Methods, networks and nodes for dynamically establishing encrypted communications
Abstract
Methods, networks and nodes for dynamically establishing encrypted communications between a first node having a first identification and a first private key and a second node having a second identification and a second private key. A first signal comprising information indicative of the first identification of the first node is transmitted, then, upon receipt of the first signal by the second node, a second signal comprising information indicative of the second identification of the second node and a first portion of a symmetric key is transmitted, then, upon receipt of the second signal by the first node, a third signal comprising a second portion of the symmetric key is transmitted.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A device implemented method for dynamically establishing encrypted communications between a first node having a first identification and a first private key and a second node having a second identification and a second private key, comprising the steps of:
transmitting a first signal comprising information indicative of said first identification of said first node; then transmitting, upon receipt of said first signal by said second node, a second signal comprising information indicative of said second identification of said second node and a first portion of a symmetric key; then transmitting, upon receipt of said second signal by said first node, a third signal comprising a second portion of said symmetric key.
2 . The method of claim 1 wherein at least one of said second signal and said third signal is encrypted.
3 . The method of claim 2 wherein said at least one of said second signal and said third signal are encrypted according to at least one of said first portion of said symmetric key and said second portion of second symmetric key.
4 . The method of claim 1 wherein said first private key and said second private key are based, at least in part, on time.
5 . The method of claim 1 further comprising the steps of:
generating with said second node, after said transmitting said first signal step, said first portion of said symmetric key based, at least in part, on said information indicative of said first identification of said first node and said second private key; and
generating with said first node, after said transmitting said second signal step, said second portion of said symmetric key based, at least in part, on said information indicative of said second identification of said second node and said first private key; and
6 . The method of claim 5 wherein:
said first node comprises a first processor and said second node comprises a second processor;
wherein said first processor and said second processor are trusted hardware; and
wherein said generating with said second node step is software implemented on said second processor and said generating with said first node step is software implemented with said second processor.
7 . The method of claim 6 wherein said first processor and said second processor implement a software scheme having a plurality of software layers, and wherein said generating with said second node step and said generating with said first node steps are software implemented as one of said plurality of software layers.
8 . The method of claim 1 wherein:
said first node comprises a first processor and said second node comprises a second processor;
wherein at least one of said first processor and said second processor is untrusted hardware; and
wherein, if said first processor is untrusted, said generating with said first node step is performed with a first hardware module coupled to said first node and otherwise said generating with said first node step is performed with said first processor; and
wherein, if said second processor is untrusted, said generating with said second node step is performed with a second hardware module coupled to said second node and otherwise said generating with said second node step is performed with said second processor.
9 . The method of claim 1 wherein each of said transmitting steps transmits only one data packet apiece.
10 . The method of claim 1 wherein at least one of said first identification and said second identification is an internet protocol address of said first node and an internet protocol address of said second node, respectively.
11 . The method of claim 1 wherein at least said transmitting said first signal step is a multicast signal to at least said second node and a third node different than said first node and said second node.
12 . The method of claim 1 further comprising the step, upon completion of said transmitting said third signal, of returning to said transmitting said first signal step.
13 . The method of claim 12 wherein said step of returning to said transmitting said first signal step refreshes said symmetric key.
14 . The method of claim 13 wherein said step of returning to said transmitting said first signal step occurs periodically.
15 . The method of claim 13 wherein said symmetric key has an expiration time and wherein said returning step occurs after said expiration time.
16 . The method of claim 1 wherein said first private key is the same as said second private key.
17 . The method of claim 1 wherein said first private key is different than said second private key.
18 . A dynamically configured encrypted network, comprising:
a first node having a first identification and a first private key; a second node communicatively coupled to said first node and having a second identification and a second private key; wherein said first node is configured to transmit a first signal comprising information indicative of said first identification of said first node; wherein said second node is configured to transmit, upon receipt of said first signal by said second node, a second signal comprising information indicative of said second identification of said second node and a first portion of a symmetric key; and wherein said first node is configured to transmit, upon receipt of said second signal, a third signal comprising a second portion of said symmetric key.
19 . The network of claim 18 wherein at least one of said second signal and said third signal is encrypted.
20 . The network of claim 19 wherein said at least one of said second signal and said third signal are encrypted according to at least one of said first portion of said symmetric key and said second portion of second symmetric key.
21 . The network of claim 18 wherein said first private key and said second private key are based, at least in part, on time.
22 . The network of claim 18 wherein:
said first portion of said symmetric key being based, at least in part, on said information indicative of said first identification of said first node and said second private key; and
said second portion of said symmetric key being based, at least in part, on said information indicative of said second identification of said second node and said first private key; and
23 . The network of claim 22 wherein:
said first node comprises a first processor and said second node comprises a second processor;
wherein said first processor and said second processor are trusted hardware; and
said first portion of said symmetric key being software generated on said trusted hardware of said second processor.
