Secure node-to-multinode communication
First Claim
1. A method of establishing communication sessions between a first node and a plurality of other nodes, the method comprising:
- the first node sending a request message to a server for requesting the establishment of secure communication sessions with a plurality of other nodes, the request message including a list of node identifiers wherein each of the node identifiers identifies a respective node of the plurality of other nodes;
the server receiving said request message from the first node; and
in response to receiving said request message;
the server creating a virtual and temporary second node, which is executable within said server;
the server generating a list of temporary node identifiers on the basis of said list of node identifiers such that each of the plurality of nodes becomes identifiable by its respective temporary node identifier;
the server communicating the list of temporary node identifiers to the virtual and temporary second node; and
subsequentlythe server sending a first key generating file to the first node and the server communicating a second key generating file to the virtual and temporary second node;
the first node starting to process the first key generating file and the virtual and temporary second node starting to process the second key generating file; and
in responsethe first node generating a first intermediate data set and the virtual and temporary second node generating a second intermediate data set;
the first node sending the first intermediate data set to the virtual and temporary second node;
the virtual and temporary second node comparing bits of the first intermediate data set with corresponding bits of the second intermediate data set;
the virtual and temporary second node generating a third intermediate data set based on the bit-by-bit comparison between the first intermediate data set and the second intermediate data set by setting a first value if the compared bits are equal and setting a second value if the compared bits are unequal;
the virtual and temporary second node sending the third intermediate data set to the first node;
the first node comparing bits of the third intermediate data set with corresponding bits of the first intermediate data set;
the first node generating a first cryptographic key based on the bit-by-bit comparison between the third and the first intermediate data set by keeping the value of the bit of the first intermediate data set if the corresponding bit of the third intermediate data set is set to the first value and ignoring the bit of the first intermediate data set if the corresponding bit of the third intermediate data set is set to the second value;
the virtual and temporary second node generating a second cryptographic key based on the bit by bit comparison between the first and the second intermediate data set by keeping the value of the bit of the second data set if the corresponding bit of the first intermediate data set is equal and ignoring the bit of the second intermediate data set if the compared bits are unequal, said first and second cryptographic keys being the same;
the virtual and temporary second node setting up communication channels between the first node and each of the plurality of other nodes, the virtual and temporary second node using the list of temporary node identifiers for identifying the respective nodes of the plurality of nodes to which communication channels are to be set up; and
in response to the respective communication channels having been set upthe virtual and temporary second node further sending the second cryptographic key to each of the plurality of other nodes; and
the first node applying the first cryptographic key and each of the plurality of other nodes applying the second cryptographic key during the communication sessions between the first node and each of the plurality of other nodes.
1 Assignment
0 Petitions
Accused Products
Abstract
The present disclosure relates to communication sessions between a first node and a plurality of other nodes. Two cryptographic keys are generated. A first cryptographic key is generated (113A) in a first node (10), e.g. Node A. A second cryptographic key is generated (113B) by a second node (22), which is a virtual and temporary node which is executed on a server (20). The second cryptographic key is transmitted to several other nodes (30). The first and second cryptographic keys, which are the same, may then be applied in communication sessions between the first node (10) and the several other nodes (30). Hereby it is made possible to allow for node-to-multinode communication sessions that offer the same, or substantially the same, security as conventional node-to-node communication sessions.
