Method and apparatus for providing security in wireless communication networks
First Claim
1. A method comprising:
- receiving at a first wireless routing node a digital signature from a trust authority, wherein the digital signature is generated using a Medium Access Control (MAC) address/public key pair, and wherein the digital signature is received from the trust authority via an isolated connection prior to the first wireless routing node joining a wireless network;
verifying at the first wireless routing node whether a digital certificate provided by a second wireless routing node in the wireless network is signed using the digital signature associated with the trust authority;
based upon the verification, exchanging encryption keys with the second wireless routing node, the exchanged encryption keys including a first encryption key;
receiving first data at the first wireless routing node from the second wireless routing node, wherein the first data is encrypted and is associated with an industrial control and automation system;
decrypting the received first data using the first encryption key to produce first decrypted data, the first encryption key uniquely associated with communications between the first and second wireless routing nodes;
encrypting the first decrypted data using a second encryption key to produce first encrypted data, the second encryption key uniquely associated with communications between the first wireless routing node and a third wireless routing node in the wireless network, the second encryption key being exchanged after the third wireless routing node has been verified by the first wireless routing node using the digital signature of the trust authority; and
communicating the first encrypted data to the third wireless routing node.
1 Assignment
0 Petitions
Accused Products
Abstract
A method includes receiving data at a first wireless node in a wireless network, where the data is associated with an industrial control and automation system. The method also includes decrypting the received data using a first encryption key to produce decrypted data and encrypting the decrypted data using a second encryption key to produce encrypted data. The method further includes communicating the encrypted data to at least a second wireless node in the wireless network. Another method includes generating first data at a first wireless node in a wireless network, where the data is associated with an industrial control and automation system. The other method also includes encrypting the first data using an encryption key and transmitting the first data to multiple second wireless nodes in the wireless network, where the second wireless nodes are capable of using the same encryption key to decrypt the first data.
99 Citations
21 Claims
-
1. A method comprising:
-
receiving at a first wireless routing node a digital signature from a trust authority, wherein the digital signature is generated using a Medium Access Control (MAC) address/public key pair, and wherein the digital signature is received from the trust authority via an isolated connection prior to the first wireless routing node joining a wireless network; verifying at the first wireless routing node whether a digital certificate provided by a second wireless routing node in the wireless network is signed using the digital signature associated with the trust authority; based upon the verification, exchanging encryption keys with the second wireless routing node, the exchanged encryption keys including a first encryption key; receiving first data at the first wireless routing node from the second wireless routing node, wherein the first data is encrypted and is associated with an industrial control and automation system; decrypting the received first data using the first encryption key to produce first decrypted data, the first encryption key uniquely associated with communications between the first and second wireless routing nodes; encrypting the first decrypted data using a second encryption key to produce first encrypted data, the second encryption key uniquely associated with communications between the first wireless routing node and a third wireless routing node in the wireless network, the second encryption key being exchanged after the third wireless routing node has been verified by the first wireless routing node using the digital signature of the trust authority; and communicating the first encrypted data to the third wireless routing node. - View Dependent Claims (2, 3, 4, 5, 19, 20, 21)
-
-
6. A wireless routing node comprising:
-
at least one transceiver configured to communicate over a wireless network; and at least one controller configured to; receive a digital signature of a trust authority via an isolated connection prior to joining the wireless network, wherein the digital signature is associated with a Medium Access Control (MAC) address/public key pair; verify whether a digital certificate provided by a second wireless routing node in the wireless network is signed using the digital signature associated with the trust authority; exchange encryption keys with the second wireless routing node based upon the verification, the exchanged encryption keys including a first encryption key; receive first data from the second wireless routing node, wherein the first data is encrypted and is associated with an industrial control and automation system; decrypt the first data using the first encryption key to produce first decrypted data, the first encryption key uniquely associated with communications between the wireless routing node and the second wireless routing node; receive a second encryption key from a third wireless routing node in the wireless network after verifying the third wireless routing node using the digital signature of the trust authority; encrypt the first decrypted data using the second encryption key to produce first encrypted data, the second encryption key uniquely associated with communications between the wireless routing node and the third wireless routing node; and provide the first encrypted data to the at least one transceiver for communication to the third wireless routing node. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method comprising:
-
receiving at a first wireless node a digital signature from a trust authority, wherein the digital signature is received prior to the first wireless node joining a wireless network via an isolated connection, and wherein the first wireless node is a leaf node; verifying the first encryption key by the first wireless node using the digital signature of the trust authority; generating first data at the first wireless node, the data associated with an industrial control and automation system; encrypting the first data using a first encryption key; and transmitting the first data to multiple second wireless nodes in the wireless network, wherein the second wireless nodes are infrastructure nodes and are capable of using the same first encryption key to decrypt the first data. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
Specification