CLIAMS:WE CLAIM:

1. A method to facilitate secure social networking between sensor devices connected on a publish-subscription messaging platform, the method comprising:
defining, by each sensor device, of a plurality of sensor devices, atleast one access policy comprising a set of attributes, wherein the access policy is defined for each of the plurality of sensor devices, and wherein the set of attributes indicates accessing right of each of the plurality of sensor devices connected via a gateway in a publish-subscription messaging platform, and wherein each of the plurality of sensor devices are capable of decrypting an encrypted message associated with each sensor device based upon the access policy;
encrypting, by a first sensor device of the plurality of sensor devices, a request message, associated with a semantic, to be published on the publish-subscription messaging platform, wherein the request message is encrypted using a first key associated with the set of attributes, of the access policy, associated with the first sensor device;
publishing, via the gateway, the request message after being encrypted amongst the plurality of sensor devices connected on the publish-subscription messaging platform;
accessing, by a second sensor device, of the plurality of sensor devices, the request message encrypted based upon an attribute of set of attributes associated with the second sensor device, wherein the request message is accessed by decrypting the request message using a second key associated with the set of attributes, of the access policy, associated with the first sensor device, and wherein the second key is obtained based upon mapping of the attribute with at least one of the set of attributes of the access policy associated with the first sensor device;
encrypting, by the second sensor device, a response message, of the semantics, corresponding to the request message using a third key associated with the set of attributes, of the access policy, associated with the second sensor device;
publishing, via the gateway, the response message after being encrypted amongst the plurality of sensor devices connected on the publish-subscription messaging platform; and
accessing, via at least one sensor device, of the plurality of sensor devices, the response message encrypted based upon an attribute associated with the at least one of the plurality of sensor devices, wherein the response message is accessed by decrypting the response message using an access key, of the access policy, associated with at least one of the plurality of sensor devices, and wherein the access key is obtained based upon mapping of the attribute with at least one of the set of attributes, of the access policy, associated with the second sensor device, thereby facilitating a secure social networking of sensor devices between the plurality of sensor devices.

2. The method of claim 1, wherein the publish-subscription messaging platform is based on atleast one of the type i.e. Message Queue Telemetry Transport (MQTT) messaging protocol.

3. The method of claim 1, wherein the semantic is based on a dynamic semantic modeling facilitated by Sensor-Based natural language.

4. The method of claim 1, wherein the semantic is based on a predefined semantic modeling facilitated by Sensor-Based natural language.

5. The method of claim 1, wherein the request message and response message are encrypted using Attribute Based Encryption (ABE).

6. The method of claim 1, further comprising defining the access policy by at least one of the gateway and a user-device.

7. The method of claim 1, wherein each of the plurality of sensor devices are subscribed to a topic or a sensor device amongst the plurality of sensor devices for receiving a message published via the gateway, wherein the message being published is associated with at least one of the plurality of sensor devices.

8. The method of claim 1, wherein the publish-subscription messaging platform facilitates secure social networking between plurality of gateway.

9. A publish-subscription messaging platform for facilitating a secured intercommunication between a plurality of sensor devices, wherein each sensor device of the plurality of sensor devices comprises a processor and a memory coupled to the processor for executing programmed instructions stored in the memory, wherein:
each sensor device, of the plurality of sensor devices, is configured to define atleast one access policy comprising a set of attributes, wherein atleast one access policy is defined for each of the plurality of sensor devices, and wherein the set of attributes indicates accessing right of each of the plurality of sensor devices connected via a gateway in a publish-subscription messaging platform, and wherein each of the plurality of sensor devices are capable of decrypting an encrypted message associated with each sensor device based upon the access policy;
a first sensor device, of the plurality of sensor devices, is configured to:
encrypt a request message, associated with a predefined semantic, to be published on the publish-subscription messaging platform, wherein the request message is encrypted using a first key associated with the set of attributes, of the access policy, associated with the first sensor device, and
publish, via the gateway, the request message after being encrypted amongst the plurality of sensor devices connected on the publish-subscription messaging platform;
a second sensor device, of the plurality of sensor devices, is configured to:
access the request message encrypted based upon an attribute of set of attributes associated with the second sensor device, wherein the request message is accessed by decrypting the request message using a second key associated with the set of attributes, of the access policy, associated with the first sensor device, and wherein the second key is obtained based upon mapping of the attribute with at least one of the set of attributes of the access policy associated with the first sensor device,
encrypt a response message, of the predefined semantics, corresponding to the request message using a third key associated with the set of attributes, of the access policy, associated with the second sensor device, and
publish, via the gateway, the response message after being encrypted amongst the plurality of sensor devices connected on the publish-subscription messaging platform;
at least one sensor device, of the plurality of sensor devices, is configured to access the response message encrypted based upon an attribute of a set of attributes associated with the at least one of the plurality of sensor devices, wherein the response message is accessed by decrypting the response message using an access key, of the access policy, associated with at least one of the plurality of sensor devices, and wherein the access key is obtained based upon mapping of the attribute with at least one of the set of attributes, of the access policy, associated with the second sensor device, thereby facilitating a secured intercommunication between the plurality of sensor devices.

