Communication terminal using a temporary network key for assembling a secure communication frame

US 9,059,839 B2
Filed: 01/31/2011
Issued: 06/16/2015
Est. Priority Date: 02/01/2010
Status: Active Grant

First Claim

Patent Images

1. A communication terminal comprising:

a long-time key manager for managing a master network key;

a key identification manager for managing a key identification of keys;

a short-time key acquirer for using the master network key and the key identification to generate a temporary network key;

a communication frame assembler for using the temporary network key to perform security processing to thereby assemble a secure communication frame, and inserting the key identification in plaintext in the assembled secure communication frame;

a transmitter for sending the secure communication frame to another communication terminal;

a receiver for receiving another secure communication frame from the another communication terminal over a mesh type telecommunications network;

a key identification acquirer for obtaining another key identification included in the received secure communication frame in plaintext; and

a communication frame acquirer for using the temporary network key to perform security processing on the received secure communication frame to obtain a communication frame, whereinwhen the another key identification inserted in the received secure communication frame is newer than the key identification managed by said key identification manager, said key identification manager manages the another key identification of the received communication frame as a newest key identification,the another key identification includes information indicating a serial number of the master network key and information on a count value indicating a serial number of the temporary network key,said key identification manager makes a decision as to whether or not the managed key identification is the newest according to a magnitude indicated by the information on the count value indicating the serial number of the temporary network key, as long as the information indicating the serial number of the master network key remains the same, andsaid communication frame assembler receives the count value, and time information and address information of said another communication terminal together with the temporary network key for preventing a reply attack.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication terminal generates a temporary network key based on a managed master network key and on key identification used for security processing on a communication frame. The security processing is performed on the communication frame using the temporary network key. A secure communication frame is produced in which the identification of the key is indicated.

9 Citations

9 Claims

1. A communication terminal comprising:
- a long-time key manager for managing a master network key;
  
  a key identification manager for managing a key identification of keys;
  
  a short-time key acquirer for using the master network key and the key identification to generate a temporary network key;
  
  a communication frame assembler for using the temporary network key to perform security processing to thereby assemble a secure communication frame, and inserting the key identification in plaintext in the assembled secure communication frame;
  
  a transmitter for sending the secure communication frame to another communication terminal;
  
  a receiver for receiving another secure communication frame from the another communication terminal over a mesh type telecommunications network;
  
  a key identification acquirer for obtaining another key identification included in the received secure communication frame in plaintext; and
  
  a communication frame acquirer for using the temporary network key to perform security processing on the received secure communication frame to obtain a communication frame, whereinwhen the another key identification inserted in the received secure communication frame is newer than the key identification managed by said key identification manager, said key identification manager manages the another key identification of the received communication frame as a newest key identification,the another key identification includes information indicating a serial number of the master network key and information on a count value indicating a serial number of the temporary network key,said key identification manager makes a decision as to whether or not the managed key identification is the newest according to a magnitude indicated by the information on the count value indicating the serial number of the temporary network key, as long as the information indicating the serial number of the master network key remains the same, andsaid communication frame assembler receives the count value, and time information and address information of said another communication terminal together with the temporary network key for preventing a reply attack.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The communication terminal in accordance with claim 1, further comprising a long-time key updater for replacing the master network key managed by said long-time key manager with another master network key received over the mesh type telecommunications network.
  - 3. The communication terminal of claim 2, wherein the long-time key updater updates the master network key to use a new master network key at a timing specified by information received along with the new master network key.
  - 4. The communication terminal of claim 2, wherein the long-time key updater updates the master network key to use a new master network key at a timing specified by a separate message that identifies the timing.
  - 5. The communication terminal of claim 2, wherein the long-time key updater updates the master network key to use a new master network key at a timing according to an expiration of a counter.
  - 6. The communication terminal in accordance with claim 1, wherein the key identification managed by said key identification manager is updated at arbitrary timing.
  - 7. The communication terminal in accordance with claim 1, further comprising a key identification acquirer for asking the another communication terminal for the another key identification managed by the another communication terminal, or for sending back the key identification managed by said key identification manager of the subject terminal in response to a request from the another communication terminal,said key identification manager using the another key identification obtained by said key identification acquirer to manage or update the key identification of its own.
  - 8. The communication terminal in accordance with claim 7, wherein said key identification manager manages or updates a key identification determined to be newer than the key identification obtained by said key identification acquirer as its own key identification.

9. A secure communication system for encrypting and authenticating a communication frame by utilizing a key shared across a mesh type telecommunications network, said secure communication system comprising a plurality of communication terminals, each of said plurality of communication terminals comprising:
- a long-time key manager for managing a master network key;
  
  a key identification manager for managing a key identification of keys;
  
  a short-time key acquirer for using the master network key and the key identification to generate a temporary network key;
  
  a communication frame assembler for using the temporary network key to perform security processing to thereby assemble a secure communication frame, and inserting the key identification in plaintext in the assembled secure communication frame;
  
  a transmitter for sending the secure communication frame to another communication terminal;
  
  a receiver for receiving another secure communication frame from the another communication terminal over a mesh type telecommunications network;
  
  a key identification acquirer for obtaining another key identification included in the received secure communication frame in plaintext; and
  
  a communication frame acquirer for using the temporary network key to perform security processing on the received secure communication frame to obtain a communication frame, whereinwhen the another key identification inserted in the received secure communication frame is newer than the key identification managed by said key identification manager, said key identification manager manages the another key identification of the received communication frame as a newest key identification,the key identification managed by the key identification manager includes information indicating a serial number of the master network key and information on a count value indicating a serial number of the temporary network key,said key identification manager makes a decision as to whether or not the managed key identification is the newest according to a magnitude indicated by the information on the count value indicating the serial number of the temporary network key, as long as the information indicating the serial number of the master network key remains the same, andsaid communication frame assembler receives the count value, and time information and address information of said another communication terminal together with the temporary network key for preventing a reply attack.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OKI Electric Industry Company Limited
Original Assignee
OKI Electric Industry Company Limited
Inventors
Yao, Taketsugu, Nakashima, Jun, Fukui, Kiyoshi
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
NGUY, CHI D

Application Number

US12/929,530
Publication Number

US 20110188654A1
Time in Patent Office

1,597 Days
Field of Search

380/270, 380/273, 380/284, 380/286
US Class Current

1/1
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/06   for supporting key manageme...

H04L 63/068   using time-dependent keys, ...

H04L 9/08   Key distribution or managem...

H04L 9/083   involving central third par...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0891   Revocation or update of sec...

H04W 12/041   Key generation or derivation

Communication terminal using a temporary network key for assembling a secure communication frame

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

9 Claims

Specification

Use Cases

Quick Links

Others

Communication terminal using a temporary network key for assembling a secure communication frame

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

9 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others