US2013108045A1PendingUtilityA1

Methods, networks and nodes for dynamically establishing encrypted communications

45
Assignee: SANDERS CLINT MICHAELPriority: Oct 27, 2011Filed: Oct 27, 2011Published: May 2, 2013
Est. expiryOct 27, 2031(~5.3 yrs left)· nominal 20-yr term from priority
H04L 9/0861H04L 9/0847H04L 9/16H04L 9/32H04L 63/068H04L 63/0435H04L 9/14
45
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Methods, networks and nodes for dynamically establishing encrypted communications between a first node having a first identification and a first private key and a second node having a second identification and a second private key. A first signal comprising information indicative of the first identification of the first node is transmitted, then, upon receipt of the first signal by the second node, a second signal comprising information indicative of the second identification of the second node and a first portion of a symmetric key is transmitted, then, upon receipt of the second signal by the first node, a third signal comprising a second portion of the symmetric key is transmitted.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A device implemented method for dynamically establishing encrypted communications between a first node having a first identification and a first private key and a second node having a second identification and a second private key, comprising the steps of:
 transmitting a first signal comprising information indicative of said first identification of said first node; then   transmitting, upon receipt of said first signal by said second node, a second signal comprising information indicative of said second identification of said second node and a first portion of a symmetric key; then   transmitting, upon receipt of said second signal by said first node, a third signal comprising a second portion of said symmetric key.   
     
     
         2 . The method of  claim 1  wherein at least one of said second signal and said third signal is encrypted. 
     
     
         3 . The method of  claim 2  wherein said at least one of said second signal and said third signal are encrypted according to at least one of said first portion of said symmetric key and said second portion of second symmetric key. 
     
     
         4 . The method of  claim 1  wherein said first private key and said second private key are based, at least in part, on time. 
     
     
         5 . The method of  claim 1  further comprising the steps of:
 generating with said second node, after said transmitting said first signal step, said first portion of said symmetric key based, at least in part, on said information indicative of said first identification of said first node and said second private key; and 
 generating with said first node, after said transmitting said second signal step, said second portion of said symmetric key based, at least in part, on said information indicative of said second identification of said second node and said first private key; and 
 
     
     
         6 . The method of  claim 5  wherein:
 said first node comprises a first processor and said second node comprises a second processor; 
 wherein said first processor and said second processor are trusted hardware; and 
 wherein said generating with said second node step is software implemented on said second processor and said generating with said first node step is software implemented with said second processor. 
 
     
     
         7 . The method of  claim 6  wherein said first processor and said second processor implement a software scheme having a plurality of software layers, and wherein said generating with said second node step and said generating with said first node steps are software implemented as one of said plurality of software layers. 
     
     
         8 . The method of  claim 1  wherein:
 said first node comprises a first processor and said second node comprises a second processor; 
 wherein at least one of said first processor and said second processor is untrusted hardware; and 
 wherein, if said first processor is untrusted, said generating with said first node step is performed with a first hardware module coupled to said first node and otherwise said generating with said first node step is performed with said first processor; and 
 wherein, if said second processor is untrusted, said generating with said second node step is performed with a second hardware module coupled to said second node and otherwise said generating with said second node step is performed with said second processor. 
 
     
     
         9 . The method of  claim 1  wherein each of said transmitting steps transmits only one data packet apiece. 
     
     
         10 . The method of  claim 1  wherein at least one of said first identification and said second identification is an internet protocol address of said first node and an internet protocol address of said second node, respectively. 
     
     
         11 . The method of  claim 1  wherein at least said transmitting said first signal step is a multicast signal to at least said second node and a third node different than said first node and said second node. 
     
     
         12 . The method of  claim 1  further comprising the step, upon completion of said transmitting said third signal, of returning to said transmitting said first signal step. 
     
     
         13 . The method of  claim 12  wherein said step of returning to said transmitting said first signal step refreshes said symmetric key. 
     
     
         14 . The method of  claim 13  wherein said step of returning to said transmitting said first signal step occurs periodically. 
     
     
         15 . The method of  claim 13  wherein said symmetric key has an expiration time and wherein said returning step occurs after said expiration time. 
     
     
         16 . The method of  claim 1  wherein said first private key is the same as said second private key. 
     
     
         17 . The method of  claim 1  wherein said first private key is different than said second private key. 
     
     
         18 . A dynamically configured encrypted network, comprising:
 a first node having a first identification and a first private key;   a second node communicatively coupled to said first node and having a second identification and a second private key;   wherein said first node is configured to transmit a first signal comprising information indicative of said first identification of said first node;   wherein said second node is configured to transmit, upon receipt of said first signal by said second node, a second signal comprising information indicative of said second identification of said second node and a first portion of a symmetric key; and   wherein said first node is configured to transmit, upon receipt of said second signal, a third signal comprising a second portion of said symmetric key.   
     
     
         19 . The network of  claim 18  wherein at least one of said second signal and said third signal is encrypted. 
     
     
         20 . The network of  claim 19  wherein said at least one of said second signal and said third signal are encrypted according to at least one of said first portion of said symmetric key and said second portion of second symmetric key. 
     
     
         21 . The network of  claim 18  wherein said first private key and said second private key are based, at least in part, on time. 
     
