The network technologies have been developed for many years. FIG. 1 depicts a schematic view of a conventional network system 1. The network system 1 comprises a server 11, a plurality of gateways 13, and a plurality of electronic apparatuses 15. The server 11 connects to the gateways 13 via the Internet and manages the electronic apparatuses 15 via the gateways 13. In recent years, this architecture of the network system 1 is often used in Internet of Things (IoT) systems, such as Advanced Metering Infrastructure (AMI) systems. When the network system 1 is an AMI system, the server 11 may be a meter data management system (MDMS), each of the gateways 13 may be a concentrator, and each of the electronic apparatuses 15 may be a smart meter.
When the network system 1 is an IOT system, the server 11 needs to access information from the electronic apparatuses 15 (e.g., read parameters of the smart meters, set the parameters of the smart meters, and so on) frequently. For purpose of information security, the network system 1 often employs a cryptography algorithm to encrypt/decrypt the transmitted/received information or messages and deal with the security control. By doing so, security protections in terms of confidentiality, integrity, authentication, and access control can be achieved. Therefore, the server 11, the gateways 13, and the electronic apparatuses 15 must all be provided with security keys.
To cater for the diversified needs for security protection in application systems, the electronic apparatuses 15 has to establish and maintain a plurality of security keys for most of the time. These security keys may be keys for a symmetric cryptography algorithm or keys for an asymmetric cryptography algorithm. Management of the keys must be carried out via a network through interaction between the electronic apparatuses 15 and an external key management system (e.g., the server 11). Management of the keys is very complex and involves the following four main operations.
The first main operation is the key establishment, in which a key is generated by the key management system and transmitted to an electronic apparatus 15 or a key is generated through information exchange between the key management system and the electronic apparatus 15 by a specific key negotiation mechanism (e.g., the Diffie-Hellman key exchange protocol). The second main operation is re-key, in which a new key for replacing the original key is generated and transmitted by the key management system or is generated through negotiation between two parties. The third main operation is key suspend/restore, in which a suspension command is transmitted from the key management system to the electronic apparatus 15 to suspend the original key or a restoration command is transmitted from the key management system to the electronic apparatus 15 to restore the suspended key. The fourth main operation is key revocation, in which a revocation command is transmitted from the key management system to the electronic apparatus 15 to disable the original key forever.
For security sensitive applications (e.g., AMI systems), the server 11 often takes charge of the life cycle management of the electronic apparatuses 15, including device authentication and management of connection with the system in the installation stage, maintenance management in the running stage, and device removal or replacement in the aged stage. These also include key management on the electronic apparatuses 15.
Since the network system 1 is often of a very large scale, the number of the electronic apparatuses 15 is huge (e.g., in an AMI system, the number of the smart meters and gateways are usually on the order of millions) and the key management operations are very complex. When the keys are managed in the aforesaid centralized way (i.e., all the electronic apparatuses 15 are managed by the server 11 directly), a poor efficiency is often caused. Specifically, the key management of the centralized way has the problems of having a too-long transmission path of the management information, a too-long transmission time, and an excessive amount of network information traffic. In addition, since the server 11 has to manage the individual electronic apparatuses 15 one by one, the workload of the server 11 is huge and the overall operation time is too long, which become the bottleneck of the network system 1. Accordingly, a key management mechanism that can solve the aforesaid problems is in an urgent need.