US 12,170,655 B2
Microcontroller
Witali Bartsch, Leverkusen (DE); and Steen Harbach, Leverkusen (DE)
Assigned to WIZnet Germany GmbH, Kleinniedesheim (DE)
Appl. No. 17/298,186
Filed by WIZnet Germany GmbH, Kleinniedsheim (DE)
PCT Filed Nov. 25, 2019, PCT No. PCT/EP2019/082363
§ 371(c)(1), (2) Date May 28, 2021,
PCT Pub. No. WO2020/114814, PCT Pub. Date Jun. 11, 2020.
Claims priority of application No. 18209811 (EP), filed on Dec. 3, 2018.
Prior Publication US 2022/0116384 A1, Apr. 14, 2022
Int. Cl. G06F 7/04 (2006.01); H04L 9/40 (2022.01)
CPC H04L 63/0823 (2013.01) [H04L 63/0435 (2013.01); H04L 63/083 (2013.01); H04L 63/0876 (2013.01); H04L 63/166 (2013.01); H04L 63/20 (2013.01)] 8 Claims
OG exemplary drawing
 
1. A method for communication between a microcontroller and a network computer wherein the microcontroller comprises a processor, a memory module and a network module; and wherein the network computer comprises a processor, a memory module and a network module, the method comprising the following steps:
generating, by the microcontroller independent of the network computer, a first authentication key at the microcontroller;
securely registering, with the network computer, the microcontroller based on the first authentication key during an initial setup phase;
receiving, from the network computer, a digital certificate comprising a second authentication key upon successful registration;
storing the digital certificate and the second authentication key securely at rest in the memory module of the microcontroller by utilizing the first authentication key;
initiating the microcontroller, wherein initiating the microcontroller comprises the following steps:
establishing a connection between the microcontroller and the network computer;
requesting, by the microcontroller, a new digital certificate from the network computer, based on predetermined conditions including at least one of a certificate expiration, a detection of a security threat, or a change in network policies;
providing a zero-knowledge method to prove the microcontroller's knowledge of the first authentication key to the network computer when requesting the new digital certificate;
issuing a new digital certificate for the microcontroller by the network computer upon successful authentication using the first authentication key;
transmitting the new digital certificate from the network computer to the microcontroller; and
replacing the stored digital certificate in the memory module of the microcontroller with the new digital certificate and updating the second authentication key in the memory module of the microcontroller; and
exchanging user data between the microcontroller and the network computer, wherein exchanging user data comprises the following steps:
establishing a connection between the microcontroller and the network computer independent of other security schemes;
verifying the new digital certificate of the microcontroller by the network computer; and
exchanging user data between the microcontroller and the network computer, provided that the previous verification of the new digital certificate of the microcontroller by the network computer has been successful.