteristics of wires and transistors.
A system (300) according to Claim 1 , wherein said Physically Unclonable Function provides unclonable identity as it is tamper-proof and generated cryptographic keys are known only to Physically Unclonable Function processor.
A system (300) according to Claim 1 , wherein the at least one Information Privacy Control Module (304) within at least one Access Control Server (302) having means for:
providing access rights to Client for Client to access Internet of Things gateway based on user privacy access rights in Client Privacy Policy Table;
providing secure connection for Client access to selected Internet of Things gateway and initiating said Internet of Things gateway to perform challenge response with Internet of Things sensors which provides unclonable identity; and enabling Client to make online Internet of Things measurement by:
determining if Client is registered with Information Privacy Control Module Server;
identifying access rights for Client with Client privacy policy table for accessing at least one Internet of Things gateway; imposing privacy restrictions for selected Internet of Things gateway;
initiating session challenge response between Internet of
Things gateway and Internet of Things sensors; and connecting to selected Internet of Things sensors upon
successful challenge response.
A system (300) according to Claim 1 , wherein the at least one privacy policy table (306) within at least one Access Control Server (302) consist of a list of registered clients and a list of Internet of Things gateway labeled according to Client privacy policy.
A system (300) according to Claim 1 , wherein a plurality of Internet of Things gateways (312) having means for receiving measurements from a plurality of sensors (316).
A system (300) according to Claim 1 , wherein a plurality of Internet of Things sensors (316) are embedded with Physically Unclonable Functions to provide unclonable identity and to eliminate wrong measurements.
A method (400) for privacy management for Internet of Things, the method comprises steps of:
setting user authentication system for anonymous access (402);
setting mutual platform integrity verification between Client and
Information Privacy Control Module Server upon set up of user authentication system for execution (406);
registering Client with Information Privacy Control Module Server (410); and enabling Client to make online Internet of Things measurement (422) characterized in that
registering Client with Information Privacy Control Module Server (410) further comprises steps of:
selecting user privacy access rights from Information Privacy Control Module Server by Client and saving user privacy access rights information into Client Privacy Policy Table for accessing Internet of Things measurement (414);
providing access rights to Client through Information Privacy Control Module for Client to access Internet of Things gateway based on user privacy access rights in Client Privacy Policy Table (416);
providing secure connection for Client access to selected Internet of Things gateway and initiating said Internet of Things gateway to perform challenge response with Internet of Things sensors which provides unclonable identity (418)
further characterized in that
providing secure connection for Client access to selected Internet of Things gateway and initiating said Internet of Things gateway to perform challenge response with Internet of Things sensors which provides unclonable identity further comprises steps of:
extracting secret cryptographic keys from physical characteristic of integrated circuit; said secret
cryptographic keys are unclonable identity as Internet of Things sensors are embedded with Physically Unclonable Functions that exploit inherent delay characteristics of wires and transistors.
8. A method according to Claim 7, wherein setting user authentication system for anonymous access (402) further comprises steps of:
enabling User Authentication Module (502);
determining if anonymous signature exist (504);
if anonymous signature exist; authenticating user upon confirmation of existence of anonymous signature (510);
determining if user is authentic user (512);
proceeding to verify client platform trustworthiness upon confirmation that user is an authentic user (600);
if anonymous signature does not exist;
determining existence of other types of signature (506); authenticating user upon confirmation of existence of other types of anonymous signature (510);
determining if user is authentic user (512);
proceeding to verify client platform trustworthiness upon confirmation that user is an authentic user (600); and disabling user authentication module if other types of signature does not exist (508).
A method according to Claim 7, wherein setting mutual platform integrity verification between Client and Information Privacy Control Module Server upon set up of user authentication system for execution (406) further comprises steps of:
enabling integrity verification module to verify client platform
trustworthiness (602);
determining if Trusted Platform Module exist (604); if Trusted Platform Module exist;
executing mutual platform integrity verification upon confirmation of existence of Trusted Platform Module (610);
determining if platform is verified (612);
proceeding to connect Internet of Things gateway to sensors and obtaining measurements from Internet of Things (614)
if Trusted Platform Module does not exist;
determining if Virtual Trusted Platform Module exist;
reiterating steps (610), (612) and (614) if Virtual Trusted Platform Module exist; else disabling Integrity Verification Module if Virtual Trusted Platform Module does not exist (508).
10. A method according to Claim 7, wherein enabling Client to make online Internet of Things measurement (700) further comprises steps of:
determining if Client is registered with Information Privacy Control Module Server (702);
identifying access rights for Client with Client privacy policy table for accessing at least one Internet of Things gateway (708);
imposing privacy restrictions for selected Internet of Things
gateway (710);
initiating session challenge response between Internet of Things gateway and Internet of Things sensors (712);
connecting to selected Internet of Things sensors upon successful challenge response (718); and
executing online Internet of Things measurement and providing measured data to Client (720).
PCT/MY2014/000034 2013-04-25 2014-03-18 A system and method for privacy management for internet of things services WO2014175721A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2013001491 2013-04-25
MYPI2013001491A MY166564A (en) 2013-04-25 2013-04-25 A system and method for privacy management for internet of things services

