Login| Sign Up| Help| Contact|

Patent Searching and Data


Title:
METHOD AND APPARATUS FOR UPDATING SETTINGS OF DISTRIBUTED DEVICES
Document Type and Number:
WIPO Patent Application WO/2018/167352
Kind Code:
A1
Abstract:
Customer premises equipment with at least one processor configured to communicate with a subscriber identity module of a mobile communication network and a memory stores a decryption key in the memory. The at least one processor obtains from the subscriber identity module encrypted seed information, decrypts the encrypted seed information using the decryption key and obtains new settings information for the apparatus using the seed information.

Inventors:
VUONNALA, Raimo (Harjuviita 12 D 22, Espoo, 02110, FI)
KOSKINEN, Aaro Julius (Porvoonkatu 11 A 19, Helsinki, 00510, FI)
AIROLA, Kari (Rakuunantie 12 a 26, Helsinki, 00330, FI)
Application Number:
FI2017/050176
Publication Date:
September 20, 2018
Filing Date:
March 16, 2017
Export Citation:
Click for automatic bibliography generation   Help
Assignee:
NOKIA SOLUTIONS AND NETWORKS OY (Karaportti 1-3, Espoo, 02610, FI)
International Classes:
H04W12/08; H04L12/24; H04W8/18; H04L29/06; H04W4/00
Domestic Patent References:
WO2015162539A12015-10-29
Foreign References:
DE102014014561A12016-03-31
US20080046583A12008-02-21
Other References:
None
Attorney, Agent or Firm:
ESPATENT OY (Kaivokatu 10 D, Helsinki, 00100, FI)
Download PDF:
Claims:
CLAIMS

1. An apparatus, comprising:

at least one processor configured to communicate with a subscriber identity module of a mobile communication network;

a memory; and

a decryption key stored in the memory;

the at least one processor being further configured to:

obtain from the subscriber identity module encrypted seed information; decrypt the encrypted seed information using the decryption key; and obtain new settings information for the apparatus using the seed information.

2. The apparatus of claim 1, further comprising a communication circuitry configured to enable communication with the mobile communication network using the subscriber identity module.

3. The apparatus of claim 2, wherein the at least one processor being configured to perform the obtaining of the new settings for the apparatus using the seed information by accessing a remote entity with the communication circuitry according to the seed information.

4. The apparatus of any one of preceding claims, the seed information being stored in a phone book of the subscriber identity module.

5. The apparatus of any one of preceding claims, the seed information being stored in one or more short messages of the subscriber identity module.

6. The apparatus of any one of preceding claims, the seed information comprising a network address of a network based controlling entity.

7. The apparatus of any one of preceding claims, the seed information comprising at least one of a user name and password.

8. The apparatus of any one of preceding claims, wherein:

the apparatus comprises a radio receiver configured to receive an encrypted broadcast;

the seed information comprises decrypting credentials for decrypting the broadcast; and

the at least one processor being further configured to obtain the new settings for the apparatus from the encrypted broadcast by decrypting using the decrypting credentials. 9. The apparatus of claim 8, wherein the radio broadcast is a satellite radio broadcast.

10. The apparatus of claim 8, wherein the radio broadcast is a radio data service broadcast.

11. The apparatus of any one of preceding claims, the subscriber identity module being a programmable subscriber identity module.

12. The apparatus of claim 11, subscriber identity module being a configurable by a radio transmission.

13. The apparatus of claim 11 or 12, further configured to receive the encrypted seed information to the subscriber identity module from a radio transmission. 14. The apparatus of claim 11 or 12, further configured to receive the encrypted seed information to the subscriber identity module from a radio transmission.

15. The apparatus of any one of preceding claims, the seed being encrypted with an encryption key of at least 128 bits.

16. The apparatus of any one of preceding claims, the apparatus being customer premises equipment.

17. The apparatus of any one of claims 1 to 15, the apparatus being a navigation device.

18. The apparatus of any one of claims 1 to 15, the apparatus being a vehicle control or assistance apparatus.

19. The apparatus of any one of claims 1 to 15, the apparatus being a surveillance apparatus. 20. The apparatus of any one of preceding claims, the apparatus further comprising a trusted execution environment configured to comprise the memory storing the decryption key and the seed information.

