Method for secure communication in a network, a communication device, a network and a computer program therefor

US 9,077,520 B2
Filed: 03/16/2010
Issued: 07/07/2015
Est. Priority Date: 03/19/2009
Status: Active Grant

First Claim

Patent Images

1. A method for securing communications between a first node and a second node in a network comprising a management device provided with root keying materials, the method comprising:

the management device generating, based on the root keying materials, a first node keying material shares comprising a number of sub-elements and the first node keying material shares being arranged for generating a first complete key,the management device selecting a subset of sub-elements of the first keying material shares, the number of sub-elements selected being less than the total number of sub-elements of the first keying material shares, and the selected sub-elements forming a first node symmetric-key generation engine,the management device distributing the first node symmetric-key generation engine to the first node, andthe first node generating, based on the first node symmetric-key generation engine and on an identifier of the second node, a first key used for securing communications with the second node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing communications between a first node (N1) and a second node (N2) in a network (1) further comprising a management device (2) provided with root keying materials, the method comprising the following steps: the management device generating, based on root keying materials, a first node keying material shares comprising a number of sub-elements and the first node keying material shares being arranged for generating a first complete key, the management device selecting a subset of sub-elements of the first keying material shares, the number of sub-elements selected being less or equal than the total number of sub-elements of the first keying material shares, and the selected sub-elements forming a first node partial keying material shares or symmetric-key generation engine, the first node generating, based on the first node symmetric-key generation engine and on an identifier of the second node, a first key, used for securing communications with the second node.

Citations

13 Claims

1. A method for securing communications between a first node and a second node in a network comprising a management device provided with root keying materials, the method comprising:
- the management device generating, based on the root keying materials, a first node keying material shares comprising a number of sub-elements and the first node keying material shares being arranged for generating a first complete key,the management device selecting a subset of sub-elements of the first keying material shares, the number of sub-elements selected being less than the total number of sub-elements of the first keying material shares, and the selected sub-elements forming a first node symmetric-key generation engine,the management device distributing the first node symmetric-key generation engine to the first node, andthe first node generating, based on the first node symmetric-key generation engine and on an identifier of the second node, a first key used for securing communications with the second node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the root keying material comprises a number of mathematical functions.
  - 3. The method of claim 2, wherein the performance and security of the symmetric-key generation engine are defined by a number of secrets or public designs including the number of root mathematical functions, the complexity of the mathematical functions, the mathematical structures over which the generation of the keying material shares takes place, or the parameters of the root keying material.
  - 4. The method of claim 2, wherein the mathematical functions are polynomials.
  - 5. The method of claim 4, further comprising:
    - the management device generating, based on the polynomial root keying material and on an identifier of the first node, a first node keying material shares under the form of a number of polynomial shares, each polynomial share coefficient being divided into sub-elements, and the sub-elements comprising the first node keying material shares,the management device selecting a set of sub-elements of the first polynomial coefficients forming a first symmetric-key generation engine, the selected sub-elements of the first node symmetric-key generation engine corresponding to the selected sub-elements of the first node keying material share,the first node generating, based on a first node symmetric key generation engine and on an identifier of a first node, a partial key, used for securing communications with the second node.
  - 6. The method of claim 4, wherein the root keying material are polynomials over a number of finite fields chosen in such a way that:
    - the management device generates polynomials shares for the first node from the root polynomials carrying out operations over different finite fields;
      
      the management device can divide the polynomial shares into sub-elements and combine them to form a symmetric-key generation engine;
      
      the sub-elements comprising the symmetric-key generation engine are combined making harder the recovery of the root keying material;
      
      the first node can use its symmetric-key generation engine and the identifier of the second node to generate a key with the second node;
      
      the operations required for key generation are out of the fields.
  - 7. The method of claim 2, wherein the complexity of the mathematical functions can be adjusted to offer a trade-off between the symmetric key generation engine security and computational requirements.
  - 8. The methods of claim 4, wherein the complexity of the mathematical functions refers to the polynomial degree or size of the finite fields.
  - 9. The methods of claim 1, wherein the generation of keying material shares for the first node from the root mathematical functions includes operations over a single or a combination of mathematical structures comprising fields, rings, vector spaces and groups.
  - 10. The method of claim 9, wherein the operations needed for the generation of a key between the first node given the symmetric-key generation engine of the first node and an identifier of the second node are over a common mathematical structure.
  - 11. The method of claim 3, wherein the management device generating the first node keying material share or the second node keying material share comprises evaluating the symmetric bivariate polynomial in a point corresponding to the identifier of the first node or the identifier of the second node, respectively.
  - 12. The method of claim 1, wherein the symmetric-key generation engine is implemented in hardware or software, and allows the first node to compute a symmetric-key with the second node given the identifier of the second node.

13. A network of devices comprising a management device and a node, provided with an identifier, the management device comprising a first processor and a first memory, the first processor configured to:
- generate, upon receipt of the identifier of the node, node keying material shares based on the root keying material, each keying material share being divided into sub-elements;
  
  select a subset of sub-elements of the first keying material share, the number of sub-elements selected being less than the total number of sub-elements of the keying material share to form a node symmetric-key generation engine adapted for generating a first key, anddistribute the node symmetric-key generation engine to the node;
  
  the node comprising a second processor and a second memory, the second processor configured to;
  
  transmit its identifier to the management device,receive, from the management device, a node symmetric-key generation engine,receive an identifier of the another node, andgenerate, based on the received node symmetric-key generation engine and the received other node'"'"'s identifier, a key for communicating with the other node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Koninklijke Philips Electronics N.V. (Koninklijke Philips N.V.)
Original Assignee
Koninklijke Philips N.V.
Inventors
Garcia Morchon, Oscar, Erdmann, Bozena, Kursawe, Klaus
Primary Examiner(s)
Gelagay, Shewaye
Assistant Examiner(s)
ABEDIN, SHANTO

Application Number

US13/254,462
Publication Number

US 20110317838A1
Time in Patent Office

1,939 Days
Field of Search

713/168, 713/153, 380/44, 380/259, 380/278
US Class Current

1/1
CPC Class Codes

H04L 2209/80   Wireless

H04L 9/083   involving central third par...

H04L 9/085   Secret sharing or secret sp...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

Method for secure communication in a network, a communication device, a network and a computer program therefor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method for secure communication in a network, a communication device, a network and a computer program therefor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links