Search

US-12627980-B2 - Systems and methods for secure internet-of-things (IoT) device to cloud integration

US12627980B2US 12627980 B2US12627980 B2US 12627980B2US-12627980-B2

Abstract

Aspects of the subject disclosure may include, for example, a device in which a cloud connection stack and a security transport stack are each partially or entirely implemented for execution in a modem (e.g., a cellular modem) or a SIM component (e.g., an IoT SAFE SIM applet) of the device, rather than on the device's own OS and processor. Some or all of the application layer protocols (e.g., MQTT, CoAP, LwM2M, etc.) in the security transport stack may be implemented (or consolidated) for execution by the modem or SIM component. Some or all of the functionality of the cloud connection stack (e.g., bootstrapping and messaging/telemetry) may additionally, or alternatively, be implemented (or consolidated) for execution by the modem or SIM component. Other embodiments are disclosed.

Inventors

  • Dongdong Li
  • George Ransom Murphy

Assignees

  • AT&T MOBILITY II LLC

Dates

Publication Date
20260512
Application Date
20230720

Claims (20)

  1. 1 . A device, comprising: a device processing system and a device operating system (OS) that runs on the device processing system; a cellular modem communicatively coupled to the device processing system, and equipped with a cellular processing system and a cellular OS that runs on the cellular processing system; and a subscriber identity module (SIM) component communicatively coupled to the cellular modem, wherein the device is configured with a modem security transport stack and a cloud connection stack, and wherein the modem security transport stack is executed in the cellular OS on the cellular processing system.
  2. 2 . The device of claim 1 , wherein the modem security transport stack includes one or more rules, protocols, interfaces, or technologies for an application layer, a session layer, a transport layer, or a combination thereof.
  3. 3 . The device of claim 1 , wherein the modem security transport stack comprises Message Queuing Telemetry Transport (MQTT), Constrained Application Protocol (CoAP), Lightweight Machine-to-Machine (LwM2M), Transport Layer Security (TLS), Datagram Transport Layer Security (DTLS), Transmission Control Protocol (TCP)/Internet Protocol (IP), User Datagram Protocol (UDP), Hypertext Transfer Protocol (HTTP), HTTP Secure (HTTPS), or a combination thereof.
  4. 4 . The device of claim 1 , wherein a device transport stack is executed in the device OS on the device processing system, and wherein the device further comprises a modem stack adapter configured to translate or transform protocols between the modem security transport stack and the device transport stack.
  5. 5 . The device of claim 1 , wherein the cloud connection stack includes one or more rules, protocols, interfaces, or technologies for an application layer.
  6. 6 . The device of claim 1 , wherein the cloud connection stack relates to bootstrapping, telemetry, or a combination thereof.
  7. 7 . The device of claim 1 , wherein the cloud connection stack comprises Message Queuing Telemetry Transport (MQTT), Constrained Application Protocol (CoAP), Hypertext Transfer Protocol (HTTP), HTTP Secure (HTTPS), Lightweight Machine-to-Machine (LwM2M), or a combination thereof.
  8. 8 . The device of claim 1 , wherein the cloud connection stack is executed in the device OS on the device processing system.
  9. 9 . The device of claim 1 , wherein the cloud connection stack is executed in the cellular OS on the cellular processing system.
  10. 10 . The device of claim 1 , wherein telemetry functionality of the cloud connection stack is executed in the device OS on the device processing system, and wherein bootstrapping functionality of the cloud connection stack is executed in the cellular OS on the cellular processing system.
  11. 11 . The device of claim 1 , wherein telemetry functionality of the cloud connection stack is executed in the device OS on the device processing system, and wherein bootstrapping functionality of the cloud connection stack is executed in the SIM component.
  12. 12 . The device of claim 1 , wherein telemetry functionality of the cloud connection stack is executed in the cellular OS on the cellular processing system, and wherein bootstrapping functionality of the cloud connection stack is executed in the SIM component.
  13. 13 . The device of claim 1 , wherein telemetry functionality and bootstrapping functionality of the cloud connection stack are executed in the SIM component.
  14. 14 . The device of claim 1 , wherein the device comprises an Internet-of-Things (IoT) device or a non-IoT device.
  15. 15 . The device of claim 1 , wherein the SIM component comprises a SIM card, an embedded SIM (eSIM), or an integrated SIM (iSIM).
  16. 16 . The device of claim 1 , wherein the device is compliant with or exceeds requirements of Internet-of-Things (IoT) SIM Applet For Secure End-2-End Communication (SAFE).
  17. 17 . The device of claim 1 , wherein the cellular processing system is configured to communicate with a cellular network.
  18. 18 . The device of claim 1 , wherein each of the modem security transport stack and the cloud connection stack is capable of being updated via Over the Air (OTA), via application programming interface (API) calls, or both.
  19. 19 . An apparatus configured to facilitate an Internet-of-Things (IoT) application, the apparatus comprising: a modem that includes an application (AP) processing system and an AP operating system (OS) that runs on the AP processing system; and a subscriber identity module (SIM) component communicatively coupled to the modem, wherein an application stack, a modem security transport stack, and a cloud connection stack are executed in the AP OS on the AP processing system, thereby reducing a need for an apparatus OS and an apparatus processing system that are external to the modem.
  20. 20 . A method, comprising: configuring an Internet-of-Things (IoT) device with a modem security transport stack, wherein the IoT device includes a device operating system (OS) that runs on a device processing system, a cellular OS that runs on a cellular processing system, and a subscriber identity module (SIM) component, wherein the modem security transport stack is executed in the cellular OS on the cellular processing system, and wherein a device transport stack is executed in the device OS on the device processing system; and providing the IoT device with a modem stack adapter that is configured to facilitate conversion of protocols between the modem security transport stack and the device transport stack.

