Method and system for lightweight key distribution in a wireless network

US 8,582,777 B2
Filed: 04/30/2007
Issued: 11/12/2013
Est. Priority Date: 05/03/2006
Status: Active Grant

First Claim

Patent Images

1. A lightweight key distribution method for a backbone node of a wireless network, the method comprising:

receiving a connection request message from a new node intending to join the wireless network;

sending an identification (ID) to allocate to the new node and a certificate to verify the ID to the new node as a response to the receiving of the connection request message;

receiving a key request message from the new node, the key request message including the allocated ID and the certificate;

generating a session key as a result of the receiving of the key request message;

calculating a second intermediate value by applying a first concatenated value to a hash function, the first concatenated value being acquired by concatenating the session key and a first intermediate value that corresponds to respective partial keys included in a key pool;

generating an encryption key using the calculated second intermediate value, the generating of the encryption key comprising;

extracting a common key index from a key index of the backbone node; and

applying a second concatenated value to a hash function, the applying of the second concatenated value comprising acquiring the second concatenated value, the acquiring of the second concatenated value comprising concatenating the calculated second intermediate value corresponding to the extracted common key index;

encrypting a partial key corresponding to the common key index with the generated encryption key, the common key index including commonalities existing between the key index of the backbone node and a key index of the new node; and

sending a key part that includes the encrypted partial key and the second intermediate value to the new node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for lightweight key distribution in a wireless network comprises calculating a second intermediate value using a first intermediate value which corresponds to respective partial keys included in a key pool; generating an encryption key using the second intermediate value and encrypting a partial key corresponding to a key index in common with a new node with the encryption key; and sending a key part which contains the encrypted partial key and the second intermediate value. Therefore, if a new node joins the wireless network, the key set can be allocated to the new node using its ID while the key sets allocated to the existing nodes of the network are retained.

Citations

18 Claims

1. A lightweight key distribution method for a backbone node of a wireless network, the method comprising:
- receiving a connection request message from a new node intending to join the wireless network;
  
  sending an identification (ID) to allocate to the new node and a certificate to verify the ID to the new node as a response to the receiving of the connection request message;
  
  receiving a key request message from the new node, the key request message including the allocated ID and the certificate;
  
  generating a session key as a result of the receiving of the key request message;
  
  calculating a second intermediate value by applying a first concatenated value to a hash function, the first concatenated value being acquired by concatenating the session key and a first intermediate value that corresponds to respective partial keys included in a key pool;
  
  generating an encryption key using the calculated second intermediate value, the generating of the encryption key comprising;
  
  extracting a common key index from a key index of the backbone node; and
  
  applying a second concatenated value to a hash function, the applying of the second concatenated value comprising acquiring the second concatenated value, the acquiring of the second concatenated value comprising concatenating the calculated second intermediate value corresponding to the extracted common key index;
  
  encrypting a partial key corresponding to the common key index with the generated encryption key, the common key index including commonalities existing between the key index of the backbone node and a key index of the new node; and
  
  sending a key part that includes the encrypted partial key and the second intermediate value to the new node.
- View Dependent Claims (2, 3, 4)
- - 2. The lightweight key distribution method of claim 1, further comprising:
    - broadcasting the allocated ID, the certificate, and the session key to other backbone nodes of the wireless network,wherein the generating of the session key comprises;
      
      verifying the ID of the new node using the certificate; and
      
      generating the session key if the verifying of the ID is successful.
  - 3. The lightweight key distribution method of claim 1, wherein the first intermediate value is generated using one of a hash function and a random function.
  - 4. The lightweight key distribution method of claim 1, wherein:
    - the connection request message and the key request message are received directly from the new node by the backbone node; and
      
      the ID, the certificate, and the key part are sent directly to the new node by the backbone node.

5. A key acquisition method for a new node intending to join a wireless network, the method comprising:
- sending a connection request message to a backbone node of the wireless network;
  
  receiving, from the backbone node in response to the sending of the connection request message, an identification (ID) allocated from the backbone node and a certificate to verify the ID;
  
  sending a key request message including the allocated ID and the certificate to the backbone node;
  
  receiving a key part from the backbone node that includes an encrypted partial key and a second intermediate value, the encrypted partial key corresponding to a common key index that includes commonalities existing between a key index of the backbone node and a key index of the new node, the second intermediate value being generated based on an application of a first concatenated value to a hash function, the first concatenated value being based on a concatenation of a session key and a first intermediate value corresponding to respective partial keys included in a key pool, the encrypted partial key being encrypted using an encryption key that is generated by extracting the common key index from the key index of the backbone node, and applying a second concatenated value to a hash function, the applying of the second concatenated value comprising acquiring the second concatenated value, the acquiring of the second concatenated value comprising concatenating the second intermediate value corresponding to the extracted common key index;
  
