Broadcast encryption key distribution system
First Claim
1. A terminal, comprising:
- an encryption-key management list table having at least one encryption-key management list comprising a terminal identifier of a different terminal, a unicast encryption key between the terminal and the different terminal, and a broadcast encryption key assigned to the different terminal;
means for searching the encryption-key management list table for the encryption-key management list including an origination-terminal identifier corresponding to an originating terminal identifier in a received broadcast frame;
means for extracting a broadcast encryption key from the encryption-key management list that corresponds to the origination-terminal identifier; and
means for decoding a payload of the broadcast frame using the extracted broadcast encryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
Each terminal in a wireless ad-hoc communication system includes an encryption-key management list table 660. The encryption-key management list table 660 stores, in association with a terminal identifier 661 such as a MAC address, a unicast encryption key 662 for use in unicast communication with a terminal identified by the terminal identifier 661, and a broadcast encryption key 663 used when the terminal identified by the terminal identifier 661 performs broadcast communication. Therefore, a broadcast encryption key is provided for each terminal that performs broadcast communication, and the broadcast encryption keys are managed by the individual terminals in an independent and distributed manner. This allows independent and distributed management of broadcast encryption keys in a wireless ad-hoc communication system.
-
Citations
5 Claims
-
1. A terminal, comprising:
-
an encryption-key management list table having at least one encryption-key management list comprising a terminal identifier of a different terminal, a unicast encryption key between the terminal and the different terminal, and a broadcast encryption key assigned to the different terminal; means for searching the encryption-key management list table for the encryption-key management list including an origination-terminal identifier corresponding to an originating terminal identifier in a received broadcast frame; means for extracting a broadcast encryption key from the encryption-key management list that corresponds to the origination-terminal identifier; and means for decoding a payload of the broadcast frame using the extracted broadcast encryption key.
-
-
2. A terminal, comprising:
-
an encryption-key management list table having at least one encryption-key management list configured to store a unicast encryption key between the terminal and a different terminal and a broadcast encryption key assigned to the different terminal in association with a terminal identifier of the different terminal; means for searching, when a destination-terminal identifier of a received frame is a broadcast address, the encryption-key management list table for the encryption-key management list including an origination-terminal identifier of the received frame to extract the corresponding broadcast encryption key as an encryption key, and when the destination-terminal identifier of the received frame is other than the broadcast address, searching the encryption-key management list table for the encryption-key management list including the origination-terminal identifier of the received frame to extract the corresponding unicast encryption key as the encryption key; and means for decoding a payload of the received frame using the extracted encryption key.
-
-
3. A terminal, comprising:
-
a generated-key table configured to store a broadcast encryption key assigned to the terminal; an encryption-key management list table having at least one encryption-key management list configured to store a unicast encryption key between the terminal and a different terminal in association with a terminal identifier of the different terminal; means for, when a frame to be transmitted is a broadcast frame indicated by an end-terminal identifier being a broadcast address, encrypting a payload of the broadcast frame using the broadcast encryption key of the generated-key table, and when the frame to be transmitted is a unicast frame indicated by the end-terminal identifier not being the broadcast address, searching the encryption-key management list table for the encryption-key management list including a destination-terminal identifier of the unicast frame to encrypt a payload of the unicast frame using the corresponding unicast encryption key; and means for transmitting the encrypted frame.
-
-
4. A method for decoding a broadcast frame in a terminal that includes an encryption-key management list table having at least one encryption-key management list including a terminal identifier of a different terminal, a unicast encryption key assigned for communication between the terminal and the different terminal, and a broadcast encryption key assigned to the different terminal, the method comprising:
-
searching the encryption-key management list table for the encryption-key management list including an origination-terminal identifier corresponding to an originating terminal identifier in a received broadcast frame to extract a broadcast encryption key corresponding to the origination-terminal identifier; and decoding a payload of the broadcast frame using the extracted broadcast encryption key.
-
-
5. A non-transitory computer readable storage medium in which a program is stored that causes a terminal including an encryption-key management list table having at least one encryption-key management list including a terminal identifier of a transmission terminal, a unicast encryption key assigned for communication between the terminal and the transmission terminal, and a broadcast encryption key assigned to the transmission terminal to execute a method comprising:
-
searching the encryption-key management list table for the encryption-key management list including an origination-terminal identifier corresponding to an originating terminal identifier in a received broadcast frame to extract a broadcast encryption key corresponding to the origination-terminal identifier; and decoding a payload of the broadcast frame using the extracted broadcast encryption key.
-
Specification