Security and data privacy for lighting sensory networks
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-021/64
G06F-021/60
G06Q-010/00
H04L-009/32
H04L-009/08
H04L-029/06
G06F-021/31
H04L-009/30
출원번호
US-0639841
(2015-03-05)
등록번호
US-9582671
(2017-02-28)
발명자
/ 주소
Ryhorchuk, Kent W.
Sachs, Christopher David
출원인 / 주소
Sensity Systems Inc.
대리인 / 주소
Schwegman Lundberg & Woessner, P.A.
인용정보
피인용 횟수 :
0인용 특허 :
68
초록▼
In various example embodiments, a system and method are provided for protection customer data collected at sensor nodes within a networked system. A key recovery module determines the encrypted sensor data in a request was encrypted with a certified public key associated with a first customer key-pa
In various example embodiments, a system and method are provided for protection customer data collected at sensor nodes within a networked system. A key recovery module determines the encrypted sensor data in a request was encrypted with a certified public key associated with a first customer key-pair. The first customer key-pair represents a recovered private key. The key recovery module determines the private key associated with the first customer key-pair is encrypted with the private key associated with a second customer key-pair. The private key associated with the first customer key-pair is decrypted by using the private key associated with the second customer key-pair. The encrypted sensor data in the request is decrypted using the decrypted private key associated with the first customer key-pair.
대표청구항▼
1. A method for protecting unauthorized access to data, the data collected by sensor nodes within a sensor network and accessible to one or more applications by authorized customers through a service data platform, the service data platform in communication with the sensor network, comprising: gener
1. A method for protecting unauthorized access to data, the data collected by sensor nodes within a sensor network and accessible to one or more applications by authorized customers through a service data platform, the service data platform in communication with the sensor network, comprising: generating a key-pair associated with an authorized customer including a public encryption key and a private decryption key;requesting certification of the public encryption key;receiving a certificate representing a certified public encryption key;distributing the certificate to the sensor nodes within the sensor network to enable the sensor nodes to encrypt the data at the sensor nodes with the certificate associated with the authorized user prior to being transmitted to the service data platform;splitting, using at least one processor of a machine, the private decryption key into multiple shares to decrypt the encrypted data when accessed by an application associated with the authorized customer;storing a first share of the multiple shares at the service data platform;storing a password encrypted second share of the multiple shares at the service data platform;transmitting a third share of the multiple shares to a third-party device for storage;in response to a request from the application associated with the authorized customer to access the encrypted data, receiving the encrypted data;determining that the private decryption key cannot be reconstructed using the combination of the first share and the password encrypted second share at the service data platform to decrypt the encrypted data;accessing the third party share from the third party device; andrecovering, at the service data platform, the private decryption key using the third share and at least one of the first share and the password encrypted second share of the multiple shares. 2. The method of claim 1, further comprising: receiving a request associated with the authorized customer to generate the key-pair, the key-pair representing a customer key-pair. 3. The method of claim 1, wherein requesting certification of the public encryption key comprises: requesting a certificate authority to generate customer certificates associated with the key-pair. 4. The method of claim 1, further comprising: transmitting the second share to a customer device. 5. The method of claim 1, further comprising: destroying the private decryption key after splitting the private decryption key into multiple shares. 6. The method of claim 1, wherein the first share of the multiple shares is assigned to the service data platform, a second share of the multiple shares is assigned to the authorized customer, and the third share of the multiple shares is assigned to a third party. 7. The method of claim 6, wherein the third party represents a trusted third party. 8. The method of claim 6, wherein storing the password encrypted second-share at the service data platform further comprising: requesting a password from the authorized customer;in response to the request, receiving the password from the authorized customer;encrypting the second share of the multiple shares using the password from the authorized customer; andstoring the password encrypted second share at the service data platform. 