  generating a decryption key using the second intermediate value; and
  
  decrypting the encrypted partial key with the decryption key.
- View Dependent Claims (6, 7, 8)
- - 6. The key acquisition method of claim 5, wherein the generating of the decryption key applies the second concatenated value to a hash function.
  - 7. The key acquisition method of claim 5, wherein:
    - the connection request message and the key request message are sent directly to the backbone node by the new node; and
      
      the ID, the certificate, and the key part are received directly from the backbone node by the new node.
  - 8. The key acquisition method of claim 5, further comprising, prior to the generating of the decryption key:
    - sending a second key request message directly to other backbone nodes, the second key request message including the allocated ID and the certificate; and
      
      receiving a second key part directly from the other backbone nodes, the second key part including the second intermediate value and a second encrypted partial key that corresponds to other common key indexes, other common key indexes respectively corresponding with the other backbone nodes and including commonalities existing between the key index of the new node and respective key indexes of the other backbone nodes, the second intermediate value corresponding to the other common key indexes,wherein the generating of the decryption key comprises;
      
      determining whether the key part or the second key part corresponds to a local key index; and
      
      generating the decryption key using the second intermediate value received in the key part or the second key part depending on the correspondence of the key part or the second key part to the local key index.

9. A system for lightweight key distribution in a wireless network, the system comprising:
- a backbone node of the wireless network, the backbone node comprising;
  
  an identification sending unit to send, to a new node intending to join the wireless network, an identification (ID) to allocate to the new node and a certificate to verify the ID, the ID and the certificate being sent to the new node in response to a connection request message received from the new node;
  
  a receiving unit to receive;
  
  the connection request message from the new node; and
  
  a key request message from the new node, the key request message including the allocated ID and the certificate;
  
  a session key generator to generate a session key as a result of the receiving unit receiving the key request message;
  
  a calculator to apply a first concatenated value to a hash function to calculate a second intermediate value, the first concatenated value being acquired by concatenating the session key and a first intermediate value that corresponds to respective partial keys included in a key pool;
  
  an encryption key generator to;
  
  generate an encryption key using the second intermediate value; and
  
  encrypt a partial key corresponding to a common key index with the generated encryption key, the common key index including commonalities existing between a key index of the backbone node and a key index of the new node; and
  
  a key sending unit to send a key part that includes the encrypted partial key and the second intermediate value to the new node,wherein;
  
  the encryption key generator comprises a key index extractor to extract the common key index from the key index of the backbone node; and
  
  the encryption key generator generates the encryption key by applying a second concatenated value to a hash function, the second concatenated value being acquired by concatenating the second intermediate value corresponding to the common key index.
- View Dependent Claims (10, 11, 12)
- - 10. The system for lightweight key distribution in a wireless network of claim 9, wherein:
    - the backbone node further comprises a broadcasting unit to broadcast the ID, the certificate, and the session key to other backbone nodes of the wireless network; and
      
      the session key generator is further to;
      
      verify the ID of the new node using the certificate; and
      
      generate the session key if the verifying of the ID is successful.
  - 11. The system for lightweight key distribution in a wireless network of claim 9, wherein the backbone node further comprises an intermediate value generator to generate a first intermediate value using one of a hash function and a random function.
  - 12. The system for lightweight key distribution in a wireless network of claim 9, wherein:
    - the identification sending unit sends the ID and the certificate directly to the new node;
      
      the receiving unit receives the connection request message and the key request message directly from the new node; and
      
      the key sending unit sends the key part directly to the new node.

13. A system for lightweight key acquisition in a wireless network, the system comprising:
- a new node intending to join the wireless network, the new node comprising;
  
  a identification receiving unit to receive, from a backbone node of the wireless network in response to a sending of a connection request message by the new node, an identification (ID) allocated from the backbone node and a certificate to verify the ID;
  
  a sending unit to send;
  
  the connection request message to the backbone node; and
  
  a key request message to the backbone node, the key request message including the allocated ID and the certificate;
  
  a key part receiver unit to receive a key part from the backbone node that includes an encrypted partial key and a second intermediate value, the encrypted partial key corresponding to a common key index, the common key index comprising commonalities existing between a key index of the backbone node and a key index of the new node, the second intermediate value being generated based on an application of a first concatenated value to a hash function, the first concatenated value being based on a concatenation of a session key and a first intermediate value corresponding to respective partial keys included in a key pool, the encrypted partial key being encrypted based on an encryption key that is based on an extraction of the common key index from the key index of the backbone node, and an application of a second concatenated value to a hash function, the application of the second concatenated value being based on a concatenation of the second intermediate value corresponding to the extraction of the common key index; and
  
  a decryption key generator to;
  
  generate a decryption key using the second intermediate value; and
  
  decrypt the encrypted partial key with the decryption key.
- View Dependent Claims (14, 15, 16)
- - 14. The system for lightweight key acquisition in the wireless network of claim 13, wherein the decryption key generator is further to apply the second concatenated value to a hash function to generate the decryption key.
  - 15. The system for lightweight key acquisition in a wireless network of claim 13, wherein:
    - the identification receiving unit receives the ID and the certificate directly from the backbone node;
      