Publications (1)

Publication Number Publication Date
WO2014175721A1 true WO2014175721A1 (en) 2014-10-30

Family

ID=50729749

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2014/000034 WO2014175721A1 (en) 2013-04-25 2014-03-18 A system and method for privacy management for internet of things services

Country Status (2)

Country Link
MY (1) MY166564A (en)
WO (1) WO2014175721A1 (en)

Cited By (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105635952A (en) * 2016-03-14 2016-06-01 南京邮电大学 Control system in open environment and implementation method thereof
WO2016153717A1 (en) * 2015-03-25 2016-09-29 Mcafee, Inc. Goal-driven provisioning in lot systems
WO2017052890A1 (en) 2015-09-25 2017-03-30 Intel Corporation Methods and apparatus to facilitate end-user defined policy management
DE102015222794A1 (en) * 2015-11-18 2017-05-18 Siemens Aktiengesellschaft Protective device for protecting the privacy of a person
WO2017112151A1 (en) * 2015-12-22 2017-06-29 Mcafee, Inc. Simplified sensor integrity
US20170344761A1 (en) * 2016-05-26 2017-11-30 Raytheon Company Authentication system and method
US9961572B2 (en) 2015-10-22 2018-05-01 Delta Energy & Communications, Inc. Augmentation, expansion and self-healing of a geographically distributed mesh network using unmanned aerial vehicle (UAV) technology
US10055869B2 (en) 2015-08-11 2018-08-21 Delta Energy & Communications, Inc. Enhanced reality system for visualizing, evaluating, diagnosing, optimizing and servicing smart grids and incorporated components
US10055966B2 (en) 2015-09-03 2018-08-21 Delta Energy & Communications, Inc. System and method for determination and remediation of energy diversion in a smart grid network
US10237284B2 (en) 2016-03-31 2019-03-19 International Business Machines Corporation Internet of things security appliance
US10325112B2 (en) 2016-12-29 2019-06-18 T-Mobile Usa, Inc. Privacy breach detection
US10395017B2 (en) 2017-02-01 2019-08-27 International Business Machines Corporation Selectively redacting digital footprint information in order to improve computer data security
US10404569B2 (en) 2016-08-22 2019-09-03 General Electric Company Internet of things associate
US10452872B2 (en) 2016-05-26 2019-10-22 Raytheon Company Detection system for detecting changes to circuitry and method of using the same
US10476597B2 (en) 2015-10-22 2019-11-12 Delta Energy & Communications, Inc. Data transfer facilitation across a distributed mesh network using light and optical based technology
US10587360B2 (en) 2016-02-26 2020-03-10 Hewlett Packard Enterprise Development Lp Device privacy protection
US10652633B2 (en) 2016-08-15 2020-05-12 Delta Energy & Communications, Inc. Integrated solutions of Internet of Things and smart grid network pertaining to communication, data and asset serialization, and data modeling algorithms
CN111209558A (en) * 2019-12-26 2020-05-29 曙光网络科技有限公司 Internet of things equipment identity authentication method and system based on block chain
CN111541780A (en) * 2020-07-07 2020-08-14 德能森智能科技(成都)有限公司 Intelligent gateway based on cloud platform
CN111614621A (en) * 2020-04-20 2020-09-01 深圳奇迹智慧网络有限公司 Internet of things communication method and system
US10791020B2 (en) 2016-02-24 2020-09-29 Delta Energy & Communications, Inc. Distributed 802.11S mesh network using transformer module hardware for the capture and transmission of data
CN112152827A (en) * 2019-06-27 2020-12-29 北京微云智联科技有限公司 Management method and device of Internet of things equipment, gateway and readable storage medium
US11063978B2 (en) * 2015-12-23 2021-07-13 Mcafee, Llc Protecting personally identifiable information from electronic user devices
US11172273B2 (en) 2015-08-10 2021-11-09 Delta Energy & Communications, Inc. Transformer monitor, communications and data collection device
US11196621B2 (en) 2015-10-02 2021-12-07 Delta Energy & Communications, Inc. Supplemental and alternative digital data delivery and receipt mesh net work realized through the placement of enhanced transformer mounted monitoring devices
US11256828B1 (en) 2016-07-05 2022-02-22 Wells Fargo Bank, N.A. Method and apparatus for controlling IoT devices by agent device
CN114500103A (en) * 2022-03-31 2022-05-13 泰山学院 Internet of things privacy data segmentation and encryption method and block chain system
CN115065703A (en) * 2022-06-17 2022-09-16 京东方科技集团股份有限公司 Internet of things system, authentication and communication method thereof and related equipment
CN116669018A (en) * 2023-07-28 2023-08-29 陕西通信规划设计研究院有限公司 Data processing method and device based on Internet of things communication
WO2023178691A1 (en) * 2022-03-25 2023-09-28 Oppo广东移动通信有限公司 Security implementation method and apparatus, device and network element
WO2024138580A1 (en) * 2022-12-29 2024-07-04 北京小米移动软件有限公司 Wireless sensing communication method, apparatus, device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7401233B2 (en) 2003-06-24 2008-07-15 International Business Machines Corporation Method, system, and apparatus for dynamic data-driven privacy policy protection and data sharing
US20110239002A1 (en) * 2010-03-25 2011-09-29 Empire Technology Development Llc Differential uncloneable variability-based cryptography
US20120166610A1 (en) * 2010-12-23 2012-06-28 Electronics And Telecommunications Research Institute Method and system for communication in application field
US20120222083A1 (en) 2011-02-28 2012-08-30 Nokia Corporation Method and apparatus for enforcing data privacy

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7401233B2 (en) 2003-06-24 2008-07-15 International Business Machines Corporation Method, system, and apparatus for dynamic data-driven privacy policy protection and data sharing
US20110239002A1 (en) * 2010-03-25 2011-09-29 Empire Technology Development Llc Differential uncloneable variability-based cryptography
US20120166610A1 (en) * 2010-12-23 2012-06-28 Electronics And Telecommunications Research Institute Method and system for communication in application field
US20120222083A1 (en) 2011-02-28 2012-08-30 Nokia Corporation Method and apparatus for enforcing data privacy