10. A non-transitory computer readable medium embodying a program executable in a computing device for facilitating secure social networking between sensor devices connected on a publish-subscription messaging platform, the program comprising:
a program code for defining atleast one access policy comprising a set of attributes, wherein the access policy is defined for each of the plurality of sensor devices, and wherein the set of attributes indicates accessing right of each of the plurality of sensor devices connected via a gateway in a publish-subscription messaging platform, and wherein each of the plurality of sensor devices are capable of decrypting an encrypted message associated with each sensor device based upon the access policy;
a program code for encrypting a request message, associated with a semantic, to be published on the publish-subscription messaging platform, wherein the request message is encrypted using a first key associated with the set of attributes, of the access policy, associated with the first sensor device;
a program code for publishing the request message after being encrypted amongst the plurality of sensor devices connected on the publish-subscription messaging platform;
a program code for accessing, the request message encrypted based upon an attribute of set of attributes associated with the second sensor device, wherein the request message is accessed by decrypting the request message using a second key associated with the set of attributes, of the access policy, associated with the first sensor device, and wherein the second key is obtained based upon mapping of the attribute with at least one of the set of attributes of the access policy associated with the first sensor device;
a program code for encrypting a response message, of the semantics, corresponding to the request message using a third key associated with the set of attributes, of the access policy, associated with the second sensor device;
a program code for the response message after being encrypted amongst the plurality of sensor devices connected on the publish-subscription messaging platform; and
a program code accessing the response message encrypted based upon an attribute associated with the at least one of the plurality of sensor devices, wherein the response message is accessed by decrypting the response message using an access key, of the access policy, associated with at least one of the plurality of sensor devices, and wherein the access key is obtained based upon mapping of the attribute with at least one of the set of attributes, of the access policy, associated with the second sensor device. ,TagSPECI:FORM 2

THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENT RULES, 2003

COMPLETE SPECIFICATION
(See Section 10 and Rule 13)

Title of Invention:
SYSTEM AND METHOD FOR SECURE SOCIAL NETWORKING BETWEEN DEVICES USING PUBLISH-SUBSCRIPTION PLATFORM

APPLICANT:
Tata Consultancy Services Limited
A Company Incorporated in India under the Companies Act, 1956
Having address:
Nirmal Building, 9th Floor,
Nariman Point, Mumbai 400021,
Maharashtra, India

The following specification particularly describes the invention and the manner in which it is to be performed.
CROSS-REFERENCE TO RELATED APPLICATIONS AND PRIORITY
[001] The present application does not claim priority from any patent application.

TECHNICAL FIELD
[002] The present disclosure described herein, in general, relates to secure social networking between devices using publish-subscription messaging platform. Specifically, the present disclosure is related to system and method for smart home management using publish-subscription messaging platform to automate homes on a secured platform and monitor home resources to improve their availability and further inter-connect smart homes to exchange information for useful analytics and resource management. The smart homes may further be scaled to form smart city and smart grids.

BACKGROUND
[003] A human expectation to automate day-to-day activities, which include automated room temperature control, weather controlled lighting system, etc., is a requirement for modern lifestyle. Home automation involves controlling various devices like lights, air conditioning, heater etc. that can be present in homes. To achieve the objective of automation sensors which sense parameters such as motion, temperature and humidity, sensors are deployed in the home. Such sensors are typically controlled by Central Processing Units and resemble X10 sensors design. However, these traditional sensors perform monotonous task of sensing only. Until recent, only computer based home automation was largely known, but they suffered from deficiencies such as non-modularized design leading to inefficient performance, high costs and lower security levels.
[004] Generally, device to device communications are not secure and enabling the information integrity and authenticity is a big challenge. To illustrate, data from the sensors/smart devices are always prone to attacks (such as ‘man in the middle’ and ‘replay attack’) which can trigger fallacious alarms in a smart home concept. It is further understood that methods have been explored to convert sensors/smart devices data and present it to a system administrator. The sensors/smart devices data is converted in the form of mnemonics which poses a challenge relating to data type, format and feasibility of system communication and interpretation. Thus, with the present techniques it is difficult to achieve a secured environment and at the same time provide ease to user to access and control devices in a smart home environment. In addition to deploying sensors in a smart home environment, sensors/smart devices may also be deployed over a bigger geography connecting the smart homes to gather information. But as in smart home environment there remains a security threat of information exchanged between the sensors devices with a possible invasion to privacy. With the available infrastructure there are limited available techniques to estimate and plan the resource requirement such as electricity, water etc. for a smart home. Also, there are limited ways to collect details relating to multiple smart homes in a secure manner and scale them to a hierarchy to be able to estimate and plan resource requirement for a locality and city.