      the sending unit sends the connection request message and the key request message directly to the backbone node; and
      
      the key part receiver unit receives the key part directly from the backbone node.
  - 16. The system for lightweight key acquisition in the wireless network of claim 13, wherein:
    - the sending unit is further to send a second key request message directly to other backbone nodes prior to the generating of the decryption key, the second key request message including the allocated ID and the certificate;
      
      the key part receiver unit is further to;
      
      receive a second key part directly from the other backbone nodes, the second key part including the second intermediate value and a second encrypted partial key that corresponds to other common key indexes, other common key indexes respectively corresponding with the other backbone nodes and including commonalities existing between the key index of the new node and respective key indexes of the other backbone nodes, the second intermediate value corresponding to the other common key indexes; and
      
      determine whether the key part or the second key part corresponds to a local key index; and
      
      the decryption key generator is further to generate the decryption key using the second intermediate value received in the key part or the second key part depending on the correspondence of the key part or the second key part to the local key index.

17. A non-transitory computer-readable recording medium storing a program for lightweight key distribution in a wireless network, comprising:
- a first set of instructions configured to control a backbone node of the wireless network to send, to a new node intending to join the wireless network, an identification (ID) to allocate to the new node and a certificate to verify the ID, the ID and the certificate being sent to the new node in response to a connection request message received from the new node;
  
  a second set of instructions configured to control the backbone node to receive;
  
  the connection request message from the new node; and
  
  a key request message from the new node, the key request message including the allocated ID and the certificate;
  
  a third set of instructions configured to control the backbone node to generate a session key as a result of the receiving of the key request message from the new node;
  
  a fourth set of instructions configured to control the backbone node to calculate a second intermediate value by applying a first concatenated value to a hash function, the first concatenated value being acquired by concatenating the session key and a first intermediate value that corresponds to respective partial keys included in a key pool;
  
  a fifth set of instructions configured to control the backbone node to;
  
  generate an encryption key using the calculated second intermediate value, the generating of the encryption key comprising;
  
  extracting a common key index from a key index of the backbone node; and
  
  applying a second concatenated value to a hash function, the applying of the second concatenated value comprising acquiring the second concatenated value, the acquiring of the second concatenated value comprising concatenating the calculated second intermediate value corresponding to the extracted common key index; and
  
  encrypt a partial key corresponding to the common key index with the generated encryption key, the common key index including commonalities existing between the key index of the backbone node and a key index of the new node; and
  
  a sixth set of instructions configured to control the backbone node to send a key part that includes the encrypted partial key and the second intermediate value to the new node.

18. A non-transitory computer-readable recording medium storing a program for lightweight key acquisition in a wireless network, comprising:
- a first set of instructions configured to control a new node intending to join the wireless network to receive, from a backbone node of the wireless network in response to a sending of a connection request message by the new node, an identification (ID) allocated from the backbone node and a certificate to verify the ID;
  
  a second set of instructions configured to control the new node to send;
  
  the connection request message to the backbone node; and
  
  a key request message to the backbone node, the key request message including the allocated ID and the certificate;
  
  a third set of instructions configured to control the new node to receive a key part from the backbone node that includes an encrypted partial key and a second intermediate value, the encrypted partial key corresponding to a common key index, the common key index comprising commonalities existing between a key index of the backbone node and a key index of the new node, the second intermediate value being generated based on an application of a first concatenated value to a hash function, the first concatenated value being based on a concatenation of a session key and a first intermediate value corresponding to respective partial keys included in a key pool, the encrypted partial key being encrypted using an encryption key that is generated by extracting the common key index from the key index of the backbone node, and applying a second concatenated value to a hash function, the applying of the second concatenated value comprising acquiring the second concatenated value, the acquiring of the second concatenated value comprising concatenating the second intermediate value corresponding to the extracted common key index;
  
  a fourth set of instructions configured to control the new node to generate a decryption key using the second intermediate value; and
  
  a fifth set of instructions configured to control the new node to decrypt the encrypted partial key with the decryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Urivskiy, Alexey V., Chmora, Andrey L.
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
Lagor, Alexander

Application Number

US11/790,987
Publication Number

US 20070260878A1
Time in Patent Office

2,388 Days
Field of Search

713/163, 380/278
US Class Current

380/278
CPC Class Codes

H04L 2209/80   Wireless

H04L 9/0819   Key transport or distributi...

H04L 9/0822   using key encryption key

H04L 9/083   involving central third par...

H04L 9/0833   involving conference or gro...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0891   Revocation or update of sec...

H04L 9/50   using hash chains, e.g. blo...

Method and system for lightweight key distribution in a wireless network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for lightweight key distribution in a wireless network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links