39 Citations
11 Claims
-
1. A method of establishing communication sessions between a first node and a plurality of other nodes, the method comprising:
-
the first node sending a request message to a server for requesting the establishment of secure communication sessions with a plurality of other nodes, the request message including a list of node identifiers wherein each of the node identifiers identifies a respective node of the plurality of other nodes; the server receiving said request message from the first node; and
in response to receiving said request message;the server creating a virtual and temporary second node, which is executable within said server; the server generating a list of temporary node identifiers on the basis of said list of node identifiers such that each of the plurality of nodes becomes identifiable by its respective temporary node identifier; the server communicating the list of temporary node identifiers to the virtual and temporary second node; and
subsequentlythe server sending a first key generating file to the first node and the server communicating a second key generating file to the virtual and temporary second node; the first node starting to process the first key generating file and the virtual and temporary second node starting to process the second key generating file; and
in responsethe first node generating a first intermediate data set and the virtual and temporary second node generating a second intermediate data set; the first node sending the first intermediate data set to the virtual and temporary second node; the virtual and temporary second node comparing bits of the first intermediate data set with corresponding bits of the second intermediate data set; the virtual and temporary second node generating a third intermediate data set based on the bit-by-bit comparison between the first intermediate data set and the second intermediate data set by setting a first value if the compared bits are equal and setting a second value if the compared bits are unequal; the virtual and temporary second node sending the third intermediate data set to the first node; the first node comparing bits of the third intermediate data set with corresponding bits of the first intermediate data set; the first node generating a first cryptographic key based on the bit-by-bit comparison between the third and the first intermediate data set by keeping the value of the bit of the first intermediate data set if the corresponding bit of the third intermediate data set is set to the first value and ignoring the bit of the first intermediate data set if the corresponding bit of the third intermediate data set is set to the second value; the virtual and temporary second node generating a second cryptographic key based on the bit by bit comparison between the first and the second intermediate data set by keeping the value of the bit of the second data set if the corresponding bit of the first intermediate data set is equal and ignoring the bit of the second intermediate data set if the compared bits are unequal, said first and second cryptographic keys being the same; the virtual and temporary second node setting up communication channels between the first node and each of the plurality of other nodes, the virtual and temporary second node using the list of temporary node identifiers for identifying the respective nodes of the plurality of nodes to which communication channels are to be set up; and
in response to the respective communication channels having been set upthe virtual and temporary second node further sending the second cryptographic key to each of the plurality of other nodes; and the first node applying the first cryptographic key and each of the plurality of other nodes applying the second cryptographic key during the communication sessions between the first node and each of the plurality of other nodes. - View Dependent Claims (2)
-
-
3. A method performed by a first node for establishing communication sessions between the first node and a plurality of other nodes, the method comprising:
-
sending a request message to a server for requesting the establishment of secure communication sessions with a plurality of other nodes, the request message including a list of node identifiers wherein each of the node identifiers identifies a respective node of the plurality of other nodes; receiving a first key generating file from the server; starting to process the first key generating file; and
in responsegenerating a first intermediate data set; sending the first intermediate data set to a virtual and temporary second node, the virtual and temporary second node being executable on said server; receiving a third intermediate data set from the virtual and temporary second node; comparing bits of the third intermediate data set with corresponding bits of the first intermediate data set; generating a first cryptographic key based on the bit-by-bit comparison between the third and the first intermediate data set by keeping the value of the bit of the first intermediate data set if the corresponding bit of the third intermediate data set is set to the first value and ignoring the bit of the first intermediate data set if the corresponding bit of the third intermediate data set is set to the second value; and applying the first cryptographic key during the communication sessions between the first node and each of the plurality of other nodes. - View Dependent Claims (4)
-
-
5. A first node for establishing communication sessions between the first node and a plurality of other nodes, the first node comprising:
-
a transmitter; a receiver; a processor; and a memory storing computer program with instructions which, when executed on the processor, cause the first node to; send, by means of the transmitter, a request message to a server for requesting the establishment of secure communication sessions with a plurality of other nodes, the request message including a list of node identifiers wherein each of the node identifiers identifies a respective node of the plurality of other nodes; receive, by means of the receiver, a first key generating file from the server; process the first key generating file; and
in responsegenerate a first intermediate data set; send, by means of the transmitter, the first intermediate data set to a virtual and temporary second node, the virtual and temporary second node being executable on said server; receive, by means of the receiver, a third intermediate data set from the virtual and temporary second node; compare bits of the third intermediate data set with the corresponding bits of the first intermediate data set; generate a first cryptographic key based on the bit-by-bit comparison between the third and the first intermediate data set by keeping the value of the bit of the first intermediate data set if the corresponding bit of the third intermediate data set is set to the first value and ignoring the bit of the first intermediate data set if the corresponding bit of the third intermediate data set is set to the second value; and apply the first cryptographic key during the communication sessions between the first node and each of the plurality of other nodes.