SUMMARY
[005] This summary is provided to introduce aspects related to system and method for management of activities of a smart home using a secured platform wherein the secured platform is a publish-subscription messaging platform and aspects of which are further described below in the detailed description. The summary is also provided to introduce aspects relating to scaling in hierarchy for management of resources to build a smart city and smart grid. This summary is not intended to identify essential features of the claimed disclosure nor is it intended for use in determining or limiting the scope of the claimed disclosure.
[006] In one implementation, a method to facilitate secure social networking between sensor devices connected on a publish-subscription messaging platform is disclosed. The method may comprise defining by each sensor device, of a plurality of sensor devices, an access policy comprising a set of attributes. The access policy may be defined for each of the plurality of sensor devices. The set of attributes may indicate accessing right of each of the plurality of sensor devices connected via a gateway in a publish-subscription messaging platform. Further, each of the plurality of sensor devices may be capable of decrypting an encrypted message associated with each sensor device based upon the access policy. The method may comprise encrypting, by a first sensor device of the plurality of sensor devices, a request message, associated with a semantic, to be published on the publish-subscription messaging platform. The request message may be encrypted using a first key associated with the set of attributes, of the access policy, associated with the first sensor device. The method may comprise publishing, via the gateway, the request message after being encrypted amongst the plurality of sensor devices connected on the publish-subscription messaging platform. The method may further comprise accessing, by a second sensor device, the plurality of sensor devices, the request message encrypted based upon a subset of attributes from a set of attributes associated with the second sensor device. The request message is accessed by decrypting the request message using a second key associated with the set of attributes, of the access policy, associated with the first sensor device. The second key is obtained based upon mapping of the attribute with at least one of the set of attributes of the access policy associated with the first sensor device. The method may further comprise encrypting, by the second sensor device, a response message, of the of the predefined semantics, corresponding to the request message using a third key associated with the set of attributes, of the access policy, associated with the second sensor device. The method may comprise publishing, via the gateway, the response message after being encrypted amongst the plurality of sensor devices connected on the publish-subscription messaging platform. The method may further comprise accessing, via at least one sensor device, of the plurality of sensor devices, the response message encrypted based upon an attribute associated with the at least one of the plurality of sensor devices. The response message is accessed by decrypting the response message using an access key, of the access policy, associated with at least one of the plurality of sensor devices. The access key is obtained based upon mapping of the attribute with at least one of the set of attributes, of the access policy, associated with the second sensor device, thereby facilitating a secure social networking of sensor devices between the plurality of sensor devices.
[007] In one implementation, a system to facilitate secure social networking between sensor devices connected on a publish-subscription messaging platform is disclosed. The system with sensor device of the plurality of sensor devices comprises a processor and a memory coupled to the processor for executing programmed instructions stored in the memory. The system with each sensor device of the plurality of sensor devices may be configured to define an access policy comprising a set of attributes. The access policy may be defined for each of the plurality of sensor devices. The set of attributes indicates accessing right of each of the plurality of sensor devices connected via a gateway in a publish-subscription messaging platform. Further, each of the plurality of sensor devices may be capable of decrypting an encrypted message associated with each sensor device based upon the access policy. A first sensor device, of the plurality of sensor devices, may be configured to encrypt a request message, associated with a semantic, to be published on the publish-subscription messaging platform. The request message may be encrypted using a first key associated with the set of attributes, of the access policy, associated with the first sensor device. Further, a first sensor device, of the plurality of sensor devices, may be configured to publish, via the gateway, the request message after being encrypted amongst the plurality of sensor devices connected on the publish-subscription messaging platform. A second sensor device, of the plurality of sensor devices, may be configured to access the request message encrypted based upon a subset of attributes from a set of attributes associated with the second sensor device. The request message may be accessed by decrypting the request message using a second key associated with the set of attributes, of the access policy, associated with the first sensor device. The second key may be obtained based upon mapping of the attribute with at least one of the set of attributes of the access policy associated with the first sensor device. Further, a second sensor device, of the plurality of sensor devices, may be configured to encrypt a response message, of the predefined semantics, corresponding to the request message using a third key associated with the set of attributes, of the access policy, associated with the second sensor device. Further, a second sensor device, of the plurality of sensor devices, may be configured to publish, via the gateway, the response message after being encrypted amongst the plurality of sensor devices connected on the publish-subscription messaging platform. The system further comprises at least one sensor device, of the plurality of sensor devices that may be configured to access the response message encrypted based upon a subset of attributes from a set of associated with the at least one of the plurality of sensor devices. The request message may be accessed by decrypting the response message using an access key, of the access policy, associated with at least one of the plurality of sensor devices. The access key may be obtained based upon mapping of the attribute with at least one of the set of attributes, of the access policy, associated with the second sensor device, thereby facilitating a secured intercommunication between the plurality of sensor devices.
[008] In one implementation, a non-transitory computer readable medium embodying a program executable in a computing device for facilitating privacy enhanced secure social networking between sensor devices connected on a publish-subscription messaging platform is disclosed. The program may comprise a program code for defining atleast one access policy comprising a set of attributes, wherein the access policy is defined for each of the plurality of sensor devices. The set of attributes indicates accessing right of each of the plurality of sensor devices may be connected via a gateway in a publish-subscription messaging platform. Each of the plurality of sensor devices is capable of decrypting an encrypted message associated with each sensor device based upon the access policy. The program may comprise a program code for encrypting a request message, associated with a semantic, to be published on the publish-subscription messaging platform. The request message is encrypted using a first key associated with the set of attributes, of the access policy, associated with the first sensor device. The program may comprise a program code for publishing the request message after being encrypted amongst the plurality of sensor devices connected on the publish-subscription messaging platform. The program may comprise a program code for accessing, the request message encrypted based upon an attribute of set of attributes associated with the second sensor device. The request message is accessed by decrypting the request message using a second key associated with the set of attributes, of the access policy, associated with the first sensor device. The second key is obtained based upon mapping of the attribute with at least one of the set of attributes of the access policy associated with the first sensor device. The program may comprise a program code for encrypting a response message, of the semantics, corresponding to the request message using a third key associated with the set of attributes, of the access policy, associated with the second sensor device. The program may comprise a program code for the response message after being encrypted amongst the plurality of sensor devices connected on the publish-subscription messaging platform. The program may comprise a program code for accessing the response message encrypted based upon an attribute associated with the at least one of the plurality of sensor devices. The response message is accessed by decrypting the response message using an access key, of the access policy, associated with at least one of the plurality of sensor devices. The access key is obtained based upon mapping of the attribute with at least one of the set of attributes, of the access policy, associated with the second sensor device.

