Identity and authentication in a wireless network

US 8,069,470 B1
Filed: 04/13/2005
Issued: 11/29/2011
Est. Priority Date: 04/13/2005
Status: Active Grant

First Claim

Patent Images

1. A method for secure configuration of a sensor system comprising a sensor controller and a plurality of sensors, the method comprising:

generating, by the sensor controller, an old group key shared by the plurality of sensors, wherein the old group key incorporates a plurality of network identify information of the plurality of sensors for securely transmitting digital data within the sensor system;

sending, by the sensor controller, the old group key to each of the plurality of sensors;

receiving, at the sensor controller, a join request from a new sensor to join the plurality of sensors, wherein the join request comprises a first authentication means and a first network identity information identifying the new sensor, wherein the first network identity information comprises a hash of a public key with a predetermined binary value;

truncating the hash to a number of bits desired for use within the sensor system to generate a truncated hash;

determining, by the sensor controller, whether the first network identity information provided by the new sensor is already associated with a sensor among the plurality of sensors;

generating, by the sensor controller and in response to determining that the first network identity information is already associated with the sensor among the plurality of sensors, a second network identity information for identifying the new sensor, wherein the second network identity information comprises the truncated hash of the public key incremented by a predetermined amount;

generating, by the sensor controller and in response to generating the second network identity information for identifying the new sensor, a new group key shared by the plurality of sensors and the new sensor, wherein the new group key incorporates the plurality of network identify information of the plurality of sensors and the second network identify information of the new sensor for securely transmitting the digital data within the sensor system and replaces the old group key shared by the plurality of sensors without the new sensor; and

sending, by the sensor controller;

the second network identity information and the new group key to the new sensor, wherein the second network identity information replaces the first network identity information for the new sensor; and

the new group key to each of the plurality of sensors.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A sensor system includes a controller and sensors, the system configured to ensure unique identity for each device. Methods are provided to generate new identities for those devices having duplicate addresses, and to transmit the new identity information to those devices.

34 Citations

View as Search Results

18 Claims

1. A method for secure configuration of a sensor system comprising a sensor controller and a plurality of sensors, the method comprising:
- generating, by the sensor controller, an old group key shared by the plurality of sensors, wherein the old group key incorporates a plurality of network identify information of the plurality of sensors for securely transmitting digital data within the sensor system;
  
  sending, by the sensor controller, the old group key to each of the plurality of sensors;
  
  receiving, at the sensor controller, a join request from a new sensor to join the plurality of sensors, wherein the join request comprises a first authentication means and a first network identity information identifying the new sensor, wherein the first network identity information comprises a hash of a public key with a predetermined binary value;
  
  truncating the hash to a number of bits desired for use within the sensor system to generate a truncated hash;
  
  determining, by the sensor controller, whether the first network identity information provided by the new sensor is already associated with a sensor among the plurality of sensors;
  
  generating, by the sensor controller and in response to determining that the first network identity information is already associated with the sensor among the plurality of sensors, a second network identity information for identifying the new sensor, wherein the second network identity information comprises the truncated hash of the public key incremented by a predetermined amount;
  
  generating, by the sensor controller and in response to generating the second network identity information for identifying the new sensor, a new group key shared by the plurality of sensors and the new sensor, wherein the new group key incorporates the plurality of network identify information of the plurality of sensors and the second network identify information of the new sensor for securely transmitting the digital data within the sensor system and replaces the old group key shared by the plurality of sensors without the new sensor; and
  
  sending, by the sensor controller;
  
  the second network identity information and the new group key to the new sensor, wherein the second network identity information replaces the first network identity information for the new sensor; and
  
