Method and arrangement in a communication network

US 7,181,614 B1
Filed: 10/19/2000
Issued: 02/20/2007
Est. Priority Date: 10/27/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method for establishing security in an ad hoc communication network, the ad hoc communication network comprising a set of communication nodes, at least two nodes of the set of communication nodes having a mutual trust relation and comprising a trust group, the trust relations being created with public keys, and at least one additional node, the at least one additional node being a candidate node for joining the trust group within the ad hoc communication network, the nodes having authority to delegate trust to nodes of the set of communication nodes within the trust group, the method comprising the steps of:

receiving a request from the candidate node to join the trust group within said ad hoc communication network wherein said ad hoc communication network does not include a separate certificate authority;

identifying any node within the trust group having a trust relation with the candidate node, the node having the trust relation with the candidate node being an X-node; and

distributing trust relations between all members in the trust groupand the candidate node by means of the X-node distributing the public key associated with said candidate node to said all members of the trust group and wherein X-node further sending a signed message comprising a list of nodes that the X-node trusts within the ad hoc communication network and all corresponding public keys to the candidate node.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to establishing security within an ad hoc network. Such ad hoc networks do not have on-line connections to a particular server for getting desired public keys or certificates, thereby requiring them to create trust relations among their respective nodes wherein some of the nodes have a mutual trust relation to each other, thus constituting a trust group. When a particular candidate node desires to join the trust group, an X-node is identified, being a member of a trust group and having a trust relation with the candidate node. The X-node then certifies the candidate node and establishes and distributes trust relations between the members of the trust group and the candidate node.

Citations

21 Claims

1. A method for establishing security in an ad hoc communication network, the ad hoc communication network comprising a set of communication nodes, at least two nodes of the set of communication nodes having a mutual trust relation and comprising a trust group, the trust relations being created with public keys, and at least one additional node, the at least one additional node being a candidate node for joining the trust group within the ad hoc communication network, the nodes having authority to delegate trust to nodes of the set of communication nodes within the trust group, the method comprising the steps of:
- receiving a request from the candidate node to join the trust group within said ad hoc communication network wherein said ad hoc communication network does not include a separate certificate authority;
  
  identifying any node within the trust group having a trust relation with the candidate node, the node having the trust relation with the candidate node being an X-node; and
  
  distributing trust relations between all members in the trust groupand the candidate node by means of the X-node distributing the public key associated with said candidate node to said all members of the trust group and wherein X-node further sending a signed message comprising a list of nodes that the X-node trusts within the ad hoc communication network and all corresponding public keys to the candidate node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method according to claim 1, wherein the distributing step comprises the X-node signing the candidate node'"'"'s public key.
  - 3. The method according to claim 2, wherein the distributing step comprises the X-node sending a message comprising the candidate node'"'"'s signed public key to the nodes within the trust group.
  - 4. The method according to claim 1, wherein the ad hoc communication network comprises a set of nodes comprising several trust groups, each of the set of nodes being candidates for joining all trust groups within the ad hoc communication network that the set of nodes are not already a member of, the method comprising, after receiving the messages, each node of the set of nodes creating a list of candidate nodes that a given node of the set of nodes trusts and corresponding public keys.
  - 5. The method according to claim 4, further comprising deciding one node within the ad hoc communication network to act as a server node.
  - 6. The method according to claim 5, further comprising the server node receiving, from each other node within the ad hoc communication network, a message comprising a respective public key, a respective list of candidate nodes that the respective node trusts, and corresponding public keys.
  - 7. The method according to claim 6, further comprising the server node classifying the at least one candidate node as being a server-trusted node or as being a server-un-trusted node, depending on whether the server node trusts the at least one candidate node or not.
  - 8. The method according to claim 7, wherein the identifying step further comprises the server node identifying at least one Y-node required for distributing trust relations between the server node and at least one server untrusted node.
  - 9. The method according to claim 8, wherein said distributing step further comprises sending, by the server node, of a request to the identified at least one Y-node to distribute said trust relations between the server node and the server-untrusted nodes.
  - 10. The method according to claim 9, wherein said distributing step further comprises obtaining, by the server node, of said requested trust relations.
  - 11. The method according to claim 10, wherein the step of obtaining the trust relations further comprises:
    - signing, by the Y-node, of the public key of the server node for each server-untrusted node that the Y-node has a trust relation with; and
      
