Method for cryptographically transmitting data between network nodes using a nonce value

US 9,094,818 B2
Filed: 08/19/2009
Issued: 07/28/2015
Est. Priority Date: 09/10/2008
Status: Active Grant

First Claim

Patent Images

1. A method for transmitting data between network nodes of a network in a cryptographically protected manner, comprising:

creating a NONCE value from a count value that is updated when a message containing the data is transmitted and from a constant value that is made available to the network nodes of the network in shared fashion, the constant value being the same for each of the nodes of the network;

encrypting and decrypting the data transmitted in the message by a cryptographic key and the NONCE value; and

reconfiguring the constant value at regular intervals and providing the constant value to the network nodes of the network by a central management network node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method transmits data between network nodes of a network in a cryptographically protected manner. The network nodes are, for example, sensor nodes of a wireless sensor network. In the method, in order to transmit the data in a message, a NONCE value is created from a count value which is updated in the transmission of the message and from a constant value which is provided in a shared manner to the network nodes of the network. The data transmitted in the message is then encrypted and decrypted within the network nodes by a cryptographic key and the created NONCE value. The method offers in particular protection against replay attacks while at the same time minimizing the use of resources of the network nodes.

18 Citations

View as Search Results

14 Claims

1. A method for transmitting data between network nodes of a network in a cryptographically protected manner, comprising:
- creating a NONCE value from a count value that is updated when a message containing the data is transmitted and from a constant value that is made available to the network nodes of the network in shared fashion, the constant value being the same for each of the nodes of the network;
  
  encrypting and decrypting the data transmitted in the message by a cryptographic key and the NONCE value; and
  
  reconfiguring the constant value at regular intervals and providing the constant value to the network nodes of the network by a central management network node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as claimed in claim 1, wherein the NONCE value is also created as a function of a transmitting-node address of a transmitting network node that transmits the message to receiving network node of the network.
  - 3. The method as claimed in claim 1, wherein the constant value is conveyed to the network nodes of the network by the central management network node by sending a broadcast message or by sending unicast messages.
  - 4. The method as claimed in claim 1, wherein the constant value is reconfigured by the central management node.
  - 5. The method as claimed in claim 4, wherein the constant value is reconfigured at regular intervals, when a predefined volume of transmitted data has been transmitted, when a predefined number of messages has been transmitted, when a predefined count value has been attained for one of the network nodes, if a predefined event occurs, or when data meeting a predefined condition is transmitted.
  - 6. The method as claimed in claim 2, whereinthe count value is generated by an internal counter of the transmitting network node, andthe NONCE value is created by concatenating the transmitting-node address of the transmitting network node, the constant value, and the count value.
  - 7. The method as claimed in claim 2, whereinthe count value is generated by an internal counter of the transmitting network node,concatenated data is created by concatenating the transmitting-node address of the transmitting network node, the constant value, and the count value, andthe NONCE value is created through a hash function of the concatenated data.
  - 8. The method as claimed in claim 1, wherein the data transmitted in the message is encrypted and decrypted using a Counter with CBC-MAC (CCM) algorithm.
  - 9. The method as claimed in claim 2, whereinthe count value is a current count value of the transmitting network node,the message is transmitted with header data and useful data,the header data comprises the transmitting-node address, a receiving-node address, and the count value, andthe useful data comprises encrypted data.
  - 10. The method as claimed in claim 9, whereinthe receiving network node extracts the transmitting-node address and the count value from the header data,the receiving network node has an internal counter, which produces a count predict value based on the transmitting-node address,the receiving network node compares the count value of the transmitting network node with the count predict value produced by the internal counter,if the count value of the transmitting network node is more current than the count predict value, the receiving network node creates a NONCE value from the count value of the transmitting network node, the shared constant value, and the transmitted transmitting-node address, andthe receiving network node decrypts the data transmitted in the message with the NONCE value created by the receiving network node and a key stored in the receiving network node.
  - 11. The method as claimed in claim 2, wherein the message is transmitted from the transmitting network node to the receiving network node over a radio interface.

12. A network, comprising:
- a plurality of network nodes that transmit data among themselves in messages, each network node comprising;
  
  a NONCE unit to create a NONCE value from a count value that is updated when a message is transmitted and from a constant value that is made available to the network nodes of the network in shared fashion, the constant value being the same for each of the nodes of the network; and
  
  a cryptographic unit to encrypt and decrypt the data transmitted in the message using a cryptographic key and the NONCE value; and
  
  a central management network node that reconfigures the constant value at regular intervals and provides the constant value to the network nodes of the network.
- View Dependent Claims (13)
- - 13. The network as claimed in claim 12, wherein the network nodes each have at least one sensor.

14. A non-transitory computer readable storage medium storing a computer program, which when executed by a computer, causes the computer to perform a method for transmitting data between network nodes of a network in a cryptographically protected manner, the method comprising:
- creating a NONCE value from a count value that is updated when thea message containing the data is transmitted and from a constant value that is made available to the network nodes of the network in shared fashion, the constant value being the same for each of the nodes of the network;
  
  encrypting and decrypting the data transmitted in the message by a cryptographic key and the NONCE value; and
  
  reconfiguring the constant value at regular intervals and providing the constant value to the network nodes of the network by a central management network node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens AG
Original Assignee
Siemens AG
Inventors
Falk, Rainer, Hof, Hans-Joachim, Meyer, Ulrike
Primary Examiner(s)
Moorthy, Aravind
Assistant Examiner(s)
PLOTKIN, JASON R

Application Number

US12/998,029
Publication Number

US 20110158410A1
Time in Patent Office

2,169 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/1466   Active attacks involving in...

H04L 9/0861   Generation of secret inform...

H04L 9/3242   involving keyed hash functi...

H04W 12/02   Protecting privacy or anony...

H04W 12/033   of the user plane, e.g. use...

H04W 12/037   of the control plane, e.g. ...

H04W 12/102   Route integrity, e.g. using...

H04W 12/106   Packet or message integrity

H04W 12/108   Source integrity

H04W 12/122   Counter-measures against at...

H04W 84/18   Self-organising networks, e...

Method for cryptographically transmitting data between network nodes using a nonce value

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

Method for cryptographically transmitting data between network nodes using a nonce value

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others