BRIEF DESCRIPTION OF THE DRAWINGS
[009] The foregoing detailed description of embodiments is better understood when read in conjunction with the appended drawings. For the purpose of illustrating the disclosure, there is shown in the present documents example constructions of the disclosure; however, the disclosure is not limited to the specific methods and apparatus disclosed in the document and drawings.
[0010] The detailed description is described with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The same numbers are used throughout the drawings to refer like features and components.
[0011] Figure 1 illustrates a network implementation of a gateway to facilitate secure social networking between sensor devices connected on a publish-subscription messaging platform, in accordance with an embodiment of the present disclosure.
[0012] Figure 2 illustrates the gateway 102, in accordance with an embodiment of the present disclosure.
[0013] Figure 3 illustrates components of the gateway, in accordance with an embodiment of the present disclosure.
[0014] Figure 4(a) and 4(b) illustrates structural node relating connectivity and hierarchical interactions, in accordance with an embodiment of the present disclosure.
[0015] Figure 5 illustrates generic publish-subscription platform, in accordance with an embodiment of the present disclosure.
[0016] Figure 6(a) and 6(b) illustrates a generalized model for semantic based solution of a sensor device and a gateway respectively, in accordance with an embodiment of the present disclosure.
[0017] Figure 7(a) and 7(b) illustrates setup and interaction phase on a publish-subscription platform, in accordance with an embodiment of the present disclosure.
[0018] Figure 8 shows a flowchart illustrating a method to facilitate privacy enhanced secure social networking between plurality of sensor devices in a publish-subscription messaging environment, in accordance with an embodiment of the present disclosure.

