	US 12,388,627 B2
	Internet of Things security with multi-party computation (MPC)
Patrícia Raquel Vieira Sousa, Oporto (PT); João Miguel Maia Soares de Resende, Oporto (PT); Rolando da Silva Martins, Oporto (PT); and Luís Filipe Coelho Antunes, Oporto (PT)
Assigned to INESC TEC—INSTITUTO DE ENGENHARIA DESISTEMAS E COMPUTADORES, TECNOLOGIA E CIÊNCIA, Oporto (PT); and U.PORTO—UNIVERSIDADE DO PORTO, Oporto (PT)
Filed by INESC TEC Instituto de Engenharia de Sistemas e Computadores, Tecnologia E Ciência, Rua Dr Roberto Frias (PT)
Filed on Mar. 28, 2024, as Appl. No. 18/620,485.
Application 18/620,485 is a continuation of application No. 18/099,156, filed on Jan. 19, 2023.
Application 18/099,156 is a continuation of application No. 17/055,671, abandoned, previously published as PCT/EP2019/062713, filed on May 16, 2019.
Claims priority of application No. 20181000034529 (PT), filed on May 16, 2018; and application No. 18174412 (EP), filed on May 25, 2018.
Prior Publication US 2024/0243907 A1, Jul. 18, 2024
Int. Cl. H04L 9/08 (2006.01); G06F 7/58 (2006.01); G16Y 30/10 (2020.01); H04L 9/40 (2022.01); H04L 67/12 (2022.01)

CPC H04L 9/0841 (2013.01) [G16Y 30/10 (2020.01); H04L 63/0435 (2013.01); H04L 63/061 (2013.01); H04L 63/0869 (2013.01); H04L 67/12 (2013.01); G06F 7/582 (2013.01); H04L 2209/46 (2013.01); H04L 2209/84 (2013.01)]

13 Claims

1. A method for establishing a peer-to-peer communication in an IoT network using encrypted messages along a communications channel between a first device and a second device comprising:

mutually discovering the first device and the second device;

validating the communications channel by establishing secret session keys for the communications channel between the first device and the second device, wherein the secret session keys are computed using symmetric keys;

calculating, from the secret session keys, a first authentication string (SAS) in the first device and a second authentication string (SAS) in the second device;

inserting the first calculated SAS in a first multiparty computation (MPC) module of the first device and the second calculated SAS in a second multiparty computation (MPC) module of the second device and confirming security of the communications channel by evaluating the first SAS in the second MPC module of the second device and the second SAS in the first MPC module of the first device;

establishing, in the event of the confirmation of the security of the communications channel, a shared secret between the first device and the second device using the computed secret session key; and

exchanging the encrypted messages along the communications channel.