| 发明名称 |
METHOD AND ARRANGEMENT FOR SECURE COMMUNICATION BETWEEN NETWORK UNITS IN A COMMUNICATION NETWORK |
| 摘要 |
The invention relates to a first network unit (See) which comprises a secure hardware component (HK) for saving and running software. A second network unit (P) comprises a secure software component (SK) for saving and running software. A method for secure communication comprises: saving a first common secret, a first algorithm and a second algorithm on the network units; sending a first date from the second network unit to the first network unit; running the first algorithm on the first network unit and on the second network unit wherein the input is in each case formed by the second common secret and the first date; sending of a second date from the first network unit to the second network unit; running the second algorithm on the first network unit and on the second network unit; wherein the input is formed in each case by the second common secret and the second date; and use of the third common secret for a secure communication. |
| 申请公布号 |
US2015334096(A1) |
申请公布日期 |
2015.11.19 |
| 申请号 |
US201314443383 |
申请日期 |
2013.09.16 |
| 申请人 |
SIEMENS AKTIENGESELLSCHAFT |
发明人 |
Pyka Stefan;Zwanzger Johannes |
| 分类号 |
H04L29/06;H04L9/08 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for secure communication between a first network unit (Sec) and a second network unit (P) in a communication network, wherein the first network unit (Sec) comprises at least one secure hardware component (HK) for the secure storage and secure running of software, and wherein the second network unit (P) comprises at least one secure software component (SK) for the secure storage and secure running of software, with the steps:
a) storage of a first common secret (GS), a first algorithm (A1) and a second algorithm (A2) on the first network unit (Sec) using the secure hardware component (HK) and on the second network unit (P) using the secure software component (SK); b) transmission of a first datum (SD) from the second network unit (P) to the first network unit (Sec); c) running of the first algorithm (A1) on the first network unit (Sec) using the secure hardware component (HK) and on the second network unit (P) using the secure software component (SK) for the respective provision of a second common secret (PS), wherein the input for the first algorithm (A1) is formed in each case by the first common secret (GS) and the first datum (SD); d) transmission of a second datum (R) from the first network unit (Sec) to the second network unit (P); e) running of the second algorithm (A2) on the first network unit (Sec) using the secure hardware component (HK) and on the second network unit (P) using the secure software component (SK) for the respective provision of a third common secret (KE, KA), wherein the input for the second algorithm (A2) is formed in each case by the second common secret (PS) and the second datum (R); and f) use of the third common secret (KE, KA) by the first network unit (Sec) and the second network unit (P) for a secure communication between the first network unit (Sec) and the second network unit (P). |
| 地址 |
München DE |
