IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0793460
(2010-06-03)
|
등록번호 |
US-8712056
(2014-04-29)
|
발명자
/ 주소 |
|
출원인 / 주소 |
- AT&T Intellectual Property I, L.P.
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
22 인용 특허 :
37 |
초록
▼
Security in a mobile ad hoc network is maintained by using various forms of encryption, various encryption schemes, and various multi-phase keying techniques. In one configuration, an over the air, three-phase, re-keying technique is utilized to ensure that no authorized nodes are lost during re-key
Security in a mobile ad hoc network is maintained by using various forms of encryption, various encryption schemes, and various multi-phase keying techniques. In one configuration, an over the air, three-phase, re-keying technique is utilized to ensure that no authorized nodes are lost during re-keying and that nodes that are intended to be excluded from re-keying are excluded. In another configuration, an over the air, two-phase keying technique, is utilized to maintain backwards secrecy.
대표청구항
▼
1. A method comprising: from a first node in a mobile ad hoc network comprising a first plurality of nodes, providing a first message comprising an encrypted shared key to each node of a second plurality of nodes, wherein: the second plurality of nodes is selected from the first plurality of nodes;e
1. A method comprising: from a first node in a mobile ad hoc network comprising a first plurality of nodes, providing a first message comprising an encrypted shared key to each node of a second plurality of nodes, wherein: the second plurality of nodes is selected from the first plurality of nodes;each node of the second plurality of nodes has associated therewith a respective key encryption key (KEK); andeach KEK is known only to the first node and a node to which the KEK is associated; andthe encrypted shared key is encrypted with a KEK associated with a respective node of the second plurality of nodes to generate a respective plurality of encrypted shared keys;to each node of the second plurality of nodes from which acknowledgment of receipt of a respective first message is received, providing a second message comprising an indication to use the received shared key for communications within the mobile ad hoc network, wherein decryption of a message using a previous shared key is allowed; andto each node of the second plurality of nodes from which acknowledgment of receipt of a respective second message is received, providing a third message comprising an indication to not use a respective previous shared key for communications within the mobile ad hoc network. 2. The method of claim 1, further comprising, prior to providing a second message to an intended recipient node, encrypting the second message using a KEK associated with the intended recipient node. 3. The method of claim 1, wherein further comprising, prior to providing a third message to an intended recipient node, encrypting the third message using a KEK associated with the intended recipient node. 4. The method of claim 1, wherein an acknowledgment of receipt of a first message from an acknowledging node is encrypted using a KEK associated with the acknowledging node. 5. The method of claim 1, wherein an acknowledgment of receipt of a second message from an acknowledging node is encrypted using a KEK associated with the acknowledging node. 6. The method of claim 1, wherein the method is repeated periodically. 7. The method of claim 1, wherein the method is performed when triggered by an event. 8. The method of claim 1, wherein the trigger comprises an indication that a node of the plurality of nodes has been compromised. 9. The method of claim 1, wherein: each first message provided to each node of the second plurality of nodes is a geocast message comprising an indication of a respective location of a geographic region of intended reception of each first message;each second message provided to each node of the second plurality of nodes is a geocast message comprising an indication of a respective location of a geographic region of intended reception of each first message; andeach third message provided to each node of the second plurality of nodes is a geocast message comprising an indication of a respective location of a geographic region of intended reception of each first message. 10. A device comprising: a processor; andmemory coupled to the processor, the memory comprising executable instructions that when executed by the processor cause the processor to effectuate operations comprising: generating a different key encryption key (KEK) for each of a plurality of nodes in a mobile ad hoc network, wherein each node of the plurality of nodes has associated therewith a current node-specific KEK;encrypting each generated KEK, using a different current node-specific KEK;providing a respective first message to each node of the plurality of nodes, wherein a respective first message comprises an encrypted KEK associated with a node to which a respective first message is being provided; andto each node of the plurality of nodes from which acknowledgment of receipt of a respective first message is received, providing a second message comprising an indication to use the received KEK for communications within the mobile ad hoc network and to stop using a respective current node-specific KEK for communications within the mobile ad hoc network, wherein upon acknowledging receipt of a respective second message, a respective current node-specific KEK is deleted and replaced with the received KEK. 11. The device of claim 10, wherein the operations are repeated periodically. 12. The device of claim 10, wherein the operations are performed when triggered by an event. 13. The device of claim 12, wherein the trigger comprises an indication that a node of the plurality of nodes has been compromised. 14. A communications device comprising: a processor; andmemory coupled to the processor, the memory comprising executable instructions that when executed by the processor effectuate operations comprising: providing a first message comprising an encrypted shared key to each node of a plurality of nodes in a mobile ad hoc network, wherein: each node of the plurality of nodes has associated therewith a respective key encryption key (KEK); andeach KEK is known only to the communications device and a node to which the KEK is associated; andeach encrypted shared key is encrypted with a KEK associated with a respective node;receiving acknowledgment of receipt of a respective first message from a node of the plurality of nodes;to each node of the plurality of nodes from which acknowledgment of receipt of a respective first message is received, providing a second message comprising an indication to use the received shared key for communications within the mobile ad hoc network, wherein decryption of a message using a previous shared key is allowed; andto each node of the plurality of nodes from which acknowledgment of receipt of a respective second message is received, providing a third message comprising an indication to not use a respective previous shared key for communications within the mobile ad hoc network. 15. The communications device of claim 14, the operations further comprising, prior to a second message being provided to an intended recipient node, encrypting the second message using a KEK associated with the intended recipient node. 16. The communications device of claim 14, the operations further comprising, prior to a third message being provided to an intended recipient node, encrypting the third message using a KEK associated with the intended recipient node. 17. The communications device of claim 14, wherein an acknowledgment of receipt of a first message from an acknowledging node is encrypted using a KEK associated with the acknowledging node, the operations further comprising decrypting the acknowledgment of receipt. 18. The communications device of claim 14, wherein an acknowledgment of receipt of a second message from an acknowledging node is encrypted using a KEK associated with the acknowledging node, the operations further comprising decrypting the acknowledgment of receipt. 19. The communications device of claim 14, wherein: each first message provided to each node of the plurality of nodes is a geocast message comprising an indication of a respective location of a geographic region of intended reception of each first message; andeach second message provided to each node of the plurality of nodes is a geocast message comprising an indication of a respective location of a geographic region of intended reception of each first message.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.