Method of Configuring a Node, Related Node and Configuration Server
Lucidarme; Thierry
Patent Application Summary
U.S. patent application number 13/469662 was filed with the patent office on 2012-09-06 for method of configuring a node, related node and configuration server. This patent application is currently assigned to ROCKSTAR BIDCO LP. Invention is credited to Thierry Lucidarme.
| Application Number | 20120226909 13/469662 |
| Document ID | / |
| Family ID | 39317954 |
| Filed Date | 2012-09-06 |
| United States Patent Application | 20120226909 |
| Kind Code | A1 |
| Lucidarme; Thierry | September 6, 2012 |
Method of Configuring a Node, Related Node and Configuration Server
Abstract
A method for configuring a node, said node holding a public key depending on an identifier relating to said node, a related secret key and an address of a configuration server storing sets of configuration parameters for respective nodes, the method comprising the following steps carried out at the configuration server: identifying said node by use of an identity based identification algorithm taking account of said public and secret keys; and when said node has been successfully identified, retrieving the set of configuration parameters stored for said node and transmitting said set of configuration parameters to said node.
| Inventors: | Lucidarme; Thierry; (Montigny-le-Bretonneux, FR) |
| Assignee: | ROCKSTAR BIDCO LP New York NY |
| Family ID: | 39317954 |
| Appl. No.: | 13/469662 |
| Filed: | May 11, 2012 |
Related U.S. Patent Documents
| Application Number | Filing Date | Patent Number | ||
|---|---|---|---|---|
| 11582683 | Oct 18, 2006 | 8200967 | ||
| 13469662 | ||||
| Current U.S. Class: | 713/171 ; 713/168 |
| Current CPC Class: | H04L 41/082 20130101; H04L 63/10 20130101; H04L 63/08 20130101; H04L 41/08 20130101 |
| Class at Publication: | 713/171 ; 713/168 |
| International Class: | H04L 9/32 20060101 H04L009/32; H04L 9/08 20060101 H04L009/08 |
Claims
1. A method of authorizing a first node for receipt of information from a communication network, the first node having a public key which is a function of an identifier associated with the first node and a secret key related to the public key, the method comprising, at a second node of the communication network: authenticating the first node using an identity-based authentication algorithm based on the public key and the secret key; and when the first node is successfully authenticated, permitting the first node to receive information from the communication network.
2. The method of claim 1, wherein the public key is the identifier associated with the first node.
3. The method of claim 1, wherein the public key is derived from the identifier associated with the first node.
4. The method of claim 1, wherein authenticating the first node using an identity-based authentication algorithm comprises: receiving information from the first node at the second node; and confirming, at the second node, that the received information was derived using the secret key for the first node.
5. The method of claim 1, wherein permitting the first node to receive information from the communication network comprises transmitting information from the second node to the first node.
6. The method of claim 1, wherein permitting the first node to receive information from the communication network comprises transmitting configuration information from the second node to the first node.
7. The method of claim 1, wherein, before the first node is authenticated by the second node, the first node has no parameters for accessing the communication network other than the public key, the secret key and at least one network address, the at least one network address comprising a network address of the second node.
8. The method of claim 1, wherein the public key comprises a one-way function of the identifier associated with the first node.
9. The method of claim 8, wherein the one-way function comprises a hash function.
10. The method of claim 1, further comprising: generating the secret key from the identifier associated with the first node; and providing the secret key to the first node.
11. The method of claim 1, further comprising transmitting information to the first node via the communication network.
12. The method of claim 11, wherein transmitting information to the first node comprises transmitting encrypted information to the first node.
13. The method of claim 12, wherein transmitting encrypted information to the first node comprises transmitting information encrypted using identity-based encryption.
14. A system for authorizing a first node for receipt of information from a communication network, the first node having a public key which is a function of an identifier associated with the first node and a secret key related to the public key, the apparatus comprising a second node of the communication network, the second node comprising: a communication interface; and a processor coupled to the communication interface, the processor being configured: to authenticate the first node using an identity-based authentication algorithm based on the public key and the secret key; and when the first node is successfully authenticated, to permit the first node to receive information from the communication network.
