METHOD AND SYSTEM FOR DISTRIBUTING CRYPTOGRAPHIC KEYS IN A HIERARCHIZED NETWORK

US 20110261962A1
Filed: 11/13/2008
Published: 10/27/2011
Est. Priority Date: 11/13/2007
Status: Active Grant

First Claim

Patent Images

1. A method for distribution of cryptographic keys in a hierarchized network comprising at least one device responsible for a first group of devices, at least one of the devices of said first group of devices also being responsible for a second group of devices lower than said first group of devices, the method comprising the steps, at the device responsible for the higher group, of:

a. storinga set of identifiers specific to the first group,an identifier specific to the responsible device of the first group,an identifier for each device responsible for a lower group,each identifier being unique inside the hierarchized network,b. storing storage (24) of a root cryptographic key,c. supplying a root cryptographic key to each device responsible for a lower group by derivation from the root key and from the identifier of said device responsible for the lower group by a first, nonreversible cryptographic function,d. supplying at least one transport cryptographic key to each member of said first group of devices by derivation from the root key and from an identifier belonging to the set of identifiers specific to said first group by a second, nonreversible cryptographic function.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is presented for distributing cryptographic keys in a hierarchized network including at least one device in charge of a higher group of devices, wherein at least one of the devices of the group of devices is also in charge of a lower group of devices. The method includes the steps of: a) storing (20, 22) a set of identifiers particular to the higher group, of an identifier particular to the device in charge, of an identifier per device in charge of a lower group, each identifier being unique inside the hierarchized network; storing (24) a root cryptographic key; c) providing (26, 28) a root cryptographic key to each device in charge of a lower group by derivation of the root key and of the identifier of said device in charge of a lower group using a first non-reversible cryptographic function; d) providing (30, 32) at least one transport cryptographic key to each member of said higher group of devices by derivation of the root key and of an identifier belonging to the set of identifiers particular to said group using a second non-reversible cryptographic function.

Citations

10 Claims

1. A method for distribution of cryptographic keys in a hierarchized network comprising at least one device responsible for a first group of devices, at least one of the devices of said first group of devices also being responsible for a second group of devices lower than said first group of devices, the method comprising the steps, at the device responsible for the higher group, of:
- a. storinga set of identifiers specific to the first group,an identifier specific to the responsible device of the first group,an identifier for each device responsible for a lower group,each identifier being unique inside the hierarchized network,b. storing storage (24) of a root cryptographic key,c. supplying a root cryptographic key to each device responsible for a lower group by derivation from the root key and from the identifier of said device responsible for the lower group by a first, nonreversible cryptographic function,d. supplying at least one transport cryptographic key to each member of said first group of devices by derivation from the root key and from an identifier belonging to the set of identifiers specific to said first group by a second, nonreversible cryptographic function.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as claimed in claim 1, wherein the communications between the devices of one and the same group are encrypted with the transport cryptographic key, each communication being accompanied by a reference to the identifier that has been used to generate said transport cryptographic key.
  - 3. The method as claimed in claim 2, wherein each identifier of the set of identifiers of a group is referenced by a unique index number in the hierarchized network, this index number being used as a reference of the identifier in the communications.
  - 4. The method as claimed in claim 1, wherein the sets of identifiers of the groups and the identifiers of responsible devices are stored in a central device outside the hierarchized network so that the knowledge of the root cryptographic key of the device responsible for the higher group allows the regeneration of all the root keys and transport keys of the hierarchized network.
  - 5. The method as claimed in claim 1, wherein the use of a new transport cryptographic key for one group from the set of transport cryptographic keys of this group is carried out according to a variable timing rate.
  - 6. A computer program product comprising instructions for applying a method as claimed in claim 1, when said instructions are executed on a computer.

7. A method for distributing cryptographic keys in a hierarchized network comprising at least one device responsible for a first group of devices, said method being applied by a device of said first group of devices also responsible for a second group of devices lower than said first group of devices, comprising the steps of:
- a. storing an identifier that is specific to the device responsible for the first group and is unique in the hierarchized system,b. storing a root cryptographic key, derived by the device responsible for the first group from a root cryptographic key of the device responsible for the first group and from the identifier specific to said device,c. storing a set of identifiers specific to the lower group,d. generating generation of a transport cryptographic key by derivation from the root cryptographic key and from one of the identifiers of the set of identifiers specific to the lower group,e. distributing the transport cryptographic key to the devices that are members of the group.
- View Dependent Claims (8)
- - 8. A computer program product comprising instructions for the application of a method as claimed in claim 7, when said instructions are executed on a computer.

9. A system for distributing cryptographic keys in a hierarchized network comprising at least one device responsible for a first group of devices, at least one of the devices of said group of devices also being responsible for a second group of devices lower than said first group of devices, comprising:
- a. means for defining, for each of the first and second groups, a set of identifiers that is specific thereto, and, for each device responsible for a group, a responsible-device identifier that is specific thereto and unique in the hierarchized network.b. means for installing a root cryptographic key in the device responsible for the first group.c. first means for supplying a root cryptographic key to each device responsible for a lower group by derivation from the root key of the device responsible for the first group and from the identifier of said device responsible for the lower group by a first, nonreversible cryptographic function.d. for each group of devices, second means for supplying at least one transport cryptographic key to each member of said group of devices by derivation from the root key of the device responsible for said group and from an identifier belonging to the set of identifiers of said group by a second, nonreversible cryptographic function.

10. A device responsible for a first group of devices in a hierarchized network, comprising:
- a. first means for storage of a root cryptographic key,b. second means for storage of an identifier that is specific to the first group of devices and is unique in the hierarchized system and of a set of identifiers specific to the first group, and of at least one identifier of a device responsible for a second group of device lower than said first group of devices, said device responsible for a lower group also belonging to said first group,c. means for generating a transport cryptographic key by derivation from the root cryptographic key and from one of the identifiers of the set of identifiers specific to the first group,d. means for distributing the transport cryptographic key to the member devices of the first group,e. means for generating a root key derived from the root cryptographic key and from the identifier of the device responsible for the lower group,f. means for distributing said derived root key to the device responsible for the lower group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cassidian Cybersecurity SAS (Airbus SE)
Original Assignee
EADS Defence and Security Systems (European Aeronautic Defence and Space Company EADS NV)
Inventors
Allouche, Stephane, Radja, Patrick, Adib, Mustapha, Chaland, Marc, Dupuis, Vincent, Serhrouchni, Ahmed

Granted Patent

US 8,509,447 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/279
CPC Class Codes

H04L 9/0836 using tree structure or hie...

METHOD AND SYSTEM FOR DISTRIBUTING CRYPTOGRAPHIC KEYS IN A HIERARCHIZED NETWORK

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR DISTRIBUTING CRYPTOGRAPHIC KEYS IN A HIERARCHIZED NETWORK

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links