METHOD AND APPARATUS FOR DYNAMIC, SEAMLESS SECURITY IN COMMUNICATION PROTOCOLS
First Claim
1. A method for providing communication nodes, acting as intermediate routers for communication packets transmitted between a source node and a destination node, with different access rights to the fields of the routed communication packets, the method comprising:
- discovering routes of intermediate routers between the source node and the destination node;
collecting the identities of the intermediate routers on the discovered routes;
computing the aggregate trust levels of the intermediate routers;
selecting a most trusted route of the discovered routes;
computing, and securely distributing, encryption keys to intermediate routers on the most trusted route based on the trust level of the intermediate routers; and
encrypting fields of the communication packets with corresponding encryption keys.
7 Assignments
0 Petitions
Accused Products
Abstract
Communication nodes, acting as intermediate routers for communication packets transmitted between a source node and a destination node, are provided with different access rights to the fields of the routed communication packets. Routes of intermediate routers between the source node and the destination node are discovered and the identities of intermediate routers on the discovered routes are collected. The aggregate trust levels of the intermediate routers are computed allowing the most trusted route to be selected. Encryption keys are securely distributed to intermediate routers on the most trusted route based on the trust level of the intermediate routers and fields of the communication packets are encrypted with encryption keys corresponding to the assigned trust level. Intermediated nodes are thereby prevented from accessing selected fields of the communication packets.
-
Citations
19 Claims
-
1. A method for providing communication nodes, acting as intermediate routers for communication packets transmitted between a source node and a destination node, with different access rights to the fields of the routed communication packets, the method comprising:
-
discovering routes of intermediate routers between the source node and the destination node; collecting the identities of the intermediate routers on the discovered routes; computing the aggregate trust levels of the intermediate routers; selecting a most trusted route of the discovered routes; computing, and securely distributing, encryption keys to intermediate routers on the most trusted route based on the trust level of the intermediate routers; and encrypting fields of the communication packets with corresponding encryption keys. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for secure routing of a communication packet from a source node of a network to a destination node, comprising:
-
distributing a first public encryption key corresponding to a first private encryption key of the source node to an intermediate router of the network and to the destination node; distributing a second public encryption key corresponding to a second private encryption key of the source node to the destination node; encrypting data of the communication packet using the first private key and a second private key of the source node; encrypting a header of the communication packet using the first private key of the source node, the header including routing information; transmitting the communication packet to a first intermediate router; the first intermediate router decrypting the header using the first public key to recover the routing information; the first intermediate router transmitting the communication packet to the destination node in accordance with the routing information; and the destination node decrypting the data using the first public key and second public key. - View Dependent Claims (17, 18)
-
-
19. A communication exchange between an intermediate router and a source node of an ad-hoc network for distributing keys from the source node, the communication exchange comprising:
-
a KEY_REQUEST message for transmission from the intermediate router to the source node, the KEY_REQUEST message comprising; a Key Usage identifier specifying a security procedure for which a key request is made; an identifier of the intermediate router; an identifier of the source node; and a public key of the intermediate router; and a KEY_RESPONSE message for transmission from the source node to the intermediate router in response to the KEY_REQUEST message, the KEY_RESPONSE message comprising; a Trust Level specifying a trust level granted to the intermediate router by the source node; and a security key corresponding to the Trust Level.
-
Specification