SYSTEMS AND METHODS FOR SECURE COMMUNICATION OVER A NETWORK USING A LINKING ADDRESS
Systems and methods for secure communication over a network using a linking address. Systems for secure communication may include a computer system in electronic communication over a network with a plurality of electronic devices, a database in electronic communication with the computer system, the database configured to electronically store at least a linking address and an associated payload of a data packet, an engine stored on and executed by the computer system, the engine electronically receiving a data packet over the network from a first electronic device, processing the data packet to identify a linking address and a payload, the linking address being at least 32 bit, storing the linking address and payload in the database, electronically receiving a query from a second electronic device, the second electronic device identifying the linking address, and electronically transmitting the data packet over the network to the second electronic device.
This application claims benefit under 35 U.S.C. §119(e) to U.S. Provisional Patent Application No. 61/997,422 filed Jun. 2, 2014 and U.S. Provisional Patent Application No. 61/997,450 filed Jun. 2, 2014, which are incorporated herein by reference in their entirety and made a part hereof.
FIELD OF THE DISCLOSUREThe present disclosure relates generally to systems and methods for secure communication over a network using a linking address. More specifically, the present disclosure relates to a system and method for secure transmission and storage over a network using one of many linking addresses.
RELATED ARTThere are a growing number of electronic devices in communication over the Internet, which together comprise the Internet of Things (IoT). A difficulty of having so many devices in communication over the Internet is providing an efficient, effective, reliable, and scalable way to directly connect all of these devices with one another. Many electronic devices connect to the Internet through various firewalls and routers using a Network Address Translation (NAT) protocol. Communication via NAT does not directly expose the communicating device to the external network environment, which can be problematic when such devices are trying to communicate directly (e.g., when the devices are not connected to servers that have their Internet address exposed).
The Interactive Connectivity Establishment (ICE) protocol (e.g., with Session Traversal Utilities for NAT (STUN)) can be used to assist the direct connection of devices, but this approach does not work in every case (e.g., in 10% of cases). Alternatively, a relaying service could be used (e.g., Traversal Using Relays around NAT (TURN)), which is more reliable, but requires the relaying services to be a trusted party (e.g., to know its individual clients as well as store permissions and session states).
These approaches can result in service fragmentation, as each group of devices (e.g., grouped by vendor, provider, ownership, etc.) has its own connectivity provider due to the required trust relationship. Another disadvantage of these approaches is an increased cost of servicing, as there are substantial resources required on the server side (e.g., processing power, memory, etc.) because reliable connections are stateful.
Further, many systems and devices create periodic or event-driven historical records (e.g., logs) to be stored for subsequent retrieval and analysis. Many available log storage mechanisms form a closed system with mutual trust between the storage mechanism, log generator, and consumer. However, requiring every system to have its own log storage mechanism can be problematic when log generators and consumers are owned by various parties, when it is unknown who the log consumer will be, when there are multiple log consumers, etc. Further, coupling security associations and trust relationships with the log storage mechanism increases the amount of security associations and procedures to set up and maintain. It is impractical for every analytic application to create its own log storage mechanism, or have each device model commit to one particular log storage mechanism at the time of manufacture.
All these problems are exacerbated as the number of clients (e.g., electronic devices, device owners, etc.) increase, such as in an IoT environment.
SUMMARY OF THE INVENTIONIn view of the above, there is a need for a system that can provide secure electronic communication and storage over a network that is scalable and reliable, and which uses minimal computer resources and minimal financial resources to setup, maintain, and use.
The present disclosure relates to systems and methods for secure communication over a network using a linking address. In one embodiment, the system for secure communication comprising a computer system in electronic communication over a network with a plurality of electronic devices, a database in electronic communication with the computer system, the database configured to electronically store at least a linking address and an associated payload of a data packet, an engine stored on and executed by the computer system, the engine electronically receiving a data packet over the network from a first electronic device, processing the data packet to identify a linking address and a payload, the linking address being at least 32 bit, storing the linking address and payload in the database, electronically receiving a query from a second electronic device, the second electronic device identifying the linking address, and electronically transmitting the data packet over the network to the second electronic device.
In another embodiment, a method for secure communication comprises electronically receiving, at an engine stored on and executed by a computer system, a data packet from a first electronic device over a network, processing the data packet to identify a linking address and a payload contained therein, the linking address being at least 32 bit, storing the linking address and the associated payload of the data packet in a database, electronically receiving a query from a second electronic device, the second electronic device identifying the linking address, and electronically transmitting the data packet over the network to the second electronic device.
