80 results about "Key establishment" patented technology

Two approaches are provided for distributing trust among a set of certificate authorities. Each approach may be used to secure data in motion. One approach provides methods and systems in which the secure data parser is used to distribute trust in a set of certificate authorities during initial negotiation (e.g., the key establishment phase) of a connection between two devices. Another approach provides methods and systems in which the secure data parser is used to disperse packets of data into shares. A set of tunnels is established within a communication channel using a set of certificate authorities, keys developed during the establishment of the tunnels are used to encrypt shares of data for each of the tunnels, and the shares of data are transmitted through each of the tunnels. Accordingly, trust is distributed among a set of certificate authorities in the structure of the communication channel itself.

The present invention provides methods and devices for a security architecture for use in wireless multi-hop networks. A method for implementing pair-wise encryption key establishment, network node authentication and determining tunnel encryption keys is provided in a following manner. In a multi-hop wireless network including a plurality of network nodes, pair-wise security is established between pairs of neighboring network nodes of the plurality of network nodes. For example, pair-wise security is established in the form of temporal pair-wise encryption keys. Following establishment of pair-wise security between pairs of neighboring network nodes, for a pair of network nodes that are not neighbors, tunnel security is established between the pair of network nodes using tunnel encryption keys derived by the pair of network nodes on an ad hoc basis. The tunnel encryption keys are used to form the connection between non-neighboring network nodes so as to avoid the hop-by-hop encryption / decryption used in conventional multi-hop wireless systems.

A split knowledge protocol adapted to establish an initial key for use in authenticating a first computer to a second computer. The second computer initiates the split knowledge protocol by generating a bit sequence and splitting the sequence into a predetermined number of segments. The second computer then encrypts each segment with a predetermined key associated with each segment before transmitting each encrypted segment to the first computer. In response, the first computer decrypts each encrypted segment using the associated key. The first computer then recovers the bit sequence from the decrypted segments. Accordingly, the first and second computers have knowledge of (i.e., access to) the same bit sequence, which may thus be used as the initial key.

The invention relates to a method for key management and node authentication of a sensor network. The method comprises the following steps: 1) key pre-distribution, wherein a deployment server is used for establishing communication keys for the secure connection between nodes and distributing the communication keys to all the nodes before network deployment; 2) key establishment, wherein key pairs for the secure connection are established between nodes after the network deployment; and the step of key establishment further comprises the following steps: 2.1) the establishment of shared keys, wherein key pairs are established between adjacent nodes having the shared keys; and 2.2) the establishment of path keys, wherein key pairs are established between nodes having no shared keys but multi-hop secure connection; and 3) the authentication of node identities, wherein the identity authentication is carried out before the formal communication between nodes, so as to confirm the validity and effectiveness of the identity of the other party. The invention is capable of effectively resisting the attack on network communication, such as eavesdropping, tampering and resetting, achieving the secure communication between nodes, effectively saving the node resources of the sensor network and prolonging the service life of the sensor network.

A method and system for pre-authenticating a pre-establishing key management on a roaming device prior to reassociation to facilitate fast hand-off in a wireless network is described. For enhanced mobility, both authentication and key establishment is performed prior to reassociation of the roaming device between access points. When the roaming device enters in contact with one of the access points, a local authentication is performed between the access point and the roaming device prior to reassociation with the access point to allow for fast hand-offs of the device between access points within the network.

A key management and node authentication method for a sensor network is disclosed. The method comprises the following steps of: 1) keys pre-distribution: before deploying the network, communication keys for establishing security connection between nodes are pre-distributed to all of nodes by a deployment server. 2) Keys establishment: after deploying the network, a pair key for the security connection is established between nodes, which includes the following steps of: 2.1) establishment of shared keys: the pair key is established between neighbor nodes in which the shared keys are existed; 2.2) path keys establishment: the pair key is established between the nodes in which there is no shared keys but there is a multi-hop security connection. 3) Node identity (ID) authentication: before formally communicating between nodes, the identity is authenticated so as to determine the legality and the validity of the identity of the other. It is possible for effectively resisting attacks such as wiretapping, tampering, and replaying and the like for the network communication, realizing the secret communication between the nodes, effectively saving resources of the nodes of the sensor network, and prolonging the service lift of the sensor network in the method.