Dynamic domain key exchange for authenticated device to device communications
First Claim
1. A method for secure message exchanges between vehicles in an autonomous domain using i) a domain key agent, a wireless supplicant, and a domain keystore at a first and second vehicle, ii) a domain key service and a wireless authenticator at a domain key broker, iii) a domain key factory service at a remote domain key distribution center, and iv) an enrollment service at a remote enrollment server, the method comprising:
- scanning, by the wireless supplicant on each the first and second vehicle, a wireless network for the autonomous domain by a service set identifier (SSID) and channel for the autonomous domain;
retrieving, by the domain key agent on each the first and second vehicle, a group public key, a member private key, and a member certificate from the domain keystore for the SSID;
discovering, by the domain key agent on each the first and second vehicle, the wireless authenticator on the domain key broker;
authenticating each the first and second vehicle, by the domain key agent on each the first and second vehicle respectively, with the wireless authenticator on the domain key broker;
listening, on an authentication port by the domain key service for authentication requests from the wireless authenticator on the domain key broker to validate a vehicle certificate;
querying, by the domain key agent on each the first and second vehicle from the wireless authenticator on the domain key broker, a domain key service address and service port for the autonomous domain;
listening, on the service port by the domain key service for registration requests from the domain key agent on each a first and a second vehicle, for the group public key, the member private key and the member certificate;
processing, by the domain key service the received registration request, and sending a group public key and a member private key request to the domain key factory service for generation of a domain group public key and a domain member private key associated with a vehicle unique identifier of each the first and second vehicles;
processing, by the domain key service the received registration request, and sending an enrollment request to the enrollment service for a member certificate associated with the vehicle unique identifier of each the first and second vehicles;
receiving, by the domain key agent on each the first vehicle and second vehicle from the domain key service, the domain group public key, the domain member private key and the member certificate associated with the vehicle unique identifier in response to the registration request;
sending, by the domain key agent on at least one of the first and second registered vehicles, a message signed using the domain member private key to another registered vehicle in the domain; and
verifying, by the domain key agent on at least one of the first and second registered vehicles, a received signed message from the other registered vehicle within the domain using the domain group public key.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of dynamically generating a domain based public group key and private member keys using a domain key agent, a domain key service of a domain key broker, and a domain key distribution center. The method includes: sending to the domain key service of a domain key broker a request for a private member key for the domain, wherein the request includes proof of possession of a vehicle private key associated with a vehicle certificate and a vehicle public key; receiving from the domain key service a private member key and a public group key; sending a message digitally signed using the member private key; verifying the digital signature on the received message using the public group key; and dynamically renewing the public group key and private member key based on the domain.
20 Citations
4 Claims
-
1. A method for secure message exchanges between vehicles in an autonomous domain using i) a domain key agent, a wireless supplicant, and a domain keystore at a first and second vehicle, ii) a domain key service and a wireless authenticator at a domain key broker, iii) a domain key factory service at a remote domain key distribution center, and iv) an enrollment service at a remote enrollment server, the method comprising:
-
scanning, by the wireless supplicant on each the first and second vehicle, a wireless network for the autonomous domain by a service set identifier (SSID) and channel for the autonomous domain; retrieving, by the domain key agent on each the first and second vehicle, a group public key, a member private key, and a member certificate from the domain keystore for the SSID; discovering, by the domain key agent on each the first and second vehicle, the wireless authenticator on the domain key broker; authenticating each the first and second vehicle, by the domain key agent on each the first and second vehicle respectively, with the wireless authenticator on the domain key broker; listening, on an authentication port by the domain key service for authentication requests from the wireless authenticator on the domain key broker to validate a vehicle certificate; querying, by the domain key agent on each the first and second vehicle from the wireless authenticator on the domain key broker, a domain key service address and service port for the autonomous domain; listening, on the service port by the domain key service for registration requests from the domain key agent on each a first and a second vehicle, for the group public key, the member private key and the member certificate; processing, by the domain key service the received registration request, and sending a group public key and a member private key request to the domain key factory service for generation of a domain group public key and a domain member private key associated with a vehicle unique identifier of each the first and second vehicles; processing, by the domain key service the received registration request, and sending an enrollment request to the enrollment service for a member certificate associated with the vehicle unique identifier of each the first and second vehicles; receiving, by the domain key agent on each the first vehicle and second vehicle from the domain key service, the domain group public key, the domain member private key and the member certificate associated with the vehicle unique identifier in response to the registration request; sending, by the domain key agent on at least one of the first and second registered vehicles, a message signed using the domain member private key to another registered vehicle in the domain; and verifying, by the domain key agent on at least one of the first and second registered vehicles, a received signed message from the other registered vehicle within the domain using the domain group public key. - View Dependent Claims (2, 3, 4)
-
Specification