Cited By (50)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016153717A1 (en) * 2015-03-25 2016-09-29 Mcafee, Inc. Goal-driven provisioning in lot systems
CN107820699B (en) * 2015-03-25 2019-02-26 迈克菲有限公司 Target drives in IoT system are arranged
CN107820699A (en) * 2015-03-25 2018-03-20 迈克菲有限公司 Target drives in IoT systems arrange
US9800468B2 (en) 2015-03-25 2017-10-24 Mcafee, Inc. Goal-driven provisioning in IoT systems
US11172273B2 (en) 2015-08-10 2021-11-09 Delta Energy & Communications, Inc. Transformer monitor, communications and data collection device
US10055869B2 (en) 2015-08-11 2018-08-21 Delta Energy & Communications, Inc. Enhanced reality system for visualizing, evaluating, diagnosing, optimizing and servicing smart grids and incorporated components
US10055966B2 (en) 2015-09-03 2018-08-21 Delta Energy & Communications, Inc. System and method for determination and remediation of energy diversion in a smart grid network
US11888903B2 (en) 2015-09-25 2024-01-30 Intel Corporation Methods and apparatus to facilitate end-user defined policy management
CN108027946B (en) * 2015-09-25 2022-05-03 英特尔公司 Method and apparatus for facilitating end-user defined policy management
US10785262B2 (en) 2015-09-25 2020-09-22 Intel Corporation Methods and apparatus to facilitate end-user defined policy management
CN108027946A (en) * 2015-09-25 2018-05-11 英特尔公司 The method and apparatus for the tactical management that promotion end user defines
EP3353735A4 (en) * 2015-09-25 2019-03-13 Intel Corporation Methods and apparatus to facilitate end-user defined policy management
US11553004B2 (en) 2015-09-25 2023-01-10 Intel Corporation Methods and apparatus to facilitate end-user defined policy management
WO2017052890A1 (en) 2015-09-25 2017-03-30 Intel Corporation Methods and apparatus to facilitate end-user defined policy management
US11196621B2 (en) 2015-10-02 2021-12-07 Delta Energy & Communications, Inc. Supplemental and alternative digital data delivery and receipt mesh net work realized through the placement of enhanced transformer mounted monitoring devices
US10476597B2 (en) 2015-10-22 2019-11-12 Delta Energy & Communications, Inc. Data transfer facilitation across a distributed mesh network using light and optical based technology
US9961572B2 (en) 2015-10-22 2018-05-01 Delta Energy & Communications, Inc. Augmentation, expansion and self-healing of a geographically distributed mesh network using unmanned aerial vehicle (UAV) technology
DE102015222794A1 (en) * 2015-11-18 2017-05-18 Siemens Aktiengesellschaft Protective device for protecting the privacy of a person
WO2017084839A1 (en) 2015-11-18 2017-05-26 Siemens Aktiengesellschaft Protective device for protecting the private sphere of a person
WO2017112151A1 (en) * 2015-12-22 2017-06-29 Mcafee, Inc. Simplified sensor integrity
US10044696B2 (en) 2015-12-22 2018-08-07 Mcafee, Llc Simplified sensor integrity
US11063978B2 (en) * 2015-12-23 2021-07-13 Mcafee, Llc Protecting personally identifiable information from electronic user devices
US10791020B2 (en) 2016-02-24 2020-09-29 Delta Energy & Communications, Inc. Distributed 802.11S mesh network using transformer module hardware for the capture and transmission of data
US10587360B2 (en) 2016-02-26 2020-03-10 Hewlett Packard Enterprise Development Lp Device privacy protection
