US2010071049A1PendingUtilityA1

A method for identifying a task authorization

50
Assignee: BAHR MICHAELPriority: Apr 11, 2006Filed: Mar 19, 2007Published: Mar 18, 2010
Est. expiryApr 11, 2026(expired)· nominal 20-yr term from priority
H04L 63/10G06F 21/6209H04W 12/08G06F 21/606H04L 63/0823H04W 84/20
50
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

In an ad hoc mesh network, roles are assignment to the different network nodes, for example mesh point or mesh portal. The invention envisages that a network node identifies the certification and thus the permitted roles of another network node before it sends a message to said other network node. This ensures that the roles maintain their integrity and the security in the network is enhanced.

Claims

exact text as granted — not AI-modified
1 .- 15 . (canceled) 
   
   
       16 . A method for identifying a task authorization for a task for a first network node, comprising:
 determining a security requirement assigned to the task;   checking whether the first network node fulfills the security requirement; and   if the security requirement is not fulfilled, refusing the task authorization for the first network node.   
   
   
       17 . The method as claimed in  claim 16 , wherein the task comprises the receipt of message to be sent by a network node to the first network node. 
   
   
       18 . The method as claimed in  claim 16 , wherein the refusal includes a suppression of sending the message from the network node to the first network node. 
   
   
       19 . The method as claimed in  claim 18 , wherein the determination of the security requirement undertaken is based on the type of message. 
   
   
       20 . The method as claimed in  claim 18 , wherein the determination of the security requirement undertaken is based on at least one of the following types:
 a message intended for the first network node,   a message intended to be routed by the first network node,   a Route-Request or Route-Reply message, or   a message from a non-mesh-enabled further network node for routing into a mesh network.   
   
   
       21 . The method as claimed in  claim 16 , wherein the task comprises the routing of a message of a network node by the first network node. 
   
   
       22 . The method as claimed in  claim 21 , wherein the refusal comprises not entering and/or removing an entry of the network node from a routing table of the network node. 
   
   
       23 . The method as claimed in  claim 21 , wherein the check is conducted by the network node. 
   
   
       24 . The method as claimed in  claim 23 , wherein a certificate of the first network node is used for checking a security request. 
   
   
       25 . The method as claimed in  claim 23 , wherein a certificate of the first network node in accordance with X.509v3 is used to check a security request. 
   
   
       26 . The method as claimed in  claim 24 , wherein the certificate has attributes on the basis of which the check is conducted. 
   
   
       27 . The method as claimed in  claim 26 , wherein a network node class is used as the task authorization. 
   
   
       28 . The method as claimed in  claim 27 , wherein the network node class is selected from the group consisting of: mesh point, mesh access point, lightweight mesh point, station, and mesh portal. 
   
   
       29 . A network node, comprising:
 a processing unit constructed and arranged such that,
 to determine a task authorization for a task for a first network node, the node determines a security requirement assigned to the task, 
 to check whether the first network node meets the security requirement, and 
 to refuse the task authorization for the first network node if the first network node does not meet the security requirement. 
   
   
   
       30 . The network node as claimed in  claim 29 , wherein the refusal comprises not entering the first network node into or removing it from a routing table of the network node. 
   
   
       31 . The network node as claimed in  claim 29 , wherein the task comprises the receipt of a message to be sent by a network node to the first network node and the refusal includes suppression of the transmission of the message to be sent. 
   
   
       32 . A network, comprising:
 at least one network node,   wherein the at least one network node has:
 a processing unit embodied,
 to determine a task authorization for a task for a first network node, where the node determines a security requirement assigned to the task, 
 to check whether the first network node meets the security requirement, and 
 to refuse the task authorization for the first network node if the first network node does not meet the security requirement. 
 
   
   
   
       33 . The network in accordance with  claim 32 , wherein the network is an ad-hoc network or a mesh network.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.