15. The system of claim 14, wherein the public key is the identifier associated with the first node.
16. The system of claim 14, wherein the public key is derived from the identifier associated with the first node.
17. The system of claim 14, wherein the processor is configured to authenticate the first node using an identity-based authentication algorithm by: receiving information from the first node at the second node; and confirming, at the second node, that the received information was derived using the secret key for the first node.
18. The system of claim 14, wherein the processor is configured to permit the first node to receive information from the communication network by transmitting information via the communication network to the first node.
19. The system of claim 14, wherein the processor is configured to permit the first node to receive information from the communication network by transmitting configuration information via the communication network to the first node.
20. The system of claim 14, wherein, before the first node is authenticated by the second node, the first node has no parameters for accessing the communication network other than the public key, the secret key and at least one network address, the at least one network address comprising a network address of the second node.
21. The system of claim 14, wherein the public key comprises a one-way function of the identifier associated with the first node.
22. The system of claim 21, wherein the one-way function comprises a hash function.
23. The system of claim 14, further comprising a secret generator configured: to generate the secret key from the identifier associated with the first node; and to provide the secret key to the first node.
24. The system of claim 14, wherein the second node is configured to transmit information to the first node via the communication network.
25. The system of claim 24, wherein the second node is configured to transmit information to the first node by transmitting encrypted information to the first node.
26. The system of claim 25, wherein the second node is configured to transmit encrypted information to the first node by transmitting information encrypted using identity-based encryption.
Description
BACKGROUND OF THE INVENTION
[0001] The present invention relates to node configuration.
[0002] The term `node` is to be understood here as any device or system capable of communicating with at least another node. It includes very basic chip cards, RFID (Radio Frequency Identification Chip) tags, sensors, mobile phones, PDAs (Personal Digital Assistants), base stations, servers, gateways, or even whole telecommunication networks. As a non-limiting example, a node may be an access point of an Ambient Network.
[0003] In order to be able to interact with its environment, a node requires some configuration. Of course, such configuration may differ depending on the nature of the node. But it can also depend on the variety of possible environments the node can meet. The environment may even vary in time, especially as far as mobile nodes moving in a radio environment are concerned.
[0004] Bandwidth, power, IP versions, IP addresses, security keys, proxy server addresses are some examples of configuration parameters an update version of which a node should be aware in order to communicate.
[0005] Due to the above mentioned multiplicity of nodes and environments, it is not easy to store relevant and appropriate configuration parameters in any node once and for all when building it.
[0006] Therefore, there is a need for providing any kind of node with relevant and appropriate configuration parameters.
SUMMARY OF THE INVENTION
[0007] The invention proposes a method for configuring a node, said node holding a public key depending on an identifier relating to said node, a related secret key and an address of a configuration server storing sets of configuration parameters for respective nodes, the method comprising the following steps carried out at the configuration server: [0008] identifying said node by use of an identity based identification algorithm taking account of said public and secret keys; and [0009] when said node has been successfully identified, retrieving the set of configuration parameters stored for said node and transmitting said set of configuration parameters to said node.
[0010] In this way, the node does not have to store much information or very specific information initially, since only a public key, a secret key and an address of a configuration server are needed. Moreover, due to the fact that the public key depends on said identifier, the stored information is particularly light, by contrast with traditional X.509 certificates for instance. The configuration parameters can also be obtained at any time by the node after a simple identification by the configuration server. Updated versions of configuration parameters can thus be obtained quite easily.
[0011] The invention also proposes a node holding a public key depending on an identifier relating to said node, a related secret key and an address of a configuration server storing sets of configuration parameters for respective nodes, said node comprising: [0012] means for being identified by the configuration server by use of an identity based identification algorithm taking account of said public and secret keys; [0013] means for receiving a set of configuration parameters from the configuration server when said node has been successfully identified.
