Method and apparatus for cryptographic key establishment using an identity based symmetric keying technique
First Claim
1. A method for establishing a cryptographic key between a first node and a second node, comprising:
- sending a first message from the first node to the second node, wherein the first message requests establishing the cryptographic key;
sending a second message from the second node to a key distribution center, wherein the second message includes a first node identifier for the first node, a second node identifier for the second node, and a message authentication code created using a second node key belonging to the second node;
recreating the second node key at the key distribution center, wherein the second node key was previously created using the second node identifier and a secret key known only to the key distribution center;
verifying at the key distribution center the message authentication code in the second message using the second node key; and
if the message authentication code is verified, creating the cryptographic key at the key distribution center, and communicating the cryptographic key to the second node and the first node.
11 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system for establishing a shared cryptographic key between participating nodes in a network. The system operates by sending a first message from the first node to the second node requesting establishment of a shared key. The second node sends a second message containing identifiers and a message authentication code to a key distribution center (KDC). The authentication code is generated using a second node key belonging to the second node. The KDC recreates the previously created second node key using the second node identifier and a secret key known only to the key distribution center. The KDC then verifies the message authentication code using the second node key. If the message authentication code is verified, the KDC creates a shared key for the nodes to use while communicating with each other. The KDC securely communicates this shared key to the participating nodes
111 Citations
21 Claims
-
1. A method for establishing a cryptographic key between a first node and a second node, comprising:
-
sending a first message from the first node to the second node, wherein the first message requests establishing the cryptographic key;
sending a second message from the second node to a key distribution center, wherein the second message includes a first node identifier for the first node, a second node identifier for the second node, and a message authentication code created using a second node key belonging to the second node;
recreating the second node key at the key distribution center, wherein the second node key was previously created using the second node identifier and a secret key known only to the key distribution center;
verifying at the key distribution center the message authentication code in the second message using the second node key; and
if the message authentication code is verified, creating the cryptographic key at the key distribution center, and communicating the cryptographic key to the second node and the first node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for establishing a cryptographic key between a first node and a second node, the method comprising:
-
sending a first message from the first node to the second node, wherein the first message requests establishing the cryptographic key;
sending a second message from the second node to a key distribution center, wherein the second message includes a first node identifier for the first node, a second node identifier for the second node, and a message authentication code created using a second node key belonging to the second node;
recreating the second node key at the key distribution center, wherein the second node key was previously created using the second node identifier and a secret key known only to the key distribution center;
verifying at the key distribution center the message authentication code in the second message using the second node key; and
if the message authentication code is verified, creating the cryptographic key at the key distribution center, and communicating the cryptographic key to the second node and the first node. - View Dependent Claims (19)
-
-
20. An apparatus that facilitates establishing a cryptographic key between a first node and a second node, comprising:
-
a first sending mechanism that is configured to send a first message from the first node to the second node, wherein the first message requests establishing the cryptographic key;
a second sending mechanism that is configured to send a second message from the second node to a key distribution center, wherein the second message includes a first node identifier for the first node, a second node identifier for the second node, and a message authentication code created using a second node key belonging to the second node;
a key recreating mechanism that is configured to recreate the second node key at the key distribution center, wherein the second node key was previously created using the second node identifier and a secret key known only to the key distribution center;
a first verifying mechanism at the key distribution center that is configured to verify the message authentication code in the second message using the second node key;
a creating mechanism that is configured to create the cryptographic key at the key distribution center; and
a communicating mechanism that is configured to communicate the cryptographic key to the second node and the first node. - View Dependent Claims (21)
-
Specification