Description

FIELD OF THE DISCLOSURE The subject disclosure relates to systems and methods for secure Internet-of-Things (IoT) device to cloud integration. BACKGROUND Many IoT devices use customized or special purpose security and transport stacks to ensure safe and reliable connectivity. For instance, IoT SAFE devices that are compliant with Global System for Mobile Communications Association (GSMA) IoT SAFE standards employ special security stacks that retrieve and utilize keys/certificates stored in a highly trusted SIM card to securely connect to the cloud. These special security transport stacks are executed within the IoT device's operating system (OS), which runs on the IoT device's (e.g., native) processor. They include rules or protocols for various layers of the Open Systems Interconnection (OSI) model, such as Transport Layer Security (TLS) or Datagram TLS (DTLS) in the network layer to address both security and connection constraints, and Message Queuing Telemetry Transport (MQTT) or Constrained Application Protocol (CoAP) in the application layer to ensure reliable cloud connectivity. A typical IoT SAFE device is also equipped with a cloud connection stack that is similarly executed in the IoT device's OS. This stack includes rules or protocols for establishing and maintaining connections between the device and cloud-based services. BRIEF DESCRIPTION OF THE DRAWINGS Reference will now be made to the accompanying drawings, which are not necessarily drawn to scale, and wherein: FIG. 1 is a block diagram illustrating an exemplary, non-limiting embodiment of a communications network in accordance with various aspects described herein. FIG. 2A is a block diagram illustrating an example, non-limiting embodiment of an IoT system functioning within, or operatively overlaid upon, the communications network of FIG. 1 in accordance with various aspects described herein. FIG. 2B is a block diagram illustrating an alternate example, non-limiting embodiment of an IoT system functioning within, or operatively overlaid upon, the communications network of FIG. 1 in accordance with various aspects described herein. FIGS. 2C and 2D are flow diagrams that respectively illustrate an example bootstrapping process and an example messaging/telemetry process with respect to the IoT device architecture of FIG. 2B, in accordance with various aspects described herein. FIG. 2E is a block diagram illustrating an alternate example, non-limiting embodiment of an IoT system functioning within, or operatively overlaid upon, the communications network of FIG. 1 in accordance with various aspects described herein. FIG. 2F is a flow diagram that illustrates an example messaging/telemetry process with respect to the IoT device architecture of FIG. 2E, in accordance with various aspects described herein. FIG. 2G is a block diagram illustrating an alternate example, non-limiting embodiment of an IoT system functioning within, or operatively overlaid upon, the communications network of FIG. 1 in accordance with various aspects described herein. FIG. 2H is a flow diagram that illustrates an example messaging/telemetry process with respect to the IoT device architecture of FIG. 2G, in accordance with various aspects described herein. FIG. 2I is a block diagram illustrating an alternate example, non-limiting embodiment of an IoT system functioning within, or operatively overlaid upon, the communications network of FIG. 1 in accordance with various aspects described herein. FIGS. 2J and 2K are flow diagrams that respectively illustrate an example bootstrapping process and an example messaging/telemetry process with respect to the IoT device architecture of FIG. 2I, in accordance with various aspects described herein. FIGS. 2L and 2M are example flow diagrams that illustrate different ways (respectively using attention (AT) command(s) and using Hypertext Transfer Protocol (HTTP)/HTTP Secure (HTTPS)/MQTT command(s)) for facilitating device-to-cellular modem communications, in accordance with various aspects described herein. FIG. 2N illustrates example protocol translations between devices/systems in accordance with various aspects described herein. FIG. 2O is a block diagram illustrating an alternate example, non-limiting embodiment of an IoT system functioning within, or operatively overlaid upon, the communications network of FIG. 1 in accordance with various aspects described herein. FIG. 3 is a block diagram illustrating an example, non-limiting embodiment of a virtualized communications network in accordance with various aspects described herein. FIG. 4 is a block diagram of an example, non-limiting embodiment of a computing environment in accordance with various aspects described herein. FIG. 5 is a block diagram of an example, non-limiting embodiment of a mobile network platform in accordance with various aspects described herein. FIG. 6 is a block diagram of an example, non-limiting embodiment of a communication device in accordance with variou