The foregoing features of the disclosure will be apparent from the following Detailed Description, taken in connection with the accompanying drawings, in which:
The present disclosure relates to a system and method for secure electronic communication and storage over a network. More specifically, the present disclosure relates to an Internet of Things/Internet Protocol (IoT/IP) system to provide secure electronic communication and storage over a network. The IoT/IP system is scalable, reliable, and secure, and uses minimal computer resources (e.g., processing power, memory, etc.) and minimal financial resources to setup, maintain, and use. As a result of using fewer computer resources, the IoT/IP system also improves the functioning of the computer itself, among other advantages. The IoT/IP system provides for secure communication (e.g., electronic transmissions) as well as secure storage (e.g., log storage) by using a unique linking address (e.g., key, pin, token, ID, etc.), where the linking address is one of a very large number of possible linking addresses (e.g., trillions). In other words, the number of linking addresses in use (e.g., by electronic devices) is much less than the number of linking addresses available. This makes the linking address being used impractical (unlikely) to guess or deduce, even using a computerized random address generator. For example, the linking address may be as large or larger than 32 bit, 64 bit, 128 bit, 256 bit, 512 bit, etc. If the ID is 128 bits, the collision probability after 20 trillion pairings is one in a trillion, so the probability of guessing or deducing the relevant active ID (if trillion logs are simultaneously active) is 1 in 1026. Accordingly, the IoT/IP system does not require or use any security associations.
The secure log storage subsystem 32 provides anonymous storage of log entries (or any other type of data) generated from a first log generator electronic device, which can then be accessed by one or more second log consumer electronic devices by using a linking address. The first log consumer electronic device may be the same device as the second log generator electronic device. More specifically, the linking address for the secure log storage subsystem 32 may be a Remote Storage Identification (RSID). The log generator electronic device may transmit log entries to a single RSID, which then may be accessed by one or more log consumer electronic devices. Alternatively, the log generator electronic device may transmit log entries to multiple RSIDs, such that each linking address is exclusive to only one log consumer electronic device. As with the secure communication relay subsystem 30, the RSID is so complex (e.g., large) as to be impractical to guess or deduce the one being used, and the number of unique RSIDs available is much larger than the actual number in use. The secure log storage subsystem 32 is completely indifferent (e.g., agnostic) as to the identities of the electronic devices and the content of the data packet (e.g., log entries) being transmitted and stored. Although log entries are described, the secure log storage subsystem 32 may store any type of electronic data.
The IoT/IP system does not store any confidential information or client information (e.g., registration information, configuration information, hardware address information, etc.), and thus the server of the IoT/IP system does not require protection. In other words, the IoT/IP system (e.g., including each of the secure communication relay subsystem 30 and the secure log storage subsystem 32) has no knowledge of the electronic devices communicating therewith, nor does the IoT/IP system have any knowledge of any security associations of such devices. As a result, the IoT/IP system operates at a very low financial cost and uses minimal computer resources, thereby improving the functioning (e.g., speed) of the computer itself. The IoT/IP system does not require any information or knowledge of any of the electronic devices prior to those devices using the system, thereby avoiding costly authentication systems and procedures (e.g., logins, accounts, etc.). This provides a connectivity infrastructure between many devices (e.g., millions of devices) without any preparation steps and without communicating individual device information.
Once locally authenticated, the devices will be able to directly communicate with each other remotely over the Internet 20 via the IoT/IP system. For example, a remote smartphone 42b (which may be a different, or the same smartphone as smartphone 42a when remotely located) may communicate with the IoT/IP engine 16 which communicates with the smartlamp 40 via the local router 46. The system is completely indifferent to the local electronic communication protocol used (e.g., indifferent to NAT protocol). Any number or any type of electronic devices may be used and paired with one another (e.g., smartlamp 40, desktop computer 48, smartphone 50, tablet computer 52, laptop computer, thermostat, lightswitch, electrical socket, garage door opener, etc.) to remotely communicate with each other via the IoT/IP engine 16. From the user perspective, the devices (e.g., smartlamp 40 and smartphone 42a) may directly communicate with each other locally (e.g., using Bluetooth, Wi-Fi, etc.) to determine an agreed upon linking address, and then communicate with one another remotely over the network 20 (e.g., smartlamp 40 and smartphone 42b) using the predetermined linking address. From the user perspective, the devices communicate and operate with one another the same when locally communicating as they do when remotely communicating without any need for online registration (e.g., of the user, the device hardware, and/or any other identifying information). Further, the system may utilize forward secrecy such that if an unauthorized user were to break into the device and/or the IoT/IP system, they would not be able to reconstruct past communications.
