Embodiments of the present invention generally relate to computer networks and more specifically to techniques for managing a secure key using a key server in a network segment.
Devices in a local area network (LAN) require an encryption method for the data link layer (layer 2). A secure key is needed to protect data communications among devices connected to the LAN. The secure key is used by all devices in the LAN when sending data amongst each other.
A data link layer encryption method (commonly called LinkSec or MACsec) has been defined for IEEE 802 LANs. For devices on the LAN to use the same group key, they must obtain the same generated group key. Traditionally, the generated key is distributed manually to each device. An administrator thus manually installs the key. One proposal is for a group key to be generated in which all devices contribute information that is used in the generation of the group key use to communicate. For example, all devices broadcast information to every other device in the LAN. When one device receives all the information from the other devices, the information is combined together to create a group key based on heuristics. Each device in a LAN uses the same heuristics to generate the group key. In this method, a lot of messages are transmitted among the devices. This requires a lot of regulations to ensure the messaging is performed correctly.