Legitimacy verification of a node in a distributed network

US 10,700,860 B2
Filed: 12/13/2017
Issued: 06/30/2020
Est. Priority Date: 12/13/2016
Status: Active Grant

First Claim

Patent Images

1. A method of legitimacy verification of a node in a distributed network, wherein the distributed network comprises a plurality of nodes and a secure element, which are connected to a shared medium of the distributed network, each of the plurality of nodes is provisioned with an identity certificate comprising a serial number, and each serial number is specific to the respective node, said method comprising:

receiving, with the secure element, from one of the plurality of nodes, a request for the legitimacy verification including the serial number, wherein the identity certificate is signed by a certificate authority and includes an indication of membership of receiver nodes;

comparing, with the secure element, the serial number included in the received request with a plurality of serial numbers in a whitelist maintained at the secure element;

transmitting, with the secure element, back to the requesting node, a request response comprising an indication whether or not the serial number is comprised in the whitelist.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to an example, a method and a secure element legitimacy verification of a node in a distributed network is provided. The distributed network comprises a plurality of nodes and a secure element, which are connected to a shared medium of the distributed network. Each of the plurality of nodes is provisioned with an identity certificate comprising a serial number. Each serial number is specific to the respective node. The secure element receives from one of the plurality of nodes a request for legitimacy verification including the serial number. The secure element compares the serial number included in the received request with a plurality of serial numbers comprises in a whitelist maintained at the secure element. The secure element transmits back to the requesting node a request response comprising an indication whether or not the serial number is comprised in the whitelist.

27 Citations

View as Search Results

16 Claims

1. A method of legitimacy verification of a node in a distributed network, wherein the distributed network comprises a plurality of nodes and a secure element, which are connected to a shared medium of the distributed network, each of the plurality of nodes is provisioned with an identity certificate comprising a serial number, and each serial number is specific to the respective node, said method comprising:
- receiving, with the secure element, from one of the plurality of nodes, a request for the legitimacy verification including the serial number, wherein the identity certificate is signed by a certificate authority and includes an indication of membership of receiver nodes;
  
  comparing, with the secure element, the serial number included in the received request with a plurality of serial numbers in a whitelist maintained at the secure element;
  
  transmitting, with the secure element, back to the requesting node, a request response comprising an indication whether or not the serial number is comprised in the whitelist.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - provisioning the secure element with an identity certificate comprising a public key, wherein a private key is associated with the public key andthe request for legitimacy verification further includes a challenge;
      
      generating, with the secure element, a signature using the private key from a sequence comprising the challenge and an error sequence after the serial number included in the received request is not comprised in the whitelist, wherein the request response comprises the signature.
  - 3. The method of claim 2, further comprising:
    - generating, with the secure element, a signature using the private key from a sequence comprising the challenge and the serial number included in the received request after the serial number is comprised in the whitelist, wherein the request response comprises the signature.
  - 4. The method of claim 1, further comprising:
    - mutually authenticating an external server; and
      
      accepting a request to update the whitelist after the mutual authentication.
  - 5. The method of claim 1, further comprising:
    - using the legitimacy verification of a node in a distributed network for legitimacy verification of one or more nodes participating in procedure of updating and distributing secret keys in the distributed network.
  - 6. The method of claim 5, wherein each node of the plurality of nodes is member of at least one group of a plurality of groups, each group is associated with a secret group key, each node of the plurality of nodes stores only the one or more secret group keys, of which it is a member, and the updating and distributing secret keys in the distributed network further comprises:
    - generating, with the first node of the plurality of nodes, an authenticated update key request, wherein the authenticated update key request comprises an indication of a membership, of which the first node is member;
      
      broadcasting, with the first node of the plurality of nodes, the authenticated update key request on the shared medium of the distributed network;
      
      receiving, with each remaining node of the plurality of nodes, the authenticated key update;
      
      performing, with each remaining node of the plurality of nodes, an authentication verification based on the authenticated key update request;
      
      matching, with each remaining node of the plurality of nodes, the respective memberships with the indication of a membership of the first node comprised in the authenticated key update request;
      
      after at least a partial matching of memberships, generating, with each remaining node of the plurality of nodes, an authenticated update key request response, which comprises an indication of the membership of the respective remaining node; and
      
      generating, with each remaining node of the plurality of nodes, an authenticated update key request and broadcasting the authenticated update key request on the shared medium of the distributed network, wherein the authenticated update key request comprises an indication of a membership, of which the respective remaining node is member.
  - 7. The method according to claim 6, further comprising:
    - receiving, with the first node, an authenticated key update request response from the second node, wherein the second node is one of the remaining nodes having detected at least a partial match of the memberships;
      
      performing, with the first node, an authentication verification based on the authenticated key update request;
      
      generating, with the first node, an authenticated key update response including one or more secret keys according to a matching of the membership of the first node and the membership of the second node;
      
      sending, with the first node, the authenticated key update response to the second node via a secure channel.
  - 8. The method of claim 7, further comprising:
    - sending, with the second node, the request for legitimacy verification to the secure element to validate the legitimacy of the first node to be connected to the distributed network.

