Deterministic key pre-distribution and operational key management for moblie body sensor networks

US 7,999,685 B2
Filed: 05/31/2006
Issued: 08/16/2011
Est. Priority Date: 06/08/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A wireless system for monitoring a patient, the wireless network comprising:

a body sensor network that includes one or more wireless sensors operatively connected to the patient that collect and transfer information related to the patient'"'"'s health to the wireless network;

a set-up server that configures the one or more wireless sensors with keying materials before the one or more sensors are deployed to the wireless network, the set-up server randomly generating set ℑ

of t×

(n²+n+1) λ

-degree bivariate polynomials {_jⁱ(x,y)}_{j=1 . . . n}₂_+n+1^{i=1 . . . i}over Fq′ and

for j=1 . . . n²+n+1, the set-up server sequentially picking t of the polynomials from ℑ

, and forming n²+n+1 t-polynomials-sets F_j(x,y), where λ

is a number of nodes in the wireless network and is an integer greater than one, n is a prime power, t is an integer greater than or equal to one, and Fq′

is a finite field where q′

is a prime number large enough to accommodate a cryptographic key;

a base station that distributes a key certificate to the one or more sensors associated with the body sensor network, such that two sensors generate a unique pairwise key based at least in part upon the pre-distributed keying material and the key certificate distributed by the base station.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A wireless network (2, 150) for monitoring a patient includes a body sensor network (22, 24, 26, 172, 174, 176) that includes one or more wireless sensors (6, 8, 10, 12, 14, 16, 18, 20, 156, 158, 160, 162, 164, 166, 168, 170) operatively connected to the patient that collect and transfer information related to the patient'"'"'s health to the wireless network (2, 150). A set-up server (4, 154) configures the one or more wireless sensors (6, 8, 10, 12, 14, 16, 18, 20, 156, 158, 160, 162, 164, 166, 168, 170) with keying material before the one or more sensors (6, 8, 10, 12, 14, 16, 18, 20, 156, 158, 160, 162, 164, 166, 168, 170) are deployed to the wireless network (2, 150). A base station (178, 180) distributes a key certificate to the one or more sensors (6, 8, 10, 12, 14, 16, 18, 20, 156, 158, 160, 162, 164, 166, 168, 170) associated with the body sensor network (22, 24, 26, 172, 174, 176), such that two sensors generate a unique pairwise key based at least in part upon the pre-distributed keying material and the key certificate distributed by the base station (178, 180).

20 Citations

View as Search Results

22 Claims

1. A wireless system for monitoring a patient, the wireless network comprising:
- a body sensor network that includes one or more wireless sensors operatively connected to the patient that collect and transfer information related to the patient'"'"'s health to the wireless network;
  
  a set-up server that configures the one or more wireless sensors with keying materials before the one or more sensors are deployed to the wireless network, the set-up server randomly generating set ℑ
  
  of t×
  
  (n²+n+1) λ
  
  -degree bivariate polynomials {_jⁱ(x,y)}_{j=1 . . . n}₂_+n+1^{i=1 . . . i}over Fq′ and
  
  for j=1 . . . n²+n+1, the set-up server sequentially picking t of the polynomials from ℑ
  
  , and forming n²+n+1 t-polynomials-sets F_j(x,y), where λ
  
  is a number of nodes in the wireless network and is an integer greater than one, n is a prime power, t is an integer greater than or equal to one, and Fq′
  
  is a finite field where q′
  
  is a prime number large enough to accommodate a cryptographic key;
  
  a base station that distributes a key certificate to the one or more sensors associated with the body sensor network, such that two sensors generate a unique pairwise key based at least in part upon the pre-distributed keying material and the key certificate distributed by the base station.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12)
- - 2. The system according to claim 1,wherein the set-up server generates a finite projective plane, (n²+n+1,n+1,1), with elements belonging to a set S, where |S|=n²+n+1 and the set S is associated such that each element in S is associated with a distinct one of the t-polynomial-set F_j(x,y), where n is a prime power.
  - 3. The system according to claim 2, wherein each sensor node receives from the set-up server n+1 t-polynomial-set shares F_b_i,j(p_u,j,y), where p_u,jε
    - Fq′
      
      , b_i,jε
      
      B_iε
      
      finite projective plane, and j . . . n+1, wherein n is a prime power.
  - 4. The system according to claim 3, wherein a first block B₁of finite projective plane has elements elements {b_1,1, . . . b_1,n+1}, and the sensor node (u_a) receives t-polynomials-set shares F_b_1,1(p_a,y) to F_b_1,n+1(p_a,y) evaluated at point p_aof Fq′
    - , wherein a is between 1 and N′
      