  the new group key to each of the plurality of sensors.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first authentication means comprises a digital signature created using a private key associated with the new sensor.
  - 3. The method of claim 1, wherein the second network identity information comprises a second authentication means comprising a message authentication code using a pairwise key, wherein the pairwise key is created using a public key associated with the new sensor and a private key associated with the sensor controller.
  - 4. The method of claim 1, wherein the first authentication means comprises a message authentication code using a pairwise key, wherein the pairwise key is created using a private key associated with the new sensor and a public key associated with the sensor controller.
  - 5. The method of claim 1, wherein the second network identity information comprises a second authentication means comprising a digital signature created using a public key associated with the new sensor.
  - 6. The method of claim 1, wherein at least a portion of the join request is encrypted using a key derived from a pairwise key created using a private key associated with the new sensor and a public key associated with the sensor controller.
  - 7. The method of claim 1, wherein the new group key is shared by the plurality of sensors and the new sensor for digitally encrypting data within the sensor system.

8. A sensor system comprising:
- a plurality of sensors; and
  
  a sensor controller accessing a memory, wirelessly coupled to the plurality of sensors, and configured to;
  
  generate an old group key shared by the plurality of sensors, wherein the old group key incorporates a plurality of network identify information of the plurality of sensors for securely transmitting digital data within the sensor system;
  
  send the old group key to each of the plurality of sensors;
  
  receive a join request from a new sensor to join the plurality of sensors, wherein the join request comprises a first authentication means and a first network identity information identifying the new sensor, wherein the first network identity information comprises a hash of a public key with a predetermined binary value;
  
  truncate the hash to a number of bits desired for use within the sensor system to generate a truncated hash;
  
  determine whether the first network identity information provided by the new sensor is already associated with a sensor among the plurality of sensors;
  
  generate, in response to determining that the first network identity information is already associated with a sensor among the plurality of sensors, a second network identity information for identifying the new sensor, wherein the second network identity information comprises the truncated hash of the public key incremented by a predetermined amount;
  
  generate, by the sensor controller and in response to generating the second network identity information for identifying the new sensor, a new group key shared by the plurality of sensors and the new sensor, wherein the new group key incorporates the plurality of network identify information of the plurality of sensors and the second network identify information of the new sensor for securely transmitting the digital data within the sensor system and replaces the old group key shared by the plurality of sensors without the new sensor; and
  
  send;
  
  the second network identity information and the new group key to the new sensor, wherein the second network identity information replaces the first network identity information for the new sensor; and
  
  the new group key to each of the plurality of sensors.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The sensor system of claim 8, wherein the first authentication means comprises a digital signature created using a private key associated with the new sensor.
  - 10. The sensor system of claim 8, wherein the second network identity information comprises a second authentication means comprising a message authentication code using a pairwise key, wherein the pairwise key is created using a public key associated with the new sensor and a private key associated with the controller.
  - 11. The sensor system of claim 8, wherein the first authentication means comprises a message authentication code using a pairwise key, wherein the pairwise key is created using a private key associated with the new sensor and a public key associated with the controller.
  - 12. The sensor system of claim 8, wherein the second network identity information comprises a second authentication means comprising a digital signature created using a public key associated with the new sensor.
  - 13. The sensor system of claim 8, wherein at least a portion of the join request is encrypted using a key derived from a pairwise key created using a private key associated with the new sensor and a public key associated with the controller.generating, by the sensor controller, an old group key shared by the plurality of sensors, wherein the old group key incorporates a plurality of network identify information of the plurality of sensors for securely transmitting digital data within the sensor system;
    - sending, by the sensor controller, the old group key to each of the plurality of sensors;
      
      receiving, at the sensor controller, a join request from a new sensor to join the plurality of sensors, wherein the join request comprises a first authentication means and a first network identity information identifying the new sensor, wherein the first network identity information comprises a hash of a public key with a predetermined binary value;
      
      truncating the hash to a number of bits desired for use within the sensor system to generate a truncated hash;
      
      determining whether the first network identity information provided by the new sensor is already associated with a sensor among the plurality of sensors;
      
