US2023283486A1PendingUtilityA1

Computing device and method for performing a secure neighbor discovery

69
Assignee: KALOOM INCPriority: Mar 19, 2018Filed: May 10, 2023Published: Sep 7, 2023
Est. expiryMar 19, 2038(~11.7 yrs left)· nominal 20-yr term from priority
H04L 45/02H04L 9/3271H04L 63/164H04L 61/5069H04L 61/5092H04L 61/5038H04L 63/0428H04L 63/0876Y02D30/00H04L 41/28H04L 2101/604H04L 2101/622H04L 2101/659
69
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Computing devices and method for performing a secure neighbor discovery. A local computing device transmits an encrypted local node identifier and an encrypted local challenge to a remote computing device. The remote computing device generates a local challenge response based on the local challenge; and transmits an encrypted remote node identifier and an encrypted local challenge response to the local computing device. The local computing device determines that the received local challenge response corresponds to an expected local challenge response generated based on the local challenge. The remote computing device further transmits an encrypted remote challenge. The local computing device generates a remote challenge response based on the remote challenge; and transmits an encrypted remote challenge response to the remote computing device. The remote computing device determines that the received remote challenge response corresponds to an expected remote challenge response generated based on the remote challenge.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method for performing a secure discovery, the method comprising:
 determining by a processing unit of a computing device a local node identifier for a communication interface of the computing device;   generating by the processing unit of the computing device a local challenge;   encrypting by the processing unit of the computing device the local node identifier of the communication interface into an encrypted local node identifier of the communication interface;   encrypting by the processing unit of the computing device the local challenge into an encrypted local challenge;   transmitting by the processing unit of the computing device via the communication interface of the computing device a discovery request message comprising the encrypted local node identifier of the communication interface and the encrypted local challenge;   receiving by the processing unit of the computing device from a remote computing device via the communication interface of the computing device a discovery response message in response to the discovery request message, the discovery response message comprising an encrypted remote node identifier of a remote communication interface of the remote computing device and an encrypted local challenge response;   decrypting by the processing unit of the computing device the encrypted local challenge response into a local challenge response;   generating by the processing unit of the computing device an expected local challenge response based at least on the local challenge;   determining by the processing unit of the computing device whether the local challenge response corresponds to the expected local challenge response and the secure discovery is successful or whether the local challenge response does not correspond to the expected local challenge response and the secure discovery is a failure; and   when the secure discovery is successful, decrypting by the processing unit of the computing device the encrypted remote node identifier of the remote communication interface of the remote computing device into a remote node identifier of the remote communication interface of the remote computing device.   
     
     
         2 . The method of  claim 1 , wherein the discovery response message further comprises an encrypted remote challenge, and when the secure discovery is successful, the method further comprises:
 decrypting by the processing unit of the computing device the encrypted remote challenge into a remote challenge;   generating by the processing unit of the computing device a remote challenge response based at least on the remote challenge;   encrypting by the processing unit of the computing device the remote challenge response into an encrypted remote challenge response; and   transmitting by the processing unit of the computing device to the remote computing device via the communication interface of the computing device a discovery acknowledgment message comprising the encrypted remote challenge response.   
     
     
         3 . The method of  claim 1 , wherein a shared key is used for encrypting the local node identifier and the local challenge, and for decrypting the encrypted local challenge response and the encrypted remote node identifier. 
     
     
         4 . The method of  claim 1 , wherein the discovery request message is multicasted or broadcasted. 
     
     
         5 . The method of  claim 1 , wherein the discovery request message is compliant with the Link Layer Discovery Protocol (LLDP). 
     
     
         6 . The method of  claim 1 , further comprising determining by the processing unit of the computing device a local link identifier for the communication interface of the computing device; and wherein the discovery request message comprises the local link identifier of the communication interface of the computing device, and the discovery response message comprises a remote link identifier of the remote communication interface of the remote computing device. 
     
     
         7 . The method of  claim 1 , wherein the local node identifier is a Media Access Control (MAC) address. 
     
     
         8 . The method of  claim 1 , wherein the processing unit determines the local node identifier by calculating a hash of a 128 bits Universal Unique Identifier (UUID) of the computing device. 
     
     
         9 . A method for performing a secure discovery, the method comprising:
 determining by a processing unit of a computing device a local node identifier for a communication interface of the computing device;   generating by the processing unit of the computing device a local challenge;   encrypting by the processing unit of the computing device a combination of the local node identifier of the communication interface of the computing device and the local challenge into an encrypted combination of the local node identifier of the communication interface of the computing device and the local challenge;   transmitting by the processing unit of the computing device via the communication interface of the computing device a discovery request message comprising the encrypted combination of the local node identifier of the communication interface of the computing device and the local challenge;   receiving by the processing unit of the computing device from a remote computing device via the communication interface of the computing device a discovery response message in response to the discovery request message, the discovery response message comprising an encrypted combination of a remote node identifier of a remote communication interface of the remote computing device and a local challenge response;   decrypting by the processing unit of the computing device the encrypted combination of the remote node identifier of the remote communication interface of the remote computing device and the local challenge response into the remote node identifier of the remote communication interface of the remote computing device and the local challenge response;   generating by the processing unit of the computing device an expected local challenge response based at least on the local challenge; and   determining by the processing unit of the computing device whether the local challenge response corresponds to the expected local challenge response and the secure discovery is successful or whether the local challenge response does not correspond to the expected local challenge response and the secure discovery is a failure.   
     
     
         10 . The method of  claim 9 , wherein the discovery response message further comprises an encrypted remote challenge, and when the secure discovery is successful, the method further comprises:
 decrypting by the processing unit of the computing device the encrypted remote challenge into a remote challenge;   generating by the processing unit of the computing device a remote challenge response based at least on the remote challenge;   encrypting by the processing unit of the computing device the remote challenge response into an encrypted remote challenge response; and   transmitting by the processing unit of the computing device to the remote computing device via the communication interface of the computing device a discovery acknowledgment message comprising the encrypted remote challenge response.   
     
     
         11 . The method of  claim 9 , wherein a shared key is used for encrypting the combination of the local node identifier and the local challenge, and for decrypting the encrypted combination of the remote node identifier and the local challenge response. 
     
     
         12 . The method of  claim 9 , wherein the discovery request message is multicasted or broadcasted. 
     
     
         13 . The method of  claim 9 , wherein the discovery request message is compliant with the Link Layer Discovery Protocol (LLDP). 
     
     
         14 . The method of  claim 9 , further comprising determining by the processing unit of the computing device a local link identifier for the communication interface of the computing device; and wherein the discovery request message comprises the local link identifier of the communication interface of the computing device, and the discovery response message comprises a remote link identifier of the remote communication interface of the remote computing device. 
     
     
         15 . The method of  claim 9 , wherein the local node identifier is a Media Access Control (MAC) address. 
     
     
         16 . The method of  claim 9 , wherein the processing unit determines the local node identifier by calculating a hash of a 128 bits Universal Unique Identifier (UUID) of the computing device.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.