Security and data privacy for lighting sensory networks
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-009/08
G06F-021/60
G06Q-010/00
H04L-009/32
H04L-029/06
G06F-021/31
H04L-029/08
G06Q-030/02
G06F-021/71
H04W-084/18
출원번호
US-0387234
(2016-12-21)
등록번호
US-9959413
(2018-05-01)
발명자
/ 주소
Ryhorchuk, Kent W.
Sachs, Christopher David
출원인 / 주소
Sensity Systems Inc.
인용정보
피인용 횟수 :
0인용 특허 :
73
초록▼
In one example, a method of protecting customer data in a networked system comprises collecting sensor data available at sensor nodes within a sensor network in communication with a service data platform over a network. The method includes encrypting the sensor data using a certified public key asso
In one example, a method of protecting customer data in a networked system comprises collecting sensor data available at sensor nodes within a sensor network in communication with a service data platform over a network. The method includes encrypting the sensor data using a certified public key associated with a customer key-pair, the sensor data representing the customer data associated with sensitive identification information. The sensor data is cryptographically signed with a device private key. The method includes transporting the encrypted sensor data to the service data platform for storage, and decrypting at the service data platform, the encrypted sensor data using a private key sharing scheme that reconstructs the private key associated with the customer key-pair using a first share and a password encrypted second share, the first share assigned to the service data platform and the password encrypted second share assigned to a customer of the customer key-pair.
대표청구항▼
1. A method of cryptographically protecting unauthorized access to customer data, the method comprising: collecting sensor data by sensor nodes of a sensor network, the sensor network in communication with a service data platform;encrypting the sensor data, at the sensor nodes prior to being transmi
1. A method of cryptographically protecting unauthorized access to customer data, the method comprising: collecting sensor data by sensor nodes of a sensor network, the sensor network in communication with a service data platform;encrypting the sensor data, at the sensor nodes prior to being transmitted to the service data platform, using a certified public key associated with a customer key-pair, wherein: the sensor data representing the customer data associated with sensitive identification information, andthe certified public key is stored at the server nodes to enable the sensor nodes to encrypt the sensor data;cryptographically signing the sensor data with a device private key associated with the sensor nodes;transporting the encrypted sensor data to the service data platform for storage; anddecrypting at the service data platform, using at least one processor of a machine, the encrypted sensor data using at least a private key sharing scheme that reconstructs a private key associated with the customer key-pair using a first share, a password encrypted second share, and a third share, the first share assigned to the service data platform, the password encrypted second share assigned to a customer of the customer key-pair, and the third share is assigned to a trusted third party device, and wherein at least two of the first, second, and third share are sufficient to reconstruct the private key associated with the customer key-par;receiving, at the trusted third party device, an authorization for release of the third party share; andrecovering the private key associated with the customer key-pair by reconstructing, at the service data platform, the private key associated with the customer key-pair based on the first share and the received third party share. 2. The method of claim 1, wherein the sensitive identification information represents at least one of customer identification information and personally identification information. 3. The method of claim 1, further comprising: receiving a request associated with an authorized user of the customer of the service data platform to access the encrypted sensor data stored by the service data platform;receiving a password associated with the password encrypted second share; anddecrypting the password encrypted second share. 4. The method of claim 3, further comprising: combining the first share and the decrypted password encrypted second share to reconstruct the private key associated with the customer key-pair. 5. The method of claim 1, wherein the private key sharing scheme further includes: splitting the private key associated with the customer key-pair at least into the first and second share. 6. The method of claim 5, wherein the private key sharing scheme further includes: destroying the private key associated with the customer key-pair after splitting the private key. 7. The method of claim 1 further comprising: receiving, at the service data platform, a request to recover the password encrypted second share; andreceiving, at the trusted third party device, a request to release the third party share, wherein the third party share stored at the trusted third party device. 8. The method of claim 7 further comprising: creating a new customer key-pair including a new customer certificate and a new private key;encrypting the recovered private key with the new private key of the new customer key-pair; andencrypting new sensor data with the certified public key associated with the customer key-pair including the recovered private key. 9. The method of claim 8 further comprising: receiving, at the service data platform, a request to access the encrypted new sensor data stored;determining that the encrypted new sensor data in the request is encrypted with the certified public key associated with the customer key-pair including the recovered private key;determining that the private key associated with the first customer key-pair is encrypted with the new private key of the new customer key-pair;decrypting the private key associated with the customer key-pair including the recovered private key by using the new private key associated with the new customer key-pair; anddecrypting the encrypted new sensor data in the request using the decrypted private key associated with the customer key-pair. 10. A system to cryptographically protect customer data, the system comprising: a memory device for storing instructions; andat least one processor of a machine, which, when executing the instructions, causes the system to perform operations comprising: collecting sensor data by sensor nodes of a sensor network, the sensor network in communication with a service data platform;encrypting the sensor data, at the sensor nodes prior to being transmitted to the service data platform, the sensor data is encrypted using a certified public key associated with a customer key-pair, wherein the sensor data representing the customer data