Infrastructure-based wireless networks, such as cellular networks or satellite networks, typically include a communications network with fixed and wired gateways. Many infrastructure-based wireless networks employ a mobile unit or host which communicates with a fixed base station that is coupled to a wired network. The mobile unit can move geographically while it is communicating over a wireless link to the base station. When the mobile unit moves out of range of one base station, it may connect or “handover” to a new base station and starts communicating with the wired network through the new base station.
In comparison to infrastructure-based wireless networks, ad hoc networks are self-forming wireless networks which can operate in the absence of any fixed infrastructure, and in some cases an ad hoc network is formed entirely of mobile units. An ad hoc network typically includes a number of geographically-distributed, potentially mobile units, sometimes referred to as “nodes,” which are wirelessly connected to each other by one or more links (e.g., radio frequency communication channels). The nodes can communicate with each other over a wireless media without the support of an infrastructure-based or wired network.
A mesh network is a form of an ad hoc wireless network based on autonomous collections of mobile nodes that communicate with each other over wireless links having limited bandwidths. Individual nodes in a mesh network can perform routing functions, which enable a mesh network to be reconfigured around blocked paths or poor connections by “hopping” from one node to another until a destination is reached. A mesh network is thus described as self-healing, as it can still operate effectively even when particular nodes break down or leave the network.
As wireless communications networks such as mesh networks become more prevalent, security continues to be a major concern to both communications network providers and end users. In a wireless communications mesh network the security environment can offer the greatest challenges since data may be readily received and manipulated by many nodes. The radio links used in a wireless communications mesh network expose signaling and other data traversing the network to eavesdroppers and/or would-be hackers. In a multi-hop wireless communications mesh network, this requires each link between the meshed devices to have a unique security association established through a multi-hop authentication and key management process. Frames sent over-the-air on the link then can be protected with established security associations.
Mesh networks that use centralized authentication to limit access to authorized mesh stations may utilize a key distributor to manage and distribute keys and to facilitate accelerated secure peer link establishment and network formation. For example, in a mesh network employing a key distributor, mesh stations may contact the key distributor in order to gain entry into the mesh and later to gain access to keys needed to authenticate peers. As a key holder for the mesh station, a mesh key distributor may need to create keys associated with the station to be delivered one or more peer mesh stations. Key generation can be demanding in terms of the number of computing cycles required to execute a key derivation and/or random number algorithm. Additionally, key distribution can be demanding in terms of the round trip times between the mesh key distributor and the peer mesh stations.
In order to optimize performance and accelerate secure peer link establishment, an unresolved problem is how to push derived keys from the mesh key distributor to mesh peers at the earliest possible moment after a mesh station gains entry into the mesh. Accordingly, there is a need for a method of triggering a key push from a mesh key distribution center.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of embodiments of the present invention.
The apparatus and method components have been represented where appropriate by conventional symbols in the drawings, showing only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.