Mobile-ad-hoc network including node authentication features and related methods

US 20040015689A1
Filed: 07/17/2002
Published: 01/22/2004
Est. Priority Date: 07/17/2002
Status: Active Grant

First Claim

Patent Images

1. A mobile ad-hoc network comprising:

a first node for generating an authentication request, said first node having a first public key and a first private key associated therewith; and

a second node having a second public key and a second private key associated therewith;

said first node receiving a certificate of authenticity responsive to the authentication request, the certificate of authenticity being generated by a certifying authority and comprising the second public key, the certifying authority having a public authentication key and a private authentication key associated therewith and generating the certificate of authenticity using the private authentication key;

said first node decrypting the certificate of authenticity using the public authentication key and verifying that the second public key belongs to said second node based upon the decrypted certificate of authenticity;

said first node sending challenge data to said second node upon verification that the second public key belongs to said second node;

said second node encrypting the challenge data using the second private key and returning the encrypted challenge data back to said first node;

said first node decrypting the encrypted challenge data using the verified second public key and authenticating said second node if the decryption of the encrypted challenge data yields the original challenge data.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile ad-hoc network may include a first node having a first public key and a first private key associated therewith for generating an authentication request. The network may also include a second node having a second public key and a second private key associated therewith for receiving the authentication request and returning a certificate of authenticity including the second public key to the first node. Upon verifying that the second public key belongs to the second node, the first node may send challenge data to the second node, and the second node may encrypt the challenge data using the second private key and return the encrypted challenge data back to the first node. The first node may thus decrypt the encrypted challenge data using the verified second public key and authenticate the second node if the decryption of the encrypted challenge data yields the original challenge data.

77 Citations

View as Search Results

42 Claims

1. A mobile ad-hoc network comprising:
- a first node for generating an authentication request, said first node having a first public key and a first private key associated therewith; and
  
  a second node having a second public key and a second private key associated therewith;
  
  said first node receiving a certificate of authenticity responsive to the authentication request, the certificate of authenticity being generated by a certifying authority and comprising the second public key, the certifying authority having a public authentication key and a private authentication key associated therewith and generating the certificate of authenticity using the private authentication key;
  
  said first node decrypting the certificate of authenticity using the public authentication key and verifying that the second public key belongs to said second node based upon the decrypted certificate of authenticity;
  
  said first node sending challenge data to said second node upon verification that the second public key belongs to said second node;
  
  said second node encrypting the challenge data using the second private key and returning the encrypted challenge data back to said first node;
  
  said first node decrypting the encrypted challenge data using the verified second public key and authenticating said second node if the decryption of the encrypted challenge data yields the original challenge data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The mobile ad-hoc network of claim 1 wherein the certificate of authenticity further comprises a node identification (ID) of the second node.
  - 3. The mobile ad-hoc network of claim 2 wherein said first node verifies the second public key belongs to said second node by:
    - processing the second node ID and the second public key to create a digest; and
      
      comparing the digest with the decrypted certificate of authenticity to verify that the second public key belongs to said second node.
  - 4. The mobile ad-hoc network of claim 3 wherein said first node processes the second node ID and the second public key using a hashing algorithm.
  - 5. The mobile ad-hoc network of claim 1 wherein said first node sends a session key encrypted with the second public key to said second node for use with subsequent data transfers therebetween upon authenticating said second node.
  - 6. The mobile ad-hoc network of claim 5 wherein the session key comprises a random session key.
  - 7. The mobile ad-hoc network of claim 1 wherein said first node terminates the authentication of said second node after a predetermined period.
  - 8. The mobile ad-hoc network of claim 1 wherein the challenge data comprises randomly generated challenge data.
  - 9. The mobile ad-hoc network of claim 1 wherein the certificate of authenticity further comprises a time of authentication by said certifying authority.
  - 10. The mobile ad-hoc network of claim 1 wherein said first and second nodes communicate using the direct source routing (DSR) protocol.
  - 11. The mobile ad-hoc network of claim 1 wherein said first and second nodes transfer message data therebetween upon authentication of said second node by said first node.
  - 12. The mobile ad-hoc network of claim 1 wherein said first node sends the authentication request to said second node, and wherein said second node returns the certificate of authenticity to said first node responsive thereto.

