AUTONOMOUS AND SEAMLESS KEY DISTRIBUTION MECHANISM
First Claim
1. A method of transmitting a session key in a satellite system comprising first and second devices, one of the first and second devices being a satellite and the other one of the first and second devices being a device arranged to send signals to the satellite and/or receive signals from the satellite, the method comprising:
- obtaining the session key at the first device;
protecting the session key at the first device, based on a private key of the first device and a public key of the second device; and
transmitting the protected session key from the first device to the second device.
1 Assignment
0 Petitions
Accused Products
Abstract
A satellite system comprises first and second devices, one of the first and second devices being a satellite and the other one of the first and second devices being a device arranged to send signals to the satellite and/or receive signals from the satellite. A session key can be distributed in the satellite system by obtaining the session key at the first device, protecting the session key at the first device, based on a private key of the first device and a public key of the second device, and transmitting the protected session key from the first device to the second device. The second device can receive the protected session key from the first device and obtain the session key from the protected session key based on a public key of the first device and a private key of the second device. Replay detection information can be transmitted with the protected session key, for determining whether the session key has been transmitted previously. The protected session key can be transmitted by inserting a predetermined number of bytes of the protected session key into each frame of a data stream, for example a telemetry (TM) data stream as defined in the Consultative Committee for Space Data Systems (CCSDS) TM protocol. Validity information can be transmitted with the protected session key, defining a period in which the session key is valid. The protected session key can be transmitted bonded to a command message, for example a telecommand (TC) as defined in the CCSDS TC protocol.
-
Citations
15 Claims
-
1. A method of transmitting a session key in a satellite system comprising first and second devices, one of the first and second devices being a satellite and the other one of the first and second devices being a device arranged to send signals to the satellite and/or receive signals from the satellite, the method comprising:
-
obtaining the session key at the first device; protecting the session key at the first device, based on a private key of the first device and a public key of the second device; and transmitting the protected session key from the first device to the second device. - View Dependent Claims (2, 3, 4, 5, 11)
-
-
6. A method of obtaining a session key in a satellite system comprising first and second devices, one of the first and second devices being a satellite and the other one of the first and second devices being a device arranged to send signals to the satellite and/or receive signals from the satellite, the method comprising:
-
receiving a protected session key from the first device, at the second device; and obtaining the session key from the received protected session key at the second device, based on a public key of the first device and a private key of the second device. - View Dependent Claims (7, 8, 9, 10)
-
-
12. A first device comprising:
-
a key obtaining module arranged to obtain a session key; a key protecting module arranged to protect the obtained session key, based on a private key of the first device and a public key of a second device to which the protected session key is to be transmitted; and a transmitter arranged to transmit the protected session key to the second device, wherein the first device and/or the second device is a satellite. - View Dependent Claims (13, 14)
-
-
15. A first device for receiving signals from a second device, the first device comprising:
-
a receiver arranged to receive a protected session key from the second device; and a key extraction module arranged to obtain the session key from the protected session key, based on a private key of the first device and a public key of the second device from which the protected session key was received, wherein the first device and/or the second device is a satellite.
-
Specification