9. A system for protecting customer data collected at sensor nodes within a networked system, comprising: a memory device for storing instructions; andat least one processor of a machine, which, when executing the instructions, causes the system to perform operations comprising:generating a key-pair associated with a customer including a public encryption key and a private decryption key;requesting certification of the public encryption key;receiving a certificate representing a certified public encryption key;distributing the certificate to the sensor nodes within the sensor network to enable the sensor nodes to encrypt the data at the sensor nodes with the certificate associated with the authorized user prior to being transmitted to the service data platform;splitting the private decryption key into multiple shares to decrypt the encrypted data when accessed by an application associated with the authorized customer;storing a first share of the multiple shares at the service data platform;storing a password encrypted second share of the multiple shares at the service data platform;transmitting a third share of the multiple shares to a third-party device for storage;in response to a request from the application associated with the authorized customer to access the encrypted data, receiving the encrypted data;determining that the private decryption key cannot be reconstructed using the combination of the first share and the password encrypted second share at the service data platform to decrypt the encrypted data;accessing the third party share from the third party device; andrecovering, at the service data platform, the private decryption key using the third share and at least one of the first share and the password encrypted second share of the multiple shares. 10. The system of claim 9, wherein the at least one process of the machine, which when executing the instructions, further causes the system to perform operations comprising: receiving a request associated with the authorized customer to generate the key-pair, the key-pair representing a customer key-pair. 11. The system of claim 9, wherein the operation of requesting certification of the public encryption key comprising: requesting a certificate authority to generate customer certificates associated with the key-pair. 12. The system of claim 9, wherein the at least one process of the machine, which when executing the instructions, further causes the system to perform operations comprising: transmitting the second share to a customer device. 13. The system of claim 9, wherein the at least one process of the machine, which when executing the instructions, further causes the system to perform operations comprising: destroying the private decryption key after splitting the private decryption key into multiple shares. 14. The system of claim 9, wherein the first share of the multiple shares is assigned to the service data platform, a second share of the multiple shares is assigned to the authorized customer, and the third share of the multiple shares is assigned to a third party. 15. The system of claim 14, wherein the third party represents a trusted third party. 16. The system of claim 14, wherein the operation of storing the password encrypted second-share of at the service data platform further comprising: requesting a password from the authorized customer;in response to the request, receiving the password from the authorized customer;encrypting the second share of the multiple shares using the password from the authorized customer; andstoring the password encrypted second share at the service data platform.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (68)
Ko, Lee-Chun; Gligor, Virgil D.; Lee, Hayan, Access authorization method and apparatus for a wireless sensor network.
Gordin, Myron K.; Boyle, Timothy J.; Hol, Philip D.; Jacobson, Jeffrey A., Apparatus, method and system for monitoring and maintaining light levels at target area for lighting system.
Zhang, Yajun-Edwin; Jin, Zhao Xia; Huang, Jerry Qi; Halford, Andrew D.; Liu, Chengyi; Mitchell, Curtis, Approach for planning, designing and observing building systems.
Wangler Richard J. ; Gustavson Robert L. ; McConnell ; II Robert E. ; Fowler Keith L., Intelligent vehicle highway system multi-lane sensor and method.
Chemel, Brian J.; Piepgras, Colin; Kondo, Steve T.; Johnston, Scott D., LED-based lighting methods, apparatus, and systems employing LED light bars, occupancy sensing, local state machine, and time-based tracking of operational modes.
Narayana, M S Badari; Karunakaran, Kumara Das; Choudary, Seemant; Bourakov, Veniamin, Location based load balancing of wireless access points and wireless switches.
Hawkins, Stan; Turner, Charles; Swiedler, Thomas; Norseen, John, Method and system for remotely monitoring and controlling field devices with a street lamp elevated mesh network.
Chao Wen-Hua (5F ; No. 52 ; Tung-Feng St. Taipei City TWX), Thermal storage device for interacting with a circulating coolant in an air conditioning system.
Lipton, Alan J.; Clark, John I. W.; Zhang, Zhong; Venetianer, Peter L.; Strat, Thomas; Allmen, Mark; Severson, William; Haering, Niels; Chosak, Andrew; Frazier, Matthew; Sfekas, James; Hirata, Tasuki, Video analytic rule detection system and method.
Lipton, Alan J.; Strat, Thomas M.; Venetianer, Pèter L.; Allmen, Mark C.; Severson, William E.; Haering, Niels; Chosak, Andrew J.; Zhang, Zhong; Frazier, Matthew F.; Seekas, James S.; Hirata, Tasuki; Clark, John, Video surveillance system employing video primitives.
Venetianer, Peter L.; Lipton, Alan J.; Chosak, Andrew J.; Frazier, Matthew F.; Haering, Niels; Myers, Gary W.; Yin, Weihong; Zhang, Zhong, Video surveillance system employing video primitives.
Venetianer, Peter L.; Allmen, Mark C.; Brewer, Paul C.; Chosak, Andrew J.; Clark, John I. W.; Frazier, Matthew F.; Haering, Niels; Hirata, Tasuki; Horne, Caspar; Lipton, Alan J.; Severson, William E., Video tripwire.
Venetianer, Peter L.; Brewer, Paul C.; Chosak, Andrew J.; Clark, John I. W.; Haering, Niels; Lipton, Alan J.; Myers, Gary; Yen, Chung-Cheng; Kalapa, Pramod, Video tripwire.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.