DETAILED DESCRIPTION
[0019] Some embodiments of this disclosure, illustrating all its features, will now be discussed in detail. The words "comprising," "having," "containing," and "including," and other forms thereof, are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items, or meant to be limited to only the listed item or items. It must also be noted that the singular forms "a," "an," and "the" include plural references unless the context clearly dictates otherwise. Although any system(s) and method(s) similar or equivalent to those described herein may be used in the practice or testing of embodiments of the present disclosure, the exemplary, systems and methods are now described. The disclosed embodiments are merely exemplary of the disclosure, which may be embodied in various forms.
[0020] Systems and methods to facilitate secure social networking between sensor devices using secure publish-subscription platform to automate homes to form smart homes and also monitor home resources to improve their availability and inter-connect several smart homes to exchange information are described in the present disclosure. In one aspect, sensor devices take advantage of publish-subscription platform to communicate with other sensor devices of a home connected via gateway which attribute as an intelligent autonomous decision making system using security module. Typically, it may be understood that publish-subscription platform supports group exchange of information among the sensor devices in such a manner that the sensor devices may be programmed to follow particular device/ topic over a network. Further, such topic may either be public information or private information. In one aspect, publish-subscription platform may allow the user to exchange the information is a secured manner using encryption, wherein encryption is done utilizing available encryption schemes such as Attribute Based Encryption (ABE). ABE is an encryption scheme, where users with some attributes can decrypt the ciphertext associated with these attributes. As an advantage, in ABE schemes an encryptor may indicate many decryptors by assigning common attributes of these decryptors.
[0021] In one aspect of the invention, one sensor device from the plurality of sensor devices publishes a first request message via gateway to a plurality of sensor devices. This request is used as a feedback by the other sensor devices to act upon by other sensor devices or user. It is to be understood that first request message is in an encrypted form and may be decrypted by sensor devices possessing the required attributes as defined by the access policy. The sensor with the required attributes shall access the first request message and decrypt the encrypted message to respond to the first request message in an encrypted manner. Thus, the invention follows a request-response format. Further, the user may identify the first request and response messages as the messages are converted into natural language by using sensor based natural language semantics for communication over the publish-subscription platform. The semantic based communication may facilitate information mining using the matured data mining algorithm. The system further involves data transformation using heuristic algorithms and different levels of encryptions on different data segments using ABE techniques so that only the expected set of data accessor may interpret the data.
[0022] In one aspect of the invention, publish-subscription messaging platform for secure transmission of messages by sensor devices may be scaled in hierarchy for management of resources and resource analytics to further build a smart city and smart grid. Further, the management of resources corresponds to usage of resources such as water, electricity etc. over a period of time that may aid in resource requirement predictions within the smart home. The resource requirement data from various smart homes may be collected to analyze the resource requirement within a smart home locality and further for a smart city comprising of multiple smart home localities. In the particular invention, the resource requirement data may be collected by inter-connecting the one smart home with the other smart from a plurality of smart homes wherein the inter-connection may be effected by utilizing publish-subscription platform. Further, the publish-subscription platform may interconnect smart homes using hierarchical gateway to form a large distributed smart grid in a city envisaged as interconnected network of smart homes within the same region which may be further interconnected to form a network using gateway and multiple gateway’s to cover bigger geography conceptualizing smart city.
[0023] Various modifications to the embodiment will be readily apparent to those skilled in the art and the generic principles herein may be applied to other embodiments. However, one of ordinary skill in the art will readily recognize that the present disclosure is not intended to be limited to the embodiments illustrated, but is to be accorded the widest scope consistent with the principles and features described herein.
[0024] While aspects of system and method to facilitate secure social networking between sensor devices connected on a publish-subscription messaging platform may be implemented in any number of different computing systems, environments, and/or configurations, the embodiments are described in the context of the following exemplary system.
[0025] Referring now to Figure 1, a network implementation 100 of a gateway 102 for facilitating collaboration between smart devices in a publish-subscription messaging platform is shown, in accordance with an embodiment of the present disclosure. In one embodiment, the gateway 102 connects a plurality of smart devices to which atleast one access policy is configured. Although the present disclosure is explained considering that the gateway 102 is implemented as a system on a server. It may be understood that the gateway 102 may also be implemented as a variety of computing systems, such as a laptop computer, a desktop computer, a notebook, a workstation, a mainframe computer, a server, a network server and the like. In one implementation, the gateway 102 may be implemented in a cloud-based environment in which the user may operate individual computing systems configured to execute remotely located applications. It will be understood that the gateway 102 may be connected to one or more sensor devices 104-1, 104-2…104-N, collectively referred to as 104. Examples of the sensor devices 104 may include, but are not limited to, a microwave, a washing machine, a temperature control, and a camera. The user devices 104 are communicatively coupled to the gateway 102 through a network 106.
[0026] In one implementation, the network 106 may be a wireless network, a wired network or a combination thereof. The network 106 can be implemented as one of the different types of networks, such as intranet, local area network (LAN), wide area network (WAN), the internet, and the like. The network 106 may either be a dedicated network or a shared network. The shared network represents an association of the different types of networks that use a variety of protocols, for example, Hypertext Transfer Protocol (HTTP), Transmission Control Protocol/Internet Protocol (TCP/IP), Wireless Application Protocol (WAP), and the like, to communicate with one another. Further, the network 106 may include a variety of network devices, including routers, bridges, servers, computing devices, storage devices, and the like.
[0027] Referring to Figure 2, the gateway is illustrated in accordance with an embodiment of the present disclosure. In one embodiment, the gateway 102 may include at least one processor 202, an input/output (I/O) interface 204 and a memory 206. The at least one processor 202 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions. Among other capabilities, the at least one processor 202 is configured to fetch and execute computer-readable instructions or modules stored in the memory.
[0028] The I/O interface 204 may include a variety of software and hardware interfaces, for example, a web interface, a graphical user interface, and the like. The I/O interface 204 may allow the gateway 102 to interact with a user directly or through the devices 104. Further, the I/O interface 204 may enable the gateway 102 to communicate with computing devices, such as web servers and external data servers (not shown). The I/O interface 204 can facilitate multiple communications within a wide variety of networks and protocol types, including wired networks, for example, LAN, cable etc. and wireless networks, such as WLAN, cellular, or satellite. The I/O interface 204 may include one or more ports for connecting a number of devices to one another or to another server.
[0029] The memory 206 may include any computer-readable medium or computer program product known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memory, hard disks, optical disks, a compact disks (CDs), digital versatile disc or digital video disc (DVDs) and magnetic tapes. The memory 206 may include modules 208 and data 210.
