Method for operating a network, a system management device, a network and a computer program therefor
First Claim
1. A method for operating a network, comprising a node and a system management device, the system management device comprising a root keying material being a set of functions each having a degree of complexity of α
- , and the node being provided with a node keying material share having a degree of complexity of α
, the node keying material share being derived from the root keying material, the method comprising, upon receipt at the system management device of a request for an external user to gain access to the node;
a) generating, by the system management device, an external user keying material share and an access identifier, the external user keying material share having a degree of complexity α and
being generated from the root keying material;
b) generating, by the system management device, an access keying material and an identifier of the node, the access keying material having a degree of complexity less than α and
being generated from the external user keying material share;
c) the system management device providing the external user with the access keying material share and the access identifier;
d) the external user deriving a key from the access keying material share, and transmitting this key and the access identifier to the node;
e) the node computing a key from the access identifier and the node keying material share; and
f) the node comparing the key transmitted by the external user and the key computed by the node, so as to authenticate the external user.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention relates to a method for operating a network comprising communicating devices representing nodes of the network. More precisely, the invention relates to a method for operating a network (1), comprising a node (D1) and a system management device (3), the system management device comprising a root keying material being a set of alpha-secure functions having a degree of complexity of, and the node being provided with a node keying material share of degree of complexity α derived from the root keying material. The method comprises the following steps, upon receipt at the system management device of a request for an external user (4) to gain access to the node (D1): the system management device generates an external user keying material share of degree of complexity α from the root keying material and an access identifier, the system management device generates an access keying material of degree of complexity less than α, from the external user keying material share and an identifier of the node, the system management device provides the external user with the access keying material share and the access identifier, the external user derives a key from the access keying material share, and transmitting this key and the access certificate to the node, the node computes a key from the access identifier and the node keying material share, and the node compares the key transmitted by the external user and the key computed by the node, so as to authenticate the external user.
-
Citations
14 Claims
-
1. A method for operating a network, comprising a node and a system management device, the system management device comprising a root keying material being a set of functions each having a degree of complexity of α
- , and the node being provided with a node keying material share having a degree of complexity of α
, the node keying material share being derived from the root keying material, the method comprising, upon receipt at the system management device of a request for an external user to gain access to the node;a) generating, by the system management device, an external user keying material share and an access identifier, the external user keying material share having a degree of complexity α and
being generated from the root keying material;b) generating, by the system management device, an access keying material and an identifier of the node, the access keying material having a degree of complexity less than α and
being generated from the external user keying material share;c) the system management device providing the external user with the access keying material share and the access identifier; d) the external user deriving a key from the access keying material share, and transmitting this key and the access identifier to the node; e) the node computing a key from the access identifier and the node keying material share; and f) the node comparing the key transmitted by the external user and the key computed by the node, so as to authenticate the external user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 13)
- , and the node being provided with a node keying material share having a degree of complexity of α
-
11. A system management device comprising a root keying material being a set of functions having a degree of complexity of α
- +1 in each variable, the system management device being included in a network also comprising a node, and the system management device comprising;
a processor configured to generate an external user keying material share and an access identifier upon receipt of a request for an external user to gain access to the node, the external user keying material share having a degree of complexity α
+1 and being generated from the root keying material, andgenerate an access keying material and an identifier of the node, the access keying material having a degree of complexity less than α
+1 and being generated from the external user keying material share; anda transmitter configured to provide the external user with the access keying material share and the access identifier. - View Dependent Claims (12)
- +1 in each variable, the system management device being included in a network also comprising a node, and the system management device comprising;
-
14. A computer tangible non-transitory medium configured to instruct a processor to perform a method, the method comprising:
-
generating an external user keying material share and an access identifier upon receipt of a request for an external user to gain access to a node, the external user keying material share having a degree of complexity α
+1 and being generated from a root keying material;generating an access keying material and an identifier of the node, the access keying material having a degree of complexity less than α
+1 and being generated from the external user keying material share; andproviding the external user with the access keying material share and the access identifier.
-
Specification