In step 112, the IoT/IP system electronically receives a query (e.g., request) from a log consumer. The request includes the RSID and may optionally include query terms (e.g., maximum number of latest entries to be retrieved and/or time of oldest entry to retrieve, etc.). The request may be encrypted with the public key of the server of the IoT/IP system. This encryption hides the RSID from observers and prevents interference by third parties (e.g., prevents third parties from learning the RSID). To encrypt the data packet, any of the existing public key schemes can be used (e.g., RSA, Diffie-Hellman (DH), elliptic curve cryptography (ECC), etc). However, as discussed above, the IoT/IP system does not require security associations. Particularly for data packets with end-to-end encryption and authentication with pre-established credentials, securing electronic communication (e.g., traffic) between clients and the IoT/IP system is not required. Encrypting the RSID with the public key of the IoT/IP server and using sparse ID name space ensures that attackers cannot insert malicious traffic or log entries, or pose as legitimate communications peers or consumers, thereby preventing targeted denial of service (DoS) attacks and snooping. In step 114, the IoT/IP system retrieves the log entries requested (e.g., consistent with the query terms) from the database. In step 116, the IoT/IP system electronically transmits the log entries to the log consumer. If encrypted, the log entry (e.g., payload) remains opaque to third parties. The electronic transmission may include a timestamp and/or be encrypted, such as by the IoT/IP system server and log consumer establishing a one-time shared secret by an public key method (e.g., Diffie-Hellman). In this way, the IoT/IP system acts as a storage between the first electronic device and the second electronic device. The IoT/IP system is completely indifferent (e.g., agnostic) as to the identity of the electronic devices (e.g., log generators, log consumers, etc.), the content of the encrypted log entries, the identity of the owner of one or both of the electronic devices, etc. However, because the RSID range is so large, only the agreed upon parties (e.g., the log generator and the log consumer) can deposit and retrieve log entries. Thereby, the IoT/IP provides the privacy and security necessary for electronic communications over a network. The IoT/IP system (e.g., secure relay communication subsystem, secure log storage subsystem) does not process or store any identifying information about the clients (e.g., electronic devices, owners of electronic devices, etc.). This substantially reduces setup costs, maintenance costs, and data storage requirements. However, as the IoT/IP system does not utilize any identifying information, unrelated parties (e.g., unauthorized users) could attempt to use the IoT/IP system. Accordingly, if desired, to counteract potential abuse or use by unauthorized users (e.g., nonpaying users), each authorized electronic device could be issued a unique blinded certificate. The unique blinded certificate (e.g., bureau document) could be required to be submitted periodically (e.g., with the first log entry, every inactivity timer period, etc.). The unique blinded certificate may be embedded by the manufacturer, issued from online registration, etc. Thus, the IoT/IP system could recognize a valid certificate, but does not associate it with a particular electronic device and/or user. The IoT/IP system may, in some embodiments, monitor for signs of abuse and could blacklist (e.g., ban) any certificates and/or IP addresses found to cause abuse, thereby preventing the IP address or certificate holder from accessing the IoT/IP system. Such signs of abuse could include access to a particular RCID by an IP address where the IP address changes too frequently, or concurrent use of a particular RSID by two devices with the same certificate but different IP addresses, or a third electronic device attempting to use a particular RCID, etc.
Using sparse ID (e.g., linking address, RSID, RCID) name space provides very efficient client-side load balancing and high availability. Assuming N log servers (which do not need to be connected), each client (e.g., generator, consumer, Client A, Client B, etc.) have a list of addresses of all active servers (e.g., Server[N]). To select a server, a client (e.g., generator, consumer, Client A, Client B, etc.) calculates index i=ID mod N (where ID is either RCID or RSID), and both select Server[i]. At least in embodiments where ID is randomly chosen, the load will be evenly distributed over N log servers without any additional procedures. Instead of using ID directly, a hash of ID (e.g., i=hash(ID) mod N) may be used to avoid consequences of potential poor randomness of ID.
Using a hash of the ID can also be used to work around failed log servers. For example, if a log server fails to respond to certain packets as expected (e.g., a response does not arrive), the generator or consumer simply increment RSID by one, and calculate new i=hash(RSID) mod N again, until the server responds.
Having thus described the system and method in detail, it is to be understood that the foregoing description is not intended to limit the spirit or scope thereof. It will be understood that the embodiments of the present disclosure described herein are merely exemplary and that a person skilled in the art may make any variations and modification without departing from the spirit and scope of the disclosure. All such variations and modifications, including those discussed above, are intended to be included within the scope of the disclosure.