21. The apparatus of claim 20, the trusted environment being further configured to indicate to a server compliance with predetermined minimum security capability.

22. The apparatus of any one of preceding claims, the at least one processor being configured to attempt obtaining of the new settings using the encrypted seed

information in response to detecting that the apparatus lacks correct settings information.

23. A server, comprising:

a communication circuitry configured to communicate with plural apparatuses; at least one processor configured to;

receive seed information from an apparatus;

check authorization of the apparatus with the seed information for access to new settings information for the apparatus; and

cause providing the apparatus with the new settings information only if the checking results in positive authorization.

24. The server of claim 23, the at least one processor being configured to cause the providing of the apparatus with the new settings information by sending to the apparatus the new settings information using the communication circuitry.

25. The server of claim 23 or 24 the at least one processor being further configured to:

test compliance of the apparatus with predetermined minimum security capability; and

subject the providing of the apparatus with the new settings information only if the apparatus meets the predetermined minimum security capability.

26. The server of claim 25, the at least one processor being further configured to instruct the apparatus, if the testing of the compliance was negative, to perform a firmware update.

27. The server of any one of claims 23 to 26, the at least one processor being further configured to perform the providing of the apparatus with the new settings information so that the settings information is encrypted between the communication circuitry and the apparatus.

28. The server of any one of claims 23 to 27, the seed information comprising a network address of a network based controlling entity. 29. The server of any one of claims 23 to 28, the seed information comprising at least one of a user name and password.

30. A provisioning computer, comprising:

a subscriber identity module configuring circuitry for communicating with a subscriber identity module;

at least one processor configured to:

store encrypted seed information to the a subscriber identity module using the subscriber identity module configuring circuitry;

wherein the seed information comprises credentials for an apparatus to obtain settings information.

31. The provisioning computer of claim 30, the at least one processor being further configured to vary the seed information stored in encrypted form to different subscriber identity modules so that the seed information selected from a selection of two or more different seed information.

32. The provisioning computer of claim 30 or 31, wherein the subscriber identity module configuring circuitry is capable of configuring subscriber identity modules over the air.

33. The provisioning computer of any one of claims 30 to 32, the at least one processor being further configured to cause reconfiguring a plurality of subscriber identity modules over the air to contain renewed encrypted seed information.

34. A method comprising:

communicating with a subscriber identity module of a mobile communication network;

storing a decryption key;

obtaining from the subscriber identity module encrypted seed information;

decrypting the encrypted seed information using the decryption key; and obtaining new settings information for the apparatus using the seed information.

35. A method comprising:

communicating with plural apparatuses;

receiving seed information from an apparatus;

checking authorization of the apparatus with the seed information for access to new settings information for the apparatus; and

causing providing the apparatus with the new settings information only if the checking results in positive authorization.

36. A method comprising:

communicating with a subscriber identity module;

storing encrypted seed information to the a subscriber identity module using the subscriber identity module configuring circuitry;

wherein the seed information comprises credentials for an apparatus to obtain settings information.

37. A computer program comprising:

code for communicating with a subscriber identity module of a mobile communication network;

code for storing a decryption key;

code for obtaining from the subscriber identity module encrypted seed information;

code for decrypting the encrypted seed information using the decryption key; and code for obtaining new settings information for the apparatus using the seed information;

when the computer program is run on a processor.

38. A computer program comprising:

code for communicating with plural apparatuses;

code for receiving seed information from an apparatus;

code for checking authorization of the apparatus with the seed information for access to new settings information for the apparatus; and

code for causing providing the apparatus with the new settings information only if the checking results in positive authorization;

when the computer program is run on a processor.

