METHOD FOR SECURE COMMUNICATION IN A NETWORK, A COMMUNICATION DEVICE, A NETWORK AND A COMPUTER PROGRAM THEREFOR

US 20110317838A1
Filed: 03/16/2010
Published: 12/29/2011
Est. Priority Date: 03/19/2009
Status: Active Grant

First Claim

Patent Images

1. A method for securing communications between a first node (N1) and a second node (N2) in a network (1) comprising a management device (2) provided with root keying materials, the method comprising:

the management device generating, based on root keying materials, a first node keying material shares comprising a number of sub-elements and the first node keying material shares being arranged for generating a first complete key,the management device selecting a subset of sub-elements of the first keying material shares, the number of sub-elements selected being less or equal than the total number of sub-elements of the first keying material shares, and the selected sub-elements forming a first node partial keying material shares or symmetric-key generation engine,the first node generating, based on the first node symmetric-key generation engine and on an identifier of the second node, a first key used for securing communications with the second node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing communications between a first node (N1) and a second node (N2) in a network (1) further comprising a management device (2) provided with root keying materials, the method comprising the following steps: the management device generating, based on root keying materials, a first node keying material shares comprising a number of sub-elements and the first node keying material shares being arranged for generating a first complete key, the management device selecting a subset of sub-elements of the first keying material shares, the number of sub-elements selected being less or equal than the total number of sub-elements of the first keying material shares, and the selected sub-elements forming a first node partial keying material shares or symmetric-key generation engine, the first node generating, based on the first node symmetric-key generation engine and on an identifier of the second node, a first key, used for securing communications with the second node.

29 Citations

View as Search Results

15 Claims

1. A method for securing communications between a first node (N1) and a second node (N2) in a network (1) comprising a management device (2) provided with root keying materials, the method comprising:
- the management device generating, based on root keying materials, a first node keying material shares comprising a number of sub-elements and the first node keying material shares being arranged for generating a first complete key,the management device selecting a subset of sub-elements of the first keying material shares, the number of sub-elements selected being less or equal than the total number of sub-elements of the first keying material shares, and the selected sub-elements forming a first node partial keying material shares or symmetric-key generation engine,the first node generating, based on the first node symmetric-key generation engine and on an identifier of the second node, a first key used for securing communications with the second node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 15)
- - 2. The method of claim 1, where-in the root keying material comprises a number of mathematical functions.
  - 3. The method of claim 2, wherein the performance and security of the symmetric-key generation engine are defined by a number of secret or public design including the number of root mathematical functions, the complexity of the mathematical functions, the mathematical structures over which the generation of the keying material shares takes place, or the parameters of the root keying material.
  - 4. The method of claim 2, wherein the mathematical function are polynomials.
  - 5. The method of claim 4, further comprising:
    - the management device generating, based on the polynomial root keying material and on an identifier of the first node, a first node keying material shares under the form of a number of polynomial shares, each polynomial share coefficient being divided into sub-elements, and the sub-elements comprising the first node keying material shares,the management device selecting a set of sub-elements of the first polynomial coefficients forming a first symmetric-key generation engine, the selected sub-elements of the first node symmetric-key generation engine corresponding to the selected sub-elements of the first node keying material share,the first node generating, based on a first node symmetric key generation engine and on an identifier of a first node, a partial key, used for securing communications with the second node,
  - 6. The method of claim 4, wherein the root keying material are polynomials over a number of finite fields chosen in such a way that:
    - the management device generates polynomials shares for a first device from the root polynomials carrying out operations over different finite fields;
      
      the management device can divide the polynomial shares into sub-elements and combine them to form a symmetric-key generation engine;
      
      the sub-elements comprising the symmetric-key generation engine are combined making harder the recovery of the root keying material;
      
      the first device can use its symmetric-key generation engine the identifier of a second device to generate a key with the second device;
      
      the operations required for key generation are out of the fields.
  - 7. The method of claim 2, wherein the complexity of the mathematical functions can be adjusted to offer a trade-off between the SKGE security and computational requirements.
  - 8. The methods of claim 4, wherein the complexity of the mathematical functions refers to the polynomial degree and/or size of the finite fields.
  - 9. The methods of claim 1, wherein the generation of keying material shares for a first device from the root mathematical functions includes operations over a single or a combination of mathematical structures such as fields, rings, vector spaces or groups.
  - 10. The method of claim 9, wherein the operations needed for the generation of a key between a first device given the symmetric-key generation engine of a first device and an identifier of a second device are over a common mathematical structure.
  - 11. The method of claim 3, wherein the step of the management device generating the first node keying material share or the second node keying material share comprises evaluating the symmetric bivariate polynomial in a point corresponding to the identifier of the first node or the identifier of the second node, respectively.
  - 15. The method of claim 1, wherein the symmetric-key generation engine is implemented in hardware or software, and allows a first device to compute a symmetric-key with a second device given the identifier of the second device.

12. A management device provided with root keying material, in a network further comprising a node, the management device comprising:
- means for generating, upon receipt of an identifier of the node, node keying material shares based on the root keying material, each keying material share being divided into sub-elements;
  
  means for selecting a subset of sub-elements of the first keying material share, the number of sub-elements selected being less or equal than the total number of sub-elements of the keying material share to form a node partial keying material share or symmetric-key generation engine adapted for generating a first key, andmeans for distributing the node symmetric-key generation engine to the node.
- View Dependent Claims (13)
- - 13. A network comprising a management device according to claim 12 and a communication device, provided with an identifier, and comprising:
    - means for transmitting its identifier to the management device,means for receiving, from the management device, a node symmetric-key generation engine,means for receiving an identifier of the another node, andmeans for generating, based on the received node symmetric-key generation engine and the received other node'"'"'s identifier, a key for communicating with the other node.

14. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Koninklijke Philips Electronics N.V. (Koninklijke Philips N.V.)
Original Assignee
Koninklijke Philips Electronics N.V. (Koninklijke Philips N.V.)
Inventors
Garcia Morchon, Oscar, Erdmann, Bozena, Kursawe, Klaus

Granted Patent

US 9,077,520 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/259
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 9/083   involving central third par...

H04L 9/085   Secret sharing or secret sp...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

METHOD FOR SECURE COMMUNICATION IN A NETWORK, A COMMUNICATION DEVICE, A NETWORK AND A COMPUTER PROGRAM THEREFOR

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR SECURE COMMUNICATION IN A NETWORK, A COMMUNICATION DEVICE, A NETWORK AND A COMPUTER PROGRAM THEREFOR

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links