Traitement en cours

Veuillez attendre...

Paramétrages

Paramétrages

Aller à Demande

1. WO2008011219 - PROCÉDÉ ET APPAREIL DE SÉCURITÉ DYNAMIQUE, ININTERROMPUE DANS DES PROTOCOLES DE COMMUNICATION

Note: Texte fondé sur des processus automatiques de reconnaissance optique de caractères. Seule la version PDF a une valeur juridique

[ EN ]

What is claimed is:

1. A method for providing communication nodes, acting as intermediate routers for communication packets transmitted between a source node and a destination node, with different access rights to the fields of the routed communication packets, the method comprising:
discovering routes of intermediate routers between the source node and the destination node;
collecting the identities of the intermediate routers on the discovered routes; computing the aggregate trust levels of the intermediate routers;
selecting a most trusted route of the discovered routes;
computing, and securely distributing, encryption keys to intermediate routers on the most trusted route based on the trust level of the intermediate routers; and
encrypting fields of the communication packets with corresponding encryption keys.

2. A method in accordance with claim 1, further comprising the source node and the destination node authenticating with each other.

3. A method in accordance with claim 2, further comprising authenticating the intermediate routers to the source and destination nodes.

4. A method in accordance with claim 2, wherein the source node and the destination node authenticating with each other, comprising sending messages containing public key certificates of the corresponding device.

5. A method in accordance with claim 1, further comprising redistributing encryption keys based on behavior of the intermediate routers.

6. A method in accordance with claim 1, wherein collecting identities of intermediate routers on the routes comprises adding public key certificates of the intermediate routers to messages sent from the intermediate routers.

7. A method in accordance with claim 1, wherein computing the aggregate trust levels of the intermediate routers comprises taking the minimum value of the trust levels of the intermediate router assessed by the source node and the destination node.

8. A method in accordance with claim 1, wherein selecting the most trusted route of the discovered routes comprises the source node selecting among all the discovered routes the route with the most trusted weakest intermediate router.

9. A method in accordance with claim 1, further comprising the source node generating encryption keys for each field of the communication packets.

10. A method in accordance with claim 1, wherein securely distributing encryption keys to intermediate routers on the most trusted route comprises the source node encrypting the key with a public key of the intermediate router and signing the encrypted key with the private key of the source node.