HIERARCHICAL DETERMINISTIC PAIRWISE KEY PREDISTRIBUTION SCHEME

US 20090129599A1
Filed: 06/19/2007
Published: 05/21/2009
Est. Priority Date: 06/22/2006
Status: Active Grant

First Claim

Patent Images

1. A security system for a hierarchical network including L hierarchical levels each corresponding to a security domain comprising:

a plurality of local network nodes;

a keying material generator which generates correlated sets of keying material for each network node, which each keying material set includes L keying material sub-sets, each corresponding to an associated security domain; and

a set up server which distributes the generated keying material sets to each network node to enable the network nodes to communicate with one another at a security domain of a hierarchical level k by using a corresponding sub-set of keying material.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security system for a hierarchical network (10) includes L hierarchical levels each corresponding to a security domain level (16), and a plurality of local network nodes (A, B, . . . , Z). A keying material generator (24) generates a set (30) of correlated keying material for each network node. Each set (30) of keying material is composed of L sub-sets (32) of keying material one for each security domain level (16). A set up server (34) distributes the generated sets (30) of keying material to each network node (A, B, . . . , Z) to enable the network nodes (A, B, . . . , Z) to communicated with one another at a security domain of a hierarchical level k by a use of a corresponding sub-set (32) of the security keying material.

32 Citations

View as Search Results

26 Claims

1. A security system for a hierarchical network including L hierarchical levels each corresponding to a security domain comprising:
- a plurality of local network nodes;
  
  a keying material generator which generates correlated sets of keying material for each network node, which each keying material set includes L keying material sub-sets, each corresponding to an associated security domain; and
  
  a set up server which distributes the generated keying material sets to each network node to enable the network nodes to communicate with one another at a security domain of a hierarchical level k by using a corresponding sub-set of keying material.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system as set forth in claim 1, wherein the network includes:
    - a first level security domain associated with an enterprise;
      
      a second level security domain associated with each hospital within the enterprise; and
      
      a third level security domain associated with each department within each hospital.
  - 3. The system as set forth in claim 1, wherein the network nodes are programmed to communicate with one another at the lowest level common security domain.
  - 4. The system as set forth in claim 1, wherein the network nodes communicate with one another via at least a normal communication mode and an unusual communication mode.
  - 5. The system as set forth in claim 4, wherein the normal communication mode includes communicating by the sub-set of keying material corresponding to the lowest level security domain L.
  - 6. The system as set forth in claim 5, wherein the unusual communication mode includes communicating at a different level security domain than the lowest level security domain L.
  - 7. The system as set forth in claim 4, further including:
    - a security administrator from which the network nodes are programmed to request a permission to communicate in the unusual communication mode.
  - 8. The system as set forth in claim 1, wherein each network node includes a set of L identifiers which each identifier includes a device identifier and a security domain identifier corresponding to an associated security domain level of the L level infrastructure for the network devices to mutually authenticate one another.
  - 9. The system as set forth in claim 1, wherein the network nodes include at least one of physiological condition monitors, controllable medication dosing devices, and PDAs.
  - 10. A network node with keying material, that enables communicating at a plurality of hierarchical levels, for use in the system of claim 1.

11. A method of hierarchical security management comprising:
- generating correlated sets of keying material for each network node which each set includes L keying material sub-sets each corresponding to a security domain associated with one of a plurality of hierarchical levels L;
  
  distributing the generated keying material sets to the network nodes; and
  
  establishing communications between the network nodes at a common security domain of a hierarchical level k by a corresponding sub-set of the keying material.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method as set forth in claim 11, wherein the step of establishing includes:
    - establishing normal communications at the common security domain level which coincides with the lowest hierarchical level L.
  - 13. The method as set forth in claim 12, further including:
    - establishing unusual communications at the common security domain which is different from the lowest hierarchical level L.
  - 14. The method as set forth in claim 13, further including:
    - prior to establishing unusual communications, requesting a permission.
  - 15. The method as set forth in claim 11, wherein each network node includes a set of L identifiers which each includes a device identifier and a security domain identifier corresponding to an associated hierarchical level for the network devices to mutually authenticate one another.
  - 16. The method as set forth in claim 11, wherein the network nodes include at least one of physiological condition monitors, controllable medication dosing devices, and PDAs.
  - 17. A network having a plurality of nodes programmed for performing the method of claim 11.
  - 18. A node used in the method of claim 11.
  - 19. A set up server used to distribute the sets of the keying material in the method of claim 11.

20. A network device including:
- a predistributed set of keying material each including at least;
  
  a lowest level keying material sub-set associated with a lowest level security domain, anda higher level keying material sub-set associated with a higher level security domain,the network device is programmed to authenticate other network devices at the lowest level common security domain and communicate with one another with the sub-set associated with the lowest level common security domain.
- View Dependent Claims (21, 22, 23)
- - 21. The network device as set forth in claim 20, wherein the lowest level sub-set of the keying material is used to communicate in a common security domain which corresponds to the lowest level L of hierarchy of a hierarchical structure.
  - 22. The network device as set forth in claim 21, wherein the network device is programmed to request permission to communicate at a security domain level which does not correspond to the lowest level L of hierarchy of the hierarchical structure.
  - 23. A network including a plurality of the network devices according to claim 20.

24. A network comprising:
- a plurality of first network devices which communicate with each other in a first lower level security domain and with other devices in a higher level security domain; and
  
  a plurality of second network devices which communicate with each other but not with the first network devices in a second lower level security domain different from the first lower level security domain and with the first network devices in the higher level security domain.
- View Dependent Claims (25, 26)
- - 25. The network as set forth in claim 24, wherein the first and second network devices further can communicate with other devices in an upper level security domain different from the first, second and higher level security domains and further including:
    - a plurality of third network devices which communicate with each other but not with the first and second network devices in a third level lower security domain different from the first and second level lower security domains, with network devices other than the first and second network devices in a second level higher security domain, and with the first and second domain network devices in the upper level security domain.
  - 26. The network as set forth in claim 24, wherein:
    - the first network devices have a predistributed set of first lower level keys associated with the first lower level security domain and higher level keys associated with the higher level security domain;
      
      the second network devices have a predistributed set of second lower level keys associated with the second lower level security domain and higher level keys associated with the higher level security domain;
      
      the first and second network devices being programmed to authenticate other network devices in the lowest common level security domain and communicate with one another with the key associated with the lowest level common security domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Koninklijke Philips Electronics N.V. (Koninklijke Philips N.V.)
Original Assignee
Koninklijke Philips N.V.
Inventors
Baldus, Heribert, Garcia, Oscar

Granted Patent

US 8,189,791 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/279
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 2209/88   Medical equipments

H04L 63/062   for key distribution, e.g. ...

H04L 63/065   for group communications cr...

H04L 63/105   Multiple levels of security

H04L 67/12   specially adapted for propr...

H04L 9/083   involving central third par...

H04W 12/04   Key management, e.g. using ...

H04W 12/086   using security domains

H04W 4/38   for collecting sensor infor...

H04W 84/18   Self-organising networks, e...

HIERARCHICAL DETERMINISTIC PAIRWISE KEY PREDISTRIBUTION SCHEME

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

HIERARCHICAL DETERMINISTIC PAIRWISE KEY PREDISTRIBUTION SCHEME

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others