Method for secure communication in a network, a communication device, a network and a computer program therefor
First Claim
1. A method for securing communications between a first node and a second node in a network comprising a management device provided with root keying materials, the method comprising:
- the management device generating, based on the root keying materials, a first node keying material shares comprising a number of sub-elements and the first node keying material shares being arranged for generating a first complete key,the management device selecting a subset of sub-elements of the first keying material shares, the number of sub-elements selected being less than the total number of sub-elements of the first keying material shares, and the selected sub-elements forming a first node symmetric-key generation engine,the management device distributing the first node symmetric-key generation engine to the first node, andthe first node generating, based on the first node symmetric-key generation engine and on an identifier of the second node, a first key used for securing communications with the second node.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for securing communications between a first node (N1) and a second node (N2) in a network (1) further comprising a management device (2) provided with root keying materials, the method comprising the following steps: the management device generating, based on root keying materials, a first node keying material shares comprising a number of sub-elements and the first node keying material shares being arranged for generating a first complete key, the management device selecting a subset of sub-elements of the first keying material shares, the number of sub-elements selected being less or equal than the total number of sub-elements of the first keying material shares, and the selected sub-elements forming a first node partial keying material shares or symmetric-key generation engine, the first node generating, based on the first node symmetric-key generation engine and on an identifier of the second node, a first key, used for securing communications with the second node.
-
Citations
13 Claims
-
1. A method for securing communications between a first node and a second node in a network comprising a management device provided with root keying materials, the method comprising:
-
the management device generating, based on the root keying materials, a first node keying material shares comprising a number of sub-elements and the first node keying material shares being arranged for generating a first complete key, the management device selecting a subset of sub-elements of the first keying material shares, the number of sub-elements selected being less than the total number of sub-elements of the first keying material shares, and the selected sub-elements forming a first node symmetric-key generation engine, the management device distributing the first node symmetric-key generation engine to the first node, and the first node generating, based on the first node symmetric-key generation engine and on an identifier of the second node, a first key used for securing communications with the second node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A network of devices comprising a management device and a node, provided with an identifier, the management device comprising a first processor and a first memory, the first processor configured to:
-
generate, upon receipt of the identifier of the node, node keying material shares based on the root keying material, each keying material share being divided into sub-elements; select a subset of sub-elements of the first keying material share, the number of sub-elements selected being less than the total number of sub-elements of the keying material share to form a node symmetric-key generation engine adapted for generating a first key, and distribute the node symmetric-key generation engine to the node;
the node comprising a second processor and a second memory, the second processor configured to;transmit its identifier to the management device, receive, from the management device, a node symmetric-key generation engine, receive an identifier of the another node, and generate, based on the received node symmetric-key generation engine and the received other node'"'"'s identifier, a key for communicating with the other node.
-
Specification