      /(n+1), where N is the size of a group of interoperable nodes, which is potentially found in different wireless networks, and is an integer greater than or equal to one, and n is a prime power.
  - 5. The system according to claim 4, wherein a second block B₂of finite projective plane has elements {b_2,1, . . . b_2,n+1}, and b_1,1=b_2,1, and sensor node u_1+N′
    - /(n+1) receives t-polynomials-set shares F_b_1,1(p_{1+N′
      
      /(n+1)},y) evaluated at point p_{1+N′
      
      /(n+1)}, and t-polynomials-set shares F_b_2,2(p₁,y) to F_b_2,n+1(p₁,y) evaluated at point p₁, where N is the size of a group of interoperable nodes, which is potentially found in different wireless networks, and is an integer greater than or equal to one, and n is a prime power.
  - 6. The system according to claim 5, wherein the sensor nodes exchange their IDs, which IDs each contain the indices of the n+1 t-polynomial-set shares carried by the ID and the points p_u₁. . . p_u_n+1, p_v₁. . . p_v_n+1, as which the respective n+1 t-polynomial-set shares are evaluated, where n is an integer greater than or equal to one.
  - 7. The system according to claim 6, wherein each sensor node finds an index k corresponding to the common t-polynomial-set F_k(x,y) and the respective evaluation points p_uand p_v.
  - 8. The system according to claim 7, wherein node u evaluates the t λ
    - -degree bivariate polynomials f_kⁱ(p_u,y), for i=1 . . . t, at point p_v(i.e. f_jⁱ(p_u,p_v)) to obtain t partial keys and truncates the t partial keys to logq′
      
      bits and concatenates the t key segments to form a final pairwise key K_uvof logq bits, where t is a positive integer.
  - 9. The system according to claim 1, wherein distributing key certificates includes:
    - initializing one or more of the wireless sensors;
      
      distributing a pairwise key to the base station and the one or more of the wireless sensors;
      
      generating a chain of key elements;
      
      distributing the initial element of the key chain to the one or more of the wireless sensors;
      
      issuing a valid key certificate and validating keys for a time period, contacting the security server during the time period;
      
      contacting a body sensor network during the time period;
      
      authentication and establishing secure communication with each of the one or more of the wireless sensors;
      
      distributing a key certificate to each authenticated sensor node; and
      
      establishing a pairwise key between one or more of the wireless sensors.
  - 10. The system according to claim 1, wherein the setup server initializes one or more of the wireless sensors with a unique identifier and security material, randomly chooses and distributes a pairwise key for the base station and the one or more of the wireless sensors and the base station issues a key certificate to a non-compromised node, which validates its pre-distributed keys for a limited period of time.
  - 12. The system according to claim 1, wherein the one or more wireless sensors are initialized with a unique identifier and security material, randomly chooses and distributes a pairwise key to the one or more wireless sensors and further including:
    - a security server which generates a secret S, generates M shares S₁, S₂, . . . , S_Mfrom the secret S following a threshold scheme, and securely distributes the secret S to the base station and one or more other base stations in the network, where M is a positive integer.

11. A wireless network for monitoring a patient, the wireless network comprising:
- a body sensor network that includes one or more wireless sensors operatively connected to the patient that collect and transfer information related to the patient'"'"'s health to the wireless network;
  
  a set-up server that configures the one or more wireless sensors with keying materials before the one or more sensors are deployed to the wireless network and a base station that distributes a key certificate to the one or more sensors associated with the body sensor network, such that two sensors generate a unique pairwise key based at least in part upon the pre-distributed keying material and the key certificate distributed by the base station, the base station issuing a key certificate to a non-compromised node, which validates its pre-distributed keys for a limited period of time;
  
  wherein during a time interval I_l−
  
  1the base station sporadically mutually interconnects with one or more other base stations and agree on a key certificate corresponding to time interval I_l+1, where l is a positive integer, where after the time interval I_l, each base station forgets the key certificate and a key is established between the one or more of the wireless sensors.

13. A wireless network for monitoring a patient, the wireless network comprising:
- a body sensor network that includes one or more wireless sensors operatively connected to the patient that collect and transfer information related to the patient'"'"'s health to the wireless network;
  
  a set-up server that configures the one or more wireless sensors with keying materials before the one or more sensors are deployed to the wireless network;
  
  a base station that distributes a key certificate to the one or more sensors associated with the body sensor network, such that two sensors generate a unique pairwise key based at least in part upon the pre-distributed keying material and the key certificate distributed by the base station;
  
  a secret S, generates M shares S₁, S₂, . . . , S_Mfrom the secret S following a threshold scheme, and securely distributes the secret S to the base station and one or more other base stations in the network, where M is a positive integer; and
  
  wherein during a time interval I_l−
  
  1, the one or more base stations sporadically securely interconnect forming small non-interconnected groups G_g, G₁, G₂. . . g<
  
  Mi, wherein each base station connects to at least one group G_g, where g and l are positive integers and each group member independently computes the key certificate for interval I_l+1by calculating KC^g_l+1=F(S, N_Ggl), where N_Gglis a nonce exclusive to group G_gfor interval I_l+1and then each group member forgets S.
- View Dependent Claims (14)
- - 14. The system according to claim 13, during a time interval I_l, at least one base station:
    - sporadically and shortly contacts the body sensor network,authenticates and establishes secure communication with each non-compromised wireless sensor forming part of the body sensor network using at least one key, anddistributes the key certificate KC_l+1for time interval I_l+1to each authenticated sensor node and establishes a key between the one or more wireless sensors.

