Many wireless communication systems require a rapid deployment of independent mobile users as well as reliable communications between user nodes. Mesh networks are based on self-configuring autonomous collections of portable devices that communicate with each other over wireless links having limited bandwidths. A mesh network is a collection of wireless nodes or devices organized in a decentralized manner to provide range extension by allowing nodes to be reached across multiple hops. In a mesh network, communication packets sent by a source node thus can be relayed through one or more intermediary nodes before reaching a destination node. Mesh networks may be deployed as temporary packet radio networks that do not involve significant, if any, supporting infrastructure. Rather than employing fixed base stations, in some mesh networks each user node can operate as a router for other user nodes, thus enabling expanded network coverage that can be set up quickly, at low cost, and which is highly fault tolerant. In some mesh networks, special wireless routers also may be used as intermediary infrastructure nodes. Large networks thus can be realized using intelligent access points (IAPs), also known as gateways or portals, which provide wireless nodes with access to a wired backhaul or wide area network (WAN).
Mesh networks can provide critical communication services in various environments involving, for example, emergency services supporting police and fire personnel, military applications, industrial facilities and construction sites. Mesh networks are also used to provide communication services in homes, in areas with little or no basic telecommunications or broadband infrastructure, and in areas with demand for high speed services (e.g., universities, corporate campuses, and dense urban areas).
Establishing secure communications between nodes in a mesh communication network can be difficult and complex. Unlike nodes in a mesh communication network, nodes in wired networks and conventional mobile devices such as cellular phones often obtain communication security using infrastructure-based authentication processes. According to conventional public key infrastructure (PKI) methods, two infrastructure-based communication nodes performing a mutual authentication process may each have certificates signed by a different certification authority (CA). Similarly, the CAs of a local node and a remote node may be the same as or different than the CAs of the trust anchors of the local node and the remote node. In order to authenticate a remote node, a CA certificate trust path often must be established between a remote node's signing CA and at least one of a local node's trust anchor CAs. Therefore, conventional PKI methods for infrastructure-based communication nodes often provide a centralized authority, such as a public key directory, that can be queried for public key certificates.
However, nodes in mobile ad-hoc networks are sometimes not connected to infrastructure. Thus nodes in mobile ad-hoc networks may not be able to authenticate each other if the nodes have different signing CAs. Methods exist for pre-constructing PKI certificate paths at a centralized unit in order to minimize certificate path discovery time during certificate-based authentication. Such methods however rely on obtaining certificate path information from a centralized unit that is generally connected to infrastructure. Thus such methods are often impractical for use with nodes in autonomous, ad-hoc networks.
Accordingly, there is a need for an improved method and device for distributing public key infrastructure (PKI) certificate path data in autonomous ad-hoc networks.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of embodiments of the present invention.
The apparatus and method components have been represented where appropriate by conventional symbols in the drawings, showing only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.