[0030] The modules 208 include routines, programs, objects, components, data structures, etc., which perform particular tasks or implement particular abstract data types. In one implementation, the modules 208 may include a defining module 212, a cryptographic module 214, a publishing module 216, a semantics module 218, an accessing module 220 and other modules 222. The other modules 222 may include programs or coded instructions that supplement applications and functions of the gateway 102. The modules 208 described herein may be implemented as software modules that may be executed in the cloud-based computing environment of the gateway 102.
[0031] The data 210, amongst other things, serves as a repository for storing data processed, received, and generated by one or more of the modules 208. The data 210 may also include an access policy and access tree database 224 and other data 226. The other data 226 may include data generated as a result of the execution of one or more modules in the other modules 222.
[0032] In one implementation, at first, a user may use the computing device to access the gateway 102 via the I/O interface 204. The user may register using the I/O interface 204 in order to use the gateway 102. In one aspect, the user may access the I/O interface 204 of the gateway 102 using publish-subscription platform to automate homes on a secured platform and monitor activities of home, plan resources to improve their availability, perform analysis over aggregated data and inter-connect to smart homes to exchange information. In order to facilitate collaboration between sensor devices in a publish-subscription messaging platform, the gateway 102 may employ the plurality of modules 208. The working of the gateway 102 using the plurality of modules 208 along with other components is explained in detail referring to architecture of the gateway 102 through Figure 3 as explained below.
[0033] Now referring to Figures 3, detailed working of the components for providing secured publish- subscription platform for exchange of information between sensor devices installed in a home by attribute based access of information / message is illustrated, in accordance with an embodiments of the present subject matter. The gateway 102 may comprise hardware components like the interface 204, the processor 202, and the memory 206. The memory 206 may comprise modules 208. The modules 208 may include the defining module 212, the cryptographic module 214, the publishing module 216 and accessing module 218. The cryptographic module 216 may further include an encryption module 304, a decryption module 306 and a key management module 308. The gateway 102 may be accessed by the user though the I/O Interface 204 using a computing device 302. Such gateway device may be a router on a TCP/IP network or a computer server. Further, as shown in Figure 3, the gateway may be further connected with the sensor devices 104 present in the smart home.
[0034] In accordance with the embodiment of the present disclosure, in a setup phase as illustrated in Figure 7(a) the user may organize a plurality of sensor devices 104 and a gateway 102 so as to establish a peer-to-peer communication between the sensor devices and the gateway. In aspect of the invention, the sensor devices may be washing machine, temperature control, water heater, microwave or camera etc. The organization of sensor devices with the gateway is established on a publish-subscription platform, where the platform is designed using the Pub-Sub Architecture, like Message Queue Telemetry Transport (MQTT). It is to be understood that the social networking site such as Twitter® are based on such Pub-Sub Architecture to exchange information. The publish-subscription platform follows the concept that the messages are published by the broker on the gateway and messages are published to subscribers, either on the following device/ topic. A generic publish-subscription platform, in accordance with an embodiment of the present disclosure is as illustrated in Figure 5. However, the exchange of information on a publish-subscription platform may be accessible to all and so the sensor data from the smart home may be accessed by anyone other than the user with an intention to cause harm which further raises concerns relating privacy of the smart homes and possibility of anyone other than the user access the sensor device to cause damage or collect unintended information. Thus, to prevent such misuse of smart home sensor data, providing security and privacy with authorized access is an important requirement. To secure smart home sensor data, each of the sensor devices of a plurality of sensor device, having unique ID, atleast one access policy may be defined. The unique ID shall facilitate in constructing access policy of the set of sensor devices following the particular access policy.
[0035] In one aspect of present disclosure, the simple access policy would be for all the sensor devices installed in the smart home. In one example the access policy for accessing the sensor data may be defined by the defining module 212 in such a manner that the access to the sensor data may be provided to the other sensor devices owning the defined attributes. The access policy defined may be submitted to Public Key Generation (PKG) of the device or the gateway for generating an access tree based on the access policy. The purpose of generating an access tree is to define the access policy, used to encrypt and decrypt data. In one aspect of the present disclosure, the access policy may be submitted to a PKG installed in the sensor device of the smart home for generating security enabled access tree. The access tree may comprise plurality of attributes arranged in a hierarchy using boolean operators (AND, OR and NOT). Further, the plurality of attributes are associated with plurality of sensor devices in a manner that each of the attribute owned by the sensor device indicate an accessing right of the sensor device. According to the embodiments of the present disclosure, the access policy defined may be stored as security enabled device access policy and access tree database 224.
[0036] After defining the access policy and access tree by the defining module 212 of the each sensor device connected via gateway, the cryptographic module 214 using encryption module 304 may be configured to encrypt the sensor data in a message format using an encryption key associated with each attribute. In one aspect of the invention the encryption key is the first key associated with first access policy. Using the encryption key associated with the attribute, the sensor data may be encrypted, whereby the encryption key may be obtained by key management module 308 using a Key Policy Attribute Based Encryption (KP-ABE) / Ciphertext Policy Attribute Based Encryption (CP-ABE) technique. In case of KP-ABE, each private key is associated with an access policy. Private keys are identified by an access policy and with any change in access policy the private key associated with the access policy shall also change. However, in case of CP-ABE the access policy is a part of the ciphertext, so any change in access policy shall not affect the key associated. The sensor device which owns the attributes may approach the PKG to obtain the decryption keys related to the plurality of attributes. It is understood that access tree may be specified where the interior node consists of AND and OR gates and the groups consists of different sensor devices. Further, the gateway 102 may receive the request message from one sensor device from a plurality of sensor device wherein the request message is secured through encryption which may be accessed by the sensor device based on the attributes of the sensor device. It is to be noted that a request message may also be received from the user to request information from a sensor device from the plurality of smart devices installed in the smart home and connected via gateway. It is to be understood that the sensor devices installed in the smart home are capable to publish and compute cryptographic messages including encryption, decryption and generation of key. Further, it is understood that the sensor devices don’t require any infrastructure or memory resource for key management or key storage.
[0037] In one aspect of the disclosure, the gateway through the Publishing module 216 may publish the encrypted request message received by one sensor device from a plurality of sensor device on the publish-subscription platform. The accessibility of the request message by other sensor device(s) is provided by the accessing module 220 based on the plurality of attributes arranged in the access tree associated with the sensor device. Thus, to determine whether the sensor device may access the request message, the sensor device may confirm if the sensor device satisfies the access policy associated with the particular request message. If the sensor device possesses the attributes, a decryption key corresponding to the attribute is obtained. Further, the message may be decrypted using the decryption module 306. In one aspect of the invention, the sensor device which owns the attributes may obtain the decryption key, herein the second key, through PKG. The decryption key obtained may be further used for deciphering the message. Thus, the sensor device accesses the request message based on the attributes associated with the sensor device.
