KEY MANAGEMENT FOR COMMUNICATION NETWORKS

US 20090296924A1
Filed: 06/30/2008
Published: 12/03/2009
Est. Priority Date: 05/30/2008
Status: Active Grant

First Claim

Patent Images

1. A method for key management in a communications network, comprising:

carrying out a public key authentication scheme between a security controller and a plurality of nodes to establish a plurality of node-to-security-controller (NSC) keys, the NSC keys respectively associated with the plurality of nodes and used for secure communication between the security controller and the respective nodes.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the present invention relates to a method for key management in a communications network. In this method, a public key authentication scheme is carried out between a security controller and a plurality of nodes to establish a plurality of node-to-security-controller (NSC) keys. The NSC keys are respectively associated with the plurality of nodes and are used for secure communication between the security controller and the respective nodes. Other methods and devices are also disclosed.

33 Citations

View as Search Results

28 Claims

1. A method for key management in a communications network, comprising:
- carrying out a public key authentication scheme between a security controller and a plurality of nodes to establish a plurality of node-to-security-controller (NSC) keys, the NSC keys respectively associated with the plurality of nodes and used for secure communication between the security controller and the respective nodes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - receiving at the security controller a communication request from a first of the plurality of nodes, where the communication request specifies at least a second node with which the first node desires to communicate;
      
      encryptedly transmitting from the security controller a session secret to the first and second nodes, respectively, using the NSC keys associated with the first and second nodes, respectively.
  - 3. The method of claim 1, further comprising:
    - receiving at the security controller a communication request from a first of the plurality of nodes, where the communication request specifies a session secret and at least a second node with which the first node desires to communicate;
      
      encryptedly transmitting from the security controller the session secret to the second node using an NSC key associated with the second node.
  - 4. The method of claim 1, further comprising:
    - receiving at the security controller a communication request from a first of the plurality of nodes, where the communication request specifies at least a second node with which the first node desires to communicate;
      
      encryptedly transmitting the communication request from the security controller to the second node using an NSC key associated with the second node; and
      
      receiving a response from the second node at the security controller, where the response includes a session secret and is encrypted with the NSC key associated with the second node.
  - 5. The method of claim 1, further comprising:
    - receiving a first message from a first of the plurality of nodes, anddecrypting the first message with a first NSC key associated with the first node to obtain a first modular exponentiation result.
  - 6. The method of claim 5, further comprising:
    - encrypting the first modular exponentiation result with a second NSC key associated with a second of the plurality of nodes;
      
      transmitting the encrypted first modular exponential result to the second node.
  - 7. The method of claim 6, further comprising:
    - receiving a second message from the second node, anddecrypting the second message with the second NSC key to obtain a second modular exponentiation result that may be different from the first exponentiation result.
  - 8. The method of claim 7, further comprising:
    - encrypting the second modular exponentiation result with the first NSC key; and
      
      transmitting the encrypted second modular exponential result to the first node.
  - 9. The method of claim 8:
    - where the first modular exponentiation result relates to a first random number, R_A, at the first node; and
      
      where the second modular exponentiation result relates to a second random number, R_B, at the second node.
  - 10. The method of claim 9, where the first and second nodes use the random number at that respective node along with the modular exponentiation result calculated by the other node to cooperatively determine a shared secret that is confidential from the security controller.
  - 11. The method of claim 10, further comprising:
    - carrying out symmetrically encrypted communication between the first and second nodes during a communication session using a symmetric key related to the session secret.
  - 12. The method of claim 1, wherein the security controller uses pre-shared secrets respectively associated with the nodes to authenticate the nodes.
  - 13. The method of claim 1, further comprising:
    - selecting a backup security controller to be used when the security controller is unavailable or untrustworthy.

14. A method for key management in a communications network, comprising:
- using a public key authentication scheme to individually authenticate a plurality of nodes and facilitate establishment of a different node-to-security-controller (NSC) key for each node;
  
  receiving a communication request from a first of the plurality of nodes, where the communication request specifies at least a second node with which the first node desires to communicate; and
  
  generating a session secret to enable secure communication between the first and second nodes.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The method of claim 14, where a security controller generates the session secret, further comprising:
    - encryptedly transmitting from the third node the session secret to the first and second nodes, respectively, using the NSC keys associated with the first and second nodes, respectively.
  - 16. The method of claim 14, where the session secret is generated by one of the nodes and is transmitted to the security controller with an NSC key of the one node.
  - 17. The method of claim 14, further comprising:
    - carrying out symmetrically encrypted communication between the first and second nodes during a communication session using a symmetric key related to the session secret.
  - 18. The method of claim 17, further comprising:
    - intermittently updating the session secret or symmetric key during the communication session.
  - 19. The method of claim 18, where intermittently updating the session secret comprises using a node-to-security-controller update (NSCU) key associated with a node, where the NSCU key is reserved for updating the NSC key.
  - 20. The method of claim 18, where intermittently updating the session secret comprises repeating the public key authentication scheme to negotiate an updated session secret.
  - 21. The method of claim 14, where the public key authentication scheme comprises a Diffie-Hellman public key authentication scheme.
  - 22. The method of claim 14, where the public key authentication scheme comprises:
    - verifying whether the first node successfully provides information related to a pre-shared secret, where the pre-shared secret is pre-shared between the first node and the security controller.
  - 23. The method of claim 14, where the session secret comprises an in-network secret that is used for secure communication between at least three of the plurality of nodes.

24. A security controller that is adapted to use a public key authentication scheme to authenticate a plurality of nodes and establish a different node-to-security-controller (NSC) key for each node.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The security controller of claim 24, where the security controller is adapted to process a session secret that is to be used for secure communication between at least three of the plurality of nodes.
  - 26. The security controller of claim 24, where the security controller is further adapted to receive a communication request from a first of the plurality of nodes, where the communication request specifies at least a second node with which the first node desires to communicate in a communication session.
  - 27. The security controller of claim 24, where the security controller is adapted to generate a session secret in response to the communication request.
  - 28. The security controller of claim 27, where the security controller is further adapted to provide the session secret to the first and second nodes by encryptedly transmitting the session secret using the NSC keys respectively associated with the first and second nodes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Maxlinear Incorporated
Original Assignee
Infineon Technologies North America Corporation (Infineon Technologies AG)
Inventors
Oksman, Vladimir, King, Neal, Bry, Charles

Granted Patent

US 8,422,687 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/30
CPC Class Codes

H04L 9/083   involving central third par...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/321   involving a third party or ...

KEY MANAGEMENT FOR COMMUNICATION NETWORKS

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

28 Claims

Specification

Use Cases

Quick Links

Others

KEY MANAGEMENT FOR COMMUNICATION NETWORKS

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

28 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others