CN105635952B (en) * 2016-03-14 2019-04-30 南京邮电大学 Control system and its implementation under a kind of open environment
CN105635952A (en) * 2016-03-14 2016-06-01 南京邮电大学 Control system in open environment and implementation method thereof
US10623418B2 (en) 2016-03-31 2020-04-14 International Business Machines Corporation Internet of Things security appliance
US10237284B2 (en) 2016-03-31 2019-03-19 International Business Machines Corporation Internet of things security appliance
US20170344761A1 (en) * 2016-05-26 2017-11-30 Raytheon Company Authentication system and method
US10452872B2 (en) 2016-05-26 2019-10-22 Raytheon Company Detection system for detecting changes to circuitry and method of using the same
US10445531B2 (en) * 2016-05-26 2019-10-15 Raytheon Company Authentication system and method
US11748518B1 (en) 2016-07-05 2023-09-05 Wells Fargo Bank, N.A. Method and apparatus for controlling IoT devices by agent device
US11256828B1 (en) 2016-07-05 2022-02-22 Wells Fargo Bank, N.A. Method and apparatus for controlling IoT devices by agent device
US10652633B2 (en) 2016-08-15 2020-05-12 Delta Energy & Communications, Inc. Integrated solutions of Internet of Things and smart grid network pertaining to communication, data and asset serialization, and data modeling algorithms
US10404569B2 (en) 2016-08-22 2019-09-03 General Electric Company Internet of things associate
US11023613B2 (en) 2016-12-29 2021-06-01 T-Mobile Usa, Inc. Privacy breach detection
US10325112B2 (en) 2016-12-29 2019-06-18 T-Mobile Usa, Inc. Privacy breach detection
US11836270B2 (en) 2016-12-29 2023-12-05 T-Mobile Usa, Inc. Privacy breach detection
US10395017B2 (en) 2017-02-01 2019-08-27 International Business Machines Corporation Selectively redacting digital footprint information in order to improve computer data security
CN112152827A (en) * 2019-06-27 2020-12-29 北京微云智联科技有限公司 Management method and device of Internet of things equipment, gateway and readable storage medium
CN111209558B (en) * 2019-12-26 2022-05-13 曙光网络科技有限公司 Internet of things equipment identity authentication method and system based on block chain
CN111209558A (en) * 2019-12-26 2020-05-29 曙光网络科技有限公司 Internet of things equipment identity authentication method and system based on block chain
CN111614621A (en) * 2020-04-20 2020-09-01 深圳奇迹智慧网络有限公司 Internet of things communication method and system
CN111541780A (en) * 2020-07-07 2020-08-14 德能森智能科技(成都)有限公司 Intelligent gateway based on cloud platform
WO2023178691A1 (en) * 2022-03-25 2023-09-28 Oppo广东移动通信有限公司 Security implementation method and apparatus, device and network element
CN114500103A (en) * 2022-03-31 2022-05-13 泰山学院 Internet of things privacy data segmentation and encryption method and block chain system
CN115065703A (en) * 2022-06-17 2022-09-16 京东方科技集团股份有限公司 Internet of things system, authentication and communication method thereof and related equipment
WO2024138580A1 (en) * 2022-12-29 2024-07-04 北京小米移动软件有限公司 Wireless sensing communication method, apparatus, device and storage medium
CN116669018A (en) * 2023-07-28 2023-08-29 陕西通信规划设计研究院有限公司 Data processing method and device based on Internet of things communication
CN116669018B (en) * 2023-07-28 2023-10-13 陕西通信规划设计研究院有限公司 Data processing method and device based on Internet of things communication