[0014] The invention also proposes a configuration server storing sets of configuration parameters for respective nodes each holding a respective public key depending on a respective identifier relating to said node, a respective related secret key and an address of the configuration server, said configuration server comprising in relation with any one of said nodes: [0015] means for identifying said node by use of an identity based identification algorithm taking account of a said public and secret keys relating to said node; and [0016] means for retrieving the set of configuration parameters stored for said node and means for transmitting said set of configuration parameters to said node when means for identifying have successfully identified said node.
[0017] The preferred features of the above aspects which are indicated by the dependent claims may be combined as appropriate, and may be combined with any of the above aspects of the invention, as would be apparent to a person skilled in the art.
BRIEF DESCRIPTION OF THE DRAWINGS
[0018] FIG. 1 is a schematic view of a system implementing the invention;
[0019] FIG. 2 is a schematic view of main exchanges between a node and a configuration server according to the invention;
[0020] FIG. 3 is a first example of configuration using the Shamir's identity-based identification algorithm; and
[0021] FIG. 4 is a second example of configuration using the Fischer-Micali-Rackoff's identity-based identification algorithm.
DESCRIPTION OF PREFERRED EMBODIMENTS
[0022] FIG. 1 shows a computer device 1a, a mobile phone 1b and a RFID tag 1c which form respective nodes, which may be part of an Ambient network for instance.
[0023] As will be explained in more detail below, each one of these nodes holds minimum required parameters for configuration purposes.
[0024] FIG. 1 also shows a configuration server 2 which contains configuration parameters for different nodes, including the nodes 1a, 1b and 1c.
[0025] In the present invention, the nodes 1a, 1b and 1c receive relevant and appropriate configuration parameters from the configuration server 2, possibly through a communication network 3 which may contain other nodes.
[0026] Since the nodes 1a, 1b and 1c get respective configuration parameters from the configuration server 2, they can contain very few information initially. This may be advantageous when building such nodes. It also allows the nodes to get updated configuration parameters when needed, e.g. when moving inside a radio environment.
[0027] FIG. 2 shows in more detail how a node can get configured according to an embodiment of the present invention. In this figure, a node 1, namely a mobile phone, is to be configured.
[0028] Initially, i.e. right after being built and sold to its user, the node 1 may hold only three parameters: an identifier (id in FIG. 2) relating to the node 1, i.e. which identifies either the node itself or its user and which may be used as a public key for the node 1 as will be explained below, a function of said identifier (Ks(id) in FIG. 2) which may be used as a secret key for the node 1 as will be explained below and an address of the configuration server 2, e.g. an IP address (@IP in FIG. 2).
[0029] As a variant, a one way function h of the identifier id (h(id)) may be held by the node 1 instead of the identifier id itself. This one way function may be a hash function, such as SHA-1 (specified in the "Secure Hash Signature Standard (SHS)" by the NIST (see FIPS PUB 180-2)) or MD5 (see Request For Comments 1319-121 published by the Internet Engineering Task Force (IETF)) for instance. Of course, other one way functions may suit as well.
[0030] Advantageously, said identifier id is unique for each node and/or user. It can explicitly define the node and/or user. As a non-limiting example, the identifier id may include the following string: firstname.surname.city@domainname.
[0031] Alternatively, the identifier may include an identifier used for other purposes. For instance, when the routing protocol used between the node and configuration server is IP (Internet Protocol) and the allocation of IP addresses is fixed, the identifier id may include the IP address of the node.
[0032] Likewise, when the node is a mobile phone for instance, it is coupled to a SIM (Subscriber Identity Module) card characterizing the user of the mobile phone. The SIM card contains a user identity called IMSI (International Mobile Subscriber Identity), which could be included in the identifier id for configuration purposes according to the invention.
[0033] Although the node 1 may hold the three above mentioned parameters only, it may also hold additional parameters. However, it will be understood that most or all the configuration parameters intended to be used by the node 1 (e.g. bandwidth, power, IP versions, IP addresses, security keys, proxy server addresses, etc.) are not stored in said node initially.
