SECURE WIRELESS INSTRUMENTATION NETWORK SYSTEM

US 20080130902A1
Filed: 10/09/2007
Published: 06/05/2008
Est. Priority Date: 04/10/2006
Status: Active Grant

First Claim

Patent Images

1. A secure wireless instrumentation network system comprising:

a secure trust center; and

one or more of member wireless devices; and

wherein;

the secure trust center provides a birth key (BK) via a protected link to a non-member wireless device;

the non-member wireless device uses the BK key to provide a first secure link which is used to send a request for membership to the secure trust center requesting that the non-member wireless device become a member wireless device; and

provided that the secure trust center authenticates the request for membership, the secure trust center considers the non-member device to be a member device. the protected link is not cryptographically protected;

the protected link has limited exposure to eavesdropping;

each secure link is cryptographically protected using a unique cryptographic key from the secure trust center; and

the secure trust center maintains a record of cryptographic keys.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present system having a secure wireless infrastructure with a key server acting as a key distribution center. The key server may be the core of the network, securely admitting new nodes or devices, deploying and updating keys and authorizing secure communications sessions. The system may also share secure keying information with a new device not already a member of a secure wireless network. The keying information may be used for authentication or encryption or both, and may be provided to the new device in a manner or mode which is not susceptible to exposure outside of the secure network. The keying information shared with the new device may be regarded as a birth key. Then the new device may send a birth key encrypted request to join the secure network via an exposed communication mode. The key server may respond with a birth key encrypted key encryption key.

Citations

25 Claims

1. A secure wireless instrumentation network system comprising:
- a secure trust center; and
  
  one or more of member wireless devices; and
  
  wherein;
  
  the secure trust center provides a birth key (BK) via a protected link to a non-member wireless device;
  
  the non-member wireless device uses the BK key to provide a first secure link which is used to send a request for membership to the secure trust center requesting that the non-member wireless device become a member wireless device; and
  
  provided that the secure trust center authenticates the request for membership, the secure trust center considers the non-member device to be a member device. the protected link is not cryptographically protected;
  
  the protected link has limited exposure to eavesdropping;
  
  each secure link is cryptographically protected using a unique cryptographic key from the secure trust center; and
  
  the secure trust center maintains a record of cryptographic keys.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, wherein the secure trust center sends a key encryption key (KEK) via the first secure link to the device.
  - 3. The system of claim 2, wherein:
    - each of one or more member wireless devices uses its KEK to provide a second secure link with the secure trust center that replaces the first secure link with the secure trust center; and
      
      the KEK of each of one or more member wireless devices is different from the KEK of another one or more member wireless devices.
  - 4. The system of claim 3, wherein:
    - the secure trust center provides a session key (SK) to two or more member wireless devices, via each second secure link respectively of each of the two or more member wireless devices;
      
      the SK provided to the two or more member wireless devices is used to provide a third secure link between the two or more wireless devices; and
      
      each instance of the BK, KEK and SK comprises data that is unpredictable by an attacker.

5. A secure wireless instrumentation network system comprising:
- a secure trust center;
  
  one or more of member wireless devices; and
  
  a liaison device; and
  
  wherein;
  
  cryptographic information is transferred from the secure trust center via a first protected link or a first secure link to the liaison device;
  
  the liaison device transfers a birth key (BK) via a second protected link to a non-member wireless device;
  
  the non-member wireless device uses the BK from the liaison device to provide a second secure link which is specific to that device and which is used to send a request for membership to the secure trust center requesting that the non-member wireless device become a member wireless device;
  
  the first and second protected links are not cryptographically protected;
  
  the first and second protected links have limited exposure to eavesdropping; and
  
  the first, second, third and fourth secure links are cryptographically protected with a unique cryptographic key from the secure trust center.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The system of claim 5, wherein:
    - provided the secure trust center authenticates the request for membership, the secure trust center now considers the non-member device to be a member device and sends a key encryption key (KEK) via the second secure link to the device;
      
      each of one or more member wireless devices uses the KEK to provide a third secure link with the secure trust center which is specific to that device and which replaces the second secure link with the secure trust center; and
      
      the KEK of each of one or more member wireless devices is different from the KEK of each of the other one or more member wireless devices.
  - 7. The system of claim 6, wherein:
    - the secure trust center provides a session key (SK) to a pair of two or more member wireless devices;
      
      the SK is unique for each pair of devices;
      
      the SK is used to provide a fourth secure link between the two or more wireless devices and which fourth secure link is specific to that pair of devices;
      
      the SK is provided either via each third secure link respectively of each of the two or more member wireless devices, or via a device-specific secure link between the secure trust center and each member device that is based on a unique session key for the device that is delivered and managed using the third secured link;
      
      each instance of the KGK, BK, KEK and SK comprises data that is unpredictable by an attacker; and
      
      the secure trust center maintains a record of one or more KGKs, BKs, KEKs and/or SKs.
  - 8. The system of claim 6, wherein:
    - a key generation key (KGK) is transferred from the secure trust center via a first protected link or a first secure link to the liaison device;
      
      the BK from the liaison device to the non-member wireless device is derived from the KGK from the secure trust center to the liaison device by the liaison device;
      
      the liaison device is portable;
      
      the liaison device comprises a BK memory;
      
      the liaison device securely erases the BK memory after providing a BK to a non-member device;
      
      the liaison device, after providing each BK, uses a one-way function to transform the KGK into a new KGK that is used to generate the next BK;
      
      each KGK is securely erased after the respective KGK is used to generate a BK and a new KGK; and
      
      the one-way function is such that it is computationally very difficult to derive any of the erased KGKs from the current KGK.
  - 9. The system of claim 7, wherein either the third secure link or the session between the device and the secure trust center is used to manage SKs.
  - 10. The system of claim 7, wherein:
    - the SK is updated with a new key that is unpredictable by an attacker;
      
      a condition for the SK to be updated comprises a configurable period between SK updates; and
      
      the configurable period is at least partially a function of time lapsed during a present SK, a number of messages sent under the SK, an amount of data sent under the SK, a request by the secure trust center, or a request by a member wireless device.
  - 11. The system of claim 7, wherein the secure trust center can request that a member wireless device stop using a secure link between the member and a previously trusted device that is no longer considered a member by the secure trust center.
  - 12. The system of claim 9, wherein the secure trust center sends a copy of each KEK encrypted under a backup key to another secure trust center.

