Video surveillance systems using out of band key exchange
US-12177293-B2 · Dec 24, 2024 · US
Key establishment for constrained resource devices
US2016149869A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016149869-A1 |
| Application number | US-201314902296-A |
| Country | US |
| Kind code | A1 |
| Filing date | Jul 2, 2013 |
| Priority date | Jul 2, 2013 |
| Publication date | May 26, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
It is disclosed a method and a constrained resource device ( 502, 70, 90 ) for establishing a secret first key between a client device ( 506 ) and the constrained resource device. The invention also relates to a method and an authorization server ( 504, 60, 80 ) for enabling establishing a secret first key between a client device ( 506 ) and the constrained resource device. Based on a secret second key shared ( 508 ) between the constrained RD and the AS, the secret first key shared between the constrained resource device and the client device can be established. Devices having constrained resources cannot use protocols with which additional messages are required to share a secure identity. Embodiments of the present invention have the advantage that a secret identity can be established within an authentication protocol and that no additional messages are required to establish the secret identity.
First claim
Opening claim text (preview).
1 . A method for enabling establishment of a secret first key shared between a constrained resource device, RD, ( 502 , 70 , 90 ) and a client device ( 506 ), the method being performed in an authorization server, AS, ( 504 , 60 , 80 ) having a secret second key shared with the constrained RD, where the AS is associated with the client device, the method comprising: receiving ( 32 , 510 ) from the client device a request for a secret first key shared between the constrained RD and the client device, determining ( 34 , 512 ) an identifier of the request, based on the request received from the client device; generating ( 36 , 514 ) the secret first key based on said identifier of the request and the secret second key, wherein the secret first key is associated with the identifier of the request; and sending ( 38 , 516 ) to the client device the identifier of the request and the generated secret first key, thereby enabling the client device to generate a digital signature to be used in communication with the constrained RD, enabling the establishment of the secret first key shared between the constrained RD and the client device. 2 . The method for enabling establishment of a secret first key according to claim 1 , wherein the request for the secret first key comprises a client device identifier, the method further comprising authenticating the client device ( 506 ) based on the client device identifier. 3 . The method for enabling establishment of a secret first key according to claim 2 , wherein determining ( 34 , 512 ) the identifier of the request, further is based on the client device identifier. 4 . The method for enabling establishment of a secret first key according to claim 2 or 3 , wherein the identifier of the request comprises the client device identifier, further enabling the constrained RD to authenticate the client device. 5 . The method for enabling establishment of a secret first key according to any of claims 2 to 4 , wherein the identifier of the request comprises access information for the client device, further enabling the constrained RD to authorize access to the constrained RD ( 502 , 70 , 90 ) for the client device. 6 . The method for enabling establishment of a secret first key according to any of claims 1 to 3 , wherein the identifier of the request comprises a nonce. 7 . The method for enabling establishment of a secret first key according to any of claims 1 to 6 , where the method is performed within an authentication protocol. 8 . The method for enabling establishment of a secret first key according to claim 7 , wherein the authentication protocol comprises the transport layer security, TLS, protocol or the datagram transport layer security, DTLS, protocol. 9 . An authorization server, AS, ( 504 , 60 ) configured to enable establishment of a secret first key shared between a constrained resource device, RD, ( 502 , 70 , 90 ) and a client device ( 506 ), the AS being configured to have a secret second key shared with the constrained RD and to be associated with the client device, the AS comprising: a processor ( 62 ); and a memory ( 64 ) storing a computer program comprising computer program code which when run in the processor, causes the authorization server to: receive ( 32 , 510 ) from the client device a request for a secret first key shared between the constrained RD and the client device, determine ( 34 , 512 ) an identifier of the request, based on the request received from the client device; generate ( 36 , 514 ) the secret first key based on the identifier of the request and the secret second key, wherein the secret first key is associated with the identifier of the request; and send ( 38 , 516 ) to the client device the identifier of the request and the generated secret first key, enabling the client device to generate a digital signature, to be used in communication with the constrained RD, enabling the establishment of the secret first key shared between the constrained RD and the client device client device. 10 . The authorization server, AS, ( 504 , 60 ) according to claim 9 , wherein the computer program code which when run in the processor, further causes the authorization server to receive a client device identifier in the request for the secret first key, and to authenticate the client device ( 506 ) based on the received client device identifier. 11 . The authorization server, AS, ( 504 , 60 ) according to claim 9 or 10 , wherein the computer program code which when run in the processor, causes the authorization server to determine an identifier of the request, wherein the identifier of the request comprises a nonce. 12 . An authorization server, AS, ( 504 , 80 ) configured to enable establishment of a secret first key shared between a constrained resource device, RD, ( 502 , 70 , 90 ) and a client device ( 506 ), the AS being configured to have a secret second key shared with the constrained RD and to be associated with the client device, the AS comprising: a receiving unit ( 82 ) configured to receive ( 32 , 510 ) from the client device a request for a secret first key shared between the constrained RD and the client device; a determining unit ( 84 ) configured to determine ( 34 , 512 ) an identifier of the request, based on the request received from the client device; a generating unit ( 86 ) configured to generate ( 36 , 514 ) the secret first key based on the identifier of the request and the secret second key, wherein the secret first key is associated with the identifier of the request; and a sending unit ( 88 ) configured to send ( 38 , 516 ) to the client device the identifier of the request and the generated secret first key, enabling the client device to generate a digital signature, to be used in communication with the constrained RD, enabling the establishment of the secret first key shared between the constrained RD and the client device. 13 . A method for establishing a secret first key shared between a client device ( 506 ) and a constrained resource device, RD, ( 502 , 70 , 90 ) having a secret second key shared with an authorization server, AS, ( 504 , 60 , 80 ), the method being performed in the constrained RD, wherein the AS is associated with the client device, the method comprising: receiving ( 402 , 524 ) from the client device, a digital signature and an identifier of a request for the secret first key; deriving ( 404 , 526 ) a secret first key based on the identifier of the request and the secret second key; generating ( 406 , 528 ) a digital signature based on the derived secret first key; determining ( 408 , 528 ) whether the received digital signature equals to the generated digital signature; and if the received digital signature equals to the generated digital signature, deducing that derived secret first key equals to a secret first key of the AS, and that the received identifier of the request equals to an identifier of the request as determined by the AS. 14 . The method for establishing a secret first key, according to claim 13 , wherein the identifier of the request comprises a nonce. 15 . The method for establishing a secret first key according to claim 13 or 14 , wherein the identifier of the request comprises a client device identifier, the method further comprising authenticating the client device based on the client device identifier. 16 . The method for establishing a secret first key according to any of claims 13 to 15 , wherein the identifier of the request comprises access information for client device, the method further co
Assignees
Inventors
Classifications
Key scheduling, i.e. generating round keys or sub-keys for block encryption · CPC title
Signcrypting, i.e. digital signing and encrypting simultaneously · CPC title
using a plurality of keys or algorithms · CPC title
involving digital signatures · CPC title
- H04L63/0428Primary
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016149869A1 cover?
- It is disclosed a method and a constrained resource device ( 502, 70, 90 ) for establishing a secret first key between a client device ( 506 ) and the constrained resource device. The invention also relates to a method and an authorization server ( 504, 60, 80 ) for enabling establishing a secret first key between a client device ( 506 ) and the constrained resource device. Based on a secret se…
- Who is the assignee on this patent?
- Ericsson Telefon Ab L M
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0428. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu May 26 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).