The technique of home networking over residential power lines has received considerable attention in recent years. The HomePlug Powerline Alliance, for example, has established a high-speed networking standard, and to date several manufacturers are producing and marketing power-line communication devices (PLC devices) for the consumer market that are interoperable under the HomePlug standard.
To achieve interoperability, a part of the HomePlug Specification outlines a network protocol to which all makers of HomePlug compliant devices must adhere. The network protocol is designed to allow multiple devices to share access to the same physical medium, and to facilitate, as much as possible, communication between the devices. It will be helpful to introduce certain concepts and terminology from the HomePlug protocol before describing the details of this invention.
Terminology: The following selectively introduces some terminology in accordance with HomePlug Specification 1.0.1, as well as pending U.S. patent application Ser. No. 09/632,310, which is incorporated by reference.
Logical Networks In some cases it is desirable to logically separate multiple groups of PLC devices that all share access to the same underlying physical medium (i.e., the same residential power line network). The “logical separation” implies that PLC devices of one group can not necessarily communicate with PLC devices of a different group. Such groups of logically separated PLC devices or network nodes are referred to as “Logical Networks”.
The concept of Logical Networks is important, for instance, in the case of two neighboring apartments that share the same infrastructure of electrical wiring. Suppose that the families in each apartment establish a network of PLC devices. Without the concept of Logical Networks, PLC devices in one apartment could intercept messages from PLC devices in the neighboring apartment, since they share the same physical medium.
Network Encryption Key (NEK): A Logical Network is established under the HomePlug protocol by means of a Network Encryption Key. All PLC devices in a given Logical Network may encrypt/decrypt messages using the same Network Encryption Key. This key is known only to devices within the logical network, and thus provides security from intruders.
Device Encryption Key (DEK): Each PLC device under the HomePlug Specification has its unique device encryption key. Similar to the Network Encryption Key, a device encryption key may be used to encrypt/decrypt messages such that only other PLC devices with knowledge of the same DEK can communicate with the present device.
MAC Management Entry (MME): The HomePlug Specifications provides for the use of a number of network management commands, so that a network can properly be established and managed, by the participating PLC devices. The acronym MAC stands for Medium Access Control. Each PLC device is prescribed to have a defined behavior in response to certain MAC Management Entries (MMEs). Some MMEs that are of interest in context with the present invention are:                SetNEK: When a HomePlug PLC device receives a SetNEK MME, its defined behavior is to set its Network Encryption Key to a key found in the MME. If the NEK was successfully set, the PLC device then proceeds to transmit a ConfirmNEK MME to notify the requesting unit of the success of the procedure.        ConfirmNEK: The ConfirmNEK MME is sent in response to a SetNEK, if setting the Network Encryption Key was indeed done successfully at the node that received the SetNEK request.        StatsRequest: A request for some network statistics and parameters. The receiver of such a request is directed to return a StatsResponse MME with the said network statistics and parameters.        StatsResponse: The StatsResponse MME is sent in response to the StatsRequest MME.        
Controlling Station: In the context of this filing the term controlling station refers to a particular PLC device in the network, that has access to all necessary information to issue MAC management entries as required.
MAC Address: A MAC address is a unique identifier for each PLC device that participates in a given network. Knowledge of a node's MAC address enables any other node in the same logical network to direct a message directly to the node of said address.
Universal Broadcast: A message with the destination address field set such that any listening node may receive the message. Note, that a broadcast message may be encrypted however, so that only nodes with access to the proper decryption key may decypher the message.
Unicast: In contrast to a Universal Broadcast, a Unicast is a message with the destination address field set to the MAC address of a unique node.
Remote Setting of Network Encryption Key: Provisions have been made in the HomePlug Specification particularly for the setting of the Network Encryption Key. A simple procedure to achieve such a remote setting will now be described as with reference to FIG. 1, an illustrative example.
As shown in FIG. 1, a network is given that consists of two logical networks, Logical Network 1 and Logical Network 2, a controlling station, and participant PLC devices in the network (not shown). To move Node A from Logical Network 1 to Logical Network 2, the following procedure may be applied in accordance to the HomePlug protocol. This procedure is referred to as Procedure A.
Procedure A                1. The controlling station prepares a SetNEK MME (with the NEK to be set to the NEK of Logical Network 2) as a universal broadcast message and the frame is encrypted with the Device Encryption Key of Node A and transmitted.        2. Node A receives the SetNEK MME of step 1, sets its own NEK to the one obtained in the MME of Step 1, and replies with a ConfirmNEK MME. Note that other nodes in the network will not receive the SetNEK MME, due to the fact that they do not have the proper device encryption key to decode the message.        3. Upon reception of the ConfirmNEK MME, the controlling station updates network information as required, and the procedure is finished.        
Given the proper execution of all steps, Procedure A presents an efficient method to achieve the remote setting of the network encryption key for a PLC device. The problem with Procedure A is that the transmission of a ConfirmNEK is defined as a host function in the HomePlug 1.0.1 Specification (the host is the device that is connected to the network through a PLC device, for example, if a personal computer is connected to a network via a PLC device, the personal computer is considered the host device). Host devices are not subject to the HomePlug 1.0.1 specification, therefore, it is not certain that they are all correctly implemented to execute ConfirmNEK requests. Without the ability to properly execute a ConfirmNEK request, Procedure A becomes unreliable, and Logical Networks cannot be established as desired.
This is further illustrated by the following exemplary application of Procedure A. Referring to FIG. 2, consider Logical Network 1 to be a collection of PLC device in Apartment 1, and Logical Network 2 to be a collection of PLC devices in Apartment 2, which shares the residential power line network with Apartment 1. A new PLC device is to be added to Logical Network 1. According to the HomePlug Specification new devices will have a default Network Encryption Key, thus when the new PLC device is first connected to the residential power line it is the sole member of a third Logical Network, labeled Logical Network 0 in FIG. 2. To integrate the new device into the existing Logical Network structure it must obtain the Network Encryption Key for Logical Network 1. Suppose a controlling station in Logical Network 1 initiates Procedure A. Suppose Step 1 executes, but Step 2 does not. Then, other devices in Logical Network 1 may not communicate with the new device using the Network Encryption Key of Logical Network 1, and the network remains non-secure.