      forwarding, by the Y-node, of said signed public key to the server-untrusted node.
  - 12. The method according to claim 10, wherein the step of obtaining the trust relations comprises:
    - signing, by the Y-node, of the public key of the server-untrusted node for each server-untrusted node that the Y-node has a trust relation with; and
      
      forwarding, by the Y-node, of said signed public key to the server node.
  - 13. The method according to claim 10, comprising the further step of, after obtaining said trust relation, reclassifying, by the server node, the server-untrusted node with the obtained trust relation as being a server-trusted node.
  - 14. The method according to claim 10, comprising the further step of sending, by the server node, of a signed message comprising the server node'"'"'s trusted public keys belonging to trusted candidate nodes within the ad hoc communication network.

15. An ad hoc communication network comprising:
- a set of communication nodes within said ad hoc communication network wherein said communication network does not have a separate certification authority,each node of said set of communication nodes comprising a receiver and a computer, the computer comprising a processor and a memory, each node being interconnected with communication links, at least two of the nodes having a mutual trust relation and comprising a trust group, the trust relations being created with public keys,at least one additional node of the set of communication nodes being a candidate node for joining at least one trust group within the ad hoc network,the at least one candidate node having means for requesting if any of the nodes within the trust group have a trust relation with the candidate node, andany one node being authorised to and having means for distributing trust relations between the trust group and the candidate node that the node trusts by distributing the public key associated with said candidate node to said nodes of the trust group and further distributing a list of nodes that the node trusts and all corresponding public keys to the candidate node.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The ad hoc communication network according to claim 15, wherein said each node comprises means for creating a list of candidate nodes that each node trusts and corresponding public keys of each node to be stored in the memory.
  - 17. The ad hoc communication network according to claim 15, wherein one node of the set of communication nodes within the ad hoc network is operable as a server node capable of administrate distribution of trust relations.
  - 18. The ad hoc communication network according to claim 17, wherein the server node is operable to classify the at least one candidate node as being a server-trusted node or as being a server-untrusted node, depending on whether the server node trusts the at least one candidate node or not.
  - 19. The ad hoc communication network according to claim 18, wherein the server node comprises means for identifying at least one Y-node required for distributing trust relations between the server node and server-untrusted nodes.
  - 20. The ad hoc communication network according to claim 19, wherein the server node comprises means for sending to each of said at least one Y-node:
    - a request as to which of the server-untrusted nodes the Y-node has a trust relation with; and
      
      a request for distributing trust relations between the server node and the requested server-untrusted nodes.
  - 21. The ad hoc communication network according to claim 18, wherein the server node comprises means for distributing obtained trust relations to the nodes within the ad hoc communication network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Optis Wireless Technology, LLC (Brevet Capital)
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Blom, Rolf, Gehrmann, Christian
Primary Examiner(s)
Barrón, Jr.; Gilberto
Assistant Examiner(s)
HOFFMAN, BRANDON S

Application Number

US09/692,709
Time in Patent Office

2,315 Days
Field of Search

713/155
US Class Current

713/155
CPC Class Codes

H04L 63/065   for group communications cr...

H04L 63/104   Grouping of entities

H04L 9/3255   using group based signature...

H04W 12/0431   Key distribution or pre-dis...

H04W 12/082   using revocation of authori...

H04W 84/18   Self-organising networks, e...

Method and arrangement in a communication network

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and arrangement in a communication network

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links