AD-HOC NETWORK KEY MANAGEMENT

US 20080046732A1
Filed: 08/15/2006
Published: 02/21/2008
Est. Priority Date: 08/15/2006
Status: Active Grant

First Claim

Patent Images

1. In an ad hoc network comprising a first node, a second node, and a third node and an intermediate node along a communication path between the first node and at least one of the second node and the third node, wherein the first node and the second node share a first shared secret key, wherein the first node and the third node share a second shared secret key, a method for establishing a temporal key shared by the second node and the third node, the method comprising:

generating a unique key at the first node;

encrypting the unique key with first shared secret key to generate a first encrypted unique key and transmitting the first encrypted unique key to the second node;

encrypting the unique key with second shared secret key to generate a second encrypted unique key and transmitting the second encrypted unique key to the third node;

decrypting the first encrypted unique key at the second node to generate the unique key at the second node;

decrypting the second encrypted unique key at the third node to generate the unique key at the third node; and

using the unique key to establish the temporal key shared only by the second node and the third node, wherein the temporal key is used to protect communications between the second node and the third node.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An ad hoc network includes a first node, a second node, and a third node. The first node and second node share a first shared secret key, and the first node and third node share a second shared secret key. The second node and third node share a temporal key. The first node generates a unique key, encrypts the unique key with a first shared secret key to generate a first encrypted unique key and transmits the first encrypted unique key to the second node. The first node encrypts the unique key with a second shared secret key to generate a second encrypted unique key and transmits the second encrypted unique key to the third node. To establish the temporal key, the second node decrypts the first encrypted unique key and the third node decrypts the second encrypted unique key thereby each generating the unique key.

83 Citations

View as Search Results

20 Claims

1. In an ad hoc network comprising a first node, a second node, and a third node and an intermediate node along a communication path between the first node and at least one of the second node and the third node, wherein the first node and the second node share a first shared secret key, wherein the first node and the third node share a second shared secret key, a method for establishing a temporal key shared by the second node and the third node, the method comprising:
- generating a unique key at the first node;
  
  encrypting the unique key with first shared secret key to generate a first encrypted unique key and transmitting the first encrypted unique key to the second node;
  
  encrypting the unique key with second shared secret key to generate a second encrypted unique key and transmitting the second encrypted unique key to the third node;
  
  decrypting the first encrypted unique key at the second node to generate the unique key at the second node;
  
  decrypting the second encrypted unique key at the third node to generate the unique key at the third node; and
  
  using the unique key to establish the temporal key shared only by the second node and the third node, wherein the temporal key is used to protect communications between the second node and the third node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, wherein the unique key comprises a pair-wise master key, and wherein using the third shared secret key to establish a temporal key shared only by the second node and the third node, comprises:
    - using the pair-wise master key during a shared-secret-based mutual authentication protocol between the second node and the third node to derive the temporal key shared only by the second node and the third node.
  - 3. The method according to claim 1, wherein the shared-secret-based mutual authentication protocol comprises an IEEE 802.11i four-way handshake.
  - 4. The method according to claim 1, wherein generating a unique key at the first node, comprises:
    - using a pseudo-random number generator to randomly generate the unique key.
  - 5. The method according to claim 1, wherein generating a unique key at the first node, comprises:
    - calculating the unique key message authentication code by hashing at least two of;
      
      an input, the first shared secret key and the second shared secret key.
  - 6. The method according to claim 1, wherein the ad hoc network further comprises an authentication server, and wherein the first node comprises an access point coupled to the authentication server.
  - 7. The method according to claim 6, wherein the method further comprises:
    - deriving the first shared secret key via an authentication protocol between the authentication server and the second node; and
      
      deriving the second shared secret key via an authentication protocol between the authentication server and the third node.
  - 8. The method according to claim 1, further comprising:
    - using the temporal key to encrypt data communication between the second node and the third node.
  - 9. The method according to claim 1, wherein the unique key is retained on the second node and the third node, and wherein the second node and the third node re-establish the temporal key to encrypt communication between the second node and the third node after a period elapses since the most recent communication between the second node and the third node.
  - 10. The method according to claim 1, wherein the intermediate node can not determine the unique key

11. An ad hoc network, comprising:
- a first node configured to generate a unique key;
  
  a second node, wherein the first node and the second node share a first shared secret key;
  
  a third node, wherein the first node and the third node share a second shared secret key; and
  
  an intermediate node along a communication path between the first node and at least one of the second node and the third node,wherein the first node is further configured to encrypt the unique key with first shared secret key to generate a first encrypted unique key and transmitting the first encrypted unique key to the second node,wherein the first node is further configured to encrypt the unique key with second shared secret key to generate a second encrypted unique key and transmitting the second encrypted unique key to the third node,wherein the second node is further configured to decrypt the encrypted unique key to generate the unique key,wherein the third node is further configured to decrypt the encrypted unique key to generate the unique key,wherein the second node and the third node are further configured to use the unique key to establish a temporal key shared only by the second node and the third node, andwherein the temporal key is used to protect communications between the second node and the third node.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The ad hoc network according to claim 11, wherein the unique key comprises a pair-wise master key, and wherein the second node and the third node are further configured to use the pair-wise master key during a shared-secret-based mutual authentication protocol between the second node and the third node to derive the temporal key shared only by the second node and the third node.
  - 13. The ad hoc network according to claim 11, wherein the shared-secret-based mutual authentication protocol comprises an IEEE 802.11i four-way handshake.
  - 14. The ad hoc network according to claim 11, wherein the first node, comprises:
    - a pseudo-random number generator configured to randomly generate the unique key.
  - 15. The ad hoc network according to claim 11, wherein the first node, comprises:
    - a processor configured to calculate the unique key by hashing at least two of;
      
      an input, the first shared secret key and the second shared secret key
  - 16. The ad hoc network according to claim 11, wherein the first node comprises an access point, and wherein the ad hoc network further comprises:
    - an authentication server coupled to the access point.
  - 17. The ad hoc network according to claim 16, wherein the authentication server and the second node derive the first shared secret key via an authentication protocol between the authentication server and the second node, and wherein the authentication server and the third node derive the second shared secret key via an authentication protocol between the authentication server and the third node.
  - 18. The ad hoc network according to claim 11, wherein the second node and the third node use the temporal key to encrypt data communication between the second node and the third node.
  - 19. The ad hoc network according to claim 11, wherein the unique key is retained on the second node and the third node, and wherein the second node and the third node re-establish the temporal key to encrypt communication between the second node and the third node after a period elapses since the most recent communication between the second node and the third node.
  - 20. The ad hoc network according to claim 11, wherein the intermediate node can not determine the unique key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Motorola Solutions, Inc.
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Metke, Anthony R., Fu, Zhi, Eastlake, Donald E.

Granted Patent

US 7,793,103 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

G06Q 20/3674   involving authentication

H04L 2209/80   Wireless network architectu...

H04L 63/068   using time-dependent keys, ...

H04L 9/083   involving central third par...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0891   Revocation or update of sec...

H04W 12/50   Secure pairing of devices

H04W 84/18   Self-organising networks, e...

AD-HOC NETWORK KEY MANAGEMENT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

83 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AD-HOC NETWORK KEY MANAGEMENT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links