39. A computer program comprising:

code for communicating with a subscriber identity module;

code for storing encrypted seed information to the a subscriber identity module using the subscriber identity module configuring circuitry;

code for wherein the seed information comprises credentials for an apparatus to obtain settings information;

when the computer program is run on a processor.

40. A computer program according to any one of claims 37 to 39, wherein the computer program is a computer program product comprising a computer-readable medium bearing computer program code embodied therein for use with a computer.

Description:
METHOD AND APPARATUS FOR UPDATING SETTINGS OF DISTRIBUTED DEVICES

TECHNICAL FIELD

[0001 ] The present application generally relates to updating settings of distributed devices.

BACKGROUND

[0002] This section illustrates useful background information without admission of any technique described herein representative of the state of the art.

[0003] Internet of Things has created a rapidly expanding need to control various settings of vast fleets of distributed devices. Various settings may need to be set up on taking devices in use as well as to account service updates, reconfiguration of service architecture and load balancing of network entities. Effecting such settings to remote devices may be difficult or in some cases even impossible without manual action.

SUMMARY

Various aspects of examples of the invention are set out in the claims.

[0004] According to a first example aspect of the present invention, there is provided an apparatus as defined by appended claim 1.

[0005] According to a second example aspect of the present invention, there is provided a server as defined by appended claim 23.

[0006] According to a third example aspect of the present invention, there is provided a provisioning computer as defined by appended claim 30.

[0007] According to a fourth example aspect of the present invention, there is provided a method as defined by appended claim 34.

[0008] According to a fifth example aspect of the present invention, there is provided a method as defined by appended claim 35.

[0009] According to a sixth example aspect of the present invention, there is provided a method as defined by appended claim 36.

[0010] According to a seventh example aspect of the present invention, there is provided a computer program as defined by appended claim 37.

[001 1 ] comprising computer executable program code configured to execute any method of the fourth, fifth or sixth example aspect. [0012] According to an eighth example aspect of the present invention, there is provided computer program of any one of preceding example aspects that is a computer program product comprising a computer-readable medium bearing computer program code embodied therein for use with a computer.

[0013] Different non-binding example aspects and embodiments of the present invention have been illustrated in the foregoing. The embodiments in the foregoing are used merely to explain selected aspects or steps that may be utilized in implementations of the present invention. Some embodiments may be presented only with reference to certain example aspects of the invention. It should be appreciated that corresponding embodiments may apply to other example aspects as well.

BRIEF DESCRIPTION OF THE DRAWINGS

[0014] For a more complete understanding of example embodiments of the present invention, reference is now made to the following descriptions taken in connection with the accompanying drawings in which:

[0015] Fig. 1 shows an architectural drawing of a system of an example embodiment;

[0016] Fig. 2 shows a simplified block diagram of an apparatus;

[0017] Fig. 3 shows a simplified block diagram of a control server;

[0018] Fig. 4 shows a simplified block diagram of a provisioning computer;

[0019] Fig. 5 shows a flow chart illustrating a method of an example embodiment in the apparatus of Fig. 2;

[0020] Fig. 6 shows a flow chart illustrating a method of an example embodiment in the control server of Fig. 3; and

[0021 ] Fig. 7 shows a flow chart illustrating a method of an example embodiment in the provisioning computer of Fig. 4.

DETAILED DESCRIPTON OF THE DRAWINGS

[0022] An example embodiment of the present invention and its potential advantages are understood by referring to Figs. 1 through 7 of the drawings. In this document, like reference signs denote like parts or steps.

[0023] Fig. 1 shows an architectural drawing of a system 100 of an example embodiment. The system 100 comprises a seed provisioning computer 110; a plurality of apparatuses 120 each capable of using a subscriber identity module 220 (Fig. 2) of a mobile communication network 130; the mobile communication network 130; a control server 140; and a service server 150.