     
         22 . The network of  claim 18  wherein:
 said first portion of said symmetric key being based, at least in part, on said information indicative of said first identification of said first node and said second private key; and 
 said second portion of said symmetric key being based, at least in part, on said information indicative of said second identification of said second node and said first private key; and 
 
     
     
         23 . The network of  claim 22  wherein:
 said first node comprises a first processor and said second node comprises a second processor; 
 wherein said first processor and said second processor are trusted hardware; and 
 said first portion of said symmetric key being software generated on said trusted hardware of said second processor. 
 
     
     
         24 . The network of  claim 23  wherein said first processor and said second processor implement a software scheme having a plurality of software layers and wherein said first portion of said symmetric key and said second portion of said symmetric key are generated one of said plurality of software layers. 
     
     
         25 . The network of  claim 22  wherein:
 said first node comprises a first processor and said second node comprises a second processor; 
 wherein at least one of said first processor and said second processor is untrusted hardware; and 
 wherein, if said first processor is untrusted, said first portion of said symmetric key is generated with a first trusted hardware module coupled to said first node and otherwise said first portion of said symmetric key is generated with said first processor; and 
 wherein, if said second processor is untrusted, said second portion of said symmetric key is generated with a second trusted hardware module coupled to said first node and otherwise said second portion of said symmetric key is generated with said second processor. 
 
     
     
         26 . The network of  claim 18  wherein said first node is configured to transmit said signal comprising information indicative of said first identification of said first node in a single data packet and wherein said second node is configured to transmit said second signal comprising information indicative of said second identification of said second node in a single data packet. 
     
     
         27 . The network of  claim 18  wherein at least one of said first identification and said second identification is an Internet protocol address of said first node and an internet protocol address of said second node, respectively. 
     
     
         28 . The network of  claim 18  wherein said first node is configured to transmit said signal comprising information indicative of said first identification of said first node as a multicast signal to at least said second and a third node different than said first node and said second node. 
     
     
         29 . The network of  claim 18  wherein said first node is configured, upon completion of transmission of said third signal, to again transmit said first signal comprising information indicative of said first identification of said first node. 
     
     
         30 . The network of  claim 29  wherein said symmetric key is refreshed. 
     
     
         31 . The network of  claim 30  wherein said symmetric key is refreshed periodically. 
     
     
         32 . The network of  claim 30  wherein said symmetric key has an expiration time and wherein said symmetric key is refreshed after said expiration time. 
     
     
         33 . The network of  claim 18  wherein said first private key is the same as said second private key. 
     
     
         34 . The network of  claim 18  wherein said first private key is different than said second private key. 
     
     
         35 . A node configured to dynamically establish encrypted communication with a second node having a second identification and a second private key, comprising:
 a first identification different from said second identification;   a first private key different from said second private key; and   a transceiver, configured to:
 transmit a first signal comprising information indicative of said first identification of said first node; 
 receive a second signal, transmitted by said second node upon receipt of said first signal, comprising information indicative of said second identification of said second node and a first portion of a symmetric key; and 
 transmit, upon receipt of said second signal, a third signal comprising a second portion of said symmetric key. 
   
     
     
         36 . The node of  claim 35  wherein at least one of said second signal and said third signal is encrypted. 
     
     
         37 . The node of  claim 36  wherein said at least one of said second signal and said third signal are encrypted according to at least one of said first portion of said symmetric key and said second portion of second symmetric key. 
     
     
         38 . The node of  claim 35  wherein said first private key and said second private key are based, at least in part, on time. 
     
     
         39 . The node of  claim 35  wherein:
 said first portion of said symmetric key being based, at least in part, on said information indicative of said first identification of said first node and said second private key; and 
 said second portion of said symmetric key being based, at least in part, on said information indicative of said second identification of said second node and said first private key; and 
 
     
     
         40 . The node of  claim 39  wherein:
 said first node is trusted hardware having a first processor; and 
 said first portion of said symmetric key being software generated on said trusted hardware of said second processor. 
 
     
     
         41 . The node of  claim 40  wherein said first processor implements a software scheme having a plurality of software layers and wherein said first portion of said symmetric key is generated in one of said plurality of software layers. 
     
     
         42 . The node of  claim 39  wherein said first node is untrusted hardware having a first processor; and said first portion of said symmetric key is generated with a trusted hardware module coupled to said first node. 
     
     
         43 . The node of  claim 35  wherein said first node is configured to transmit said signal comprising information indicative of said first identification of said first node in a single data packet. 
     
     
         44 . The node of  claim 35  wherein at least one of said first identification and said second identification is an internet protocol address of said first node and an internet protocol address of said second node, respectively. 
     
     
         45 . The node of  claim 35  wherein said first node is configured to transmit said signal comprising information indicative of said first identification of said first node as a multicast signal to at least said second and a third node different than said first node and said second node. 
     
     
         46 . The node of  claim 35  wherein said first node is configured, upon completion of transmission of said third signal, to again transmit said first signal comprising information indicative of said first identification of said first node. 
     
     
         47 . The node of  claim 46  wherein said symmetric key is refreshed. 
     
     
         48 . The node of  claim 47  wherein said symmetric key is refreshed periodically. 
     
     
         49 . The node of  claim 47  wherein said symmetric key has an expiration time and wherein said symmetric key is refreshed after said expiration time. 
     
     
         50 . The node of  claim 35  wherein said first private key is the same as said second private key. 
     
     
         51 . The node of  claim 35  wherein said first private key is different than said second private key.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.