US 11,895,247 B2
System and method for authenticating and authorizing devices
Eric John Smith, Holland, MI (US); Raymond Michael Stitt, Ada, MI (US); David Stuckless Meyer, Hudsonville, MI (US); and Brian Ensink, Holland, MI (US)
Assigned to DENSO CORPORATION, Kariya (JP)
Filed by DENSO CORPORATION, Kariya (JP)
Filed on Sep. 2, 2020, as Appl. No. 17/010,315.
Application 17/010,315 is a continuation of application No. 16/395,736, filed on Apr. 26, 2019, granted, now 10,771,263.
Application 16/395,736 is a continuation of application No. 15/796,180, filed on Oct. 27, 2017, granted, now 10,313,134, issued on Jun. 4, 2019.
Claims priority of provisional application 62/413,778, filed on Oct. 27, 2016.
Claims priority of provisional application 62/413,966, filed on Oct. 27, 2016.
Prior Publication US 2020/0403808 A1, Dec. 24, 2020
Int. Cl. H04L 9/32 (2006.01); H04L 9/08 (2006.01); H04L 9/30 (2006.01); G06F 21/44 (2013.01); H04L 9/40 (2022.01); H04W 76/10 (2018.01); H04W 4/80 (2018.01); G06F 21/33 (2013.01); H04W 12/08 (2021.01); H04W 12/06 (2021.01); H04W 12/069 (2021.01)
CPC H04L 9/3263 (2013.01) [G06F 21/33 (2013.01); G06F 21/44 (2013.01); H04L 9/0825 (2013.01); H04L 9/0861 (2013.01); H04L 9/30 (2013.01); H04L 9/3213 (2013.01); H04L 9/3234 (2013.01); H04L 9/3247 (2013.01); H04L 9/3271 (2013.01); H04L 63/0428 (2013.01); H04L 63/062 (2013.01); H04L 63/0823 (2013.01); H04L 63/0869 (2013.01); H04W 4/80 (2018.02); H04W 12/06 (2013.01); H04W 12/069 (2021.01); H04W 12/08 (2013.01); H04W 76/10 (2018.02); H04L 2209/80 (2013.01)] 21 Claims
OG exemplary drawing
 
1. A control unit for communicating with an equipment component, the control unit comprising:
a communication interface operable configured to communicate wirelessly with a remote device;
a memory configured to store one or more encryption keys pertaining to authentication and authorization of the remote device;
an equipment interface operable configured to communicate with the equipment component;
a controller configured to establish a communication link with the remote device via the communication interface, the controller configured to receive a ledgers;
the ledger includes an authorization node with authorization information pertaining to the equipment component and includes a chain of nodes that includes the authorization node and that begins with a root grant based on a root certificate, wherein:
the ledger is a chain-based ledger with each node of the ledger being based at least in part on a hash of one or more prior nodes of the ledger, wherein
the authorization information in the authorization node of the ledger including one or more rights for the equipment component is a layered package having a plurality of layers, each layer is encrypted in accordance with one key of an asymmetric key pair, and wherein
a node of the ledger subsequent to the authorization node is based at least in part on a hash that is based at least in part on the one or more rights for the equipment component; and
based at least in part on the authorization information of the ledger, the controller is configured to authenticate an identity of the remote device and determine whether the remote device is authorized with respect to the equipment component.