13. A mobile ad-hoc network comprising:
- a first node for generating an authentication request, said first node having a first public key and a first private key associated therewith; and
  
  a second node having a second public key and a second private key associated therewith, said second node for receiving the authentication request and returning a certificate of authenticity to said first node generated by a certifying authority and comprising the second public key, the certifying authority having a public authentication key and a private authentication key associated therewith and generating the certificate of authenticity using the private authentication key;
  
  said first node decrypting the certificate of authenticity using the public authentication key and verifying that the second public key belongs to said second node based upon the decrypted certificate of authenticity;
  
  said first node sending challenge data to said second node upon verification that the second public key belongs to said second node;
  
  said second node encrypting the challenge data using the second private key and returning the encrypted challenge data back to said first node;
  
  said first node decrypting the encrypted challenge data using the verified second public key and authenticating said second node if the decryption of the encrypted challenge data yields the original challenge data;
  
  said first node sending a session key encrypted with the second public key to said second node upon authenticating said second node;
  
  said first and second nodes also transferring message data therebetween using the session key.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The mobile ad-hoc network of claim 13 wherein the certificate of authenticity further comprises a node identification (ID) of the second node.
  - 15. The mobile ad-hoc network of claim 14 wherein said first node verifies the second public key belongs to said second node by:
    - processing the second node ID and the second public key to create a digest; and
      
      comparing the digest with the decrypted certificate of authenticity to verify that the second public key belongs to said second node.
  - 16. The mobile ad-hoc network of claim 15 wherein said first node processes the second node ID and the second public key using a hashing algorithm.
  - 17. The mobile ad-hoc network of claim 13 wherein the session key comprises a random session key.
  - 18. The mobile ad-hoc network of claim 13 wherein said first node terminates the authentication of said second node after a predetermined period.
  - 19. The mobile ad-hoc network of claim 13 wherein the challenge data comprises randomly generated challenge data.
  - 20. The mobile ad-hoc network of claim 13 wherein the certificate of authenticity further comprises a time of authentication by said certifying authority.
  - 21. The mobile ad-hoc network of claim 13 wherein said first and second nodes communicate using the direct source routing (DSR) protocol.

22. A mobile ad-hoc network node having a first public key and a first private key associated therewith and comprising:
- a wireless communications device; and
  
  a controller cooperating with said wireless communication device for establishing a wireless communications link to an unauthenticated node having a second public key and a second private key associated therewith, said controller also for generating and sending an authentication request to the unauthenticated node via the wireless communications link, receiving a certificate of authenticity from the unauthenticated node via the wireless communications link, the certificate of authenticity being generated by a certifying authority and comprising the second public key, the certifying authority having a public authentication key and a private authentication key associated therewith and generating the certificate of authenticity using the private authentication key, decrypting the certificate of authenticity using the public authentication key and verifying that the second public key belongs to the unauthenticated node based upon the decrypted certificate of authenticity, sending challenge data to the unauthenticated node via the wireless communications link upon verification that the second public key belongs to the unauthenticated node, receiving encrypted challenge data from the unauthenticated node via the wireless communications link and decrypting the encrypted challenge data using the verified second public key, and authenticating the unauthenticated node if the decryption of the encrypted challenge data yields the original challenge data.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The mobile ad-hoc network node of claim 22 wherein the certificate of authenticity further comprises a node identification (ID) of the unauthenticated node.
  - 24. The mobile ad-hoc network node of claim 23 wherein said controller verifies the second public key belongs to the unauthenticated node by:
    - processing the unauthenticated node ID and the second public key to create a digest; and
      
      comparing the digest with the decrypted certificate of authenticity to verify that the second public key belongs to said second node.
  - 25. The mobile ad-hoc network node of claim 22 wherein said controller sends a session key encrypted with the second public key to the unauthenticated node via the wireless communications link for use with subsequent data transfers therebetween upon authenticating the unauthenticated node.
  - 26. The mobile ad-hoc network node of claim 22 wherein said controller terminates the authentication of said second node after a predetermined period.