[0024] In an example embodiment, the seed provisioning computer 110 is configured to distribute encrypted seed information to subscriber identity modules either before or after they are taken into use by the apparatuses 120. The apparatuses 120 obtain and decrypt the encrypted seed from their subscriber identity modules and obtain new settings information using the encrypted seed from the control server 140, for example. The apparatuses 120 then establish settings according to the settings information e.g. to gain access to a service provided by the service server 150.

[0025] Fig. 2 shows a simplified block diagram of an apparatus 120, such as a customer premises equipment, navigation device, vehicular equipment such as accident notification equipment, or a surveillance system such as security camera device.

[0026] The apparatus 120 comprises:

[0027] at least one processor 210 configured to communicate with a subscriber identity module 220 of the mobile communication network 130;

[0028] a memory 230; and

[0029] decryption key 232 stored in the memory 230;

[0030] the at least one processor 210 being further configured to:

[0031 ] obtain from the subscriber identity module 220 encrypted seed information 222;

[0032] decrypt the encrypted seed information 222 using the decryption key 232; and

[0033] obtain new settings information for the apparatus 120 using the seed information 222.

[0034] In an example embodiment, the apparatus 120 further comprises a communication circuitry 240 configured to enable communication with the mobile communication network 130 using the subscriber identity module. The mobile communication network 130 may be a cellular network such as GSM, W-CDMA, CDMA- 2000, LTE-enabled network, 4G network. Alternatively, the mobile communication network 130 may be a satellite network such Exede network or HughesNet network.

[0035] The apparatus 120 may further comprise a user interface 250.

[0036] In an example embodiment, the at least one processor 210 is configured to perform the obtaining of the new settings for the apparatus 120 using the seed information 222 by accessing a remote entity such as the control server 140 with the communication circuitry 240 according to the seed information 222.

[0037] In an example embodiment, the seed information 222 is stored in a phone book of the subscriber identity module 220. Alternatively or additionally, the seed information 222 can be stored in one or more short messages of the subscriber identity module 220.

[0038] In an example embodiment, the seed information 222 comprises one or more of: a network address of a network based controlling entity such as the control server 140; a user name; and password.

[0039] In an example embodiment, the apparatus 120 comprises a radio receiver 250 configured to receive an encrypted broadcast; and the seed information 222 comprises decrypting credentials for decrypting the broadcast; the at least one processor 210 being further configured to obtain the new settings for the apparatus 120 from the encrypted broadcast by decrypting using the decrypting credentials.

[0040] In an example embodiment, the radio broadcast is a satellite radio broadcast or a radio data service broadcast.

[0041 ] Fig. 2 shows the subscriber identity module 220 as a separate block and indeed in some example embodiments the subscriber identity module is a chip card with which the apparatus 120 is configured to communicate with a suitable interface. Alternatively, or additionally, the apparatus 120 can be configured to use a programmable subscriber identity module. A programmable subscriber identity module can be implemented e.g. using a trusted execution environment to store secret information both persistently and also during run-time. A programmable subscriber identity module can be conveniently re-programmed on manufacture of the apparatus 120 or afterwards.

[0042] In an example embodiment, the subscriber identity 220 module is configurable by a radio transmission i.e. over the air. The apparatus 120 can be configured to receive the encrypted seed information to subscriber identity module from a radio transmission.

[0043] The seed is encrypted in an example embodiment with an encryption key of at least 128 bits, e.g. with 256 bit AES, triple-DES, or PGP encryption.

[0044] In an example embodiment, the apparatus is any one or more of: customer premises equipment; a navigation device; a vehicle control apparatus; a vehicle assistance apparatus; a surveillance apparatus.

[0045] As mentioned in the foregoing, the apparatus may comprise a trusted execution environment. The trusted execution environment may be configured to comprise the memory storing the decryption key and the seed information. Alternatively, the decryption key is stored in another example embodiment in another memory e.g. in an obfuscated form.

[0046] The trusted environment is further configured in an example embodiment to indicate to a server compliance with predetermined minimum security capability.