9. A secure element connected to a shared medium of a distributed network, wherein the secure element is configured to:
- receive from one of the plurality of nodes a request for legitimacy verification including the serial number,compare the serial number included in the received request with a plurality of serial numbers in a whitelist maintained at the secure element, wherein an identity certificate for each serial number of the plurality of serial numbers is signed by a certificate authority and includes an indication of membership of receiver nodes,transmit back to the requesting node a request response comprising an indication whether or not the serial number is comprised in the whitelist.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The secure element of claim 9, wherein the secure element is provisioned with an identity certificate comprising a public key, a private key associated with the public key, the request for legitimacy verification further includes a challenge, and the secure element is further configured to:
    - generate a signature using the private key from a sequence comprising the challenge and an error sequence after the serial number included in the received request is not comprised in the whitelist, wherein the request response comprises the signature.
  - 11. The secure element of claim 10, wherein the secure element is further configured to:
    - generate a signature using the private key from a sequence comprising the challenge and the serial number included in the received request after the serial number is comprised in the whitelist, wherein the request response comprises the signature.
  - 12. The secure element of claim 11, wherein the secure element is further configured tomutually authenticate an external server,accept a request to update the whitelist after the mutual authentication.
  - 13. The secure element of claim 12, wherein the legitimacy verification of the node in the distributed network is used for legitimacy verification of one or more nodes participating in procedure of updating and distributing secret keys in the distributed network.

14. A system comprising a plurality of nodes and a secure element connected to a shared medium of a distributed network, wherein each node of the plurality of nodes is a member of at least one group of a plurality of groups, each group is associated with a secret group key, each node of the plurality of nodes stores only the secret group keys of each group of which it is a member, and for updating and distributing secret keys in the distributed network, the first node is configured to:
- generate an authenticated update key request, wherein the authenticated update key request comprises an indication of a membership, of which the first node is member;
  
  broadcast the authenticated update key request on the shared medium of the distributed network, wherein each remaining node of the plurality of nodes is configured to;
  
  receive the authenticated key update;
  
  perform an authentication verification based on the authenticated key update request;
  
  match the respective memberships with the indication of a membership of the first node comprised in the authenticated key update request wherein an identity certificate is signed by a certificate authority and includes an indication of membership of receiver nodes;
  
  after a partial matching of memberships, generate an authenticated update key request response, which comprises an indication of the membership of the respective remaining node; and
  
  generate an authenticated update key request and broadcasting the authenticated update key request on the shared medium of the distributed network, wherein the authenticated update key request comprises an indication of a membership, of which the respective remaining node is member, wherein for legitimacy verification of a node in a distributed network the secure element is configured to;
  
  receive from one of the plurality of nodes a request for legitimacy verification including the serial number,compare the serial number included in the received request with a plurality of serial numbers comprises in a whitelist maintained at the secure element, andtransmit back to the requesting node a request response comprising an indication whether or not the serial number is comprised in the whitelist.
- View Dependent Claims (15, 16)
- - 15. The system according to claim 14, wherein the first node is further configured to:
    - receive an authenticated key update request response from the second node, after the second node has detected at least a partial match of the memberships;
      
      perform an authentication verification based on the authenticated key update request;
      
      generate an authenticated key update response including one or more secret keys according to a matching of the membership of the first node and the membership of the second node; and
      
      send the authenticated key update response to the second node via a secure channel.
  - 16. The system according to claim 15, wherein the authenticated key update request response comprises the node authenticity related information relating to the second node, and the first node is further configured to:
    - perform an authentication verification based on the node authenticity related information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP B.V. (NXP Semiconductors NV)
Original Assignee
NXP B.V. (NXP Semiconductors NV)
Inventors
Walrant, Thierry G. C.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Wyszynski, Aubrey H

Application Number

US15/839,860
Publication Number

US 20180167393A1
Time in Patent Office

930 Days
Field of Search

726 7
US Class Current
CPC Class Codes

H04L 2012/40215   Controller Area Network CAN

H04L 63/065   for group communications cr...

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 63/0884   by delegation of authentica...

H04L 63/101   Access control lists [ACL]

H04L 63/12   Applying verification of th...

H04L 63/126   the source of the received ...

H04L 9/0822   using key encryption key

H04L 9/0833   involving conference or gro...

H04L 9/0861   Generation of secret inform...

H04L 9/0891   Revocation or update of sec...

H04L 9/30   Public key, i.e. encryption...

H04L 9/321   involving a third party or ...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3242   involving keyed hash functi...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

H04W 12/06 : Authentication

H04W 12/069 : using certificates or pre-s...

H04W 12/12 : Detection or prevention of ...

H04W 12/122 : Counter-measures against at...

View All

Legitimacy verification of a node in a distributed network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

27 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Legitimacy verification of a node in a distributed network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links