Mobile-ad-hoc network including node authentication features and related methods

US 7,581,095 B2
Filed: 07/17/2002
Issued: 08/25/2009
Est. Priority Date: 07/17/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A mobile ad-hoc network (MANET) comprising:

a first cluster of MANET nodes comprising a first cluster leader node;

a second cluster of MANET nodes comprising a second cluster leader node;

a first MANET node from said first cluster for generating an authentication request, said first MANET node having a first public key and a first private key associated therewith; and

a second MANET node from said second cluster having a second public key and a second private key associated therewith;

said first MANET node receiving a certificate of authenticity via said first cluster leader node responsive to the authentication request, the certificate of authenticity being generated by said second cluster leader node and comprising the second public key, said second cluster leader node having a public authentication key and a private authentication key associated therewith and generating the certificate of authenticity using the private authentication key;

said first MANET node decrypting the certificate of authenticity using the public authentication key and verifying that the second public key belongs to said second MANET node based upon the decrypted certificate of authenticity;

said first MANET node sending challenge data to said second MANET node upon verification that the second public key belongs to said second MANET node;

said second MANET node encrypting the challenge data using the second private key and returning the encrypted challenge data back to said first MANET node;

said first MANET node decrypting the encrypted challenge data using the verified second public key and authenticating said second MANET node if the decryption of the encrypted challenge data yields the original challenge data;

said first MANET node sending a session key encrypted with the second public key to said second MANET node for use with subsequent data transfers therebetween upon authenticating said second MANET node.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile ad-hoc network may include a first node having a first public key and a first private key associated therewith for generating an authentication request. The network may also include a second node having a second public key and a second private key associated therewith for receiving the authentication request and returning a certificate of authenticity including the second public key to the first node. Upon verifying that the second public key belongs to the second node, the first node may send challenge data to the second node, and the second node may encrypt the challenge data using the second private key and return the encrypted challenge data back to the first node. The first node may thus decrypt the encrypted challenge data using the verified second public key and authenticate the second node if the decryption of the encrypted challenge data yields the original challenge data.

Citations

31 Claims

1. A mobile ad-hoc network (MANET) comprising:
- a first cluster of MANET nodes comprising a first cluster leader node;
  
  a second cluster of MANET nodes comprising a second cluster leader node;
  
  a first MANET node from said first cluster for generating an authentication request, said first MANET node having a first public key and a first private key associated therewith; and
  
  a second MANET node from said second cluster having a second public key and a second private key associated therewith;
  
  said first MANET node receiving a certificate of authenticity via said first cluster leader node responsive to the authentication request, the certificate of authenticity being generated by said second cluster leader node and comprising the second public key, said second cluster leader node having a public authentication key and a private authentication key associated therewith and generating the certificate of authenticity using the private authentication key;
  
  said first MANET node decrypting the certificate of authenticity using the public authentication key and verifying that the second public key belongs to said second MANET node based upon the decrypted certificate of authenticity;
  
  said first MANET node sending challenge data to said second MANET node upon verification that the second public key belongs to said second MANET node;
  
  said second MANET node encrypting the challenge data using the second private key and returning the encrypted challenge data back to said first MANET node;
  
  said first MANET node decrypting the encrypted challenge data using the verified second public key and authenticating said second MANET node if the decryption of the encrypted challenge data yields the original challenge data;
  
  said first MANET node sending a session key encrypted with the second public key to said second MANET node for use with subsequent data transfers therebetween upon authenticating said second MANET node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The MANET of claim 1 wherein the certificate of authenticity further comprises a node identification (ID) of the second MANET node.
  - 3. The MANET of claim 2 wherein said first MANET node verifies the second public key belongs to said second MANET node by:
    - processing the second node ID and the second public key to create a first digest; and
      
      comparing the first digest with a second digest associated with the decrypted certificate of authenticity to verify that the second public key belongs to said second MANET node.
  - 4. The MANET of claim 3 wherein said first MANET node processes the second node ID and the second public key using a hashing algorithm.
  - 5. The MANET of claim 1 wherein the session key comprises a random session key.
  - 6. The MANET of claim 1 wherein said first MANET node terminates the authentication of said second MANET node after a predetermined period.
  - 7. The MANET of claim 1 wherein the challenge data comprises randomly generated challenge data.
  - 8. The MANET of claim 1 wherein the certificate of authenticity further comprises a time of authentication by said second cluster leader node.
  - 9. The MANET of claim 1 wherein said first and second MANET nodes communicate using the dynamic source routing (DSR) protocol.
  - 10. The MANET of claim 1 wherein said first and second MANET nodes transfer message data therebetween upon authentication of said second MANET node by said first MANET node.
  - 11. The MANET of claim 1 wherein said first MANET node sends the authentication request to said second node, and wherein said second MANET node returns the certificate of authenticity to said first node responsive thereto via said first cluster leader node.