27. A mobile ad-hoc network node having a public key and a private key associated therewith and comprising:
- a wireless communications device; and
  
  a controller for cooperating with said wireless communications device for receiving an authentication request from an authenticating node, returning a certificate of authenticity to the authenticating node based upon the authentication request, the certificate of authenticity being generated by a certifying authority and comprising the public key, receiving challenge data from the authenticating node and encrypting the challenge data using the private key, and returning the encrypted challenge data back to the authenticating node.
- View Dependent Claims (28, 29, 30)
- - 28. The mobile ad-hoc network node of claim 27 wherein said controller further cooperates with said wireless communications device to receive a session key encrypted with the public key from the authenticating node after returning the encrypted challenge data for use in data transfers therebetween.
  - 29. The mobile ad-hoc network node of claim 27 wherein the session key comprises a random session key.
  - 30. The mobile ad-hoc network node of claim 27 wherein the challenge data comprises randomly generated challenge data.

31. A node authentication method for a mobile ad-hoc network comprising a plurality of nodes, the method comprising:
- generating an authentication request at a first node having a first public key and a first private key associated therewith to authenticate a second node having a second public key and a second private key associated therewith;
  
  receiving a certificate of authenticity responsive to the authentication request at the first node, the certificate of authenticity being generated by a certifying authority and comprising the second public key, the certifying authority having a public authentication key and a private authentication key associated therewith and generating the certificate of authenticity using the private authentication key;
  
  decrypting the certificate of authenticity at the first node using the public authentication key and verifying that the second public key belongs to the second node based upon the decrypted certificate of authenticity;
  
  sending challenge data from the first node to the second node upon verification that the second public key belongs to the second node;
  
  encrypting the challenge data at the second node using the second private key and returning the encrypted challenge data back to the first node; and
  
  decrypting the encrypted challenge data at the first node using the verified second public key and authenticating the second node if the decryption of the encrypted challenge data yields the original challenge data.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 32. The method of claim 31 wherein the certificate of authenticity further comprises a node identification (ID) of the second node.
  - 33. The method of claim 32 wherein verifying that the second public key belongs to the second node comprises:
    - processing the second node ID and the second public key to create a digest; and
      
      comparing the digest with the decrypted certificate of authenticity to verify that the second public key belongs to the second node.
  - 34. The method of claim 33 wherein processing comprises processing the second node ID and the second node public key using a hashing algorithm.
  - 35. The method of claim 31 further comprising sending a session key encrypted with the second public key from the first node to the second node for use with subsequent data transfers therebetween upon authenticating the second node.
  - 36. The method of claim 35 wherein the session key comprises a random session key.
  - 37. The method of claim 31 further comprising terminating the authentication of the second node after a predetermined period.
  - 38. The method of claim 31 wherein the challenge data comprises randomly generated challenge data.
  - 39. The method of claim 31 wherein the certificate of authenticity further comprises a time of authentication by the certifying authority.
  - 40. The method of claim 31 wherein the first and second nodes communicate using the direct source routing (DSR) protocol.
  - 41. The method of claim 31 further comprising transferring message data between the first and second nodes upon authentication of the second node by the first node.
  - 42. The method of claim 31 further comprising sending the authentication request to the second node;
    - and wherein receiving the certificate of authenticity comprises receiving the certificate of authenticity from the second node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Stingray IP Solutions LLC (Acacia Research Corporation)
Original Assignee
Harris Corporation (L3Harris Technologies, Inc.)
Inventors
Billhartz, Thomas Jay

Granted Patent

US 7,581,095 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

Mobile-ad-hoc network including node authentication features and related methods

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

77 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile-ad-hoc network including node authentication features and related methods

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

77 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links