[0047] The at least one processor can be configured in an example embodiment to attempt obtaining of the new settings using the encrypted seed information in response to detecting that the apparatus lacks correct settings information.

[0048] Fig. 3 shows a simplified block diagram of the control server 140, comprising:

[0049] a communication circuitry 310 configured to communicate with plural apparatuses 120;

[0050] at least one processor 320 configured to;

[0051 ] receive seed information from an apparatus 120;

[0052] check authorization of the apparatus 120 with the seed information for access to new settings information for the apparatus 120; and

[0053] cause providing the apparatus 120 with the new settings information only if the checking results in positive authorization.

[0054] In an example embodiment, the control server 140 further comprises a memory 330 or database 340 or the control server 140 is provided with an access to a memory or database comprising the settings information. Alternatively or additionally, the at least one processor 320 of the control server 140 can be configured to produce the settings information. The settings information may be produced, for example, based on predetermined or heuristic rules according to any of properties of the apparatus 120, network address of the apparatus 120, time, and parameters provided by the apparatus 120 to the control server 140.

[0055] The at least one processor 320 can be configured to cause the providing of the apparatus with the new settings information by sending to the apparatus the new settings information using the communication circuitry.

[0056] The at least one processor 320 can be further configured in an example embodiment to:

[0057] test compliance of the apparatus 120 with predetermined minimum security capability; and

[0058] subject the providing of the apparatus 120 with the new settings information only if the apparatus 120 meets the predetermined minimum security capability.

[0059] The at least one processor can be further configured in an example embodiment to instruct the apparatus 120, if the testing of the compliance was negative, to perform a firmware update and optionally thereafter reattempt obtaining the new settings information from the control server 140.

[0060] The at least one processor can be further configured in an example embodiment to perform the providing of the apparatus 120 with the new settings information so that the settings information is encrypted between the communication circuitry and the apparatus. Secure Sockets Layer encryption is used in an example embodiment while some other example embodiments employ a shared secret stored in the trusted execution environment memory and/or public-private key encryption.

[0061 ] In the foregoing, example embodiments have been given to illustrate some implementations of the apparatus 120 and of the control server 140. The control server can be configured in an example embodiment to operate as a gate keeper that grants access credentials for using a service to such apparatuses 120 that can prove their worthiness or authorization by possessing valid seed information. Some example embodiments will next be described to illustrate how the seen information may be deployed to a large number of apparatuses 120.

[0062] Fig. 4 shows a simplified block diagram of a provisioning computer 150 comprising:

[0063] a subscriber identity module configuring circuitry 410 for communicating with a subscriber identity module 220;

[0064] at least one processor 420 configured to:

[0065] store encrypted seed information to the a subscriber identity module 220 using the subscriber identity module configuring circuitry 410;

[0066] wherein the seed information comprises credentials for an apparatus 120 to obtain settings information.

[0067] The at least one processor can be further configured in an example embodiment to vary the seed information stored in encrypted form to different subscriber identity modules so that the seed information selected from a selection of two or more different seed information. The provisioning computer 150 is configured in an example embodiment to maintain a database of the varied seed information and the subscriber identity modules stored with each version of the seed information such that if given seed information version leaks out, the seed information can be made invalid by the control server 140 and the corresponding subscriber identity modules can be reconfigured to contain renewed encrypted seed information.

[0068] In an example embodiment, the subscriber identity module configuring circuitry is capable of configuring subscriber identity modules over the air, for example, to cause reconfiguring a plurality of subscriber identity modules over the air to contain renewed encrypted seed information. In an example embodiment, the encrypted seed information is renewed periodically or on demand basis if earlier seed information has leaked out or may have leaked out and it is desired to reconfigure the control server 140 to no longer accept the old seed information.

[0069] Fig. 5 shows a flow chart illustrating a method of an example embodiment in the apparatus 120. The method comprises:

[0070] communicating 510 with a subscriber identity module 220 of the mobile communication network 130;

[0071 ] storing 520 a decryption key 232;

[0072] obtaining 530 from the subscriber identity module 220 encrypted seed information 222;

[0073] decrypting 540 the encrypted seed information 222 using the decryption key 232; and

[0074] obtaining 550 new settings information for the apparatus 120 using the seed information 222.

