Establishing secure peer networking in trust webs on open networks using shared secret device key

US 20030044020A1
Filed: 09/06/2001
Published: 03/06/2003
Est. Priority Date: 09/06/2001
Status: Active Grant

First Claim

Patent Images

1. A process of configuring a networked computing device for operation via a peer networking connectivity protocol in a trust web of peer devices on an open networking medium, the process comprising:

configuring the networked computing device to accept communications in a peer networking connectivity protocol when encrypted with a device-specific symmetric encryption key unique to the networked computing device, the peer networking connectivity protocol having a re-keying command operative to configure the networked computing device with a new symmetric encryption key so as to accept communication in the peer networking connectivity protocol when encrypted with the new symmetric encryption key;

on deployment of the networked computing device on the open networking medium of an end user'"'"'s network, entering the device-specific symmetric encryption key into a user control point device running a management utility;

causing the user control point device to transmit the re-keying command of the peer networking connectivity protocol encrypted with the device-symmetric encryption key to the networked computing device, the transmitted re-keying command specifying a group symmetric encryption key of the trust web of peer devices as the new symmetric encryption key, whereby the networked computing device is configured to interoperate with the peer devices in the trust web on the end user'"'"'s network via the peer networking connectivity protocol encrypted with the group symmetric encryption key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A trust web keying process provides secure peer networking of computing devices on an open network. A device is initially keyed at distribution to an end user or installer with a device-specific cryptographic key, and programmed to respond only to peer networking communication secured using the device'"'"'s key. The device-specific key is manually entered into a keying device that transmits a re-keying command secured with the device-specific key to the device for re-keying the device with a group cryptographic key. The device then securely peer networks with other devices also keyed with the group cryptographic key, forming a trust web. Guest devices can be securely peer networked with the trust web devices via a trust web gateway.

Citations

13 Claims

1. A process of configuring a networked computing device for operation via a peer networking connectivity protocol in a trust web of peer devices on an open networking medium, the process comprising:
- configuring the networked computing device to accept communications in a peer networking connectivity protocol when encrypted with a device-specific symmetric encryption key unique to the networked computing device, the peer networking connectivity protocol having a re-keying command operative to configure the networked computing device with a new symmetric encryption key so as to accept communication in the peer networking connectivity protocol when encrypted with the new symmetric encryption key;
  
  on deployment of the networked computing device on the open networking medium of an end user'"'"'s network, entering the device-specific symmetric encryption key into a user control point device running a management utility;
  
  causing the user control point device to transmit the re-keying command of the peer networking connectivity protocol encrypted with the device-symmetric encryption key to the networked computing device, the transmitted re-keying command specifying a group symmetric encryption key of the trust web of peer devices as the new symmetric encryption key, whereby the networked computing device is configured to interoperate with the peer devices in the trust web on the end user'"'"'s network via the peer networking connectivity protocol encrypted with the group symmetric encryption key.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The process of claim 1 comprising:
    - distributing the networked computing device together with an indication of the device-specific symmetric encryption key for entry into the user control point device.
  - 3. The process of claim 1 comprising:
    - labeling the networked computing device with the device-specific symmetric encryption key for commercial distribution.
  - 4. The process of claim 1 comprising:
    - on activation of a reset function of the networked computing device, configuring the networked computing device with its original device-specific symmetric encryption key.
  - 5. The process of claim 1 in which the group symmetric encryption key is changed, the process comprising:
    - when the group symmetric key is to be changed, causing the user control point device to transmit the re-keying command of the peer networking connectivity protocol encrypted with a current instance of the group symmetric key to the networked computing device, such re-keying command specifying a new instance of the group symmetric encryption key for the trust web of peer devices as the new symmetric encryption key of the networked computing device, whereby the networked computing device is configured to interoperate with other peer devices also configured with the new instance of the group symmetric key; and
      
      upon the networked computing device receiving a communication in the peer networking connectivity protocol from another peer device that is encrypted with the current instance of the group symmetric key, transmitting the re-keying command of the peer networking connectivity protocol encrypted with the current instance of the group symmetric key from the networked computing device to said other peer device, such re-keying command specifying the new instance of the group symmetric encryption key as the new symmetric encryption key of the networked computing device, whereby the other peer device also is configured to interoperate in the trust web with the new instance of the group symmetric key.