associated with sensitive identification information and the certified public key is stored at the server nodes to enable the sensor nodes to encrypt the sensor data;cryptographically signing the sensor data with a device private key associated with the sensor nodes;transporting the encrypted sensor data to the service data platform for storage; anddecrypting at the service data platform, using at least one processor of a machine, the encrypted sensor data using at least a private key sharing scheme that reconstructs a private key associated with the customer key-pair using a first share, a password encrypted second share, and a third share, the first share assigned to the service data platform, the password encrypted second share assigned to a customer of the customer key-pair, and the third share is assigned to a trusted third party device, and wherein at least two of the first, second, and third share are sufficient to reconstruct the private key associated with the customer key-par;receiving, at the trusted third party device, an authorization for release of the third party share; andrecovering the private key associated with the customer key-pair by reconstructing, at the service data platform, the private key associated with the customer key-pair based on the first share and the received third party share. 11. The system of claim 10, wherein the at least one process of the machine, which when executing the instructions, further causes the system to perform operations comprising: the sensitive identification information represents at least one of customer identification information and personally identification information. 12. The system of claim 10, wherein the at least one process of the machine, which when executing the instructions, further causes the system to perform operations comprising: receiving a request associated with an authorized user of the customer of the service data platform to access the encrypted sensor data stored by the service data platform;receiving a password associated with the password encrypted second share; anddecrypting the password encrypted second share. 13. The system of claim 12, wherein the at least one process of the machine, which when executing the instructions, further causes the system to perform operations comprising: combining the first share and the decrypted password encrypted second share to reconstruct the private key associated with the customer key-pair. 14. The system of claim 12, wherein the at least one process of the machine, which when executing the instructions, further causes the system to perform operations comprising: receiving, at the service data platform, a request to recover the password encrypted second share;receiving, at the trusted third party device, a request to release the third party share, wherein the third party share stored at the trusted third party device;receiving, at the trusted third party device, an authorization for release of the third party share; andrecovering the private key associated with the customer key-pair by reconstructing, at the service data platform, the private key associated with the customer key-pair based on the first share and the received third party share. 15. The system of claim 14, wherein the at least one process of the machine, which when executing the instructions, further causes the system to perform operations comprising: creating a new customer key-pair including a new customer certificate and a new private key;encrypting the recovered private key with the new private key of the new customer key-pair; andencrypting new sensor data with the certified public key associated with the customer key-pair including the recovered private key. 16. The system of claim 15, wherein the at least one process of the machine, which when executing the instructions, further causes the system to perform operations comprising: receiving, at the service data platform, a request to access the encrypted new sensor data stored;determining that the encrypted new sensor data in the request is encrypted with the certified public key associated with the customer key-pair including the recovered private key;determining that the private key associated with the first customer key-pair is encrypted with the new private key of the new customer key-pair;decrypting the private key associated with the customer key-pair including the recovered private key by using the new private key associated with the new customer key-pair; anddecrypting the encrypted new sensor data in the request using the decrypted private key associated with the customer key-pair. 17. The system of claim 10, wherein the at least one process of the machine, which when executing the instructions, further causes the system to perform operations comprising: splitting the private key associated with the customer key-pair at least into the first and second share. 18. A non-transitory machine-readable medium storing instructions that, when executed by at least one processor of a machine, cause the machine to perform operations comprising, at least: collecting sensor data by sensor nodes of a sensor network, the sensor network in communication with a service data platform;encrypting the sensor data, at the sensor nodes prior to being transmitted to the service data platform, using a certified public key associated with a customer key-pair, wherein: the sensor data representing the customer data associated with sensitive identification information, andthe certified public key is stored at the server nodes to enable the sensor nodes to encrypt the sensor data;cryptographically signing the sensor data with a device private key associated with the sensor nodes;transporting the encrypted sensor data to the service data platform for storage; anddecrypting at the service data platform, using at least one processor of a machine, the encrypted sensor data using at least a private key sharing scheme that reconstructs a private key associated with the customer key-pair using a first share, a password encrypted second share, and a third share, the first share assigned to the service data platform, the password encrypted second share assigned to a customer of the customer key-pair, and the third share is assigned to a trusted third party device, and wherein at least two of the first, second, and third share are sufficient to reconstruct the private key associated with the customer key-par;receiving, at the trusted third party device, an authorization for release of the third party share; andrecovering the private key associated with the customer key-pair by reconstructing, at the service data platform, the private key associated with the customer key-pair based on the first share and the received third party share.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (73)
Ko, Lee-Chun; Gligor, Virgil D.; Lee, Hayan, Access authorization method and apparatus for a wireless sensor network.