-
-
6. A method performed by a server for establishing communication sessions between a first node and a plurality of other nodes, the method comprising:
-
receiving a request message from the first node for requesting the establishment of secure communication sessions between the first node and a plurality of other nodes, the request message including a list of node identifiers wherein each of the node identifiers identifies a respective node of the plurality of other nodes; in response to receiving said request message; creating a virtual and temporary second node, which is executable within said server; generating a list of temporary node identifiers on the basis of said list of node identifiers such that each of the plurality of nodes becomes identifiable by its respective temporary node identifier; and
subsequentlysending a first key generating file to the first node and also communicating a second key generating file to the virtual and temporary second node; executing the virtual and temporary second node on the server and the virtual and temporary second node thereby; starting to process the second key generating file; and
in responsegenerating a second intermediate data set; receiving a first intermediate data set from the first node; comparing bits of the first intermediate data set with corresponding bits of the second intermediate data set; generating a third intermediate data set based on the bit-by-bit comparison between the first intermediate data set and the second intermediate data set by setting a first value if the compared bits are equal and setting a second value if the compared bits are unequal; sending the third intermediate data set to the first node; generating a second cryptographic key based on the bit by bit comparison between the first and the second intermediate data set by keeping the value of the bit of the second data set if the corresponding bit of the first intermediate data set is equal and ignoring the bit of the second intermediate data set if the compared bits are unequal; setting up communication channels between the first node and each of the plurality of other nodes, the virtual and temporary second node using the list of temporary node identifiers for identifying the respective nodes of the plurality of nodes to which communication channels are to be set up;
in response to the respective communication channels having been set upsending the second cryptographic key to each of the plurality of other nodes for subsequent application by each of the plurality of other nodes during the communication sessions between the first node and each of the plurality of other nodes. - View Dependent Claims (7)
-
-
8. A server for establishing communication sessions between a first node and a plurality of other nodes, the server comprising:
-
a transmitter; a receiver; a processor; and a memory storing computer program with instructions which, when executed on the processor, cause the server to; receive, by means of the receiver, a request message from the first node for requesting the establishment of secure communication sessions between the first node and a plurality of other nodes, the request message including a list of node identifiers wherein each of the node identifiers identifies a respective node of the plurality of other nodes; in response to receiving said request message create a virtual and temporary second node, which is executable within said server; generate a list of temporary node identifiers on the basis of said list of node identifiers such that each of the plurality of nodes becomes identifiable by its respective temporary node identifier; and
subsequentlysend, by means of the transmitter, a first key generating file to the first node; and communicate a second key generating file to the virtual and temporary second node; execute the virtual and temporary second node on the server and the virtual and temporary second node thereby; process the second key generating file; and
in responsegenerate a second intermediate data set; receive, by means of the receiver, a first intermediate data set from the first node; compare bits of the first intermediate data set with the corresponding bits of the second intermediate data set; generate a third intermediate data set based on the bit-by-bit comparison between the first intermediate data set and the second intermediate data set by setting a first value if the compared bits are equal and setting a second value if the compared bits are unequal; send, by means of the transmitter, the third intermediate data set to the first node; generate a second cryptographic key based on the bit by bit comparison between the first and the second intermediate data set by keeping the value of the bit of the second data set if the corresponding bit of the first intermediate data set is equal and ignoring the bit of the second intermediate data set if the compared bits are unequal; set up communication channels between the first node and each of the plurality of other nodes, the virtual and temporary second node using the list of temporary node identifiers for identifying the respective nodes of the plurality of nodes to which communication channels are to be set up;
in response to the respective communication channels having been set upsend, by means of the transmitter, the second cryptographic key to each of the plurality of other nodes for subsequent application by each of the plurality of other nodes during the communication sessions between the first node and each of the plurality of other nodes.
-
-
9. A method performed by a node for establishing a communication session between said node and a first node, the method comprising:
-
receiving a communication set-up request message from a virtual and temporary second node, which is executable on a server; in response to receiving said communication set-up request message returning a response message for requesting a node identifier of the virtual and temporary second node; receiving said node identifier of the virtual and temporary second node from the server, comparing the received node identifier with stored node identifiers;
in response theretosending a non-acknowledgement message to the server when the received node identifier does not match a stored node identifier;
otherwiseauthenticating the virtual and temporary second node when the received node identifier matches a stored node identifier and sending an acknowledgement message to the server; and
in responsereceiving a second cryptographic key from the virtual and temporary second node; and applying the second cryptographic key during a communication session with the first node. - View Dependent Claims (10)
-
-
11. A node for establishing a communication session between said node and a first node;
- the node comprising;
a transmitter; a receiver; a processor; and a memory storing computer program with instructions which, when executed on the processor, cause the node to; receive, by means of the receiver, a communication set-up request message from a virtual and temporary second node, which is executable on a server; in response to receiving said communication set-up request message return, by means of the transmitter, a response message for requesting a node identifier of the virtual and temporary second node; receive, by means of the receiver, said node identifier of the virtual and temporary second node from the server, compare the received node identifier with stored node identifiers;
in response theretosend, by means of the transmitter, a non-acknowledgement message to the server when the received node identifier does not match a stored node identifier;
otherwiseauthenticate the virtual and temporary second node when the received node identifier matches a stored node identifier; send, by means of the transmitter, an acknowledgement message to the server; and
in responsereceive, by means of the receiver, a second cryptographic key from the virtual and temporary second node; and apply the second cryptographic key during a communication session with the first node.
- the node comprising;
Specification