Security is one of the most important concerns of the IoT deployment. US20150106616 illustrates the system that can provide secure and efficient communications between the IoT devices and back-end systems (e.g., cloud servers) through the Internet Protocol networks exploiting the established PKI techniques and algorithms such as public keys and private keys.

1. ©2015 TechIPm, LLC All Rights Reservedhttp://www.techipm.com/
1
Internet of Things (IoT) Security Measures Insights from Patents
Centralized Security Architecture
Security is one of the most important concerns of the IoT deployment. Traditional security architectures regulate
access to resources/services through the granting of authorization rights by a centralized authenticator (e.g., a
"trustee"). The centralized authenticator is a device that has the ability to unilaterally establish a trust relationship
between other devices in a federated trust domain, such as an authorization, authentication, and accounting (AAA)
server. Current authentication schemes include public key infrastructure (PKI) based "Digital Signature"
techniques. Cryptographic algorithms based digital signatures mark an electronic document (digital certificate) to
signify its association with an entity. A trusted third party that certifies the digital signature issues the digital
certificate. Irrespective of the authentication mechanism used, a successful authentication process assigns a
static/fixed role to the requesting entity (e.g., the trustee). In turn, authorization processes determine access
privileges based on the fixed role assignment.
US20150106616 illustrates the system that can provide secure and efficient communications between the IoT
devices and back-end systems (e.g., cloud servers) through the Internet Protocol networks exploiting the
established PKI techniques and algorithms such as public keys and private keys. The secure communication system
uses the security server to communicate with the IoT devices and application servers. The security server receives

2. ©2015 TechIPm, LLC All Rights Reservedhttp://www.techipm.com/
2
data from the IoT devices and forwards the data to the application servers exploiting the set of cryptographic
algorithms. The cryptographic algorithms can include asymmetric ciphering algorithms, symmetric ciphering
algorithms, secure hash algorithms, digital signature algorithms, key pair generation algorithms, a key derivation
function, and/or a random number generator. The IoT devices utilize the pre-shared secret key to authenticate with
the security server. The IoT devices internally derive pairs of private/public keys using cryptographic algorithms.
The security server authenticates the submission of derived public keys leveraging established PKI standards and
the associated IoT device identity. The security server establishes the secure connection with the application
servers to send the application message that includes server identity, encrypted update instruction, data from the
IoT devices and IoT device identity. The application server stores the data for subsequent processing and analysis.

3. ©2015 TechIPm, LLC All Rights Reservedhttp://www.techipm.com/
3

4. ©2015 TechIPm, LLC All Rights Reservedhttp://www.techipm.com/
4
Distributed Security Architecture
Centralized security architectures are sometimes ill-suited for the IoT networks. For example, centralized
authenticators may lack the flexibility, granularity, and extensibility to make efficient and informed security
decisions in highly distributed and/or heterogeneous IoT networks. Accordingly, security architectures capable of
providing efficient trust mechanisms in highly distributed open network environments are desired.
US20150135277 illustrates the trust management framework that would be invaluable for addressing the current as
well as future IoT environments needs.
The distributed security system provides various trust management schemes and blueprints for enabling a
framework so that interested parties can determine the trustworthiness of disparate and heterogeneous IoT entities.
The distributed security system exploits the point-to-point (P2P) trust management topology in which each peer
node stores trust information of their immediate neighboring peer nodes. Trust based authorization mechanisms
leverage the dynamic trust value assigned to the "trustee" entity and makes the access control decisions in a highly
dynamic manner. The truster decides permissions based on principle's set of attributes instead of principle's
identities. Trust attributes may include evidence-based as well as reputation-based attributes.

5. ©2015 TechIPm, LLC All Rights Reservedhttp://www.techipm.com/
5

6. ©2015 TechIPm, LLC All Rights Reservedhttp://www.techipm.com/
6
Smart Grid Security
With the development of smart grid technologies to modernize the electric grid, vulnerabilities were inherently
introduced from using advanced, networked technologies in connection with electric grid operations. The electric
industry has generally avoided the use of modern cyber security and routable protocols instead relying on obscure
protocols and serial communications to comply with critical infrastructure regulations and requirements.
Recognizing the need for a smarter and more secure grid, the electric industry and federal government have been
working on security standards for the smart grid. US20150281278 illustrates the system for securing electric power
grid operations from cyber-attack that that meets Federal Information Processing Standards for the electric grid.
The system comprises a collection of security services distributed throughout the smart grid in two main categories
of services; central security services and edge security services. The central security services integrate security
controls and enforcement of security policies through service components deployed centrally at a grid control
center and at or near the perimeters of an electric power grid. The central security services are physically located at
the grid control center and comprise security management services, cyber security infrastructure services, and
automated security services. The edge security services are used for security configuration services and automated
security services that perform distributed enforcement of security policies at or near the perimeters of an electric
grid system.

7. ©2015 TechIPm, LLC All Rights Reservedhttp://www.techipm.com/
7

8. ©2015 TechIPm, LLC All Rights Reservedhttp://www.techipm.com/
8
Connected Car Security
Automobiles are becoming more sophisticated and increasingly use computerized technology (ECU--electronic
control unit) to control critical functions and components such as brakes and airbags functionality. While the
computerized technology enhances the performance of the vehicle, compromising the operation of the safety-
critical ECUs may cause severe damage to the vehicle, its passengers and potentially even the surroundings if the
vehicle is involved in an accident with other vehicle(s) or pedestrians. These ECUs are usually connected via a
non-secure manner such as through CAN bus. Taking control of the vehicle's communication bus can result in
compromising the safety critical ECUs. Some of the ECUs which are connected to the vehicle's communication
bus have external connections, such as the telematics computer and the infotainment system. It is possible to
compromise one of these ECUs using a cyber-attack. The compromised ECU serves as an entry point to deploy the
aforementioned attack.
US20150020152 illustrates the security system for protecting a vehicle electronic system by selectively intervening
in the communications path in order to prevent the arrival of malicious messages at ECUs. The security system
includes a filter which prevents illegal messages sent by any system or device communicating over a vehicle
communications bus from reaching their destination. The filter may, at its discretion according to preconfigured
rules, send messages as is, block messages, change the content of the messages, request authentication or limit the
rate such messages can be delivered, by buffering the messages and sending them only in preconfigured intervals.

9. ©2015 TechIPm, LLC All Rights Reservedhttp://www.techipm.com/
9