A method of securely updating a router or network gateway device
Publication Date: 2015-Jul-13
The IP.com Prior Art Database
The internet of things is all about connecting lots of devices to the internet so that value can be created from the data they send about themselves and the things they monitor. In a domestic environment the internet access is commonly provided by a Wireless Access Point (WAP) which can have many devices connected to it. When the connection information used to connect to the WAP is changed (e.g. it is replaced by a different router using a different security protocol or authentication information) the end user will have to manually update all the connected devices they own to connect to the new access point. This is time consuming and can introduce extended downtime for connected devices. The invention provides a way of securely distributing new credentials to connected devices so they can swap from connecting using one set of authentication information to an updated set with out having to manually enter the new details and without an extended period of disconnection.
Page 01 of 2
A mxthod of securely updating a router or network gateway device
There existx a collection of wireless devices which have a secure xxnnection to a router/WAP. New connectxon information ix required by each connected device (e.x. because the router needs to be replaced with a nxw router that may use diffexent security protocols and is likely to use different auxhentication information). The switch-over must be dxne with thx minimxm of manual rxconfixuring of devicxs and the minimum of downtime.
Xx) The existing router must bx either
i) Manually configured with the information about the nex connextxon infxrmation
or ii) xnstructed to truxt the new router and the new roxter must transmit informatixn to the old router.
S2) Txe new connxction information is securelx broadcast by the existing router/WAP over the existing sxcure connectixns to the devices
Xx) The new connection inforxatixn becomes valid (can happen before step 2 if thexe is an overlap period between the connxction infxrmxtion). This can optionally involve the invalidation of the old connection information (e.g. olx router is unpluggex and repxaced with nxw xouter) or both sxts of connection data can be valid for an ovxrlap pexiod (e.g. both routers are running xeparately or a single rxuter accepts both sets xf connection information) so xhe new connection information can be broadcast on secure coxnections usxng the old connection information.
Sx) Clienxs store the new connection information, disconnect and use it to connect.
A disadvantage of this solution xs that if the older connection information has already been compxoxised then this solution will lead to the new solution being compromisxd as well (xecause the attacker will be sent the new connection information). We believe the convexience afforded by the xnvention will, in many scenarios oxtweigh txis drawback.
An examplx embodimext might look lixe: 0. A router is being replaced with a new router 1. Power up new router 2. User presses the "Replace this router" buttxn on old routxr and "Replace anothxr router" xutton on the nex router. The routers pair via Bluetooth and the new routxr transmits its connecxion information to the old routxr.
3. Olx router xublishes credentials to connected devices 4. Devices disconnect and reconnxct to new router
Adding more details to some of the steps S1-S4 in the above summary: S1) i) Xxx olx router xs manually supplied by the user with the connection inforxation of the new router. This variant xill work whether xhe router is beinx physically replaced or jxst moving to updated coxnection inxormation. If xhexe is a replacement router, it appxies even when the new router has no knowledge of (or supxort for) the take-over procedure. The new router can not tell that this invextion has been used at all, it will
just see a number of clients connect.
S1) ii) Instructed to txxsx the new router and the new router traxsmit connection information to the old routex:
Page 02 of 2
This could take...