[0038] On deciphering the message, the sensor device herein the second sensor device may respond to the request message. The response message may further be in an encrypted manner based on the attributes of the set of attributes associated with the sensor device. The manner of encryption and decryption is similar to encryption and decryption using encryption module 304 and decryption module 306 as for request message. The gateway through the publishing module 216 may publish the encrypted response message received by second sensor device from a plurality of sensor device on the publish-subscription platform. The Figure 7(b) illustrates the interaction phase of the user with the sensor devices installed in the smart home and connected by gateway in a publish-subscription platform.
[0039] As above, the accessibility of the response message by another sensor device from the plurality of sensor device, connected via gateway, is provided based on the plurality of attributes arranged in the access tree associated with a particular sensor device. Thus, the disclosure follows a request-response format. In one embodiment, the user may access the sensor data using the accessing module 222. According to an embodiment of present disclosure, secured communication on the publish-subscription platform is in machine language which may further be converted to simple human interaction based on semantic modeling. The semantics module 220 introduces sensor-based natural language processing semantics. The semantics enable usage of unstructured database as well as leverage the usage of existing efficient algorithm for data mining. Further, sensor based Natural language semantics may be programmed and predefined for sensor devices, thus forming a private dictionary of interpretation of messages exchanged between the sensor devices by the user or manufacturer of the sensor device. In one aspect of the invention the semantic modeling may be dynamic. The semantic module 220 further holds the capability to learn from the message exchanges among the sensor devices. The semantic module 220 may evolve with construction of its own intelligence, database and wisdom from the information gained. This information helps in decision-making and also to communicate with the user through gateway. In one exemplary embodiment the room cooler may receive a message as ‘Reduce Temperature’. Based on the message the room cooler shall attempt to reduce the temperature. However, on the other hand the room heater also acts to ‘Increase Temperature’ due to wrong preference updated by the user due to fault. The scenario shall lead to an infinite loop wherein the room heater sense cooler environment and tends to increase the room temperature and whereas the room cooler tends to cool the room due to increased temperature. Therefore, the intelligence built by the semantics module, as illustrated in the Figure 6(b) of the disclosure, shall allow the gateway to validate the information from the connected sensor devices to consolidate information for faulty device and trigger an alarm to the user on detecting the fault and additionally the gateway may also take necessary action without user instructions until the user take further action.
[0040] In one aspect of the invention, the sensor devices may function independently or might be integrated as a part of device to sense and collect data. In an exemplary embodiment, scenario may be considered that a first message is received from a water heater, where the water heater is one of the sensor devices in accordance with the present disclosure. The first message is encrypted and further decrypted by the second sensor such as room heater with the attributes to decrypt the encrypted message such as room heater. The sensor device room heater generates a response to the first message in an encrypted manner. The response message may further be accessed by atleast one of the sensor devices from the plurality of sensor devices connected via gateway. The request – response messages based upon predefined device semantics may be understood from Figure 6(a) of the disclosure. It is understood that each sensor device is modeled with the possible device states and to generate messages with the context and attributes defined. In the present scenario the gateway understands the temperature recorded by the water heater as the gateway may interpret the water heater semantics and the metadata field may be used to specify the additional information which may also be semantics based. It is understood that the sensor device for which the semantics are fetched is required to take action and for other devices no action is required. It is further understood that some of the sensor devices may not respond to a request message due to their privacy settings. Below is an illustration of exchange of information between the sensor devices based on predefined semantics and connected via gateway:
- Water heater sensor messages: “water is heated to “40 degrees”.
- Room heater sensor messages: “outside climate is cold”, heat the water more by 10 degrees.
- Human presence sensor messages: no human in room yet, “take more time to heat”.
- House camera messages: No human spotted.
- The water heater continues to heat the water to a new “50 degrees” with time constraints.
[0041] In a further exemplary embodiment, a scenario may be considered wherein the first message is received from a light sensor and response message is generated by the motion sensor. The request – response messages based upon a predefined semantics as below and following the exchange of information between the sensor devices connected via gateway to perform accordingly. It should be noted that the request – response message may also occur in an encrypted mode.
- Living room light sensor messages: “Its evening 6, I am switching on”
- Motion sensor messages: no human in room yet, “delay switching on”.
- Living room light sensor delays switching on the lights.
[0042] In an exemplary embodiment, as in Twitter® platform, an account is created for all the sensor devices connected via gateway in the smart home. In one aspect of the invention the gateway 102 runs the Twitter® like platform with closed loop control mechanisms for automation of home sensor devices. Further, all the smart devices including the user follow each other on gateways Twitter® like platform. The user may access the information exchanged among the sensor devices through his account. It is understood that the platform in a secured manner supports group information exchange among sensor devices wherein the information may be public information or private information. In general individual sensor devices broadcast alert messages wherein all the other sensor devices receive the message notification. Based upon the message received, other sensor devices may, based on the access policy, interpret and can take necessary actions accordingly. In another aspect of the invention, the user may create a topic on the gateway’s Twitter®-like platform and configure all the devices/sensors to follow the topic. Hence, whenever there is any information tweeted on the enrolled Topic, all other sensor devices enrolled to the same topic may get the message notification. It is important to note that the sensor devices hold the capability to tweet and read the tweets from the Following Device /Topic. As an embodiment of the invention the communication may exist between two sensor devices by means of one-to-one secured communication. As an embodiment of the invention the communication may exist between one sensor device and selected (all) sensor devices in a secured environment/ solution such as ABE.
[0043] In one aspect of the invention, the tweet on a Twitter® like platform may be in either approach i.e. Following Device or Following Topic. Firstly, it is determined whether the notification is addressed using Group ID or Individual ID. Further, if the notification is addressed to a Group ID the notification is picked up by all the sensor devices identified in the Group ID. All the sensor devices in the group ID contact local PKG, wherein the access policy is validated and decipher procedure may be carried out. The sensor devices submit their attributes and if the attributes fulfill the access policy then the CipherText is deciphered. Subsequently, the action is executed. If the notification is addressed to an Individual ID the notification is picked up by sensor device which is identified by the ID. The sensor device submits its private keys and CipherText to decryption module and retrieves the action from semantics.
[0044] Following are the examples of smart devices and possible tasks of execution:
1) Washing Machine:
Tasks: Switch ON -- GROUP TASK
Switch OFF -- GROUP TASK
Pause -- GROUP TASK
Delay Start -- INDIVIDUAL TASK
Query Status -- INDIVIDUAL TASK
Error Report -- GROUP TASK

