Hierarchical deterministic pairwise key predistribution scheme
First Claim
1. A security system for a hierarchical network including at least two hierarchical levels each corresponding to a security domain, comprising:
- a plurality of local network nodes;
a keying material generator which generates correlated sets of keying material for each network node, which each keying material set includes keying material sub-sets, each sub-set corresponding to an associated security domain including a hospital level security domain associated with a hospital and a department level security domain associated with each of a plurality of departments within the hospital; and
a set up server which distributes the generated keying material sets to each network node to enable the network nodes within each department to communicate with one another at the associated department security domain using a first corresponding sub-set of keying material and to communicate with network nodes in another department at the hospital level security domain using a second corresponding sub-set of the keying material.
1 Assignment
0 Petitions
Accused Products
Abstract
A security system for a hierarchical network (10) includes L hierarchical levels each corresponding to a security domain level (16), and a plurality of local network nodes (A, B, . . . , Z). A keying material generator (24) generates a set (30) of correlated keying material for each network node. Each set (30) of keying material is composed of L sub-sets (32) of keying material one for each security domain level (16). A set up server (34) distributes the generated sets (30) of keying material to each network node (A, B, . . . , Z) to enable the network nodes (A, B, . . . , Z) to communicate with one another at a security domain of a hierarchical level k by a use of a corresponding sub-set (32) of the security keying material.
10 Citations
22 Claims
-
1. A security system for a hierarchical network including at least two hierarchical levels each corresponding to a security domain, comprising:
-
a plurality of local network nodes; a keying material generator which generates correlated sets of keying material for each network node, which each keying material set includes keying material sub-sets, each sub-set corresponding to an associated security domain including a hospital level security domain associated with a hospital and a department level security domain associated with each of a plurality of departments within the hospital; and a set up server which distributes the generated keying material sets to each network node to enable the network nodes within each department to communicate with one another at the associated department security domain using a first corresponding sub-set of keying material and to communicate with network nodes in another department at the hospital level security domain using a second corresponding sub-set of the keying material. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A security system for a hierarchical network including L hierarchical levels each corresponding to a security domain comprising:
-
a plurality of local network nodes which communicate with one another via at least a normal communication mode and an unusual communication mode; a keying material generator which generates correlated sets of keying material for each network node, which each keying material set includes L keying material sub-sets, each sub-set corresponding to an associated security domain; a set up server which distributes the generated keying material sets to each network node to enable the network nodes to communicate with one another at a security domain of a hierarchical level k by using a corresponding sub-set of keying material; and a security administrator from which the network nodes are programmed to request a permission to communicate in the unusual communication mode. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method of hierarchical security management comprising:
-
generating correlated sets of keying material for each network node which each set includes a plurality of keying material sub-sets each sub-set corresponding to a security domain associated with one of a plurality of hierarchical levels; distributing the generated keying material sets to the network nodes; and establishing normal communications between the network nodes at a first common security domain which coincides with a first hierarchical level by a corresponding first sub-set of the keying material; and establishing unusual communications at a second common security domain which is different form the first hierarchical level with a corresponding second sub-set of the keying material wherein prior to establishing unusual communications, a permission is requested. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A network device including:
-
a physiological condition monitor which includes a memory configured to store a predistributed set of keying material, the set including a plurality of sub-sets of keying material arranged hierarchically in a plurality of hierarchical layers including at least; a lowest level keying material sub-set associated with a lowest level security domain used by the network devices to communicate securely with other network devices in one group of a family of groups of network devices in a medical facility, and a higher level keying material sub-set associated with a higher level security domain used by the network device to communicate securely with network devices in other of the groups of the family of groups, a top level keying material sub-set associated with a top security domain used by the network devices to communicate securely with other medical devices not in the family of groups; wherein the network device is programmed to authenticate and communicate with other network devices in the one group with the lowest level security domain with the lowest level keying material sub-set associated with the lowest level security domain; wherein the network device is programmed to authenticate and communicate with other network devices in other groups in the one family of groups with the higher level security domain with the higher level keying material sub-set associated with the higher level security domain; and wherein the network device is programmed to authenticate and communicate with other network devices in other families of groups with the top level security domain with the top level keying material sub-set associated with the top level security domain.
-
-
18. A network including:
-
a predistributed set of keying material each including at least; a lowest level keying material sub-set associated with a lowest level security domain, and a higher level keying material sub-set associated with a higher level security domain, the network device is programmed to authenticate other network devices at the lowest level common security domain and communicate with one another with the sub-set associated with the lowest level common security domain; and wherein the network device is programmed to request permission to communicate at a security domain level which does not correspond to the lowest level of hierarchy of the hierarchical structure. - View Dependent Claims (19, 20)
-
-
21. A network comprising:
-
first, second, third, and fourth groups of network devices, each network device having; a memory which stores a set of keying material including a first sub-set of the keying material associated with a first security domain, a second sub-set of the keying material associated with a second security domain, and third sub-set of the keying material associated with a third security domain, a communication system by which the network devices authenticate and communicate with each other, wherein the first sub-set of the keying material is the same within each of the groups and different from group to group such that the network devices in each group authenticate and communicate with each other in their associated first security domain and cannot authenticate or communicate with network devices in a different group on their first security domains, wherein the second sub-set of the keying material is the same in the first and second groups such that the network devices in the first and second groups authenticate and communicate with each other in their associated second security domain, wherein the second sub-set of the keying material in the third and fourth groups is the same and is different form the second sub-set of the keying material in the first and second groups such that the network devices in the third and fourth groups authenticate and communicate with each other in their second security domain but not with the network devices in the first and second groups, and wherein the third sub-set of the keying material is the same in the first, second, third, and fourth groups such that the network devices in the first, second, third, and fourth groups authenticate and communicate with each other in the third security domain. - View Dependent Claims (22)
-
Specification