Establishing a unique end-to-end management key
First Claim
Patent Images
1. A method for authorizing end-to-end communication, the method comprising:
- receiving, by a second station from a first station, a connection request message, the connection request message including a first pseudo-random number and a first identifier associated with the first station;
transmitting, by the second station, a key request message to an authorization server for an end-to-end management key, the key request message including the first identifier, the first pseudo-random number, a second identifier associated with the second station and a second pseudo-random number associated with the second station;
receiving, by the second station from the authorization server, a first response message that includes the end-to-end management key and a first nonce that is based, at least in part, on the second pseudo-random number; and
authenticating, by the second station, the end-to-end management key based, at least in part, on determining that the first nonce corresponds to the second pseudo-random number.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for communicating and authenticating end-to-end management keys to stations to facilitate communications between stations in the network. A nonce based upon a pseudo-random number generated by the station(s) can be included with the end-to-end management key (EMK). The station(s) can compare the nonce to the generated pseudo-random number to authenticate the EMK.
214 Citations
22 Claims
-
1. A method for authorizing end-to-end communication, the method comprising:
-
receiving, by a second station from a first station, a connection request message, the connection request message including a first pseudo-random number and a first identifier associated with the first station; transmitting, by the second station, a key request message to an authorization server for an end-to-end management key, the key request message including the first identifier, the first pseudo-random number, a second identifier associated with the second station and a second pseudo-random number associated with the second station; receiving, by the second station from the authorization server, a first response message that includes the end-to-end management key and a first nonce that is based, at least in part, on the second pseudo-random number; and authenticating, by the second station, the end-to-end management key based, at least in part, on determining that the first nonce corresponds to the second pseudo-random number. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method implemented by an authorization server comprising:
-
receiving a request for an end-to-end management key to facilitate communication between a first station and a second station, the request including a first identifier associated with the first station, a first pseudo-random number generated by the first station, a second identifier associated with the second station, and a second pseudo-random number generated by the second station; and in response to receiving the request for the end-to-end management key, transmitting a first response message to the first station and a second response message to the second station, wherein the first response message is encrypted utilizing a first-station key, the first response message comprising the end-to-end management key and a first nonce that is based, at least in part, on the first pseudo-random number, and wherein the second response message is encrypted utilizing a second-station key associated with the second station, the second response message comprising the end-to-end management key and a second nonce that is based, at least in part, on the second pseudo-random number. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
a first station configured to transmit a connection request message to a second station, the connection request message including a first identifier associated with the first station and a first pseudo-random number generated by the first station; the second station configured to transmit a request message to an authorization server for an end-to-end management key, the request message including the first identifier, the first pseudo-random number, a second identifier associated with the second station, and a second pseudo-random number generated by the second station; and the authorization server configured to receive the request message and provide a first response message to the first station and a second response message to the second station, the first response message including the end-to-end management key and a first nonce that is based, at least in part, on the first pseudo-random number, the first response message encrypted using a first-station key associated with the first station, the second response message including the end-to-end management key and a second nonce that is based, at least in part, on the second pseudo-random number, the second response message encrypted using a second-station key associated with the second station; wherein the first station authenticates the end-to-end management key included in the first response message based, at least in part, on determining that the first nonce corresponds to the first pseudo-random number; and wherein the second station authenticates the end-to-end management key included in the second response message based, at least in part, on determining that the second nonce corresponds to the second pseudo-random number. - View Dependent Claims (14, 15, 16, 17)
-
-
18. An authorization server comprising:
-
a processor, and a non-transitory computer-readable medium having stored thereon instructions, that when executed by the processor, cause the authorization server to; receive a request for an end-to-end management key, the request including a first station identifier associated with a first station, a first pseudo-random number generated by the first station, a second station identifier associate with a second station, and a second pseudo-random number generated by the second station, in response to the request, generate a first nonce based, at least in part, on the first pseudo-random number by adjusting the first pseudo-random number according to a first function, and generate a second nonce based on the second pseudo-random number by adjusting the second pseudo-random number according to a second function, and send a first encrypted response message to the first station and a second encrypted response message to the second station, the first encrypted response message being encrypted using a first-station key and including the first nonce and the end-to-end management key, and the second encrypted response message being encrypted using a second-station key and including the second nonce and the end-to-end management key. - View Dependent Claims (19, 20, 21, 22)
-
Specification