IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
UP-0426162
(2003-04-28)
|
등록번호 |
US-7522731
(2009-07-01)
|
발명자
/ 주소 |
- Klemba, Keith Stuart
- Nassi, Isaac Robert
- Cornejo, David Neil
- Rosenthal, Lawrence Alan
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
27 인용 특허 :
19 |
초록
▼
System, apparatus, and methods are disclosed wherewith a group of independent wireless routing devices known as Service Points work cooperatively to form an ad hoc mesh communication network. The resulting Service Point Network is used to provide reliable address-directed communication services betw
System, apparatus, and methods are disclosed wherewith a group of independent wireless routing devices known as Service Points work cooperatively to form an ad hoc mesh communication network. The resulting Service Point Network is used to provide reliable address-directed communication services between devices attached by conventional means (wired or wireless) to respective Service Ports on any of the Service Points. Attached Utilizing Devices are not considered a part of the Service Point Network and need not contain any custom software or hardware related to the operations of the Service Point Network. To protect the security of network communications and the integrity of the network, the Service Points are assigned internal IP addresses and unique identifiers that need not be disclosed to the Utilizing Devices. The unique identifiers in turn are used to derive public and private encryption key pairs for each Service Point.
대표청구항
▼
What is claimed is: 1. A method of communication via a secure wireless communication network, the method comprising: joining a plurality of Service Points (SPs) to form a Service Point Network (SPN); connecting each of a plurality of Utilizing Devices (UDs) to a corresponding Service Port of one or
What is claimed is: 1. A method of communication via a secure wireless communication network, the method comprising: joining a plurality of Service Points (SPs) to form a Service Point Network (SPN); connecting each of a plurality of Utilizing Devices (UDs) to a corresponding Service Port of one or more of the SPs, the UDs being distinct from the SPs and not part of the SPN; associating a unique Service Port identifier with each Service Port of each SP and thereby with each UD; preparing a communication selectively destined for one or more Destination UDs of the plurality of UDs, the communication originating from an Originator UD of the plurality of UDs, the SP corresponding to the Originator UD being an Entry SP of the communication, and the SPs corresponding to the Destination UDs being Terminal SPs of the communication; and for each Destination UD, encrypting the communication in the Entry SP to facilitate decryption in the corresponding Terminal SP and in a manner based at least in part on the unique Service Port identifier associated with the Destination UD, the encrypting otherwise securing the communication from general access including securing against decryption by other than the SP corresponding to the Destination UD. 2. The method of claim 1, wherein the SPN is an ad hoc network. 3. The method of claim 1, wherein the SPN is a mesh network. 4. The method of claim 1, further including: generating one or more associated encryption keys based on each Service Port identifier. 5. The method of claim 4, further including: as part of the key generating, creating a public key and a private key associated with each Service Port of each SP; in the Entry SP, using the public key of the Service Port corresponding to each Destination UD to carry out the encrypting; and in each Terminal SP, using the private key of the Service Port corresponding to each Destination UD to decrypt the encrypted communication. 6. The method of claim 5, further including: establishing at least one management key-pair associated with a recipient SP of the SPs, each management key-pair comprising a management private key and a corresponding management public key; using the management public key, encrypting one or more management directives sent to the recipient SP related to at least one of SPN formation and SP configuration, each of the management directives incorporating an embedded second key for purposes of authentication; decrypting each management directive using the management private key of the recipient SP; the recipient SP using the embedded second key to encrypt a reply to each management directive; and authenticating the recipient SP based on the encrypted reply to each management directive. 7. The method of claim 6, wherein each management directives includes one or more of the following message types: {hello, welcome, join, accept, leave, goodbye}. 8. The method of claim 6, wherein the embedded second key is a nonce value. 9. The method of claim 6, wherein the recipient SP has multiple management key-pairs corresponding to respective different classes of the management directives. 