2) Television:
Tasks: Switch ON -- GROUP TASK
Switch OFF -- GROUP TASK
Channel query -- INDIVIDUAL TASK
Child Lock -- INDIVIDUAL TASK
3) Thermostat:
Tasks: Switch ON -- GROUP TASK
Switch OFF -- GROUP TASK
Temperature query -- INDIVIDUAL TASK
Set temperature -- INDIVIDUAL TASK
[0045] Furthermore, in the exemplary embodiment, the below steps elaborate on what is required to be published, to whom and what encryption solution is required:
1. To whom: Individual Message or Group Message
2. Encryption Solution [optional] [ABE]
3. Encrypted Message (Cipher Data)
Which can be represented as below:
• Message Format : ID_SCHE_MSG
where:
ID: Identifier: Group ID or Individual ID?
Group ID determines relating which sensor device set is required to be addressed and the access trees are also selected accordingly. However, for Individual ID which sensor device is required to be addressed may be determined.
Implications:
-ID will be ABE encrypted using Access Tree such that all the smart devices in the restricted network are able to decrypt.
- ABE (ID) _MSG will be the final Tweet.
[0046] In accordance with an embodiment of the present disclosure, the manner of connecting sensor device via gateway in a secured publish-subscription messaging platform for a smart home may be scaled in hierarchy to interconnect plurality of local gateways within a defined region of geography. In respect to the disclosure, the local gateways are gateway of each smart home within a defined region of geography. Further the multiple local gateways may be connected to the small geography controlling gateway. And later the small geography controlling gateway may be connected to an urban area controlling gateway. A typical node structure is as depicted in Figure 4(a) and Figure 4(b) of the invention. The Figure 4(a) illustrates the local gateway as H_Gateway, small geography controlling gateway as SG_Gateway and urban area controlling gateway as U-Gateway. It is to be noted that the multiple gateways at each hierarchy are connected to exchange information in a security enabled publish-subscription messaging platform. Similar to the connection of sensor devices with a gateway, the multiple gateways may be connected in a wired or wireless network. In one aspect of the invention, geographically distributed gateways connect to the core control gateway of the smart city, which are viewed as a smart grid in which gateways are spread and publish information on the core control gateway.
[0047] The scaling in hierarchy in a secured publish-subscription messaging platform to form a smart city may be utilized to analyze and provide better planning in regard to resources required by a particular region of the city along with consumption of resources by a particular region of the city. Resources in respect to the particular invention may be water, and electricity consumption, weather conditions.
[0048] Additionally, the inter-connected gateways may also provide information of camera surveillance which may prove beneficial to law enforcers for tracking purposes. In an exemplary embodiment the police department of the city utilizing the inter-connected gateways on a publish-subscription platform, such as of Twitter®-like using MQTT, may tweet “Track Vehicle Num V_num1”. Report Coordinates” in an encrypted manner using ABE scheme. The tweet may be published on the platform. Further, the intended devices possessing the required attributes decrypt the tweet and response with the coordinates of the vehicle. In the present scenario, the surveillance camera may identify and capture the vehicle number, further the surveillance camera may tweet, in an encrypted manner, requesting the nearest GPS sensor to provide the GPS co-ordinates. On receiving the request, the GPS sensor may decrypt the request and respond in the encrypted manner the GPS coordinates of the vehicle. The GPS coordinates shall reach the police department in the encrypted manner to maintain privacy and security of the information shared.
[0049] It is of importance to note that the ABE solution may be utilized to provide the privacy of the user by filtering the semantic letters by using the appropriate attributes in configuring the access tree structure which filters the data content containing the user privacy parameters. The purpose of generating the access trees is to define the access policy / accessing level of the attributes present in the access tree. The information data may be segmented in terms of coarse data and fine data. The coarse data relates to general information relating to the smart home whereas the fine data relates to user name, sensor devices connected in the smart home, system configuration. The disclosed security enabled publish-subscription platform allows only the coarse data to pass across the local gateway. Even though the higher level of hierarchy may request the user details, the lower level is configured to filter the data, preserve privacy and respond to the upper layer of the hierarchy only with the abstract result. It may be understood that fine data is highly confidential in nature relative to the coarse data and thus subject to privacy leakage.
[0050] According to the embodiments of the present disclosure, the privacy leakage may be computed using heuristic algorithm. Alternatively, it may be computed by dynamically defining different access policy to determine that the intended recipients are those as identified by the access policy and the other devices not possessing the access rights are not able to decrypt the data.
[0051] Referring now to Figure 8, the method for facilitating secure social networking between sensor devices connected on a publish-subscription messaging platform is shown, in accordance with an embodiment of the present disclosure. The method 800 may be described in the general context of computer executable instructions. Generally, computer executable instructions can include routines, programs, objects, components, data structures, procedures, modules, functions, etc., that perform particular functions or implement particular abstract data types. The method 800 may also be practiced in a distributed computing environment where functions are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, computer executable instructions may be located in both local and remote computer storage media, including memory storage devices.
[0052] The order in which the method 800 is described is not intended to be construed as a limitation, and any number of the described method blocks can be combined in any order to implement the method 800 or alternate methods. Additionally, individual blocks may be deleted from the method 800 without departing from the spirit and scope of the disclosure described herein. Furthermore, the method can be implemented in any suitable hardware, software, firmware, or combination thereof. However, for ease of explanation, in the embodiments described below, the method 800 may be considered to be implemented in the above described gateway 102.
[0053] At block 802, atleast one access policy comprising a set of attributes for a sensor device from of a plurality of sensor device may be defined.
[0054] At block 804, first request message may be encrypted, associated with semantics, using a first key associated with the set of attributes, of the access policy, associated with the first sensor device. The semantics are predefined/ programmable based on natural language semantics for communication over the publish-subscription platform.
[0055] At block 806, encrypted first request message may be published on the publish-subscription messaging platform via gateway.
[0056] At block 808, the first message may be accessed and decrypted by a second sensor device based upon subset of attributes from the set of attributes. The request message is decrypted using second key associated with the set of attributes, of the access policy, associated with the first sensor device.
[0057] At block 810, generating a response message in response to the decrypted first request message, wherein the response message may be encrypted by the second sensor device, associated with semantics, using a key associated with the set of attributes with the second sensor device.
[0058] At block 812, encrypted response message may be published on the publish-subscription messaging platform via gateway.
[0059] At block 814, the encrypted response message may be accessed by at least one sensor device based upon the mapping of the attributes of the access policy associated with the sensor device. The encrypted response is decrypted by at least one sensor device.
[0060] Although implementations for method and system for secure social networking between devices using publish-subscription platform have been described in language specific to structural features and/or methods, it is to be understood that the appended claims are not necessarily limited to the specific features or methods described. Rather, the specific features and methods are disclosed as examples of implementations for secure social networking between devices using publish-subscription environment.
[0061] Exemplary embodiments discussed above may provide certain advantages. Though not required to practice aspects of the disclosure, these advantages may include those provided by the following features.
[0062] Some embodiments enable a system and a method for smart home management using publish-subscription platform.
[0063] Some embodiments enable a system and a method that achieves secure communication using attribute based encryption and decryption techniques.
[0064] Some embodiments enable a system and a method that adapts to semantic language for device communication.
[0065] Some embodiments enable a system and a method that is scalable in hierarchy to further form basis for smart city utilizing similar process as for smart home using publish-subscription environment.
[0066] Some embodiments enable a system and a method that is computationally inexpensive and lightweight due to less memory and resource consumption.