Claims
1. A system for secure communication, comprising:
- a computer system in electronic communication over a network with a plurality of electronic devices;
- a database in electronic communication with the computer system, the database configured to electronically store at least a linking address and an associated payload of a data packet;
- an engine stored on and executed by the computer system,
- the engine configured and adapted for: electronically receiving a data packet over the network from a first electronic device; processing the data packet to identify a linking address and a payload contained therein, the linking address being at least 32 bit; storing the linking address and the payload in the database; electronically receiving a query from a second electronic device, the second electronic device identifying the linking address; and electronically transmitting the data packet over the network to the second electronic device.
2. The system of claim 1, wherein the linking address is at least 128 bit.
3. The system of claim 1, wherein the engine is indifferent to identifying information of the first electronic device and the second electronic device.
4. The system of claim 1, wherein the first electronic device and the second electronic device are paired with one another such that the linking address is agreed upon prior to the engine receiving the data packet.
5. The system of claim 1, wherein the data packet is encrypted upon receipt by the engine, and the engine decrypts the data packet received from the first electronic device.
6. The system of claim 5, wherein the payload of the decrypted data packet is encrypted.
7. The system of claim 1, wherein the payload is encrypted when received by the engine, and remains encrypted when transmitted to the second electronic device.
8. The system of claim 1, wherein the data packet includes a role identifier.
9. The system of claim 1, wherein the engine encrypts the data packet before transmitting the data packet to the second electronic device.
10. The system of claim 1, wherein the engine receives a unique blinded certificate with the data packet from the first electronic device.
11. A method for secure communication, comprising:
- electronically receiving, at an engine stored on and executed by a computer system, a data packet from a first electronic device over a network;
- processing the data packet to identify a linking address and a payload contained therein, the linking address being at least 32 bit;
- storing the linking address and the associated payload of the data packet in a database;
- electronically receiving a query from a second electronic device, the second electronic device identifying the linking address; and
- electronically transmitting the data packet over the network to the second electronic device.
12. The method of claim 11, wherein the linking address is at least 128 bit.
13. The method of claim 11, wherein the engine is indifferent to identifying information of the first electronic device and the second electronic device.
14. The method of claim 11, wherein the first electronic device and the second electronic device are paired with one another such that the linking address is agreed upon prior to the engine receiving the data packet.
15. The method of claim 11, further comprising decrypting the data packet.
16. The method of claim 15, wherein the payload of the decrypted data packet is encrypted.
17. The method of claim 11, wherein the payload is encrypted when received by the engine, and remains encrypted when transmitted to the second electronic device.
18. The method of claim 11, wherein the data packet includes a role identifier.
19. The method of claim 11, further comprising encrypting the data packet before transmitting the data packet to the second electronic device.
20. The method of claim 11, wherein the engine receives a unique blinded certificate with the data packet from the first electronic device.
21. A non-transitory computer-readable medium having computer-readable instructions stored thereon which, when executed by a computer system, cause the computer system to perform the steps of:
- electronically receiving, at an engine stored on and executed by the computer system, a data packet from a first electronic device over a network;
- processing the data packet to identify a linking address and a payload contained therein, the linking address being at least 32 bit;
- storing the linking address and the associated payload of the data packet in a database;
- electronically receiving a query from a second electronic device, the second electronic device identifying the linking address; and
- electronically transmitting the data packet over the network to the second electronic device.
22. The computer-readable medium of claim 21, wherein the linking address is at least 128 bit.
23. The computer-readable medium of claim 21, wherein the engine is indifferent to identifying information of the first electronic device and the second electronic device.
24. The computer-readable medium of claim 21, wherein the first electronic device and the second electronic device are paired with one another such that the linking address is agreed upon prior to the engine receiving the data packet.
25. The computer-readable medium of claim 21, wherein the computer-readable instructions, when executed by a computer system, further cause the computer system to perform the step of decrypting the data packet.
26. The computer-readable medium of claim 25, wherein the payload of the decrypted data packet is encrypted.
27. The computer-readable medium of claim 21, wherein the payload is encrypted when received by the engine, and remains encrypted when transmitted to the second electronic device.
28. The computer-readable medium of claim 21, wherein the data packet includes a role identifier.
29. The computer-readable medium of claim 21, wherein the computer-readable instructions, when executed by a computer system, further cause the computer system to perform the step of encrypting the data packet before transmitting the data packet to the second electronic device.
30. The computer-readable medium of claim 21, wherein the engine receives a unique blinded certificate with the data packet from the first electronic device.
Type: Application
Filed: Jun 2, 2015
Publication Date: Dec 3, 2015
Inventor: Vladan Djakovic (San Francisco, CA)
Application Number: 14/728,867