Gordin, Myron K.; Boyle, Timothy J.; Hol, Philip D.; Jacobson, Jeffrey A., Apparatus, method and system for monitoring and maintaining light levels at target area for lighting system.
Zhang, Yajun-Edwin; Jin, Zhao Xia; Huang, Jerry Qi; Halford, Andrew D.; Liu, Chengyi; Mitchell, Curtis, Approach for planning, designing and observing building systems.
Wangler Richard J. ; Gustavson Robert L. ; McConnell ; II Robert E. ; Fowler Keith L., Intelligent vehicle highway system multi-lane sensor and method.
Chemel, Brian J.; Piepgras, Colin; Kondo, Steve T.; Johnston, Scott D., LED-based lighting methods, apparatus, and systems employing LED light bars, occupancy sensing, local state machine, and time-based tracking of operational modes.
Narayana, M S Badari; Karunakaran, Kumara Das; Choudary, Seemant; Bourakov, Veniamin, Location based load balancing of wireless access points and wireless switches.
Hawkins, Stan; Turner, Charles; Swiedler, Thomas; Norseen, John, Method and system for remotely monitoring and controlling field devices with a street lamp elevated mesh network.
Prendergast James C. ; Ransbottom Leslie N. ; Dibble Walter E., Method of evaluating and classifying living structures for estimating potential damage thereto from physical disturbanc.
Chao Wen-Hua (5F ; No. 52 ; Tung-Feng St. Taipei City TWX), Thermal storage device for interacting with a circulating coolant in an air conditioning system.
Lipton, Alan J.; Clark, John I. W.; Zhang, Zhong; Venetianer, Peter L.; Strat, Thomas; Allmen, Mark; Severson, William; Haering, Niels; Chosak, Andrew; Frazier, Matthew; Sfekas, James; Hirata, Tasuki, Video analytic rule detection system and method.
Lipton, Alan J.; Strat, Thomas M.; Venetianer, Pèter L.; Allmen, Mark C.; Severson, William E.; Haering, Niels; Chosak, Andrew J.; Zhang, Zhong; Frazier, Matthew F.; Seekas, James S.; Hirata, Tasuki; Clark, John, Video surveillance system employing video primitives.
Venetianer, Peter L.; Lipton, Alan J.; Chosak, Andrew J.; Frazier, Matthew F.; Haering, Niels; Myers, Gary W.; Yin, Weihong; Zhang, Zhong, Video surveillance system employing video primitives.
Venetianer, Peter L.; Allmen, Mark C.; Brewer, Paul C.; Chosak, Andrew J.; Clark, John I. W.; Frazier, Matthew F.; Haering, Niels; Hirata, Tasuki; Horne, Caspar; Lipton, Alan J.; Severson, William E., Video tripwire.
Venetianer, Peter L.; Brewer, Paul C.; Chosak, Andrew J.; Clark, John I. W.; Haering, Niels; Lipton, Alan J.; Myers, Gary; Yen, Chung-Cheng; Kalapa, Pramod, Video tripwire.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.