DESC:TECHNICAL FIELD

The present disclosure relates in general to Internet of Things (IoT) networks. More particularly, but not exclusively, the present disclosure discloses a method and system for dynamically adapting privacy and security for IoT communication.
,CLAIMS:We claim:
1. A method for dynamically adapting privacy and security for Internet of Things (IoT) communication, the method comprising:
handling, by an Interconnect Gateway (ICG) 300A of a Communicating Local Entity (CLE), a communication request received from a Communicating Remote Entity (CRE) by determining communication requirement, based on ICG communication-policy;
performing, by the ICG 300A and an IoT Gateway (IoTGW) 300B associated with the ICG 300A at one end and the CLE at other end, a pre-engagement communication between the CRE and the CLE for exchange of information upon determining the communication requirement;
maintaining, by the ICG 300A and the IoTGW 300B, the pre-engagement communication during the exchange of information between the CRE and the CLE;
establishing, by the ICG 300A and the IoTGW 300B, an engagement communication between the CRE and the CLE, wherein the IoTGW 300B establishes the engagement communication when an interest level during the exchange of information is greater than a predefined interest level;
maintaining, by the ICG 300A and the IoTGW 300B, the engagement communication to identify one or more privacy and security related events during the exchange of communication and to identify one or more actions to handle the one or more privacy and security related events; and
terminating, by the ICG 300A and the IoTGW 300B, the engagement communication when at least one of actions are undertaken on the one or more privacy and security related events or upon normal completion of the engagement communication.

2. The method as claimed in claim 1, wherein performing the pre-engagement communication comprises:
determining, by the ICG 300A and IoTGW 300B, allowance of the pre-engagement communication;
determining, by an IoT Management application (IoTMA) associated with the IoTGW 300B, purpose and need for the pre-engagement communication;
determining, by the IoTGW 300B, interest level for the pre-engagement communication; and
initializing session filter for privacy and security compliance during the pre-engagement communication.

3. The method as claimed in claim 2, wherein determining the allowance of the pre-engagement communication comprises:
forming, by the ICG 300A, a pre-engagement perception for the CRE based on ICG local perception and ICG global perception, corresponding to identity information of the CRE, wherein the pre-engagement perception is associated with a privacy and security compliance level;
determining, by the ICG 300A, the allowance of the pre-engagement communication when the privacy and the security compliance level is greater than a predefined ICG initial communication allowance threshold level;
forming, by the IoTGW 300B, an initial perception for the CRE based on IoTGW local perception and IoTGW global perception, obtained based on the identity information of the CRE and type of the communication request, wherein the initial perception is associated with a communication allowance level; and
determining, by the IoTGW 300B, the allowance of the pre-engagement communication when the communication allowance level is greater than a predefined IoTGW initial communication allowance threshold level.

4. The method as claimed in claim 3, wherein the ICG local perception is obtained from the IoTGW 300B if at least one of the ICG local perception is unavailable in the memory of ICG 300A or the ICG local perception present in the memory of ICG 300A is stale, and wherein the ICG global perception is obtained from a Perception Management Entity (PME) 205 associated with the ICG 300A if at least one of the ICG global perception is unavailable in the memory of ICG 300A or the ICG global perception present in the memory of ICG 300A is stale.

5. The method as claimed in claim 3, wherein the IoTGW local perception is obtained from a IoT Management Application (IoTMA) associated with the IoTGW 300B if at least one of the IoTGW local perception is unavailable in the memory of IoTGW 300B or the IoTGW local perception present in the memory of IoTGW 300B is stale, and wherein the IoTGW global perception is obtained from the ICG 300A if at least one of the IoTGW global perception is unavailable in the memory of IoTGW 300B or the IoTGW global perception present in the memory of IoTGW 300B is stale.

6. The method as claimed in claim 2, wherein,
determining the purpose for the pre-engagement communication is based on contents of the communication request, historical data associated with previous communication of the CRE with the CLE and one or more exceptions encountered during the previous communication;
determining the need for the pre-engagement communication is achieved by matching the determined purpose with existing list of needs along with need threshold values, wherein the existing list of needs is maintained by the IoTMA based on at least one of functional and service need associated with IoT Network (IoTN) of the CRE; and
determining need-fulfilment threshold by comparing ability of the CRE to fulfil the need (NFA) with the need-threshold values, wherein the NFA is determined based on need-fulfilment track record (NFTR) of the CRE and information exchanged during the pre-engagement communication.

