Secure Node Admission in a Communication Network

US 20110173435A1
Filed: 06/22/2010
Published: 07/14/2011
Est. Priority Date: 01/13/2010
Status: Active Grant

First Claim

Patent Images

1. A method for key determination in a communication network having a Network Coordinator (NC) and a plurality of associated network nodes, the method comprising:

a) a new node (NN) sending to the NC a request for a SALT;

b) the NN receiving the SALT from the NC;

c) the NN combining the SALT with its network password to calculate a static key to gain access to the network

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for node admission in a communication network having a NC and a plurality of associated network nodes. According to various embodiments of the disclosed method and apparatus, key determination in a communication network includes an NN sending to the NC a request for a SALT; the NN receiving the SALT from the NC, combining the SALT with its network password to calculate a static key, and submitting an admission request to the network coordinator to request a dynamic key. The SALT can be a random number generated by the NC, and the admission request can be encrypted by the NN using the static key.

92 Citations

View as Search Results

34 Claims

1. A method for key determination in a communication network having a Network Coordinator (NC) and a plurality of associated network nodes, the method comprising:
- a) a new node (NN) sending to the NC a request for a SALT;
  
  b) the NN receiving the SALT from the NC;
  
  c) the NN combining the SALT with its network password to calculate a static key to gain access to the network
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, further including the NN submitting a key request for at least one dynamic key, the request being encrypted by the NN using at least one static key.
  - 3. The method of claim 1, wherein the request for a SALT is in the form of discovery request.
  - 4. The method of claim 1, further comprising the NN receiving a key response including at least one dynamic key, wherein the key response is encrypted using the static key.
  - 5. The method of claim 1, further comprising the NN, after receiving the dynamic key, sending messages to other network nodes, the messages being encrypted using the dynamic key.
  - 6. The method of claim 1, wherein the SALT is the same for a plurality of nodes seeking admission to the network, the plurality of nodes having the same password and the static key remaining unchanged for an admission of the plurality of nodes.
  - 7. The method of claim 1, wherein the static key comprises an initial privacy management key.
  - 8. The method of claim 7, further comprising the NN calculating a second static key, wherein the second static key is a MAC management key.
  - 9. The method of claim 1, wherein the dynamic key comprises a dynamic privacy management key, and wherein the method further comprises the NN, after being admitted to the network, receiving updated dynamic keys from a NC, wherein the updated keys are encrypted using a then-current dynamic privacy management key.
  - 10. The method of claim 1, wherein the NN combining the SALT with its network password to calculate a static key comprises applying RFC 2898/PKCS#5 to derive the static key from the network password, the SALT, and an encoded string.
  - 11. The method of claim 10, wherein the encoded string comprises the ASCII encoded string MACManagementKey.
  - 12. The method of claim 10, wherein the encoded string comprises the ASCII encoded string PrivacyManagementKey.
  - 13. The method of claim 1, wherein the combining in operation c) comprises hashing the SALT with the network password and an encoded string to calculate the static key.
  - 14. The method of claim 1, wherein the calculated static key has a strength of 128 bits.
  - 15. The method of claim 1, further comprising the NC combining the SALT with the network password to calculate a static key to be used by the NC for communications with the NN.

16. A network node, comprising:
- a) a processor; and
  
  b) a computer readable medium having a computer executable program code embodied thereon, the executable program code configured to cause the network node to perform the operations of;
  
  i) sending to a Network Coordinator (NC) a request for a SALT;
  
  ii) receiving the SALT from the NC, wherein the SALT is a random number generated by the NC;
  
  iii) combining the SALT with its network password to calculate a static key; and
  
  iv) submitting a key request to the network coordinator requesting a dynamic key, wherein the key request is encrypted by the NN using the static key.
- View Dependent Claims (17)
- - 17. The network node of claim 16, wherein the request for a SALT is in the form of discovery request.

18. A network node, comprising:
- a) a processor; and
  
  b) computer executable program code embodied on a computer readable medium, the computer executable program code configured to cause the network node to perform the operations of;
  
  i) sending to an NC a request for a SALT;
  
  ii) receiving the SALT from the NC;
  
  iii) combining the SALT with a network password to calculate a static key;
  
  iv) submitting an admission request to the NC, wherein the admission request is encrypted using the static key;
  
  v) requesting a dynamic key, wherein the request for the dynamic key is encrypted using the static key.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 19. The network node of claim 18, wherein the request for a SALT is in the form of discovery request.
  - 20. The network node of claim 18, wherein the SALT is a random number generated by the NC.
  - 21. The network node of claim 18, wherein the executable program code is further configured to cause the network node to receive the requested dynamic key, wherein the received dynamic key is encrypted using the static key.
  - 22. The network node of claim 18, wherein the executable program code is further configured to cause the network node to, after receiving the dynamic key, send messages to other network nodes, the messages being encrypted using the dynamic key.
  - 23. The network node of claim 18, wherein the SALT is the same for a plurality of nodes seeking admission to the network, the plurality of nodes have the same password and the static key is remains unchanged for an admission of the plurality of nodes.
  - 24. The network node of claim 18, wherein the executable program code is further configured to cause the network node to calculate a second static key, wherein the static keys comprise an initial privacy management key and a MAC management key.
  - 25. The network node of claim 18, wherein the static key comprises an initial privacy management key.
  - 26. The network node of claim 18, wherein the dynamic key comprises a dynamic privacy management key, and wherein the executable program code is further configured to cause the network node to, after being admitted to the network, receive updated dynamic keys from a NC, wherein the updated keys are encrypted using a then-current privacy management key.
  - 27. The network node of claim 18, wherein the operation of the network node combining the SALT with its network password to calculate a static key comprises applying RFC 2898/PKCS#5 to derive the static key from the network password, the SALT, and an encoded string.
  - 28. The network node of claim 18, wherein the calculated static key has a strength of 128 bits.
  - 29. The network node of claim 18, wherein the encoded string comprises an ASCII encoded string “
    - MACManagementKey”
      
      .
  - 30. The network node of claim 18, wherein a second static key is generated.
  - 31. The network node of claim 30, wherein the second static key is an ASCII encoded string “
    - PrivacyManagementKey”
      
      .
  - 32. The network node of claim 18, wherein the combining in operation c) comprises hashing the SALT with the network password and an encoded string to calculate the static key.
  - 33. The network node of claim 18, wherein the executable program code is configured to cause the NC to combine the SALT with the network password to calculate a static key to be used by the NC for communications with the network node.

34. A method for generating security keys for a network comprising:
- a) handing off the functions of the network coordinator to a node capable of generating a SALT; and
  
  b) distributing the SALT to nodes within the network that are capable of using the SALT to generate a security key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entropic Communications, LLC (SoftBank Group Corp.)
Original Assignee
Entropic Communications Incorporated (Maxlinear Incorporated)
Inventors
Liu, Changwen, Lee, Ronald B.

Granted Patent

US 8,699,704 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

H04L 12/2838   Distribution of signals wit...

H04L 2012/284   characterised by the type o...

H04L 2012/2849   Audio/video appliances

H04L 2209/80   Wireless network architectu...

H04L 2463/061   applying further key deriva...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/062   for key distribution, e.g. ...

H04L 9/0861   Generation of secret inform...

H04L 9/0863   involving passwords or one-...

H04L 9/0891   Revocation or update of sec...

H04L 9/3226   using a predetermined code,...

H04L 9/3271   using challenge-response

Secure Node Admission in a Communication Network

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

92 Citations

34 Claims

Specification

Use Cases

Quick Links

Others

Secure Node Admission in a Communication Network

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

34 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others