      generating, in response to determining that the first network identity information is already associated with a sensor among the plurality of sensors, a second network identity information for identifying the new sensor, wherein the second network identity information comprises the truncated hash of the public key incremented by a predetermined amount;
      
      generating, by the sensor controller and in response to generating the second network identity information for identifying the new sensor, a new group key shared by the plurality of sensors and the new sensor, wherein the new group key incorporates the plurality of network identify information of the plurality of sensors and the second network identify information of the new sensor for securely transmitting the digital data within the sensor system and replaces the old group key shared by the plurality of sensors without the new sensor; and
      
      sending, by the sensor controller;
      
      the second network identity information and the new group key to the new sensor, wherein the second network identity information replaces the first network identity information for the new sensor; and
      
      the new group key to each of the plurality of sensors.

14. A non-transitory storage medium having executable code stored thereon that when executed by a computer system implements a method for secure configuration of a sensor system comprising a sensor controller and a plurality of sensors, the method comprising:
- generating, by the sensor controller, an old group key shared by the plurality of sensors, wherein the old group key incorporates a plurality of network identify information of the plurality of sensors for securely transmitting digital data within the sensor system;
  
  sending, by the sensor controller, the old group key to each of the plurality of sensors;
  
  receiving, at the sensor controller, a join request from a new sensor to join the plurality of sensors, wherein the join request comprises a first authentication means and a first network identity information identifying the new sensor, wherein the first network identity information comprises a hash of a public key with a predetermined binary value;
  
  truncating the hash to a number of bits desired for use within the sensor system to generate a truncated hash;
  
  determining whether the first network identity information provided by the new sensor is already associated with a sensor among the plurality of sensors;
  
  generating, in response to determining that the first network identity information is already associated with a sensor among the plurality of sensors, a second network identity information for identifying the new sensor, wherein the second network identity information comprises the truncated hash of the public key incremented by a predetermined amount;
  
  generating, by the sensor controller and in response to generating the second network identity information for identifying the new sensor, a new group key shared by the plurality of sensors and the new sensor, wherein the new group key incorporates the plurality of network identify information of the plurality of sensors and the second network identify information of the new sensor for securely transmitting the digital data within the sensor system and replaces the old group key shared by the plurality of sensors without the new sensor; and
  
  sending, by the sensor controller;
  
  the second network identity information and the new group key to the new sensor, wherein the second network identity information replaces the first network identity information for the new sensor; and
  
  the new group key to each of the plurality of sensors.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The storage medium of claim 14, wherein the first authentication means comprises a digital signature created using a private key associated with the new sensor.
  - 16. The storage medium of claim 14, wherein the second network identity information comprises a second authentication means comprising a message authentication code using a pairwise key, wherein the pairwise key is created using a public key associated with the new sensor and a private key associated with the sensor controller.
  - 17. The storage medium of claim 14, wherein the first authentication means comprises a message authentication code using a pairwise key, wherein the pairwise key is created using a private key associated with the new sensor and a public key associated with the sensor controller.
  - 18. The storage medium of claim 14, wherein the second network identity information comprises a second authentication means comprising a digital signature created using a public key associated with the new sensor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Oracle America, Inc. (Oracle Corporation)
Inventors
Montenegro, Gabriel E.
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Johnson; Carlton

Application Number

US11/104,828
Time in Patent Office

2,421 Days
Field of Search

None
US Class Current

726/3
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/062   for key distribution, e.g. ...

H04L 63/065   for group communications cr...

H04L 63/126   the source of the received ...

H04L 9/0833   involving conference or gro...

H04L 9/0891   Revocation or update of sec...

H04L 9/3226   using a predetermined code,...

H04L 9/3239   involving non-keyed hash fu...

H04W 12/10   Integrity

H04W 12/50   Secure pairing of devices

H04W 84/18   Self-organising networks, e...

Identity and authentication in a wireless network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Identity and authentication in a wireless network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links