7. The method as claimed in claim 6, wherein determining the interest level comprises:
determining need-fulfilment confidence level (NFCL) by comparing the NFTR with the need-fulfilment threshold; and
determining the interest level by combining the NFCL and one or more security and privacy attributes in the initial perception.

8. The method as claimed in claim 2, wherein initializing the session filter for privacy and security compliance during the pre-engagement communication comprises:
forming, by the ICG 300A, a pre-engagement session filter using specific rules and thresholds (SRT) of the CRE, wherein the SRT is formed by associating rules and thresholds in global filter rules and thresholds (GFRAT) with the pre-engagement perception, wherein the GFRAT is obtained from the PME;
forming, by the IoTGW 300B, a working perception based on the initial perception by assessing the privacy and the security compliance level during the pre-engagement communication;
forming, by the IoTGW 300B, an initial session filter by associating the rules and thresholds in the GFRAT, obtained from the ICG 300A, with the working perception and by adapting the rules and thresholds based on specific filter rules and threshold adaptations (SFRAT) obtained from the IoTMA associated with the IoTGW 300B; and
initializing, by the IoTGW 300B, an intermediate session filter with values of the initial session filter.

9. The method as claimed in claim 1, wherein maintaining the pre-engagement communication comprises:
tracking, by the ICG 300A and IoTGW 300B, communication exchange between the CLE and the CRE during the pre-engagement communication;
determining, by the IoTGW 300B, the privacy and security compliance level during the pre-engagement communication;
updating, by the IoTGW 300B, interest level for the CRE in the pre-engagement communication; and
configuring, by the IoTGW 300B, intermediate session filter for privacy and security in the pre-engagement communication.

10. The method as claimed in any of the claims 1-9, wherein tracking the communication exchange between the CLE and the CRE during the pre-engagement communication comprises:
applying, by the ICG 300A, the pre-engagement session filter on communication content exchanged during the pre-engagement communication; and
applying, by the IoTGW 300B, the intermediate session filter on the communication content.

11. The method as claimed in any of the claims 1-10, wherein determining the privacy and security compliance level comprises:
triggering, by the IoTGW 300B, the IoTMA to update the need-fulfilment threshold and the need and purpose of the pre-engagement communication, wherein the IoTMA is triggered based on at least one of periodically, upon receipt of additional information based on the communication content exchanged during the pre-engagement communication, from the CRE and detecting change in environment during the pre-engagement communication; and
refining, by the IoTGW 300B, the working perception upon detecting change in the IoTGW global perception.

12. The method as claimed in claim 11, wherein the environment includes location and surrounding of the CRE and the CLE and communication channel between the CRE and CLE.

13. The method as claimed in any of the claims 1-12, wherein updating the interest level for the pre-engagement communication is done by combining the updated NFCL and one or more privacy and security attributes in the refined working perception, wherein the updated NFCL is determined by comparing the updated NFTR with the updated need-fulfilment threshold.

14. The method as claimed in any of the claims 1-13, wherein configuring the intermediate session filter comprises updating the intermediate session filter by associating the rules and thresholds in the GFRAT with the working perception and by adapting the rules and thresholds based on recent SFRAT obtained from the IoTMA.

15. The method as claimed in claim 1, wherein establishing the engagement communication between the CRE and the CLE comprises:
initializing, by the IoTGW 300B and the ICG 300A, engagement filters to be applied to the communication content exchanged during the engagement communication; and
initiate monitoring, by the ICG 300A and the IoTGW 300B, the communication content by applying the engagement filters.
16. The method as claimed in the claim 15, wherein initializing the engagement filters comprises:
forming, by the ICG 300A, an ICG engagement perception based on the pre-engagement perception and one or more privacy and security related events during the pre-engagement communication;
forming, by the ICG 300A, an ICG engagement filter using specific rules and thresholds (SRT) of the CRE, wherein the SRT is formed by associating rules and thresholds in global filter rules and thresholds (GFRAT) with the ICG engagement perception, wherein the GFRAT is obtained from the PME 205;
forming, by the IoTGW 300B, an IoTGW engagement perception based on the most recent working perception by assessing the privacy and the security compliance level and the exposure demanded by the CRE; and
forming, by the IoTGW 300B, an IoTGW engagement filter by associating the rules and thresholds in the GFRAT, obtained from the ICG 300A, with the IoTGW engagement perception and by adapting the rules and thresholds based on specific filter rules and threshold adaptations (SFRAT) obtained from IoT Management Application (IoTMA) associated with the IoTGW 300B.
17. The method as claimed in claims 15 and 16, wherein initiating monitoring of the communication content is by applying the ICG engagement filter and the IoTGW engagement filter on the communication content.

