主权项 |
1. A method of establishing a plurality of shared authentication keys within a network comprising first and second key management centres (KMCs) and a plurality of other network nodes, each of which shared authentication keys is to be shared by the first KMC and a respective network node, the method comprising the steps of:
(i) supplying the first and second KMCs with a shared authentication key; (ii) establishing a shared authentication key between the first KMC and a network node by performing authentication between the first KMC and the network node, the network node not being the second KMC, the first KMC and the network node each sharing a respective authentication key with the second KMC, and wherein
(a) each of the first KMC and the network node generates a respective message and encrypts the message using the authentication key shared with the second; KMC, wherein the first KMC and the network node directly exchange the encrypted messages and subsequently pass the exchanged encrypted messages to the second KMC;(b) at the second KMC, the message generated and encrypted at the first KMC is decrypted, re-encrypted using the authentication key shared by the network node and the second KMC, and passed to the network node for decryption; and(c) at the second KMC, the message generated and encrypted at the network node is decrypted, re-encrypted using the authentication key shared by the first and second KMCs, and passed to the first KMC for decryption; and (iii) repeating step (ii) for all other network nodes.
|