Methods and systems for operating a secure mobile device

Abstract

Method and apparatus for communicating with a machine to machine, M2M, device comprising: deriving at a M2M device using generic bootstrapping architecture, GBA, a first key. Sending a second key to the M2M device protected using the first key, wherein the second key is different to the first key. Sending protected data to the M2M device, wherein the protected data is verifiable by the M2M device using the second key.

Description

FIELD OF THE INVENTION[0001]The present invention relates to a method and system for operating a machine to machine (M2M) device.BACKGROUND OF THE INVENTION[0002]Machine to Machine (M2M) devices are often numerous, hard-to-reach, and have constrained capabilities (owing to low cost, small size, low processing power or limited battery life). All of this makes their management, often remote, very complicated. Moreover, M2M devices often need to be managed in a secure manner. For example, they may contain information that is commercially sensitive and / or confidential for the one or more entities that manage and / or own said devices. There is a need to remotely manage them in a secure way, while respecting these constraints.[0003]WO 2012 / 035340 describes forming secure associations between IP-enabled devices. An originating device establishes a secure connection to a first server. A target device establishes a secure connection to a second server. The first and second servers establish a...

AI Technical Summary

Benefits of technology

[0042]This has an advantage of reduced or no PKI. Furthermore, certificate validation may be easier. Protection of the data may be by encryption or digital signature or both.

[0076]establishing a secure association between the first and second devices using the first and second key data. At least one device uses GBA. A broker may act as a “trusting” entity between the entities that manage these devices. One advantage of using GBA in this case is that it allows these keys may be provided in a simple and efficient manner.

[0084]Optionally, the protected data may include an instruction to the M2M device to conduct a test or tests. This prevents unauthorised operation of typically unmonitored devices.

Problems solved by technology

Machine to Machine (M2M) devices are often numerous, hard-to-reach, and have constrained capabilities (owing to low cost, small size, low processing power or limited battery life).

All of this makes their management, often remote, very complicated.

However, such an approach is not suited to securing broadcasts such as firmware updates or public warning messages.

Obtaining such material securely under these circumstances can be problematic.

To date, most of the limited number of deployments of GBA in the world has been for mobile broadcast.

These alternatives all work well with mobile devices and operators already, so service providers use them, although they are not as secure as GBA.

Strong security is not possible with current alternatives such as a user-entered PIN or a bootstrapping message delivered by an SMS.

These alternatives would either not be feasible or they would not provide the required level of security.

First, there might not be a user around to enter a PIN (as most M2M devices operate independently from human intervention).

Second, the service provider may be likely to want strong security (e.g. because M2M devices may include critical infrastructure), whereas PIN-based bootstrapping has weaker security.

Third, if a PIN or SMS-based bootstrapping goes wrong (server connects to wrong client, client connects to wrong server, or there is a Man-In-The-Middle), then the user is likely to notice, complain and get it fixed, whereas an M2M device is unlikely to notice and complain, so may be permanently compromised.

Neither is particularly practical by way of existing methods.

Moreover, as mentioned above, the OMA Device Management is not compatible for use with an M2M device, as discussed above.

Moreover, for the reasons mentioned above, the OMA Device Management and the standard document are incompatible, and a combination of the GBA Push for OMA Device Management with the standard document is not feasible, as it would result in the wrong device management protocol (i.e. one that is not suitable for M2M devices, particularly simple M2M devices), and some very laborious effort to make the two compatible and delete the elements which are redundant.

However, coaps requires a secure association to be provisioned between a device and a network server (DM Server) while providing no strong means to provision such an association from scratch.

Images