15. A wireless network comprising:
- a network that includes a plurality of wireless nodes;
  
  a set-up server that configures each of the wireless nodes with a plurality of polynomials before the one or more nodes are deployed to the wireless network such that the nodes are configured with different combinations of the polynomials, and such that each pair of the nodes is configured with a common one of the polynomials; and
  
  a base station that distributes a key certificate to the one or more nodes associated with the network, such that each pair of the nodes generates a unique pairwise key based at least in part upon the common polynomial of the pair and the key certificate distributed by the base station.

16. A method to identify a first sensor in a mobile sensor system, comprising:
- developing a finite projective plane (n²+n+1,n+1,1) from a set of n−
  
  1 mutually orthogonal Latin squares of order n, where n is a prime power;
  
  discovering a common t-polynomial-set share from the finite projective plane; and
  
  deriving a t-polynomial-set share evaluation point by a second sensor from the first sensor'"'"'s identifier.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The method according to claim 16, wherein for n entries in cells of an orthogonal mate L^e^m=|l_ij^e^m| of the mutually orthogonal Latin squares, for each element e_m, m=1, 2, . . . , n sequentially calculating elements l_ij^e^mof the orthogonal matrix.
  - 18. The method according to claim 16, wherein the finite projective planes is constructed by constructing a matrix M by placing n²integers 1 through n²in their natural order from a first to an n-th of its rows, where n is a prime power.
  - 19. The method according to claim 16, further including:
    - deriving a point p_v, at which node u evaluates its share F_k(p_u,y) of the t-polynomial-set share to generate a key K_uv;
      
      constructing the finite projective plane from the mutually orthogonal Latin square, such that the finite projective plane'"'"'s first n²elements occur once in each group of n subsequent blocks B_1+t, B_2+t, . . . B_n+t, t=0, n, 2n, 3n . . . n×
      
      n ; and
      
      deriving an occurrence counter s_kfrom a block index i, 1≦
      
      i≦
      
      n²+n, and a t-polynomial-set index k, k≦
      
      n², where k is a positive integer and n is a prime power.
  - 20. The method according to claim 17, wherein indices of the t-polynomial-set shares F_b_i,1(u,y), F_b_i,2(u,y) . . . F_b_i,n+1(u,y), which a sensor u carries, are a one-to-one mapping to the elements {b_i,1, b_i,2, . . . b_i,n+1} of a B_iε
    - FPP, where 1≦
      
      i≦
      
      n²+n+1, and where n is a prime power.
  - 21. The method according to claim 18, wherein an Affine Plane AG^(2,n)of order n is generated from the mutually orthogonal Latin squares in which (i) a first of n blocks B_iare the rows of the matrix M, (ii) a second n blocks are columns of the matrix M, and (iii) a remaining n²−
    - n blocks are formed by sequentially superimposing each of the matrices L^e^mon M, and taking the elements of the matrix M which correspond to a single element l^e^min each of the matrices L^e^mas the blocks, where n is a prime power.

22. A method to maximize scalability, resiliency and performance of a wireless system comprising:
- evaluating t-polynomial-set shares associated with nodes in the wireless system;
  
  distributing t-polynomial-set shares to the evaluated nodes in the wireless system; and
  
  pre-distributing a security key via a set-up server to a first node and a second node that are uncompromised and communicate on the wireless system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Koninklijke Philips Electronics N.V. (Koninklijke Philips N.V.)
Original Assignee
Koninklijke Philips Electronics N.V. (Koninklijke Philips N.V.)
Inventors
Sanchez, David S., Baldus, Heribert
Primary Examiner(s)
Bugg; George
Assistant Examiner(s)
WANG, JACK K

Application Number

US11/916,764
Publication Number

US 20090167535A1
Time in Patent Office

1,903 Days
Field of Search

340/573.1, 340/573.4, 715/230, 713/168, 128/903
US Class Current

340/573.1
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2209/88   Medical equipments

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0833   involving conference or gro...

H04L 9/085   Secret sharing or secret sp...

Y04S 40/20   Information technology spec...

Deterministic key pre-distribution and operational key management for moblie body sensor networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Deterministic key pre-distribution and operational key management for moblie body sensor networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links