Autonomous and seamless key distribution mechanism
First Claim
1. A method of accessing protected data in a satellite system comprising first and second devices, wherein the first device is a satellite and the second device is a device arranged to receive signals from the satellite the method comprising:
- receiving a protected session key from the first device, at the second device, by receiving a data stream from the satellite at the second device, the data stream including a plurality of predefined parts, extracting a predetermined number of bytes of the protected session key from each one of the plurality of predefined parts, and combining the extracted bytes of the protected session key to obtain the protected session key;
obtaining the session key from the received protected session key at the second device, based on a public key of the first device and a private key of the second device; and
accessing protected data received from the first device at the second device, based on the obtained session key,wherein the obtained session key is a next session key for use in the next session following a current session, the method further comprising;
receiving a protected current session key for use in the current session, and validity information defining a time period in which the current session key is valid and a time period in which the next session key is valid, through the data stream;
obtaining the current session key from the protected current session key at the second device, based on a public key of the satellite and a private key of the second device;
obtaining information about a time at which the protected data was transmitted through the data stream; and
accessing the protected data based on the current session key if the obtained information indicates that the protected data was transmitted during the time period in which the current session key is valid, or accessing the protected data based on the next session key if the obtained information indicates that the protected data was transmitted during the time period in which the next session key is valid.
1 Assignment
0 Petitions
Accused Products
Abstract
A satellite system comprises first and second devices, one of the first and second devices being a satellite and the other one of the first and second devices being a device arranged to send signals to the satellite. A session key can be distributed in the satellite system by obtaining the session key at the first device, protecting the session key at the first device, based on a private key of the first device and a public key of the second device, and transmitting the protected session key from the first device to the second device. Replay detection information can be transmitted with the protected session key, for determining whether the session key has been transmitted previously.
-
Citations
3 Claims
-
1. A method of accessing protected data in a satellite system comprising first and second devices, wherein the first device is a satellite and the second device is a device arranged to receive signals from the satellite the method comprising:
-
receiving a protected session key from the first device, at the second device, by receiving a data stream from the satellite at the second device, the data stream including a plurality of predefined parts, extracting a predetermined number of bytes of the protected session key from each one of the plurality of predefined parts, and combining the extracted bytes of the protected session key to obtain the protected session key; obtaining the session key from the received protected session key at the second device, based on a public key of the first device and a private key of the second device; and accessing protected data received from the first device at the second device, based on the obtained session key, wherein the obtained session key is a next session key for use in the next session following a current session, the method further comprising; receiving a protected current session key for use in the current session, and validity information defining a time period in which the current session key is valid and a time period in which the next session key is valid, through the data stream; obtaining the current session key from the protected current session key at the second device, based on a public key of the satellite and a private key of the second device; obtaining information about a time at which the protected data was transmitted through the data stream; and accessing the protected data based on the current session key if the obtained information indicates that the protected data was transmitted during the time period in which the current session key is valid, or accessing the protected data based on the next session key if the obtained information indicates that the protected data was transmitted during the time period in which the next session key is valid. - View Dependent Claims (2)
-
-
3. A satellite arranged to access protected data received from a second device, the second device comprising a device arranged to receive signals from the satellite, the satellite comprising:
-
an antenna arranged to receive a protected session key from the second device by receiving a data stream from the second device, the data stream including a plurality of predefined parts; a first computer readable storage medium arranged to store a computer program which, when executed, causes the satellite to; extract a predetermined number of bytes of the protected session key from each one of the plurality of predefined parts; combine the extracted bytes of the protected session key to obtain the protected session key; obtain the session key from the protected session key, based on a private key of the satellite and a public key of the second device from which the protected session key was received; and access protected data received from the second device, based on the obtained session key, wherein the obtained session key is a next session key for use in the next session following a current session, the satellite is further arranged to receive a protected current session key for use in the current session and validity information defining a time period in which the current session key is valid and a time period in which the next session key is valid, through the data stream, from execution of said stored computer program; wherein the satellite is further arranged to obtain the current session key from the protected current session key at the second device, based on a public key of the satellite and a private key of the second device, from execution of said stored computer program; and wherein the satellite is further arranged to obtain information about a time at which the protected data was transmitted through the data stream, and access the protected data based on the current session key if the obtained information indicates that the protected data was transmitted during the time period in which the current session key is valid, or access the protected data based on the next session key if the obtained information indicates that the protected data was transmitted during the time period in which the next session key is valid.
-
Specification