Secure Telemetric Link

US 20080044025A1
Filed: 07/26/2007
Published: 02/21/2008
Est. Priority Date: 08/18/2006
Status: Active Grant

First Claim

Patent Images

1. In a telecommunications network having at least first and second nodes in communication with each other, a method of making secure at least one communication between the at least first and second nodes during a communication session, comprising the steps of:

assigning to each node a device key unique to each node within the network;

assigning to the network a network key;

establishing a communication session between the at least first and second nodes;

providing the first node with an arbitrary number;

providing to the first node the second node'"'"'s device key in a manner not subject to unauthorized discovery;

securing a first communication with the second node'"'"'s device key and the arbitrary number;

transmitting the first communication to the second node;

decrypting at the second node the first communication using the second node'"'"'s device key and the arbitrary number;

upon verifying at the second node that the first communication was secured with the second node'"'"'s device key and the arbitrary number, providing the first node with the network key; and

securing a second communication among the at least first and second nodes using the network key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communications protocol is used to provide data privacy, message integrity, message freshness, and user authentication to telemetric traffic, such as to and from implantable medical devices in a body area network. In certain embodiments, encryption, message integrity, and message freshness are provided through use of token-like nonces and ephemeral session-keys derived from device identification numbers and pseudorandom numbers.

40 Citations

View as Search Results

13 Claims

1. In a telecommunications network having at least first and second nodes in communication with each other, a method of making secure at least one communication between the at least first and second nodes during a communication session, comprising the steps of:
- assigning to each node a device key unique to each node within the network;
  
  assigning to the network a network key;
  
  establishing a communication session between the at least first and second nodes;
  
  providing the first node with an arbitrary number;
  
  providing to the first node the second node'"'"'s device key in a manner not subject to unauthorized discovery;
  
  securing a first communication with the second node'"'"'s device key and the arbitrary number;
  
  transmitting the first communication to the second node;
  
  decrypting at the second node the first communication using the second node'"'"'s device key and the arbitrary number;
  
  upon verifying at the second node that the first communication was secured with the second node'"'"'s device key and the arbitrary number, providing the first node with the network key; and
  
  securing a second communication among the at least first and second nodes using the network key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of making secure the at least one communication between the at least first and second nodes during a communication session of claim 1, wherein the arbitrary number is a pseudorandom number.
  - 3. The method of making secure the at least one communication between the at least first and second nodes during a communication session of claim 1, wherein the arbitrary number is generated by a computer-implemented method of arbitrary number generation, comprising the steps of:
    - generating a first intermediate number as a function of both a reference key and a nonce; and
      
      generating the arbitrary number as a function of the first intermediate value, an initialization number, and the reference key.
  - 4. The method of making secure the at least one communication between the at least first and second nodes during a communication session of claim 3, wherein at least one of the reference key and the initialization number is arbitrary.
  - 5. The method of making secure the at least one communication between the at least first and second nodes during a communication session of claim 4, wherein at least one of the reference key and the initialization number is a pseudorandom number.
  - 6. The method of making secure the at least one communication between the at least first and second nodes during a communication session of claim 5, wherein the arbitrary number is a pseudorandom number.
  - 7. The method of making secure the at least one communication between the at least first and second nodes during a communication session of claim 6, wherein the arbitrary number is a function of the reference key and the result of a bitwise modulo-2 addition of the first intermediate value and the initialization number.
  - 8. The method of making secure the at least one communication between the at least first and second nodes during a communication session of claim 7, wherein the arbitrary number is generated by encrypting the result of the bitwise modulo-2 addition of the first intermediate value and the initialization number with the reference key.
  - 9. The method of making secure the at least one communication between the at least first and second nodes during a communication session of claim 8, wherein encrypting the result of the bitwise modulo-2 addition of the first intermediate value and the initialization number with the reference key is implemented using a block cipher.
  - 10. The method of making secure the at least one communication between the at least first and second nodes during a communication session of claim 3, wherein the method of arbitrary number generation further comprises the step of updating the initialization number with the arbitrary number.
  - 11. The method of making secure the at least one communication between the at least first and second nodes during a communication session of claim 1, wherein the arbitrary number is generated by a computer-implemented method of arbitrary number generation, comprising the steps of:
    - generating a first intermediate number as a function of both a reference key and a nonce;
      
      generating a second intermediate number as a function of the first intermediate value, an initialization number, and the reference key; and
      
      generating the arbitrary number as a function of the first intermediate value, the second intermediate value, and the reference key.

12. A secure wireless network comprising at least two nodes, wherein at least one of the at least two nodes comprises a programmable processor and a computer-readable storage element, wherein the computer-readable storage element contains instructions for causing the programmable processor to perform a method of arbitrary number generation, comprising the steps of:
- generating a first intermediate number as a function of both a reference key and a nonce;
  
  generating a second intermediate number as a function of the first intermediate value, an initialization number, and the reference key;
  
  generating an arbitrary number as a function of the first intermediate value, the second intermediate value, and the reference key; and
  
  securing with the arbitrary number a communication to be transmitted between the at least two nodes.
- View Dependent Claims (13)
- - 13. The secure wireless network of claim 12, further comprising a physical token, wherein at least one of the physical token and the at least two nodes comprises the programmable processor and the computer-readable storage element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Medtronic Incorporated (Medtronic Plc)
Original Assignee
Medtronic Incorporated (Medtronic Plc)
Inventors
Corndorf, Eric D.

Granted Patent

US 7,940,933 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/270
CPC Class Codes

G06F 7/582   Pseudo-random number genera...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2209/88   Medical equipments

H04L 9/0631   Substitution permutation ne...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0844   with user authentication or...

H04L 9/0891   Revocation or update of sec...

H04L 9/3234   involving additional secure...

Secure Telemetric Link

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

40 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Telemetric Link

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links