18. The method as claimed in any of the claims 1-17, wherein maintaining the engagement communication comprises:
identifying, by the IoTGW 300B, the one or more privacy and security related events based on at least one of exceptions, policy violations, real-time analysis of the communication content exchanged based on the IoTGW engagement perception;
identifying, by the ICG 300A, the one or more privacy and security related events based on at least one of exceptions, abnormal situations, notifications received from the PME;
determining, by the ICG 300A, ICG based impact of the one or more privacy and security related events based on the real-time analysis of the communication content exchanged between the CRE and the CLE during the engagement communication, the ICG engagement perception, previous history of engagement with the CRE;
determining, by the ICG 300A, one or more actions to handle the one or more privacy and security related events based on the determined ICG based impact and a predefined threat factor associated with the identified one or more privacy and security related events and comparing it with configured security-privacy threshold values (SEC-PRIV-THRESHOLD);
determining, by the IoTGW 300B, IoTGW based impact of the one or more privacy and security related events based on the real-time analysis of the communication content exchanged between the CRE and the CLE during the engagement communication, the IoTGW engagement perception, previous history of engagement with the CRE; and
determining, by the IoTGW 300B, one or more actions to handle the one or more privacy and security related events based on the determined IoTGW based impact and a predefined threat factor associated with the identified one or more privacy and security related events and comparing it with configured security-privacy threshold levels (SEC-PRIV-THRESHOLD).

19. The method as claimed in the claim 18, wherein the one or more actions by ICG 300A include at least one of:
updating, by the ICG 300A, ICG engagement perception based on at least one of the identified one or more privacy and security related events and any change in the environment;
refining, by the ICG 300A, ICG engagement filter by associating the specific rules and thresholds obtained from the GFRAT with the updated ICG engagement perception;
continuing, by the ICG 300A, the engagement communication, and
terminating by the ICG 300A, the engagement communication.

20. The method as claimed in the claim 18, wherein the one or more actions by IoTGW 300B include at least one of:
updating, by the IoTGW 300B, IoTGW engagement perception based on at least one of updated purpose, the identified one or more privacy and security related events and any change in the environment, wherein the updated purpose is determined by the IoTMA associated with the IoTGW 300B based on information that was received from the CRE during the engagement which contradicted the information received earlier from the CRE;
refining, by the IoTGW 300B, IoTGW engagement filter based on updated IoTGW engagement perception and recent SFRAT obtained from the IoTMA;
continuing by the IoTGW 300B, the engagement communication; and
terminating by the IoTGW 300B, the engagement communication.

21. The method as claimed in any of the claims 1-20, wherein terminating the engagement communication comprises:
forming, by the IoTGW 300B, IoTGW closing perception based on recent IoTGW engagement perception and fulfilment of the need upon completion of the engagement communication;
sending by the IoTGW 300B, local perception-related inputs from the engagement communication to the ICG 300A;
adapting, by the IoTGW 300B, the security and privacy threshold levels (SEC-PRIV-THRESHOLD based on number and type of occurrences of one or more privacy and security related events during the engagement communication and extent of need fulfillment;
forming, by the ICG 300A, the ICG closing perception based on recent ICG engagement perception;
curating, by the ICG 300A, local perception-related inputs received from the IoTGW 300B, and sending the curated perception information to the PME 205 wherein curating includes at least one of removing IoT functional aspects of the perception, and computing aggregates of privacy and security exceptions; and
adapting, by the ICG 300A, the security and privacy threshold levels (SEC-PRIV-THRESHOLD) based on number and type of occurrences of one or more privacy and security related events during the engagement communication.