[0075] Fig. 6 shows a flow chart illustrating a method of an example embodiment in the control server 140, comprising:

[0076] communicating 610 with plural apparatuses 120;

[0077] receiving 620 seed information from an apparatus 120;

[0078] checking authorization 630 of the apparatus 120 with the seed information for access to new settings information for the apparatus 120; and

[0079] causing providing 640 the apparatus 120 with the new settings information only if the checking results in positive authorization.

[0080] Fig. 7 shows a flow chart illustrating a method of an example embodiment in the provisioning computer 150 comprising:

[0081 ] communicating 710 with a subscriber identity module 220;

[0082] storing 720 encrypted seed information to the a subscriber identity module 220 using the subscriber identity module configuring circuitry 410;

[0083] wherein the seed information comprises credentials for an apparatus 120 to obtain settings information.

[0084] The processors 210, 320 and 420 can be implemented using any known processing circuitries. In this context, the processor can be implemented using one or more discrete or integrated parts and the processor may also be configured to have further functionalities. Some examples of suitable elements for any or all of the processors comprise any one or more of: a master control unit (MCU); a microprocessor; a digital signal processor (DSP); an application specific integrated circuit (ASIC); a field programmable gate array; and a microcontroller.

[0085] In the foregoing, numerous example embodiments were described with reference to different equipment. It is understood that each associated method may be freely used with equipment of different structure and different (further) properties while in sake of brevity, not all the methods are separately listed as method examples. However, it is intended that any claimed method of this document can contain any method disclosed by this document, whether disclosed purely as a method or using an apparatus to describe the underlying method.

[0086] Without in any way limiting the scope, interpretation, or application of the claims appearing below, a technical effect of one or more of the example embodiments disclosed herein is that various apparatus can be manufactured and provisioned to contain desired settings without need to entrust the settings information to the manufacturers or suppliers of the apparatuses. Another technical effect of one or more of the example embodiments disclosed herein is that the settings information can be freely updated after manufacture of the apparatuses so that apparatuses may automatically gain up-to-date settings on taking into use. Yet another technical effect of one or more of the example embodiments is that industry standard components such as subscriber identity module cards and their reader circuitries and firmware can be used to deploy encrypted seed information with subscriber identity modules.

[0087] Embodiments of the present invention may be implemented in software, hardware, application logic or a combination of software, hardware and application logic. The software, application logic and/or hardware may reside on a persistent memory of an apparatus, on trusted execution environment memory or on a plug-in memory. If desired, part of the software, application logic and/or hardware may reside on a persistent memory of an apparatus, on trusted execution environment memory or on a plug-in memory. In an example embodiment, the application logic, software or an instruction set is maintained on any one of various conventional computer-readable media. In the context of this document, a "computer-readable medium" may be any non- transitory media or means that can contain, store, communicate, propagate or transport the instructions for use by or in connection with an instruction execution system, apparatus, or device, such as a computer, with one example of a computer described and depicted in Fig. 2. A computer-readable medium may comprise a computer-readable storage medium that may be any media or means that can contain or store the instructions for use by or in connection with an instruction execution system, apparatus, or device, such as a computer.

[0088] If desired, the different functions discussed herein may be performed in a different order and/or concurrently with each other. Furthermore, if desired, one or more of the before-described functions may be optional or may be combined.

[0089] Although various aspects of the invention are set out in the independent claims, other aspects of the invention comprise other combinations of features from the described embodiments and/or the dependent claims with the features of the independent claims, and not solely the combinations explicitly set out in the claims.

[0090] It is also noted herein that while the foregoing describes example embodiments of the invention, these descriptions should not be viewed in a limiting sense. Rather, there are several variations and modifications which may be made without departing from the scope of the present invention as defined in the appended claims.