Computer network, network node and method for providing certification information

US 9,712,328 B2
Filed: 06/18/2014
Issued: 07/18/2017
Est. Priority Date: 06/19/2013
Status: Active Grant

First Claim

Patent Images

1. A network node for a computer network for data transmission between network nodes, the network nodes being authenticatable to one another by authentication information of a public key infrastructure, the computer network comprising:

a root certificate authority disposed in a first region with limited physical access disposed within a cockpit of an aircraft, and arranged separate from the computer network without being linked to the computer network, the functions of the root certificate authority are directly accessible to only persons with access authorization for the first region with limited physical access disposed within the cockpit of the aircraft, the root certificate authority comprising;

a signing device configured to generate the authentication information for the public key infrastructure, and a wireless short-distance data transmission device with a communication range that does not extend beyond the first region, the wireless short-distance data transmission device communicating with the network node while the network node is within the communication range that does not extend beyond the cockpit; and

the network node comprising;

an authentication information storage;

a processor;

a network communication device; and

an initialization device including an initialization communication device and a temporary authentication information storage, the processor being configured to read information from the temporary authentication information storage.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer network for data transmission between network nodes, the network nodes being authenticatable to one another by authentication information of a public key infrastructure, with a root certificate authority configured to generate the authentication information for the public key infrastructure. The root certificate authority is arranged separate from the computer network and is not linked to the computer network. A network node of the computer network comprises an authentication information storage, a processor, a network communication device and an initialization device having an initialization communication device and a temporary authentication information storage that can be read out by the processor.

Citations

16 Claims

1. A network node for a computer network for data transmission between network nodes, the network nodes being authenticatable to one another by authentication information of a public key infrastructure, the computer network comprising:
- a root certificate authority disposed in a first region with limited physical access disposed within a cockpit of an aircraft, and arranged separate from the computer network without being linked to the computer network, the functions of the root certificate authority are directly accessible to only persons with access authorization for the first region with limited physical access disposed within the cockpit of the aircraft, the root certificate authority comprising;
  
  a signing device configured to generate the authentication information for the public key infrastructure, and a wireless short-distance data transmission device with a communication range that does not extend beyond the first region, the wireless short-distance data transmission device communicating with the network node while the network node is within the communication range that does not extend beyond the cockpit; and
  
  the network node comprising;
  
  an authentication information storage;
  
  a processor;
  
  a network communication device; and
  
  an initialization device including an initialization communication device and a temporary authentication information storage, the processor being configured to read information from the temporary authentication information storage.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The network node according to claim 1, whereinthe temporary authentication information storage is writable by the initialization communication device.
  - 3. The network node according to claim 1, whereinthe initialization device is configured to be destroyed by the processor.
  - 4. The network node according to claim 1, further comprisinga revocation list storage.
  - 5. The network node according to claim 1, whereinthe initialization device is configured to receive power from an external source.
  - 6. The network node according to claim 1, whereinthe network node is configured as an access point for a WLAN.
  - 7. The network node according to claim 1, wherein the network node is configured as the access point for the WLAN that is disposed in second region outside of the first region.

8. A method for authenticating a network node of a computer network, the method comprising:
- providing a root certificate authority disposed in a first region with limited physical access disposed within a cockpit of an aircraft, and arranged separate from the computer network and without being linked to the computer network, wherein the functions of the root certificate authority are directly accessible to only persons with access authorization for the first region with limited physical access disposed within the cockpit of the aircraft, the root certificate authority comprising a signing device configured to generate authentication information for the public key infrastructure and a wireless short-distance data transmission device with a communication range that does not extend beyond the first region, the authentication information including key information assigned to the network node and signature information, and the network node comprising an authentication information storage, a processor, a network communication device and an initialization device including an initialization communication device and a temporary authentication information storage, the processor of the network node being configured to read information from the temporary authentication information storage;
  
  operating the signing device to generate the signature information from the key information and the root key information assigned to the root certification authority;
  
  operating the wireless short-distance data transmission device to wirelessly transmit the authentication information formed from the key information and the signature information to the initialization communication device of the network node while the network node is in the first region within the communication range that does not extend beyond the cockpit;
  
  storing the authentication information in the temporary authentication information storage;
  
  connecting the network node to the computer network; and
  
  transferring the authentication information from the temporary authentication information storage into the authentication information storage.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The method according to claim 8, further comprisingdestroying the initialization device.
  - 10. The method according to claim 9, further comprisingtransmitting a revocation information list to the initialization device;
    - storing the revocation information list in the temporary authentication information storage;
      
      transferring the revocation information list into the authentication information storage; and
      
      transmitting the revocation information list to other network nodes via the computer network.
  - 11. The method according to claim 9, further comprisingverifying the authenticity of authentication information sent from another network node based on the authentication information stored in the authentication information storage;
    - anddenying a communication process with the another network node when the verifying is unable to verify the authenticity of the authentication information sent from the another network node.
  - 12. The method according to claim 11, further comprisingtransmitting a revocation information list to the initialization device;
    - storing the revocation information list in the temporary authentication information storage;
      
      transferring the revocation information list into the authentication information storage; and
      
      transmitting the revocation information list to other network nodes via the computer network.
  - 13. The method according to claim 8, further comprisingverifying the authenticity of authentication information sent from another network node based on the authentication information stored in the authentication information storage;
    - anddenying a communication process with the another network node when the verifying is unable to verify the authenticity of the authentication information sent from the another network node.
  - 14. The method according to claim 8, further comprisingtransmitting a revocation information list to the initialization device;
    - storing the revocation information list in the temporary authentication information storage;
      
      transferring the revocation information list into the authentication information storage; and
      
      transmitting the revocation information list to other network nodes via the computer network.
  - 15. The method according to claim 14, further comprisingcomparing the authentication information with the revocation information list and denying a communication process with another network node upon determining that the authentication information sent from the another network node is contained in the revocation information list.
  - 16. The method according to claim 8, whereinthe computer network is disposed in a second region outside of the first region;
    - andthe connecting connects the network node to the computer network when the network node is in the second region.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
EADS Deutschland GmbH (Airbus SE)
Original Assignee
EADS Deutschland GmbH (Airbus SE)
Inventors
Hanka, Oliver
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
Giddins, Nelson

Application Number

US14/307,654
Publication Number

US 20140380042A1
Time in Patent Office

1,126 Days
Field of Search
US Class Current
CPC Class Codes

H04B 7/18506   Communications with or from...

H04L 2209/84   Vehicles

H04L 63/0823   using certificates cryptogr...

H04L 63/107   wherein the security polici...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

H04L 9/3268   using certificate validatio...

Computer network, network node and method for providing certification information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Computer network, network node and method for providing certification information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links