24 . The network of claim 23 wherein said first processor and said second processor implement a software scheme having a plurality of software layers and wherein said first portion of said symmetric key and said second portion of said symmetric key are generated one of said plurality of software layers.
25 . The network of claim 22 wherein:
said first node comprises a first processor and said second node comprises a second processor;
wherein at least one of said first processor and said second processor is untrusted hardware; and
wherein, if said first processor is untrusted, said first portion of said symmetric key is generated with a first trusted hardware module coupled to said first node and otherwise said first portion of said symmetric key is generated with said first processor; and
wherein, if said second processor is untrusted, said second portion of said symmetric key is generated with a second trusted hardware module coupled to said first node and otherwise said second portion of said symmetric key is generated with said second processor.
26 . The network of claim 18 wherein said first node is configured to transmit said signal comprising information indicative of said first identification of said first node in a single data packet and wherein said second node is configured to transmit said second signal comprising information indicative of said second identification of said second node in a single data packet.
27 . The network of claim 18 wherein at least one of said first identification and said second identification is an Internet protocol address of said first node and an internet protocol address of said second node, respectively.
28 . The network of claim 18 wherein said first node is configured to transmit said signal comprising information indicative of said first identification of said first node as a multicast signal to at least said second and a third node different than said first node and said second node.
29 . The network of claim 18 wherein said first node is configured, upon completion of transmission of said third signal, to again transmit said first signal comprising information indicative of said first identification of said first node.
30 . The network of claim 29 wherein said symmetric key is refreshed.
31 . The network of claim 30 wherein said symmetric key is refreshed periodically.
32 . The network of claim 30 wherein said symmetric key has an expiration time and wherein said symmetric key is refreshed after said expiration time.
33 . The network of claim 18 wherein said first private key is the same as said second private key.
34 . The network of claim 18 wherein said first private key is different than said second private key.
35 . A node configured to dynamically establish encrypted communication with a second node having a second identification and a second private key, comprising:
a first identification different from said second identification; a first private key different from said second private key; and a transceiver, configured to:
transmit a first signal comprising information indicative of said first identification of said first node;
receive a second signal, transmitted by said second node upon receipt of said first signal, comprising information indicative of said second identification of said second node and a first portion of a symmetric key; and
transmit, upon receipt of said second signal, a third signal comprising a second portion of said symmetric key.
36 . The node of claim 35 wherein at least one of said second signal and said third signal is encrypted.
37 . The node of claim 36 wherein said at least one of said second signal and said third signal are encrypted according to at least one of said first portion of said symmetric key and said second portion of second symmetric key.
38 . The node of claim 35 wherein said first private key and said second private key are based, at least in part, on time.
39 . The node of claim 35 wherein:
said first portion of said symmetric key being based, at least in part, on said information indicative of said first identification of said first node and said second private key; and
said second portion of said symmetric key being based, at least in part, on said information indicative of said second identification of said second node and said first private key; and
40 . The node of claim 39 wherein:
said first node is trusted hardware having a first processor; and
said first portion of said symmetric key being software generated on said trusted hardware of said second processor.
41 . The node of claim 40 wherein said first processor implements a software scheme having a plurality of software layers and wherein said first portion of said symmetric key is generated in one of said plurality of software layers.
42 . The node of claim 39 wherein said first node is untrusted hardware having a first processor; and said first portion of said symmetric key is generated with a trusted hardware module coupled to said first node.
43 . The node of claim 35 wherein said first node is configured to transmit said signal comprising information indicative of said first identification of said first node in a single data packet.
44 . The node of claim 35 wherein at least one of said first identification and said second identification is an internet protocol address of said first node and an internet protocol address of said second node, respectively.
45 . The node of claim 35 wherein said first node is configured to transmit said signal comprising information indicative of said first identification of said first node as a multicast signal to at least said second and a third node different than said first node and said second node.
46 . The node of claim 35 wherein said first node is configured, upon completion of transmission of said third signal, to again transmit said first signal comprising information indicative of said first identification of said first node.
47 . The node of claim 46 wherein said symmetric key is refreshed.
48 . The node of claim 47 wherein said symmetric key is refreshed periodically.
49 . The node of claim 47 wherein said symmetric key has an expiration time and wherein said symmetric key is refreshed after said expiration time.
50 . The node of claim 35 wherein said first private key is the same as said second private key.
51 . The node of claim 35 wherein said first private key is different than said second private key.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.