Secure node-to-multinode communication

US 10,079,814 B2
Filed: 09/04/2015
Issued: 09/18/2018
Est. Priority Date: 09/23/2014
Status: Active Grant

First Claim

Patent Images

1. A method of establishing communication sessions between a first node and a plurality of other nodes, the method comprising:

the first node sending a request message to a server for requesting the establishment of secure communication sessions with a plurality of other nodes, the request message including a list of node identifiers wherein each of the node identifiers identifies a respective node of the plurality of other nodes;

the server receiving said request message from the first node; and

in response to receiving said request message;

the server creating a virtual and temporary second node, which is executable within said server;

the server generating a list of temporary node identifiers on the basis of said list of node identifiers such that each of the plurality of nodes becomes identifiable by its respective temporary node identifier;

the server communicating the list of temporary node identifiers to the virtual and temporary second node; and

subsequentlythe server sending a first key generating file to the first node and the server communicating a second key generating file to the virtual and temporary second node;

the first node starting to process the first key generating file and the virtual and temporary second node starting to process the second key generating file; and

in responsethe first node generating a first intermediate data set and the virtual and temporary second node generating a second intermediate data set;

the first node sending the first intermediate data set to the virtual and temporary second node;

the virtual and temporary second node comparing bits of the first intermediate data set with corresponding bits of the second intermediate data set;

the virtual and temporary second node generating a third intermediate data set based on the bit-by-bit comparison between the first intermediate data set and the second intermediate data set by setting a first value if the compared bits are equal and setting a second value if the compared bits are unequal;

the virtual and temporary second node sending the third intermediate data set to the first node;

the first node comparing bits of the third intermediate data set with corresponding bits of the first intermediate data set;

the first node generating a first cryptographic key based on the bit-by-bit comparison between the third and the first intermediate data set by keeping the value of the bit of the first intermediate data set if the corresponding bit of the third intermediate data set is set to the first value and ignoring the bit of the first intermediate data set if the corresponding bit of the third intermediate data set is set to the second value;

the virtual and temporary second node generating a second cryptographic key based on the bit by bit comparison between the first and the second intermediate data set by keeping the value of the bit of the second data set if the corresponding bit of the first intermediate data set is equal and ignoring the bit of the second intermediate data set if the compared bits are unequal, said first and second cryptographic keys being the same;

the virtual and temporary second node setting up communication channels between the first node and each of the plurality of other nodes, the virtual and temporary second node using the list of temporary node identifiers for identifying the respective nodes of the plurality of nodes to which communication channels are to be set up; and

in response to the respective communication channels having been set upthe virtual and temporary second node further sending the second cryptographic key to each of the plurality of other nodes; and

the first node applying the first cryptographic key and each of the plurality of other nodes applying the second cryptographic key during the communication sessions between the first node and each of the plurality of other nodes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure relates to communication sessions between a first node and a plurality of other nodes. Two cryptographic keys are generated. A first cryptographic key is generated (113A) in a first node (10), e.g. Node A. A second cryptographic key is generated (113B) by a second node (22), which is a virtual and temporary node which is executed on a server (20). The second cryptographic key is transmitted to several other nodes (30). The first and second cryptographic keys, which are the same, may then be applied in communication sessions between the first node (10) and the several other nodes (30). Hereby it is made possible to allow for node-to-multinode communication sessions that offer the same, or substantially the same, security as conventional node-to-node communication sessions.

39 Citations

View as Search Results

11 Claims

1. A method of establishing communication sessions between a first node and a plurality of other nodes, the method comprising:
- the first node sending a request message to a server for requesting the establishment of secure communication sessions with a plurality of other nodes, the request message including a list of node identifiers wherein each of the node identifiers identifies a respective node of the plurality of other nodes;
  
  the server receiving said request message from the first node; and
  
  in response to receiving said request message;
  
  the server creating a virtual and temporary second node, which is executable within said server;
  
  the server generating a list of temporary node identifiers on the basis of said list of node identifiers such that each of the plurality of nodes becomes identifiable by its respective temporary node identifier;
  
  the server communicating the list of temporary node identifiers to the virtual and temporary second node; and
  