6. In a trust web of peer networked computing devices each keyed with a first group symmetric key so as to encrypt their communications in a peer networking connectivity protocol using the group symmetric key and restrict their response to any such communications received from other devices to such communications encrypted using the group symmetric key, a method of mass re-keying the peer networked computing devices to use a second group symmetric key, the method comprising:
- transmitting a first re-key command specifying the second group symmetric key and encrypted using the first group symmetric key to at least one of the peer networked computing devices, thereby causing said at least one peer networked computing devices to be re-keyed with the second group symmetric key; and
  
  thereafter, in response to a communication in the peer networking connectivity protocol encrypted using the first group symmetric key from another of the peer networked computing devices to said at least one peer networked computing devices, transmitting a further re-key command specifying the second group symmetric key and encrypted using the first group symmetric key from any of said at least one peer networked computing devices to said other peer networked computing device, thereby causing said other peer networked computing device to be re-keyed with the second group symmetric key.

7. A networked computing device for configuring to operate in a trust web of peer devices on an open networking medium, the peer devices communicating via an encrypted peer networking connectivity protocol using a group symmetric encryption key, the networked computing device comprising:
- a peer networking connectivity protocol layer operating to transmit and receive communications per the peer networking connectivity protocol with peer devices;
  
  an encryption layer operating to encrypt and decrypt the communications with peer devices;
  
  a symmetric key configuration of the encryption layer initially configured with an initial symmetric key specific to the networked computing device; and
  
  a re-keying command interface operative in response to a re-keying command encrypted with the symmetric key configured in the symmetric key configuration to configure the symmetric key configuration with a new symmetric key;
  
  whereby the peer networking device is configurable upon deployment on the open networking medium to operate in the trust web of peer devices by transmitting the re-keying command specifying the group symmetric encryption key as the new symmetric key to the networked computing device.
- View Dependent Claims (8, 9)
- - 8. The networked computing device of claim 7 further comprising programming for a mass re-keying propagation operation operative in response to receipt of a communication per the peer networking connectivity protocol encrypted using a first group symmetric key from another device after the symmetric key configuration is re-configured with a second group symmetric key to transmit a further re-keying command encrypted using the first group symmetric key and specifying configuration with the second group symmetric key to said other device to cause said other device to also be configured with the second group symmetric key.
  - 9. The networked computing device of claim 7 further comprising:
    - a key reset activator; and
      
      programming operative responsive to user activation of the key reset activator for restoring the symmetric key configuration to the initial symmetric key.

10. A group keying device for configuring peer networked computing devices to operate in a trust web on an open networking medium, the peer networked computing devices having a symmetric encryption key configuration providing a symmetric encryption key for communicating via a secure peer networking connectivity protocol, the symmetric encryption key configuration initially configured with a device-specific symmetric encryption key, the group keying device comprising:
- means for acquiring a group symmetric encryption key for the trust web;
  
  means for entering a device-specific symmetric encryption key for a peer networked computing device; and
  
  means for transmitting a re-keying command to the peer networked computing device encrypted using the device-specific symmetric encryption key, the re-keying command configuring the symmetric encryption key configuration of the peer networked computing device with the group symmetric encryption key.
- View Dependent Claims (11)
- - 11. The group keying device of claim 10 further comprising mass group key re-keying means for transmitting a re-keying command to plural peer networked computing devices configured with a current group symmetric encryption key, the re-keying command encrypted using the current group symmetric encryption key and configuring the symmetric key configuration of the plural peer networked computing devices with a new group symmetric encryption key.

12. A trust web gateway device for securely peer networking a guest device keyed for secure peer networking using a device cryptographic key together with a group of trust web member devices keyed for secure peer networking using a trust web cryptographic key, the trust web gateway device comprising:
- cryptographic key storage storing the trust web cryptographic key and the device cryptographic key;
  
  a secure peer networking layer operating to send and receive communication in a peer networking protocol secured using the device cryptographic key and the trust web cryptographic key; and
  
  a secure peer networking translator operating in response to receiving a first communication secured using the device cryptographic key to re-transmit the first communication secured using the trust web cryptographic key, and operating in response to receiving a second communication secured using the trust web cryptographic key to re-transmit the second communication secured using the device cryptographic key.

13. A method for securely peer networking a guest device keyed for secure peer networking using a device cryptographic key together with a group of trust web member devices each keyed for secure peer networking using a trust web cryptographic key, the method comprising:
- providing the device cryptographic key and the trust web cryptographic key to a trust web gateway device;
  
  upon receipt by the trust web gateway device of a communication in a peer networking protocol secured using the device cryptographic key, re-transmitting the communication secured using the trust web cryptographic key; and
  
  upon receipt by the trust web gateway device of a communication in a peer networking protocol secured using the trust web cryptographic key, re-transmitting the communication secured using the device cryptographic key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Aboba, Bernard D., Nixon, Toby L.

Granted Patent

US 7,082,200 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/278
CPC Class Codes

H04L 63/04 for providing a confidentia...

Establishing secure peer networking in trust webs on open networks using shared secret device key

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Establishing secure peer networking in trust webs on open networks using shared secret device key

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links