Also Published As

Publication number Publication date
MY166564A (en) 2018-07-16

Similar Documents

Publication Publication Date Title
WO2014175721A1 (en) A system and method for privacy management for internet of things services
US11245687B2 (en) Hardware-based device authentication
US10757094B2 (en) Trusted container
US10083290B2 (en) Hardware-based device authentication
US9298890B2 (en) Preventing unauthorized account access using compromised login credentials
US9867043B2 (en) Secure device service enrollment
US9628282B2 (en) Universal anonymous cross-site authentication
US20150113618A1 (en) Verifying the security of a remote server
US11824850B2 (en) Systems and methods for securing login access
WO2020000749A1 (en) Method and apparatus for detecting unauthorized vulnerabilities
WO2016188335A1 (en) Access control method, apparatus and system for user data
Panos et al. A security evaluation of FIDO’s UAF protocol in mobile and embedded devices
Kim et al. Security analysis and bypass user authentication bound to device of windows hello in the wild
US10389719B2 (en) Parameter based data access on a security information sharing platform
GB2598096A (en) Method for authenticating using distributed identities
KR101594315B1 (en) Service providing method and server using third party's authentication
TWI670990B (en) Method and system for automatically connecting a secure wireless network
Foltz et al. Secure Endpoint Device Agent Architecture.
Choi et al. Home IoT Authority Control Method Based on DID Auth

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14724167

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14724167

Country of ref document: EP

Kind code of ref document: A1