[0034] The secret key Ks(id) may be provided to the node 1 in many different ways. In the example illustrated in FIG. 2, a secret generator 18 is the entity that generates Ks(id) by applying a trapdoor function to the identifier id (or h(id)) relating to the node 1. The secret generator 18 then sends the secret key generated to the node 1 (step 4).
[0035] On the other hand, the configuration server 2 has access to a database 2a which may be internal or external. This database 2a stores sets of configuration parameters CP.sub.1,CP.sub.2, . . . ,CP.sub.n for respective nodes identified by id.sub.1,id.sub.2, . . . ,id.sub.n respectively.
[0036] In step 5, the configuration server 2 identifies the node 1 by use of an identity based identification algorithm. This identification step may be requested by the node 1. During this step, the node 1 and the configuration server 2 exchange messages. Messages can be sent from the node 1 to the configuration server 2 due to the fact that the node 1 knows the address @IP of the configuration server 2.
[0037] Non-limiting examples of identity based identification algorithms will be described below with reference to FIGS. 3 and 4. The particularity of such algorithms is that they take account of a public key which depends on an identifier relating to the entity to be identified. They also take account of a related secret key also depending on said identifier, since the secret key derives from the public key by use of a trapdoor function.
[0038] At the beginning of the identification step 5, the node 1 sends its identifier id (or h(id)) to the configuration server 2. The configuration server 2 then authenticates whether or not the node 1 is really the one with said identifier id.
[0039] When the configuration server 2 has successfully identified the node 1, it is capable of retrieving the corresponding set of configuration parameters CP in the database 2a, from the identifier id (or h(id)). It can then transmit CP to the node 1 (step 6). As mentioned above, the identifier id may include a routing address such as the IP address of the node, which allows CP to be sent from the configuration server 2 to the node 1. In this way, the node 1 finally holds the needed configuration parameters, which makes it able to communicate properly with other nodes.
[0040] The transmission of the configuration parameters CP from the configuration server 2 to the node 1 may be carried out in clear or in an encrypted way. The encryption can be performed in different ways. A first possibility is to establish a secure tunnel between the configuration server 2 and the node 1 as well known. A second possibility is to use an identity based encryption algorithm, such as the Cocks' algorithm described in the article "An Identity Based Encryption Scheme Based on Quadratic Residues", Cryptography and Coding, 8th IMA International Conference, 2001, pp360-363, or the Boneh-Franklin's algorithm "Identity-Based Encryption from the Weil Pairing", Advances in Cryptology--Proceedings of CRYPTO 2001 (2001).
[0041] When using an identity based encryption algorithm, the configuration server 2 encrypts the transmission of CP with a public key which may be different from the one used to identify the node 1. Typically, this second public key may use a hash function h' different from h. The second public key may also depend on an identifier of the configuration server 2 in addition or in replacement of the identifier id relating to the node 1. In this case, the node 1 should further hold a second secret key initially in order to decrypt the messages received from the configuration server 2.
[0042] It should be noted that the use of an identity based identification algorithm to identify the node is really advantageous, because some nodes may have very low power/memory which might prevent them from embedding a heavy X.509 certificate traditionally used for identification or authentication purposes. The heavy PKI (Public Key Infrastructure) infrastructure is also avoided. Moreover, the exchanges between the node and the configuration server are quite light and thus compatible with low bandwidth systems.
[0043] FIG. 3 shows an example of configuration of a node 1 including an identity-based identification using the Shamir's algorithm described in "Identity-based cryptosystems and signature schemes", Proceedings of CRYPTO'84, LNCS 196, page 47-53, Springer-Verlag, 1984.
[0044] In this example, the public key for the node 1 includes the identifier id. Advantageously, the public key may also incorporate other information, such as an expiry date for configuring the node 1, in which case the configuration parameters may be sent to the node 1 only if the current date is no later than this expiry date. This public key is id sent to the configuration server 2 by the node 1.
