ESTABLISHING A UNIQUE END-TO-END MANAGEMENT KEY
First Claim
Patent Images
1. A method comprising:
- receiving a connection request from a first station at a second station, the connection request comprising a first pseudo-random number associated with the first station;
generating a second pseudo-random number associated with the second station;
communicating an end-to-end management key request to an authorization server, the end-to-end management key request comprising at least the second pseudo random number associated with the second station;
receiving a second response communication comprising an end-to-end management key and a second nonce;
authenticating the end-to-end management key based on the second pseudo-random number included in the second response communication.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for communicating and authenticating end-to-end management keys to stations to facilitate communications between stations in the network. A nonce based upon a pseudo-random number generated by the station(s) can be included with the end-to-end management key (EMK). The station(s) can compare the nonce to the generated pseudo-random number to authenticate the EMK.
148 Citations
20 Claims
-
1. A method comprising:
-
receiving a connection request from a first station at a second station, the connection request comprising a first pseudo-random number associated with the first station; generating a second pseudo-random number associated with the second station; communicating an end-to-end management key request to an authorization server, the end-to-end management key request comprising at least the second pseudo random number associated with the second station; receiving a second response communication comprising an end-to-end management key and a second nonce; authenticating the end-to-end management key based on the second pseudo-random number included in the second response communication. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method comprising:
-
receiving at least one end-to-end management key request, the at least one end-to-end management key request comprising a first nonce associated with a first station and a second nonce associated with a second station; encrypting a first end-to-end management key response, the first end-to-end management key response comprising an end-to-end management key and a first nonce encrypted using a first device access key associated with the first station; encrypting an second end-to-end management key response, the second end-to-end management key response comprising an end-to-end management key and a second nonce encrypted using a second device access key associated with the second station; communicating the first and second end-to-end management key responses to the first and second stations, respectively. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A system comprising:
-
a first station operable to originate a connection request to a second station, the connection request comprising a first pseudo-random number; the second station operable to receive the connection request, and to generate an end-to-end management key request comprising the first pseudo-random number and a second pseudo-random number associated with the second station; and an authorization server operable to receive the end-to-end management key request and to provide a first response and a second response, the first response comprising an end-to-end management key and a first nonce encrypted using a first device access key associated with the first station, and the second response comprising the end-to-end management key and a second nonce encrypted using a second device access key associated with the second station; wherein the first station is operable to authenticate the first response based upon identifying the first pseudo-random number, and the second station is operable to authenticate the second response based upon identifying the second pseudo-random number. - View Dependent Claims (13, 14, 15)
-
-
16. A system comprising:
-
an authorization server operable to provide an end-to-end management key to facilitate communications between a first station and a second station, wherein the authorization server has a device access key associated with the first station and a device access key associated with the second station; wherein the authorization server is further operable to receive a first nonce associated with the first station, and to receive a second nonce associated with the second station; wherein the authorization server is further operable to send a first encrypted message to the first station, the first encrypted messing being encrypted using the device access key associated with the first station and including the first station nonce and the end-to-end management key, and to send a second encrypted message to the second station, the second encrypted message being encrypted using the device access key associated with the second station and including the second station nonce and the end-to-end management key. - View Dependent Claims (17, 18, 19, 20)
-
Specification