Local area network

US 8,681,993 B2
Filed: 02/20/2009
Issued: 03/25/2014
Est. Priority Date: 03/08/2002
Status: Active Grant

First Claim

Patent Images

1. A method performed by a first communication device in an ad-hoc network, the method comprising:

the first communication device identifying a first trust group associated with a first level of trust, the first trust group including a first subset of communication devices in the ad-hoc network;

the first communication device identifying a second trust group associated with a second, lower level of trust, the second trust group including a second subset of communication devices in the ad-hoc network;

the first communication device receiving, from a second communication device in the first trust group, a first cryptographic group key generated by the second communication device;

the first communication device receiving, from a third communication device in the second trust group, a second cryptographic group key generated by the third communication device;

based on the first level of trust associated with the first trust group, the first communication device designating the first cryptographic group key to be used for both encrypting and decrypting communications with the second communication device; and

based on the second, lower level of trust associated with the second trust group, the first communication device designating the second cryptographic group key not to be used for encrypting communications with the third communication device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for distributed security for a plurality of devices in a communication network, each of the devices being responsible for generating, distributing and controlling its own keys for access to the communication network and using the keys to establish a trusted network, each device'"'"'s membership to the communication network being checked periodically by other devices by using a challenge response protocol to establish which devices are allowed access to the communication network and the trusted network.

27 Citations

16 Claims

1. A method performed by a first communication device in an ad-hoc network, the method comprising:
- the first communication device identifying a first trust group associated with a first level of trust, the first trust group including a first subset of communication devices in the ad-hoc network;
  
  the first communication device identifying a second trust group associated with a second, lower level of trust, the second trust group including a second subset of communication devices in the ad-hoc network;
  
  the first communication device receiving, from a second communication device in the first trust group, a first cryptographic group key generated by the second communication device;
  
  the first communication device receiving, from a third communication device in the second trust group, a second cryptographic group key generated by the third communication device;
  
  based on the first level of trust associated with the first trust group, the first communication device designating the first cryptographic group key to be used for both encrypting and decrypting communications with the second communication device; and
  
  based on the second, lower level of trust associated with the second trust group, the first communication device designating the second cryptographic group key not to be used for encrypting communications with the third communication device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, wherein the ad-hoc network includes a master device configured to activate an access controller using identifiers of devices in the ad-hoc network.
  - 3. The method according to claim 2, wherein the master device uses an access control list to admit only devices that have been positively authenticated to the ad-hoc network.
  - 4. The method according to claim 2, wherein the master device further comprises a traffic controller to regulate data flow within the ad-hoc network.
  - 5. The method according to claim 4, wherein the master device allocates a time slot to each of the devices for message distribution.
  - 6. The method according to claim 1, further comprising the first communication device determining which other devices are presently active in the ad-hoc network.
  - 7. The method according to claim 6, wherein the determining comprises re-authenticating each of the other devices at a predetermined time.
  - 8. The method according to claim 7, wherein the re-authenticating comprises performing a challenge-response protocol with each of the other devices to determine which of the other devices are present in the ad-hoc network.

9. A communication device comprising a processor and memory, the memory comprising computer executable instructions that when executed by the processor, perform operations for communicating in an ad-hoc network, the operations comprising:
- identifying a first trust group associated with a first level of trust, the first trust group including a first subset of communication devices in the ad-hoc network;
  
  identifying a second trust group associated with a second, lower level of trust, the second trust group including a second subset of communication devices in the ad-hoc network;
  
  receiving, from a second communication device in the first trust group, a first cryptographic group key generated by the second communication device;
  
  receiving, from a third communication device in the second trust group, a second cryptographic group key generated by the third communication device;
  
  based on the first level of trust associated with the first trust group, designating the first cryptographic group key to be used for both encrypting and decrypting communications with the second communication device; and
  
  based on the second, lower level of trust associated with the second trust group, designating the second cryptographic group key not to be used for encrypting communications with the third communication device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The communication device according to claim 9, wherein the ad-hoc network comprises a master device configured to activate an access controller using identifiers of devices in the ad-hoc network.
  - 11. The communication device according to claim 10, wherein the master device uses an access control list to admit only devices that have been positively authenticated to the ad-hoc network.
  - 12. The communication device according to claim 10, wherein the master device further comprises a traffic controller to regulate data flow within the ad-hoc network.
  - 13. The communication device according to claim 12, wherein the master device allocates a time slot to each of the devices for message distribution.
  - 14. The communication device according to claim 9, the operations further comprising determining which other devices are presently active in the ad-hoc network.
  - 15. The communication device according to claim 14, wherein the determining comprises re-authenticating each of the other devices at a predetermined time.
  - 16. The communication device according to claim 15, wherein the re-authenticating comprises performing a challenge-response protocol with each of the other devices to determine which of the other devices are presently included in the ad-hoc network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Struik, Marinus, Vanstone, Scott Alexander
Primary Examiner(s)
Moorthy, Aravind
Assistant Examiner(s)
Pan, Joseph

Application Number

US12/390,030
Publication Number

US 20090296939A1
Time in Patent Office

1,859 Days
Field of Search

713/1, 713/2, 713/188, 713/194, 713/156, 713/168, 713/171, 713/175, 380/200, 380/201, 380/255, 380/277, 380/278, 726/2, 709/204, 709/224, 709/225, 370/348, 370/401
US Class Current

380/278
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0471   applying encryption by an i...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/065   for group communications cr...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/104   Grouping of entities

H04L 9/00   Cryptographic mechanisms or...

H04L 9/006   involving public key infras...

H04L 9/08   Key distribution or managem...

H04L 9/0833   involving conference or gro...

H04L 9/0838   Key agreement, i.e. key est...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/71   Hardware identity

H04W 84/18   Self-organising networks, e...

Local area network

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Local area network

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links