NETWORK ENCRYPTION KEY ROTATION

US 20080298590A1
Filed: 01/09/2008
Published: 12/04/2008
Est. Priority Date: 06/04/2007
Status: Active Grant

First Claim

Patent Images

1. A key rotation method comprising:

providing a key counter for key rotation at a station;

sending a key rotation communication to the station, the key rotation communication comprising a new network encryption key and an adjusted key counter, the key rotation communication being encrypted using a network membership key associated with the station;

wherein a station key counter is operable to be compared to the adjusted key counter to determine the authenticity of the key rotation communication.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for authenticating key rotation communications. Key rotation communications can include a key counter known to both a headend device and a station. Comparison between a local key counter and the key counter included in the key rotation communication can be used to authenticate the key rotation communication.

154 Citations

View as Search Results

24 Claims

1. A key rotation method comprising:
- providing a key counter for key rotation at a station;
  
  sending a key rotation communication to the station, the key rotation communication comprising a new network encryption key and an adjusted key counter, the key rotation communication being encrypted using a network membership key associated with the station;
  
  wherein a station key counter is operable to be compared to the adjusted key counter to determine the authenticity of the key rotation communication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 20)
- - 2. The method of claim 1, further comprising incrementing the key counter based upon a function.
  - 3. The method of claim 2, wherein the function is operable to increase the key counter by one each time the key counter is adjusted.
  - 4. The method of claim 2, wherein the function comprises a non-linear function, wherein the non-linear function is known to an authentication server and to a plurality of authorized stations.
  - 5. The method of claim 2, wherein the function is operable to increase the key counter by a fixed amount each time the key counter is adjusted.
  - 6. The method of claim 2, further comprising providing the function to the station.
  - 7. The method of claim 6, wherein the function is provided using a secure mechanism.
  - 8. The method of claim 1, wherein the key counter is provided using a secure mechanism.
  - 9. The method of claim 1, further comprising providing an initial network encryption key.
  - 10. The method of claim 9, wherein the key counter is provided at the same time as the initial network encryption key.
  - 20. The method of claim 1, wherein the key counter is provided using a secure mechanism.

11. A method comprising:
- receiving an initial key counter;
  
  receiving a key rotation communication comprising a new network key and a remotely incremented key counter;
  
  locally incrementing the initial key counter;
  
  comparing the remotely incremented key counter and the locally incremented key counter;
  
  determining the authenticity of the key rotation communication based upon the comparison.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, wherein the initial key counter is provided with a current network key.
  - 13. The method of claim 12, wherein the new network key replaces the initial key based upon determination of the authenticity of the key rotation communication.
  - 14. The method of claim 11, wherein locally incrementing the initial key counter comprises using a function to increment the initial key counter.
  - 15. The method of claim 11, wherein the function is operable to increase the key counter by one each time the key counter is adjusted.
  - 16. The method of claim 14, wherein the function comprises a non-linear function, wherein the non-linear function is known to an authentication server and to a plurality of authorized stations.
  - 17. The method of claim 14, wherein the function is operable to increase the key counter by a fixed amount each time the key counter is adjusted.
  - 18. The method of claim 14, further comprising providing the function to the station.
  - 19. The method of claim 18, wherein the function is provided using a secure mechanism.

21. A key rotation system comprising:
- a network key generation module operable to generate a current network key; and
  
  a network key distribution module operable to distribute the current network key to a station, wherein the network key distribution module is further operable to include a current key counter with the current network key and to encrypt the current network key and current key counter using a network membership key, the network membership key being associated with the station;
  
  wherein the station is operable to authenticate the current network key based upon the current key rotation based upon a previously received key counter.
- View Dependent Claims (22, 23)
- - 22. The system of claim 21, further comprising a key counter incrementing module operable to increment a key counter to produce the current key counter.
  - 23. The system of claim 21, further comprising a key store operable to store the network membership key associated with the station and a key counter associated with the station.

24. A key authentication system, comprising:
- an interface operable to receive a key rotation communication from a headend device;
  
  a decryption module operable to decrypt the key rotation communication to derive a new key and a headend key counter;
  
  a local key counter incrementing module operable to produce a locally incremented key counter based upon a previous key counter;
  
  an authentication module operable to authenticate the key rotation communication based upon a comparison between the headend key counter derived from the key rotation communication and the locally produced incremented key counter.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm Atheros Incorporated (Qualcomm, Inc.)
Original Assignee
Intellon Corporation (Qualcomm, Inc.)
Inventors
YONGE, LAWRENCE W. III, KATAR, SRINIVAS, KRISHNAM, MANJUNAH

Granted Patent

US 8,989,379 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/258
CPC Class Codes

H04B 2203/5445   Local network

H04L 12/2801   Broadband local area networks

H04L 12/2856   Access arrangements, e.g. I...

H04L 12/413   with random access, e.g. ca...

H04L 12/44   Star or tree networks

H04L 45/12   Shortest path evaluation

H04L 45/121   by minimising delays

H04L 45/122   by minimising distances, e....

H04L 45/123   Evaluation of link metrics ...

H04L 45/125   based on throughput or band...

H04L 45/16   Multipoint routing

H04L 47/787   Bandwidth trade among domains

NETWORK ENCRYPTION KEY ROTATION

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

154 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

NETWORK ENCRYPTION KEY ROTATION

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

154 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others