13. A method for establishing a secured wireless instrumentation network, comprising:
- providing a key server;
  
  providing a liaison device;
  
  conveying cryptographic information from the key server to the liaison device;
  
  transferring the cryptographic information or derivations thereof that originated at the key server from the liaison device to a new node;
  
  utilizing the cryptographic information to authenticate communication between the new node and the key server, to indicate that the new node has authorization to be included in the secured network; and
  
  maintaining a record of the cryptographic information at the key server; and
  
  wherein the transferring the cryptographic information uses a communication path not susceptible to interception at a distance.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The method of claim 13, further comprising transmitting a key encryption key (KEK) from the key server to the new node for future communication purposes, encrypted and authenticated using prior shared cryptographic information.
  - 15. The method of claim 13, wherein:
    - the liaison device uses a one-way function to derive new cryptographic information;
      
      the one-way function has a property such that it is computationally very difficult to derive any previously derived cryptographic information using current cryptographic information; and
      
      the liaison device, after delivering some of the current cryptographic information to a new node, and after generating a next set of cryptographic information, securely erases the current cryptographic information including cryptographic information transmitted to the new node thereby reducing a threat to the system should the liaison device be captured by an attacker.
  - 16. The method of claim 14, further comprising:
    - establishing a secured communication session between two or more nodes requesting to communicate with each other; and
      
      wherein the secured communication session has one or more of the session attributes of message content confidentiality, message content integrity,message source authenticity, and message sequence integrity.
  - 17. The method of claim 16, wherein the establishing a secured communication session comprises the key server creating a unique session key (SK) specifically for use between the two or more nodes requesting to communicate with each other, and securely communicating the SK with those nodes via prior shared cryptographic information such as previously-shared individual KEKs or via a device-specific secure link between the key server and each member device that is based on a unique session key for a device that is delivered and managed using communications secured using the KEK.
  - 18. The method of claim 17, further comprising an updating the SK key periodically and redistributing the SK to two or more nodes requesting to communicate with each other.
  - 19. The method of claim 18, wherein a period of time passing between each updating of the SK is configurable.
  - 20. The method of claim 18, wherein an the updating of the SK occurs as a result of events such as a passage of time, a number of messages sent using the SK, a total amount of data sent using the SK, or a requested update by the key server or an authorized node.
  - 21. The method of claim 18, further comprising the key server removing one or more no-longer-trusted devices from participation in a secured communication session by individually and securely sending to each trusted device a request that the trusted device cease using the current SK in the session, and providing a new SK key to be used in a new session.

22. A secure wireless network system comprising:
- a wireless network;
  
  a key server linked to the wireless network; and
  
  a liaison device that serves to transport unique secure information from the key server to new nodes; and
  
  wherein;
  
  the new nodes are able to connect to the liaison device;
  
  the key server is configured to authenticate the new nodes on the wireless network, transmit and assign a key encryption key (KEK) to each of the new nodes for communication purposes, and/or maintain a record of KEKs assigned to the new nodes;
  
  the liaison device at one time is connected to the key server and at later times is connected to the new nodes, the liaison device configured to receive the unique secure information from the key server and transmit the unique secure information or derived unique secure information to the new nodes via a protected link; and
  
  the new nodes are configured to receive the unique secure information from the liaison device, utilize the unique secure information for verification purposes, and receive the key encryption key for future secure communication with the key server.
- View Dependent Claims (23, 24, 25)
- - 23. The system of claim 22, wherein the new nodes are further configured to transmit a request to the key server requesting the establishment of a communication session between the requesting new node and one or more authenticated nodes.
  - 24. The system of claim 23, wherein:
    - the key server is further configured to receive the request, create a session key (SK) specific to the request, and transmit the SK to each of the nodes involved in the session using secure communications with the key server; and
      
      the key server is further configured to update the SK periodically and transmit the updated SK key to each of the requesting new nodes involved in the session.
  - 25. The system of claim 24, wherein the key server is further configured to detect or be informed of a possible compromise of network security at a particular device and is configured to request trusted member wireless devices halt any sessions with the compromised device resulting in an ending of the communication sessions with the compromised device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Foo Kune, Denis, Gonia, Patrick S., Kimball, Joseph John, Phinney, Thomas L.

Granted Patent

US 7,936,878 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/286
CPC Class Codes

H04L 2209/80   Wireless

H04L 2463/061   applying further key deriva...

H04L 2463/062   applying encryption of the ...

H04L 63/062   for key distribution, e.g. ...

H04L 63/065   for group communications cr...

H04L 63/08   for authentication of entit...

H04L 63/18   using different networks or...

H04L 67/12   specially adapted for propr...

H04L 9/0822   using key encryption key

H04L 9/083   involving central third par...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0891   Revocation or update of sec...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/069   using certificates or pre-s...

SECURE WIRELESS INSTRUMENTATION NETWORK SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE WIRELESS INSTRUMENTATION NETWORK SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links