22. An Interconnect Gateway (ICG) 300A of a Communicating Local Entity (CLE) for dynamically adapting privacy and security for Internet of Things (IoT) communication, the ICG 300A comprising:
an IoT Gateway (IoTGW) interface 320 communicably connected to an IoTGW 300B associated with the ICG 300A at one end and the CLE at another end;
Macro cellular and Core Network (MCN) Interface 322 communicably connected with a Communicating Remote Entity (CRE) for receiving a communication request from the CRE;
ICG memory 336 configured to store information related to threshold and configuration settings, topology and connectivity information associated with IoT network and ICG local perception and ICG global perception;
ICG processor 324 comprising plurality of ICG modules configured to:
handle the communication request received from the CRE by determining communication requirement, based on ICG communication-policy;
perform a pre-engagement communication between the CRE and the CLE for exchange of information upon determining the communication requirement;
maintain the pre-engagement communication by tracking the exchange of information between the CRE and the CLE during the pre-engagement communication;
establish an engagement communication between the CRE and the CLE;
maintain the engagement communication to identify one or more privacy and security related events during the exchange of communication and to identify one or more actions to handle the one or more privacy and security related events; and
terminate the engagement communication when at least one of actions are undertaken on the one or more privacy and security related events or upon completion of the engagement communication.

23. The ICG 300A as claimed in claim 22 obtains the ICG global perception from an associated Perception Management Entity (PME) 205 if at least one of the ICG global perception is unavailable in a memory of ICG 300A or the ICG global perception present in the memory of ICG 300A is stale.
24. The ICG 300A as claimed in claim 22 obtains the ICG local perception from the IoTGW 300B if at least one of the ICG local perception is unavailable in a memory of ICG 300A or the ICG local perception present in the memory of ICG 300A is stale.

25. The ICG 300A as claimed in claim 22, wherein the plurality of ICG modules includes Session and Service (SSM) module 326, a policy module 330, a communication module 328 and an Administration and Security (ADMSEC) module 334.

26. The ICG 300A as claimed in claim 25, wherein the SSM module 326 is configured to:
form ICG-level perception upon receiving the communication request until completion of the pre-engagement and the engagement communication;
analyze impact of the one or more privacy and security related events;
form pre-engagement session filter and ICG engagement filter; and
prepare a summary report of the communication between the CLE and the CRE, wherein the summary report includes information related to the identified one or more privacy and security related events and the one or more actions to handle the one or more privacy and security related events.
27. The ICG 300A as claimed in claim 26 forms the ICG-level perception by:
forming a pre-engagement perception during the pre-engagement communication between the CLE and the CRE based on historical perception data associated with previous communication with the CRE and the ICG global perception received from the PME 205;
forming an ICG engagement perception for the CRE during the engagement communication between the CLE and the CRE based on the pre-engagement perception and the number and type of the identified one or more privacy and security related events; and
forming an ICG closing perception upon completion of the engagement communication between the CLE and the CRE based on recent ICG engagement perception and number and type of the identified one or more privacy and security related events.
28. The ICG 300A as claimed in claim 26 analyses the impact of the one or more privacy and security related events by determining impact level based on the pre-engagement perception, the pre-engagement session filter and previous history of engagement with the CRE.

29. The ICG 300A as claimed in claim 25, wherein the policy module is configured to update one or more policies related to privacy and security during communication between the CLE and CRE received from an operator associated with the CLE.

30. The ICG 300A as claimed in any of the above claims 22-29, wherein the communication module is configured to:
determine allowance of the pre-engagement communication between the CLE and the CRE based on the pre-engagement perception;
obtain the pre-engagement session filter and ICG engagement filter from the SSM 326 and apply the pre-engagement session filter and ICG engagement filter during the pre-engagement communication and the engagement communication respectively;
provide information related to the one or more privacy and security related events and information related to the perception information to the SSM 326; and
perform the one or more actions upon identifying the one or more privacy and security related events.

31. The ICG 300A as claimed in claim 25, wherein the ADMSEC module 334 is configured to:
obtain the ICG global perception from the PME 205 and provide the ICG global perception to the IoTGW 300B upon receiving a request from the IoTGW 300B; and
determine one or more actions to ensure security of communication channel between the CLE and the CRE and the communication content.