  subsequentlythe server sending a first key generating file to the first node and the server communicating a second key generating file to the virtual and temporary second node;
  
  the first node starting to process the first key generating file and the virtual and temporary second node starting to process the second key generating file; and
  
  in responsethe first node generating a first intermediate data set and the virtual and temporary second node generating a second intermediate data set;
  
  the first node sending the first intermediate data set to the virtual and temporary second node;
  
  the virtual and temporary second node comparing bits of the first intermediate data set with corresponding bits of the second intermediate data set;
  
  the virtual and temporary second node generating a third intermediate data set based on the bit-by-bit comparison between the first intermediate data set and the second intermediate data set by setting a first value if the compared bits are equal and setting a second value if the compared bits are unequal;
  
  the virtual and temporary second node sending the third intermediate data set to the first node;
  
  the first node comparing bits of the third intermediate data set with corresponding bits of the first intermediate data set;
  
  the first node generating a first cryptographic key based on the bit-by-bit comparison between the third and the first intermediate data set by keeping the value of the bit of the first intermediate data set if the corresponding bit of the third intermediate data set is set to the first value and ignoring the bit of the first intermediate data set if the corresponding bit of the third intermediate data set is set to the second value;
  
  the virtual and temporary second node generating a second cryptographic key based on the bit by bit comparison between the first and the second intermediate data set by keeping the value of the bit of the second data set if the corresponding bit of the first intermediate data set is equal and ignoring the bit of the second intermediate data set if the compared bits are unequal, said first and second cryptographic keys being the same;
  
  the virtual and temporary second node setting up communication channels between the first node and each of the plurality of other nodes, the virtual and temporary second node using the list of temporary node identifiers for identifying the respective nodes of the plurality of nodes to which communication channels are to be set up; and
  
  in response to the respective communication channels having been set upthe virtual and temporary second node further sending the second cryptographic key to each of the plurality of other nodes; and
  
  the first node applying the first cryptographic key and each of the plurality of other nodes applying the second cryptographic key during the communication sessions between the first node and each of the plurality of other nodes.
- View Dependent Claims (2)
- - 2. The method according to claim 1, comprising:
    - the virtual and temporary second node sending a communication set-up request message to each of the plurality of other nodes;
      
      in response theretothe server receiving a response message from each of the plurality of other nodes for requesting a node identifier of the virtual and temporary second node; and
      
      in response to receiving said response messagethe server returning a node identifier of the virtual and temporary second node; and
      
      the server receiving either an acknowledgement message or a non-acknowledgment message from each of the plurality of other nodes; and
      
      in response to receiving an acknowledgment message, the server instructing the virtual and temporary second node to send a second cryptographic key to each of the plurality of other nodes that returned an acknowledgement message; and
      
      in response theretothe virtual and temporary second node sending the second cryptographic key to each of the plurality of other nodes that returned an acknowledgement message.

3. A method performed by a first node for establishing communication sessions between the first node and a plurality of other nodes, the method comprising:
- sending a request message to a server for requesting the establishment of secure communication sessions with a plurality of other nodes, the request message including a list of node identifiers wherein each of the node identifiers identifies a respective node of the plurality of other nodes;
  
  receiving a first key generating file from the server;
  
  starting to process the first key generating file; and
  
  in responsegenerating a first intermediate data set;
  
  sending the first intermediate data set to a virtual and temporary second node, the virtual and temporary second node being executable on said server;
  
  receiving a third intermediate data set from the virtual and temporary second node;
  
  comparing bits of the third intermediate data set with corresponding bits of the first intermediate data set;
  
  generating a first cryptographic key based on the bit-by-bit comparison between the third and the first intermediate data set by keeping the value of the bit of the first intermediate data set if the corresponding bit of the third intermediate data set is set to the first value and ignoring the bit of the first intermediate data set if the corresponding bit of the third intermediate data set is set to the second value; and
  
  applying the first cryptographic key during the communication sessions between the first node and each of the plurality of other nodes.
- View Dependent Claims (4)
- - 4. The method according to claim 3, wherein a non-transitory computer readable medium comprises instructions which, when executed by at least one processor of the first node, cause the processor to carry out the method.