10. The method of claim 1, further including: as each of the SPs joins the SPN, dynamically assigning an SPN-unique SP-identifier to the SP; and routing the encrypted communication through the SPN to the Destination UDs in a manner based upon the SP-identifiers of the Terminal SPs and not revealed to the UDs. 11. The method of claim 10, wherein each SP-identifier is an IP address for internal use within the SPN. 12. A method of communication via a secure wireless communication network, the method comprising: joining a plurality of Service Points (SPs) to form a Service Point Network (SPN); assigning an SPN-unique SP-identifier to each SP joined to the SPN; connecting each of a plurality of Utilizing Devices (UDs) to a corresponding Service Port of one or more of the SPs, the UDs being distinct from the SPs and not part of the SPN; and in the SP corresponding to a first UD of the plurality of UDs, encrypting a communication originating from the first UD and destined for a second UD of the plurality of UDs, the encrypting being performed to facilitate decryption in the SP corresponding to the second UD and in a manner based at least in part on a unique Service Port identifier associated with the Service Port corresponding to the second UD, the encrypting otherwise securing the communication from general access including securing against decryption by other than the SP corresponding to the second UD. 13. A method for providing access to resources via a secure wireless communication network, comprising: providing a Service Point Network (SPN) comprising a plurality of Service Points; connecting each of a plurality of Utilizing Devices to a corresponding one or more of the Service Points, the Utilizing Devices being distinct from the Service Points and not part of the SPN; providing first and second of the Utilizing Devices with access to each other conveyed via dedicated secure communication through the SPN between an Entry Service Point connected to the first Utilizing Device and a Terminal Service Point connected to the second Utilizing Device; and encrypting said secure communication at the Entry Service Point, in such a manner that the communication can only be decrypted by the Terminal Service Point. 14. The method of claim 13, wherein each of the Service Points has one or more associated Service Port identifiers, and said encryption is based at least partly on one of the Service Port identifiers of the Terminal Service Point. 15. A method of communication via a secure wireless communication network, the method comprising: joining a plurality of Service Points (SPs) to form a Service Point Network (SPN); connecting each of a plurality of Utilizing Devices (UDs) to a corresponding Service Port of one or more of the SPs, the UDs being distinct from the SPs and not part of the SPN; associating a unique Service Port identifier with each Service Port of each SP and thereby with each UD; preparing a communication selectively destined for one or more Destination UDs of the plurality of UDs, the communication originating from an Originator UD of the plurality of UDs, the SP corresponding to the Originator UD being an Entry SP of the communication, and the SPs corresponding to the Destination UDs being Terminal SPs of the communication; for each Destination UD, encrypting the communication in the Entry SP to facilitate decrypting the communication in the corresponding Terminal SP and in a manner based at least in part on the unique Service Port identifier associated with the Destination UD, the encrypting otherwise securing the communication from general access including securing against decrypting by other than the SP corresponding to the Destination UD; generating one or more associated encryption keys based on each Service Port identifier; as part of the key generating, creating a public key and a private key associated with each Service Port of each SP; in the Entry SP, using the public key of the Service Port corresponding to each Destination UD to carry out the encrypting; and in each Terminal SP, using the private key of the Service Port corresponding to each Destination UD to carry out the decrypting; and wherein the UDs are client devices that do not actively participate in the encrypting and the decrypting, the communication is one or more instances of client data communications, the encrypting and the decrypting are asymmetric, the client data communications are unrelated to and not used for key distribution related to the encrypting and the decrypting, and only the SPs corresponding to the Destination UDs are capable of performing the decrypting. 16. The method of claim 15, further including: as each of the SPs joins the SPN, dynamically assigning an SPN-unique SP-identifier to the SP; routing the encrypted communication through the SPN to the Destination UDs in a manner based upon the SP-identifiers of the Terminal SPs and not revealed to the UDs; and wherein each SP-identifier is an IP address for internal use within the SPN. 17. The method of claim 15, further including: establishing at least one management key-pair associated with a recipient SP of the SPs, each management key-pair comprising a management private key and a corresponding management public key; using the management public key, encrypting one or more management directives sent to the recipient SP related to at least one of SPN formation and SP configuration, each of the management directives incorporating an embedded second key for purposes of authentication; decrypting each management directive using the management private key of the recipient SP; the recipient SP using the embedded second key to encrypt a reply to each management directive; and authenticating the recipient SP based on the encrypted reply to each management directive. 18. The method of claim 17, wherein each management directive includes one or more of the following message types: {hello, welcome, join, accept, leave, goodbye}. 19. The method of claim 17, wherein the embedded second key is a nonce value. 20. The method of claim 17, wherein the recipient SP has multiple management key-pairs corresponding to respective different classes of the management directives.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.