12. A mobile ad-hoc network (MANET) comprising:
- a first cluster of MANET nodes comprising a first cluster leader node;
  
  a second cluster of MANET nodes comprising a second cluster leader node;
  
  a first MANET node from said first cluster for generating an authentication request, said first MANET node having a first public key and a first private key associated therewith; and
  
  a second MANET node from said second cluster having a second public key and a second private key associated therewith, said second MANET node for receiving the authentication request and returning a certificate of authenticity to said first MANET node via said first cluster leader node generated by said second cluster leader node and comprising the second public key, the second cluster leader node having a public authentication key and a private authentication key associated therewith and generating the certificate of authenticity using the private authentication key;
  
  said first MANET node decrypting the certificate of authenticity using the public authentication key and verifying that the second public key belongs to said second MANET node based upon the decrypted certificate of authenticity;
  
  said first MANET node sending challenge data to said second MANET node upon verification that the second public key belongs to said second MANET node;
  
  said second MANET node encrypting the challenge data using the second private key and returning the encrypted challenge data back to said first MANET node;
  
  said first MANET node decrypting the encrypted challenge data using the verified second public key and authenticating said second MANET node if the decryption of the encrypted challenge data yields the original challenge data;
  
  said first MANET node sending a session key encrypted with the second public key to said second MANET node upon authenticating said second MANET node;
  
  said first and second MANET nodes also transferring message data therebetween using the session key.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The MANET of claim 12 wherein the certificate of authenticity further comprises a node identification (ID) of the second MANET node.
  - 14. The MANET of claim 13 wherein said first MANET node verifies the second public key belongs to said second MANET node by:
    - processing the second node ID and the second public key to create a first digest; and
      
      comparing the first digest with a second digest associated with the decrypted certificate of authenticity to verify that the second public key belongs to said second MANET node.
  - 15. The MANET of claim 14 wherein said first MANET node processes the second node ID and the second public key using a hashing algorithm.
  - 16. The MANET of claim 12 wherein the session key comprises a random session key.
  - 17. The MANET of claim 12 wherein said first MANET node terminates the authentication of said second MANET node after a predetermined period.
  - 18. The MANET of claim 12 wherein the challenge data comprises randomly generated challenge data.
  - 19. The MANET of claim 12 wherein the certificate of authenticity further comprises a time of authentication by said certifying authority.
  - 20. The MANET of claim 12 wherein said first and second nodes communicate using the dynamic source routing (DSR) protocol.

21. A node authentication method for a mobile ad-hoc network (MANET) comprising a plurality of MANET nodes, the method comprising:
- forming a first cluster of MANET nodes comprising a first cluster leader node;
  
  forming a second cluster of MANET nodes comprising a second cluster leader node;
  
  generating an authentication request at a first MANET node having a first public key and a first private key associated therewith to authenticate a second MANET node having a second public key and a second private key associated therewith;
  
  receiving a certificate of authenticity via the first cluster leader node responsive to the authentication request at the first MANET node, the certificate of authenticity being generated by the second cluster leader node and comprising the second public key, the second cluster leader node having a public authentication key and a private authentication key associated therewith and generating the certificate of authenticity using the private authentication key;
  
  decrypting the certificate of authenticity at the first MANET node using the public authentication key and verifying that the second public key belongs to the second MANET node based upon the decrypted certificate of authenticity;
  
  sending challenge data from the first MANET node to the second MANET node upon verification that the second public key belongs to the second MANET node;
  
  encrypting the challenge data at the second MANET node using the second private key and returning the encrypted challenge data back to the first MANET node;
  
  decrypting the encrypted challenge data at the first MANET node using the verified second public key and authenticating the second MANET node if the decryption of the encrypted challenge data yields the original challenge data; and
  
  sending a session key encrypted with the second public key from the first MANET node to the second MANET node for use with subsequent data transfers therebetween upon authenticating the second MANET node.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 22. The method of claim 21 wherein the certificate of authenticity further comprises a node identification (ID) of the second MANET node.
  - 23. The method of claim 22 wherein verifying that the second public key belongs to the second MANET node comprises:
    - processing the second node ID and the second public key to create a first digest; and
      
      comparing the first digest with a second digest associated with the decrypted certificate of authenticity to verify that the second public key belongs to the second MANET node.
  - 24. The method of claim 23 wherein processing comprises processing the second node ID and the second node public key using a hashing algorithm.
  - 25. The method of claim 21 wherein the session key comprises a random session key.
  - 26. The method of claim 21 further comprising terminating the authentication of the second MANET node after a predetermined period.
  - 27. The method of claim 21 wherein the challenge data comprises randomly generated challenge data.
  - 28. The method of claim 21 wherein the certificate of authenticity further comprises a time of authentication by the second cluster leader node.
  - 29. The method of claim 21 wherein the first and second MANET nodes communicate using the dynamic source routing (DSR) protocol.
  - 30. The method of claim 21 further comprising transferring message data between the first and second MANET nodes upon authentication of the second node by the first node.
  - 31. The method of claim 21 further comprising sending the authentication request to the second MANET node;
    - and wherein receiving the certificate of authenticity comprises receiving the certificate of authenticity from the second node via the first cluster leader node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Stingray IP Solutions LLC (Acacia Research Corporation)
Original Assignee
Harris Corporation (L3Harris Technologies, Inc.)
Inventors
Billhartz, Thomas Jay
Primary Examiner(s)
KIM, JUNG W

Application Number

US10/197,148
Publication Number

US 20040015689A1
Time in Patent Office

2,596 Days
Field of Search

380/30, 380/285, 713/156, 713/181
US Class Current

713/168
CPC Class Codes

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

Mobile-ad-hoc network including node authentication features and related methods

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile-ad-hoc network including node authentication features and related methods

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links