32. The ICG 300A as claimed in claim 22, wherein the information related to the threshold and configuration settings includes predefined ICG initial communication allowance threshold level used to determine allowance of the pre-engagement communication between the CLE and the CRE and security privacy threshold level.
33. An IoT Gateway (IoTGW) 300B of a Communicating Local Entity (CLE) for dynamically adapting privacy and security for Internet of Things (IoT) communication, the IoTGW comprising:
an IoT network (IoTN) interface 308 communicably connected with the CRE;
an IoTNext Interface 310 communicably connected with the ICG 300A to receive the communication request;
IoTGW memory 314 configured to store information related to threshold and configuration settings, topology and connectivity information associated with the IoT network and IoTGW local perception and IoTGW global perception;
IoTGW processor 312 comprising one or more IoTGW modules configured to:
perform a pre-engagement communication between the CRE and the CLE for exchange of information upon receiving the communication request;
maintain the pre-engagement communication to monitor interest level during the exchange of information between the CRE and the CLE;
establish an engagement communication between the CRE and the CLE when the interest level is greater than a predefined interest level;
maintain the engagement communication to identify one or more privacy and security related events related to privacy and security compliance during the exchange of communication and to identify one or more actions to handle the one or more privacy and security related events; and
terminate the engagement communication when at least one of actions are undertaken on the one or more privacy and security related events or upon completion of the engagement communication.

34. The IoTGW 300B as claimed in claim 33 obtains the IoTGW local perception from a IoT Management Application (IoTMA) associated with the IoTGW 300B if at least one of the IoTGW local perception is unavailable in a memory of the IoTGW 300B or the IoTGW local perception present in the memory of IoTGW 300B is stale.

35. The IoTGW 300B as claimed in claim 33 obtains the IoTGW global perception from the ICG 300A if at least one of the IoTGW global perception is unavailable in a memory of IoTGW 300B or the IoTGW global perception present in the memory of IoTGW 300B is stale.

36. The IoTGW 300B as claimed in claim 33, wherein the one or more IoTGW modules includes a communication module (CM-MOD) 304 and a connection module (CONN-MOD) 302.

37. The IoTGW 300B as claimed in claim 34, wherein the IoTMA is configured to:
determine purpose of the communication and the need for the communication with the CRE during the pre-engagement communication;
update the purpose and the need during the pre-engagement communication and during the engagement communication with the CRE;
determine and update extent of need fulfilment (EXT-NEED-FULFILL) prior to the engagement communication and during the engagement communication based on the purpose and need.
provide inputs and thresholds to the IoTGW 300B to determine interest level of the CRE for the communication with the CLE, the filters to be used before and during the engagement communication;
consolidate information, received from the IoTGW 300B on termination of the engagement communication, related to the IoTGW local perception; and
facilitate the IoTGW 300B to form perceptions and to analyze impact of the one or more privacy and security related events.

38. The IoTGW 300B as claimed in claim 36, wherein the CM-MOD 304 is configured to:
form IoTGW-level perception upon receiving the communication request until the pre-engagement communication is terminated;
determine the allowance of the pre-engagement communication;
determine interest level of the CRE in the pre-engagement communication based on purpose and need of the communication with the CRE;
form initial session filter, intermediate session filter and IoTGW engagement filter;
analyze impact level of the one or more privacy and security related events during the pre-engagement communication; and
prepare a summary report of the communication between the CLE and the CRE, wherein the summary report includes information related to the identified one or more privacy and security related events and the one or more actions to handle the one or more privacy and security related events.

39. The IoTGW 300B as claimed in claim 38, wherein the CM-MOD 304 forms the IoTGW-level perception by:
forming initial perception upon receiving the communication request;
forming working perception during the pre-engagement communication with the CRE until beginning of the engagement communication;
forming IoTGW engagement perception during the engagement communication with the CRE until the termination of the engagement communication; and
forming IoTGW closing perception during termination of one of the pre-engagement communication and the engagement communication.

40. The IoTGW 300B as claimed in claim 36, wherein the CONN-MOD 302 is configured to:
apply the intermediate session filter and the IoTGW engagement filter during the pre-engagement communication and the engagement communication respectively; and
report the one or more privacy and security related events to the SSM 326; and
perform one or more actions on the identified one or more privacy and security related events upon receiving an instruction from the SSM 326.

Dated this 11th day of March, 2017
Swetha SN
Of K&S Partners
Agent for the Applicant