WIRELESS SENSOR NETWORK KEY DISTRIBUTION

US 20100082988A1
Filed: 03/28/2008
Published: 04/01/2010
Est. Priority Date: 04/05/2007
Status: Active Grant

First Claim

Patent Images

1. A system for distributing keying material to nodes in a wireless sensor network (WSN), including:

a key management box (KMB) that stores keying material for at least one sensor node in the WSN; and

a security module, in the KMB, that encrypts keying material for transmission to the at least one sensor node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When installing and maintaining a wireless sensor network in a medical or factory environment, distribution of keying material to sensor nodes (18) is performed by a key material box (KMB) (12), such as a smartcard or the like. The KMB (12) has a random seed stored to it during manufacture, and upon activation performs an authentication protocol with a sensor node (18) to be updated or installed. The KMB (12) receives node identification information, which is used in conjunction with the random seed to generate keying material for the node (18). The KMB (12) then encrypts the keying material for transmission to the node (18), and transmits over a wired or wireless communication link in a secure manner. The node (18) sends an acknowledgement message back the KMB (12), which then updates the nodes status in look-up tables stored in the KMB (12).

50 Citations

View as Search Results

22 Claims

1. A system for distributing keying material to nodes in a wireless sensor network (WSN), including:
- a key management box (KMB) that stores keying material for at least one sensor node in the WSN; and
  
  a security module, in the KMB, that encrypts keying material for transmission to the at least one sensor node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system according to claim 1, wherein the KMB is a smartcard.
  - 3. The system according to claim 1, wherein the KMB generates keying material for the at least one sensor node when the at least one sensor node is added to the WSN.
  - 4. The system according to claim 1, wherein the KMB stores status information that describes a state of the keying material of the at least one sensor node.
  - 5. The system according to claim 1, wherein the KMB and the at least one sensor node execute an authentication procedure using a secret key when the at least one sensor node needs a keying material update.
  - 6. The system according to claim 5, wherein the KMB generates new keying material for the at least one sensor node upon successful authentication of the at least one sensor node.
  - 7. The system according to claim 1, wherein the security module encrypts the new keying material, and the KMB transmits the encrypted keying material to the at least one sensor node.
  - 8. The system according to claim 1, wherein the KMB further includes a PIN-protected memory that stores at least one of secret key information, keying material, and status information, associated with the at least one sensor node.
  - 9. The system according to claim 1, wherein the KMB includes:
    - a routine or means for executing an authentication procedure between the KMB and the at least one sensor node;
      
      a routine or means for receiving node ID information from the at least one sensor node;
      
      a routine or means for calculating new keying material for the at least one sensor node;
      
      a routine or means for sending the new keying material to the at least one sensor node; and
      
      a routine or means for receiving an acknowledgement of receipt of the new keying material from the at least one sensor node.
  - 10. A method for providing the keying material of claim 1, including:
    - storing or generating random seed information to the KMB during manufacture or activation;
      
      prompting a user to enter security domain-specific authentication information upon activation of the KMB at a workstation;
      
      executing an authentication protocol between the KMB and the at least one sensor node;
      
      receiving identification information from the at least one sensor node at the KMB;
      
      generating keying material for the at least one sensor node as a function of the random seed information and the identification information;
      
      encrypting the keying material;
      
      transmitting the encrypted keying material to the at least one sensor node; and
      
      receiving an acknowledgment of receipt from the at least one sensor node.

11. A method of generating and distributing keying material to sensor nodes in a wireless sensor network, including:
- configuring a KMB and at least one sensor node with a secret key;
  
  performing an authentication procedure between the KMB and the at least one node;
  
  receiving node ID information at the KMB;
  
  calculating keying material for the at least one sensor node as a function of the secret key and the node ID information; and
  
  transmitting the keying material to the at least one sensor node.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method according to claim 11, wherein the KMB and the at least one sensor node are configured with the secret key during manufacture or during initial installation.
  - 13. The method according to claim 11, further including storing a random seed to the KMB during manufacture or activation.
  - 14. The method according to claim 13, further including coupling the KMB and the at least one node to a workstation and executing the authentication procedure.
  - 15. The method according to claim 14, further including employing the random seed and the node ID information to generate the keying material.
  - 16. The method according to claim 15, further including encrypting, authenticating and ensuring integrity protection to the keying material, and ensuring the secure transmission of the keying material to the at least one sensor node.
  - 17. The method according to claim 16, further comprising updating a status of the at least one sensor node in look-up table stored in the KMB after receiving the acknowledgement that the at least one sensor node has received the keying material.
  - 18. A processor or computer-readable medium programmed to perform the method of claim 11.
  - 19. The method according to claim 11, further including receiving an acknowledgement from the at least one sensor node indicating that the keying material has been received

20. A keying material distribution system, including:
- means for storing or generating random seed information to a KMB;
  
  means for prompting a user to enter security domain-specific authentication information upon activation of the KMB at a workstation;
  
  means for executing an authentication routine between the KMB and at least one sensor node;
  
  means for receiving identification information from the at least one sensor node at the KMB;
  
  means for generating keying material for the at least one sensor node as a function of the random seed information and the identification information;
  
  means for encrypting and authenticating the keying material; and
  
  means for transmitting the encrypted keying material to the at least one sensor node in a secure manner.
- View Dependent Claims (21)
- - 21. The system according to claim 20, further including means for receiving, at the KMB, an acknowledgment of receipt of the keying material from the at least one sensor node.

22. A method of updating a patient monitoring sensor node in a wireless sensor network (WSN), including:
- activating a KMB;
  
  prompting a user to enter a PIN to execute an authentication procedure between the KMB and an expired sensor node;
  
  establishing a secret key between the KMB and the sensor node;
  
  employing the secret key to update keying material for the sensor node; and
  
  employing the updated sensor node to monitor vital signs of a patient, wherein the updated sensor node utilizes the updated keying material to encrypt vital sign information for wireless transmission over the WSN.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Koninklijke Philips Electronics N.V. (Koninklijke Philips N.V.)
Original Assignee
Koninklijke Philips Electronics N.V. (Koninklijke Philips N.V.)
Inventors
Garcia, Oscar, Huebner, Axel G., Baldus, Heribert

Granted Patent

US 8,705,744 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2463/062   applying encryption of the ...

H04L 63/062   for key distribution, e.g. ...

H04L 9/083   involving central third par...

H04L 9/0869   involving random numbers or...

H04L 9/0891   Revocation or update of sec...

H04W 12/041   Key generation or derivation

H04W 12/062   Pre-authentication

H04W 84/18   Self-organising networks, e...

WIRELESS SENSOR NETWORK KEY DISTRIBUTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

50 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

WIRELESS SENSOR NETWORK KEY DISTRIBUTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links