[0045] Moreover, the node 1 has been provided with Ks=(id).sup.d[n] as a secret key, where [] designates the modulo operation, n=pq, p and q being two long prime integers and d is an integer such that ed=1 [(p-1)(q-1)], e being another integer. While e and n are public, p and q are not (i.e. the factorization of n is not public).
[0046] The node 1 generates a random number r and calculates t=r.sup.e[n] and s=Ksr.sup.f(t,m)[n], where f is a one way function which may be the above mentioned function h, e.g. a hash function such as SHA-1 or MD5, and m is a known message. Advantageously, m can be set to id. The node 1 then sends t and s to the configuration server 2 (steps 7 and 8).
[0047] The configuration server 2 calculates s.sup.e=(Ks).sup.er.sup.ef(t,m)[n] and checks whether it equals idt.sup.f(t,m)[n]. If the check is positive, the configuration server 2 concludes that the node 1 is really the one relating to the identifier id, which means that the node 1 has been successfully identified. The configuration server 2 can then retrieve the configuration parameters CP corresponding to this id and return them to the node 1 (step 9).
[0048] FIG. 4 shows another example of configuration of a node 1 including an identity-based identification using the Fischer-Micali-Rackoff's algorithm described in "A secure protocol for the oblivious transfer", 1984, presented at EuroCrypt 84.
[0049] The node 1 holds h(id) as a public key and sends it (or id) to the configuration server 2. Like in the previous example, the public key may also incorporate other information, such as an expiry date for configuring the node 1.
[0050] The node 1 also holds, as a secret key, Ks={square root over ( h(id))}[n], where n=pq, p and q being two secret long primes. Although h(id) is public, a third party cannot easily obtain Ks, since the calculation of the square root requires to know the factorization of n (Chinese remainder theorem).
[0051] The node 1 chooses a random number r, calculates x=r.sup.2[n] and sends x to the configuration server 2 (step 11). The configuration server 2 returns a challenge "0" or "1" to the node 1 (step 12).
[0052] If "0" is received by the node 1, the latter sends r to the configuration server 2 (step 13). In this case, the configuration server 2 calculates r.sup.2 and checks whether this equals x[n] (step 14).
[0053] If "1" is received by the node 1, the latter sends y=rKs to the configuration server 2 (step 15). In this case, the configuration server 2 calculates y.sup.2 and checks whether this equals xh(id)[n] (step 16), which is possible because the public key h(id) is known to the configuration server 2. If the check is positive, which means that the node 1 has been successfully identified, the configuration server 2 retrieves the configuration parameters CP corresponding to id and return them to the node 1.
[0054] A sequence including successive challenges "0" or "1" (e.g. one "0" and then one "1") may advantageously be transmitted to the node 1 by the configuration server 2, before the latter transmits the relevant configuration parameters CP to the node 1.
[0055] In a non-limiting example of application of the present invention, the node to be configured may be a home gateway (HGW). A HGW provides a radio interface similar to that of a cellular infrastructure, and it interfaces with a cellular network. The coverage of the HGW can be considered as a cell of the network, to which it is fully integrated. For such a node, the configuration parameters to be provided by the configuration server may include a radio network controller address, scrambling codes, a location area code, a routing area code, a reference macrocell identity, etc.
[0056] Of course, the present invention may apply to various other types of nodes as well.
* * * * *
uspto.report is an independent third-party trademark research tool that is not affiliated, endorsed, or sponsored by the United States Patent and Trademark Office (USPTO) or any other governmental organization. The information provided by uspto.report is based on publicly available data at the time of writing and is intended for informational purposes only.
While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, reliability, or suitability of the information displayed on this site. The use of this site is at your own risk. Any reliance you place on such information is therefore strictly at your own risk.
All official trademark data, including owner information, should be verified by visiting the official USPTO website at www.uspto.gov. This site is not intended to replace professional legal advice and should not be used as a substitute for consulting with a legal professional who is knowledgeable about trademark law.
| 