5. A first node for establishing communication sessions between the first node and a plurality of other nodes, the first node comprising:
- a transmitter;
  
  a receiver;
  
  a processor; and
  
  a memory storing computer program with instructions which, when executed on the processor, cause the first node to;
  
  send, by means of the transmitter, a request message to a server for requesting the establishment of secure communication sessions with a plurality of other nodes, the request message including a list of node identifiers wherein each of the node identifiers identifies a respective node of the plurality of other nodes;
  
  receive, by means of the receiver, a first key generating file from the server;
  
  process the first key generating file; and
  
  in responsegenerate a first intermediate data set;
  
  send, by means of the transmitter, the first intermediate data set to a virtual and temporary second node, the virtual and temporary second node being executable on said server;
  
  receive, by means of the receiver, a third intermediate data set from the virtual and temporary second node;
  
  compare bits of the third intermediate data set with the corresponding bits of the first intermediate data set;
  
  generate a first cryptographic key based on the bit-by-bit comparison between the third and the first intermediate data set by keeping the value of the bit of the first intermediate data set if the corresponding bit of the third intermediate data set is set to the first value and ignoring the bit of the first intermediate data set if the corresponding bit of the third intermediate data set is set to the second value; and
  
  apply the first cryptographic key during the communication sessions between the first node and each of the plurality of other nodes.

6. A method performed by a server for establishing communication sessions between a first node and a plurality of other nodes, the method comprising:
- receiving a request message from the first node for requesting the establishment of secure communication sessions between the first node and a plurality of other nodes, the request message including a list of node identifiers wherein each of the node identifiers identifies a respective node of the plurality of other nodes;
  
  in response to receiving said request message;
  
  creating a virtual and temporary second node, which is executable within said server;
  
  generating a list of temporary node identifiers on the basis of said list of node identifiers such that each of the plurality of nodes becomes identifiable by its respective temporary node identifier; and
  
  subsequentlysending a first key generating file to the first node and also communicating a second key generating file to the virtual and temporary second node;
  
  executing the virtual and temporary second node on the server and the virtual and temporary second node thereby;
  
  starting to process the second key generating file; and
  
  in responsegenerating a second intermediate data set;
  
  receiving a first intermediate data set from the first node;
  
  comparing bits of the first intermediate data set with corresponding bits of the second intermediate data set;
  
  generating a third intermediate data set based on the bit-by-bit comparison between the first intermediate data set and the second intermediate data set by setting a first value if the compared bits are equal and setting a second value if the compared bits are unequal;
  
  sending the third intermediate data set to the first node;
  
  generating a second cryptographic key based on the bit by bit comparison between the first and the second intermediate data set by keeping the value of the bit of the second data set if the corresponding bit of the first intermediate data set is equal and ignoring the bit of the second intermediate data set if the compared bits are unequal;
  
  setting up communication channels between the first node and each of the plurality of other nodes, the virtual and temporary second node using the list of temporary node identifiers for identifying the respective nodes of the plurality of nodes to which communication channels are to be set up;
  
  in response to the respective communication channels having been set upsending the second cryptographic key to each of the plurality of other nodes for subsequent application by each of the plurality of other nodes during the communication sessions between the first node and each of the plurality of other nodes.
- View Dependent Claims (7)
- - 7. The method according to claim 6, wherein a non-transitory computer readable medium comprises instructions which, when executed by at least one processor of the server, cause the processor to carry out the method.

