In the vast majority of networks, there is no difference between the first channel established between two parties and subsequent channels. All channels are handled in the same way. Also, each party is in an always listen mode, where requests to open a new channel are always accepted. In contrast, networks with a single channel per neighbor only allow one channel, and may also enter a no listen mode after the channel has been established. These networks have stronger correctness and reliability guarantees, but at the price of limiting usability and applicability.
Embodiments are provided for establishing secondary secure channels in any network, including networks that enforce a single channel per neighbor policy. In one embodiment, switching between a no listen mode and a listen mode determines whether requests to open a new channel are ignored or handled, respectively, and when a channel is established, a first or a second secure channel is authenticated, depending on whether the party associated with the channel is already connected. After authentication, the channels may be used for secure communication. Any authentication method may be used. In one embodiment, a second secure channel is provisioned using the first secure channel. Any method for establishing the first secure channel may be used. In one embodiment, a method of storing data for provisioning secondary secure channels is provided.
The following figures illustrate the embodiments by way of example. They do not limit their scope.
This section includes detailed examples, particular embodiments, and specific terminology. These are not meant to limit the scope. They are intended to provide clear and through understanding, cover alternatives, modifications, and equivalents.
Communication involves a plurality of parties. The set of parties that communicate with a party is the neighbors of that party. Parties may have a unique identifier and may be in different or identical locations. Parties communicate via a channel which may be closed in any way. Each pair of parties may or may not have a unique channel, and elements used to establish a channel in one direction may or may not be used to establish a channel in the reverse direction. Data sent on the channel may or may not arrive, may or may not be delayed, and may or may not be corrupted.
A party is in listening mode if it accepts requests to open a new channel. Otherwise, it is in a no listen mode. A listening policy selects a listening mode. For example, in a single channel per neighbor policy, a party listens until a channel has been established with each of its neighbors, and then switches back to a no listen mode, resuming listening only if a channel with one of the neighbors drops. A single channel per neighbor policy can be adapted to temporarily switch to a listen mode so that a neighbor that is already connected can establish a secondary channel. Such a policy is called single channel with temporary windows. Another listening policy that supports secondary channels is the always listen policy.
In cryptography, encryption provides data confidentiality, signatures provide data integrity, and signcryption provides both. A secure channel provides data confidentiality, data integrity, and authenticity. Elements such as identifiers, tokens, and cryptographic functions such as signcryption may be used to establish a secure channel. For example, an identifier followed by the output of a cryptographic function applied to a token may be used to establish a secure channel. Elements can be serialized. Serialization involves the formatting of data so that it can be transmitted or stored. For example, an identifier and a construct containing a token and a cryptographic function may be sent from one party to another.
Any method can be used for the first and second identifiers, and the methods may be identical or not. The first and second identifiers may be validated in any way. For example, they can be validated using a list, a database, a predicate, and so on. The first and second authentication can use any method, and the methods may be identical or not. For example, a signcryption function corresponding to the identifier may be applied to the channel so that a token can be read, and authentication is successful if the token is valid.
Depending on the listening policy, the second party may also temporarily switch into listening mode so that requests to open a new channel are accepted. The first party uses the identifier and the construct to establish a second secure channel 118 with the second party. The second secure channel may be used for secure communication.
The identifier and the corresponding construct may be removed for any reason, such as when the identifier is used for establishing a secondary secure channel. Alternatively, the number of identifiers may be limited by a threshold. Moreover, if the threshold is reached, then the oldest element inserted can be removed so that room is made. The list may be used to find the oldest element inserted.
The method can be used by any party. For example, a second party provisioning a secondary channel to a first party may use the method.
The specific embodiments and specific terminology used above should not be construed as limiting the scope of the embodiments. These details have been presented for purposes of illustration and are not intended to be exhaustive. Many modifications and uses are possible. The scope of the embodiments is defined by the Claims appended hereto and their equivalents.