Secure session for a group of network nodes
First Claim
1. A method of a network node, for creating a secure session for members of a group of network nodes, the method comprising:
- receiving, from a trusted entity over a channel established based on an identity certificate of the trusted entity;
an identity certificate for the network node,an assertion for the network node, certifying a role of the network node within the group, anda secret group key for the group;
creating a session identifier and a secret session key for the secure session;
sending a broadcast message comprising the session identifier, which broadcast message is encrypted and authenticated using the group key;
receiving a discovery message from a further network node of the group of network nodes; and
sending a discovery response message comprising the secret session key to the further network node in an event the further network node is not on a revocation list provided by the trusted entity.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods (500) of a network node (111) for creating and joining secure sessions for members (111-114) of a group of network nodes are provided. The methods comprise receiving an identity certificate and an assertion for the network node as well as a secret group key for the group. The method for creating a session further comprises creating (501) a session identifier and a secret session key for the session, and sending (502) an encrypted and authenticated broadcast message comprising the session identifier. The method for joining a session further comprises sending an encrypted and authenticated discovery message comprising the identity certificate and the assertion, and receiving an encrypted and authenticated discovery response message from another network node which is a member of the group. The disclosed combined symmetric key and public key scheme is based on the availability of three credentials at each node, i.e., the identity certificate, the assertion, and the secret group key, which are received from a trusted entity. Further, a computer program, a computer program product, and a network node are provided.
-
Citations
21 Claims
-
1. A method of a network node, for creating a secure session for members of a group of network nodes, the method comprising:
-
receiving, from a trusted entity over a channel established based on an identity certificate of the trusted entity; an identity certificate for the network node, an assertion for the network node, certifying a role of the network node within the group, and a secret group key for the group; creating a session identifier and a secret session key for the secure session; sending a broadcast message comprising the session identifier, which broadcast message is encrypted and authenticated using the group key; receiving a discovery message from a further network node of the group of network nodes; and sending a discovery response message comprising the secret session key to the further network node in an event the further network node is not on a revocation list provided by the trusted entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of a network node, for joining a secure session for members of a group of network nodes, the method comprising:
-
receiving, from a trusted entity over a channel established based on an identity certificate of the trusted entity; an identity certificate for the network node, an assertion for the network node, certifying a role of the network node within the group, and a secret group key for the group; sending a discovery message comprising the identity certificate for the network node and the assertion for the network node, which discovery messages is encrypted and authenticated using the group key; and receiving a discovery response message from another network node which is a member of the group in an event the network node is not on a revocation list provided by the trusted entity, and which discovery response message comprises a secret session key for the secure session and is encrypted and authenticated using a public key of the identity certificate of the network node. - View Dependent Claims (12)
-
-
13. A network node comprising:
-
a receiver being arranged for receiving, from a trusted entity over a channel established based on an identity certificate of the trusted entity; an identity certificate for the network node, an assertion for the network node, certifying a role of the network node within a group of network nodes, and a secret group key for the group; a processor; and a transmitter, wherein, in response to a request to create a secure session for members of the group; the processor is arranged for creating a session identifier and a secret session key for the secure session, and the transmitter is arranged for sending a broadcast message comprising the session identifier, which broadcast message is encrypted and authenticated using the group key, and wherein, in response to a request to join an existing secure session for members of the group; the transmitter is arranged for sending a discovery message comprising the identity certificate for the network node and the assertion for the network node, which discovery message is encrypted and authenticated using the group key, and the receiver is further arranged for receiving a discovery response message from another network node which is a member of the group in an event the network node is not on a revocation list provided by the trusted entity, and which discovery response message comprises a secret session key for the secure session and is encrypted and authenticated using the public key of the identity certificate of the network node. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
Specification