Method and system for network security capable of doing stronger encryption with authorized devices
First Claim
1. A system for network security comprising:
- a first network device having a first encryption key, the first encryption key including a first base key and a key extension in addition to the first base key, the key extension being based on a hash function of an internal key and a network device identifier;
a second network device having the first encryption key and a second encryption key, the second encryption key including a second base key, wherein the second network device is capable of communicating with the first network device using security determined by the first encryption key; and
a third network device having the second encryption key, wherein the third network device is capable of communicating with the second network device using security determined by the second encryption key;
wherein the first encryption key is used to encrypt and decrypt communications between the first and second network devices, and the second encryption key is used to encrypt and decrypt communications between the second and third network devices; and
wherein the security determined by the first encryption key is stronger than the security determined by the second encryption key.
5 Assignments
0 Petitions
Accused Products
Abstract
A method and system for network security includes a first network device having a first set of key material with a base key and a key extension, and a second network device also having the first set of key material and a second set of key material with a second base key. The second network device is capable of communicating with the first network device using security determined by the first set of key material. The method and system for network security may further include a third network device having the second set of key material. The third network device is capable of communicating with the second network device using security determined by the second set of key material. For the present method and system, security determined by the first set of key material is stronger than security determined by the second set of key material.
114 Citations
32 Claims
-
1. A system for network security comprising:
-
a first network device having a first encryption key, the first encryption key including a first base key and a key extension in addition to the first base key, the key extension being based on a hash function of an internal key and a network device identifier; a second network device having the first encryption key and a second encryption key, the second encryption key including a second base key, wherein the second network device is capable of communicating with the first network device using security determined by the first encryption key; and a third network device having the second encryption key, wherein the third network device is capable of communicating with the second network device using security determined by the second encryption key; wherein the first encryption key is used to encrypt and decrypt communications between the first and second network devices, and the second encryption key is used to encrypt and decrypt communications between the second and third network devices; and wherein the security determined by the first encryption key is stronger than the security determined by the second encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for network security comprising:
-
a first network device having a first encryption key, the first encryption key including a first base key and a first key extension in addition to the first base key, and a second encryption key, the second encryption key including a second base key and a second key extension in addition to the second base key, each of the first and second key extensions being based on a hash function of an internal key and a network device identifier; a second network device having the first encryption key and a third encryption key, the third encryption key including a third base key, wherein the second network device is capable of communicating with the first network device using security determined by the first encryption key; and a third network device having the second encryption key and the third encryption key, the third network device being capable of communicating with the first network device using security determined by the second encryption key, and the third network device also being capable of communicating with the second network device using security determined by the third encryption key; wherein the first encryption key is used to encrypt and decrypt communications between the first and second network devices, the second encryption key is used to encrypt and decrypt communications between the first and third network devices, and the third encryption key is used to encrypt and decrypt communications between the second and third network devices; wherein the security determined by the first encryption key is stronger than the security determined by the third encryption key; and wherein the security determined by the second encryption key is stronger than the security determined by the third encryption key. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for network security comprising the steps of:
-
providing a first network device, a second network device, and a third network device; establishing a first secure communication between the first and second network devices based on a first encryption key, the first encryption key having a base key and a key extension in addition to the base key; establishing a second secure communication between the second and third network devices based on a second encryption key; basing each of the base key and the second encryption key on at least a pre-shared key and a computed private key; basing the key extension on a hash function of an internal key and a network device identifier; and using a stronger security for the first secure communication than the second secure communication; wherein using the stronger security for the first secure communication than the second secure communication comprises using security determined by the first encryption key for the first secure communication, the first encryption key being used to encrypt and decrypt communications between the first and second network devices, and using security determined by the second encryption key for the second secure communication, the second key being used to encrypt and decrypt communications between the second and third network devices; and wherein the security determined by the first encryption key is stronger than the security determined by the second encryption key. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A method for network security comprising the steps of:
-
providing a first network device, a second network device, and a third network device; negotiating a first secure communication between the first and second network devices based on a first authentication key, the first authentication key having a base key and a key extension in addition to the base key; deriving a first encryption key from the negotiation of the first secure communication; negotiating a second secure communication between the second and third network devices based on a second authentication key; deriving a second encryption key from the negotiation of the second secure communication; basing each of the base key and the second authentication key on at least a pre-shared key and a computed private key; basing the key extension on a hash function of an internal key and a network device identifier; and using a stronger security for the first secure communication than the second secure communication; wherein using the stronger security for the first secure communication than the second secure communication comprises using security determined by the first encryption key for the first secure communication, the first encryption key being used to encrypt and decrypt communications between the first and second network devices, and using security determined by the second encryption key for the second secure communication, the second encryption key being used to encrypt and decrypt communications between the second and third network devices; and wherein the security determined by the first encryption key is stronger than the security determined by the second encryption key. - View Dependent Claims (23, 24, 25, 26)
-
-
27. A system for network security comprising:
-
a first network device having a first authentication key, the first authentication key including a first base key and a key extension in addition to the first base key, the key extension being based on a hash function of an internal key and a network device identifier; a second network device having the first authentication key and a second authentication key, the second authentication key including a second base key, wherein the first and second devices are capable of using the first authentication key to negotiate a first encryption key so as to communicate using security determined by the first encryption key; and a third network device having the second authentication key, wherein the second and third network devices are capable of using the second authentication key to negotiate a second encryption key so as to communicate using security determined by the second encryption key; wherein the first encryption key is used to encrypt and decrypt communications between the first and second network devices, and the second encryption key is used to encrypt and decrypt communications between the second and third network devices; and wherein the security determined by the first encryption key is stronger than the security determined by the second encryption key. - View Dependent Claims (28, 29)
-
-
30. A system for network security comprising:
-
a first network device having a first authentication key, the first authentication key including a first base key and a first key extension in addition to the first base key, and a second authentication key, the second authentication key including a second base key and a second key extension in addition to the second base key, each of the first and second key extensions being based on a hash function of an internal key and a network device identifier; a second network device having the first authentication key and a third authentication key, the third authentication key including a third base key, wherein the first and second network devices are capable of using the first authentication key to negotiate a first encryption key so as to communicate using security determined by the first encryption key; and a third network device having the second authentication key and the third authentication key, the first and third network devices being capable of using the second authentication key to negotiate a second encryption key so as to communicate using security determined by the second encryption key, and the second and third network devices being capable of using the third authentication key to negotiate a third encryption key so as to communicate using security determined by the third encryption key; wherein the first encryption key is used to encrypt and decrypt communications between the first and second network devices, the second encryption key is used to encrypt and decrypt communications between the first and third network devices, and the third encryption key is used to encrypt and decrypt communication between the second and third network devices, and wherein the security determined by the first encryption key is stronger than the security determined by the third encryption key; and wherein the security determined by the second encryption key is stronger than security determined by the third encryption key. - View Dependent Claims (31, 32)
-
Specification