Communication terminal using a temporary network key for assembling a secure communication frame
First Claim
Patent Images
1. A communication terminal comprising:
- a long-time key manager for managing a master network key;
a key identification manager for managing a key identification of keys;
a short-time key acquirer for using the master network key and the key identification to generate a temporary network key;
a communication frame assembler for using the temporary network key to perform security processing to thereby assemble a secure communication frame, and inserting the key identification in plaintext in the assembled secure communication frame;
a transmitter for sending the secure communication frame to another communication terminal;
a receiver for receiving another secure communication frame from the another communication terminal over a mesh type telecommunications network;
a key identification acquirer for obtaining another key identification included in the received secure communication frame in plaintext; and
a communication frame acquirer for using the temporary network key to perform security processing on the received secure communication frame to obtain a communication frame, whereinwhen the another key identification inserted in the received secure communication frame is newer than the key identification managed by said key identification manager, said key identification manager manages the another key identification of the received communication frame as a newest key identification,the another key identification includes information indicating a serial number of the master network key and information on a count value indicating a serial number of the temporary network key,said key identification manager makes a decision as to whether or not the managed key identification is the newest according to a magnitude indicated by the information on the count value indicating the serial number of the temporary network key, as long as the information indicating the serial number of the master network key remains the same, andsaid communication frame assembler receives the count value, and time information and address information of said another communication terminal together with the temporary network key for preventing a reply attack.
1 Assignment
0 Petitions
Accused Products
Abstract
A communication terminal generates a temporary network key based on a managed master network key and on key identification used for security processing on a communication frame. The security processing is performed on the communication frame using the temporary network key. A secure communication frame is produced in which the identification of the key is indicated.
9 Citations
9 Claims
-
1. A communication terminal comprising:
-
a long-time key manager for managing a master network key; a key identification manager for managing a key identification of keys; a short-time key acquirer for using the master network key and the key identification to generate a temporary network key; a communication frame assembler for using the temporary network key to perform security processing to thereby assemble a secure communication frame, and inserting the key identification in plaintext in the assembled secure communication frame; a transmitter for sending the secure communication frame to another communication terminal; a receiver for receiving another secure communication frame from the another communication terminal over a mesh type telecommunications network; a key identification acquirer for obtaining another key identification included in the received secure communication frame in plaintext; and a communication frame acquirer for using the temporary network key to perform security processing on the received secure communication frame to obtain a communication frame, wherein when the another key identification inserted in the received secure communication frame is newer than the key identification managed by said key identification manager, said key identification manager manages the another key identification of the received communication frame as a newest key identification, the another key identification includes information indicating a serial number of the master network key and information on a count value indicating a serial number of the temporary network key, said key identification manager makes a decision as to whether or not the managed key identification is the newest according to a magnitude indicated by the information on the count value indicating the serial number of the temporary network key, as long as the information indicating the serial number of the master network key remains the same, and said communication frame assembler receives the count value, and time information and address information of said another communication terminal together with the temporary network key for preventing a reply attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A secure communication system for encrypting and authenticating a communication frame by utilizing a key shared across a mesh type telecommunications network, said secure communication system comprising a plurality of communication terminals, each of said plurality of communication terminals comprising:
-
a long-time key manager for managing a master network key; a key identification manager for managing a key identification of keys; a short-time key acquirer for using the master network key and the key identification to generate a temporary network key; a communication frame assembler for using the temporary network key to perform security processing to thereby assemble a secure communication frame, and inserting the key identification in plaintext in the assembled secure communication frame; a transmitter for sending the secure communication frame to another communication terminal; a receiver for receiving another secure communication frame from the another communication terminal over a mesh type telecommunications network; a key identification acquirer for obtaining another key identification included in the received secure communication frame in plaintext; and a communication frame acquirer for using the temporary network key to perform security processing on the received secure communication frame to obtain a communication frame, wherein when the another key identification inserted in the received secure communication frame is newer than the key identification managed by said key identification manager, said key identification manager manages the another key identification of the received communication frame as a newest key identification, the key identification managed by the key identification manager includes information indicating a serial number of the master network key and information on a count value indicating a serial number of the temporary network key, said key identification manager makes a decision as to whether or not the managed key identification is the newest according to a magnitude indicated by the information on the count value indicating the serial number of the temporary network key, as long as the information indicating the serial number of the master network key remains the same, and said communication frame assembler receives the count value, and time information and address information of said another communication terminal together with the temporary network key for preventing a reply attack.
-
Specification