8. A server for establishing communication sessions between a first node and a plurality of other nodes, the server comprising:
- a transmitter;
  
  a receiver;
  
  a processor; and
  
  a memory storing computer program with instructions which, when executed on the processor, cause the server to;
  
  receive, by means of the receiver, a request message from the first node for requesting the establishment of secure communication sessions between the first node and a plurality of other nodes, the request message including a list of node identifiers wherein each of the node identifiers identifies a respective node of the plurality of other nodes;
  
  in response to receiving said request message create a virtual and temporary second node, which is executable within said server;
  
  generate a list of temporary node identifiers on the basis of said list of node identifiers such that each of the plurality of nodes becomes identifiable by its respective temporary node identifier; and
  
  subsequentlysend, by means of the transmitter, a first key generating file to the first node; and
  
  communicate a second key generating file to the virtual and temporary second node;
  
  execute the virtual and temporary second node on the server and the virtual and temporary second node thereby;
  
  process the second key generating file; and
  
  in responsegenerate a second intermediate data set;
  
  receive, by means of the receiver, a first intermediate data set from the first node;
  
  compare bits of the first intermediate data set with the corresponding bits of the second intermediate data set;
  
  generate a third intermediate data set based on the bit-by-bit comparison between the first intermediate data set and the second intermediate data set by setting a first value if the compared bits are equal and setting a second value if the compared bits are unequal;
  
  send, by means of the transmitter, the third intermediate data set to the first node;
  
  generate a second cryptographic key based on the bit by bit comparison between the first and the second intermediate data set by keeping the value of the bit of the second data set if the corresponding bit of the first intermediate data set is equal and ignoring the bit of the second intermediate data set if the compared bits are unequal;
  
  set up communication channels between the first node and each of the plurality of other nodes, the virtual and temporary second node using the list of temporary node identifiers for identifying the respective nodes of the plurality of nodes to which communication channels are to be set up;
  
  in response to the respective communication channels having been set upsend, by means of the transmitter, the second cryptographic key to each of the plurality of other nodes for subsequent application by each of the plurality of other nodes during the communication sessions between the first node and each of the plurality of other nodes.

9. A method performed by a node for establishing a communication session between said node and a first node, the method comprising:
- receiving a communication set-up request message from a virtual and temporary second node, which is executable on a server;
  
  in response to receiving said communication set-up request message returning a response message for requesting a node identifier of the virtual and temporary second node;
  
  receiving said node identifier of the virtual and temporary second node from the server,comparing the received node identifier with stored node identifiers;
  
  in response theretosending a non-acknowledgement message to the server when the received node identifier does not match a stored node identifier;
  
  otherwiseauthenticating the virtual and temporary second node when the received node identifier matches a stored node identifier and sending an acknowledgement message to the server; and
  
  in responsereceiving a second cryptographic key from the virtual and temporary second node; and
  
  applying the second cryptographic key during a communication session with the first node.
- View Dependent Claims (10)
- - 10. The method according to claim 9, wherein a non-transitory computer readable medium comprises instructions which, when executed by at least one processor of the first node, cause the processor to carry out the method.

11. A node for establishing a communication session between said node and a first node;
- the node comprising;
  
  a transmitter;
  
  a receiver;
  
  a processor; and
  
  a memory storing computer program with instructions which, when executed on the processor, cause the node to;
  
  receive, by means of the receiver, a communication set-up request message from a virtual and temporary second node, which is executable on a server;
  
  in response to receiving said communication set-up request message return, by means of the transmitter, a response message for requesting a node identifier of the virtual and temporary second node;
  
  receive, by means of the receiver, said node identifier of the virtual and temporary second node from the server,compare the received node identifier with stored node identifiers;
  
  in response theretosend, by means of the transmitter, a non-acknowledgement message to the server when the received node identifier does not match a stored node identifier;
  
  otherwiseauthenticate the virtual and temporary second node when the received node identifier matches a stored node identifier;
  
  send, by means of the transmitter, an acknowledgement message to the server; and
  
  in responsereceive, by means of the receiver, a second cryptographic key from the virtual and temporary second node; and
  
  apply the second cryptographic key during a communication session with the first node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kelisec AB
Original Assignee
Kelisec AB
Inventors
Revell, Elise
Primary Examiner(s)
Brown, Anthony

Application Number

US15/513,433
Publication Number

US 20180054427A1
Time in Patent Office

1,110 Days
Field of Search

713163
US Class Current
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0428   wherein the data content is...

H04L 63/065   for group communications cr...

H04L 63/0884   by delegation of authentica...

H04L 65/1069   Session establishment or de...

H04L 9/0844   with user authentication or...

Secure node-to-multinode communication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Secure node-to-multinode communication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links