US20030079000A1 - Methods and apparatus for configuring multiple logical networks of devices on a single physical network - Google Patents

Methods and apparatus for configuring multiple logical networks of devices on a single physical network Download PDF

Info

Publication number
US20030079000A1
US20030079000A1 US10/253,708 US25370802A US2003079000A1 US 20030079000 A1 US20030079000 A1 US 20030079000A1 US 25370802 A US25370802 A US 25370802A US 2003079000 A1 US2003079000 A1 US 2003079000A1
Authority
US
United States
Prior art keywords
network
logical
logic configured
nca
configuration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/253,708
Inventor
Robert Chamberlain
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Renesas Technology America Inc
Renesas Electronics America Inc
Original Assignee
Renesas Technology America Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Renesas Technology America Inc filed Critical Renesas Technology America Inc
Priority to US10/253,708 priority Critical patent/US20030079000A1/en
Assigned to MITSUBISHI ELECTRIC AND ELECTRONICS, U.S.A. INC. reassignment MITSUBISHI ELECTRIC AND ELECTRONICS, U.S.A. INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CHAMBERLAIN, ROBERT L.
Priority to JP2002302908A priority patent/JP3946122B2/en
Publication of US20030079000A1 publication Critical patent/US20030079000A1/en
Assigned to HITACHI SEMICONDUCTOR (AMERICA) INC. reassignment HITACHI SEMICONDUCTOR (AMERICA) INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MITSUBISHI ELECTRIC AND ELECTRONICS USA, INC.
Assigned to RENESAS TECHNOLOGY AMERICA, INC. reassignment RENESAS TECHNOLOGY AMERICA, INC. CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: HITACHI SEMICONDUCTOR (AMERICA) INC.
Assigned to RENESAS ELECTRONICS AMERICA INC. reassignment RENESAS ELECTRONICS AMERICA INC. MERGER (SEE DOCUMENT FOR DETAILS). Assignors: RENESAS TECHNOLOGY AMERICA, INC.
Priority to US13/274,925 priority patent/US9401836B2/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2805Home Audio Video Interoperability [HAVI] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0806Configuration setting for initial configuration or provisioning, e.g. plug-and-play
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2807Exchanging configuration information on appliance services in a home automation network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W16/00Network planning, e.g. coverage or traffic planning tools; Network deployment, e.g. resource partitioning or cells structures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support

Definitions

  • Home network is a phrase often used to refer to the last hundred feet of any consumer-related network.
  • home networks have largely been used to interconnect personal computers (PCs) and computer peripheral devices, such as printers and scanners, within the home, so that the resources of the peripheral devices could be shared among PC users.
  • PCs personal computers
  • PC peripheral devices such as printers and scanners
  • home networks have enabled PC users to share access to broadband Internet connections that are linked to the network.
  • home networks are either built around a shared wired or a shared wireless medium.
  • Popular wired mediums include category 5 twisted-pair (used with Ethernet-based systems), telephone line (or category 3 twisted-pair), broadband cable, and powerline carrier (PLC), which uses AC power lines to carry network information throughout the home.
  • PLC powerline carrier
  • RF radio frequency
  • home networks should be simple to configure and should operate reliably over long periods of time. If the configuration process is not maintenance-free, easy to use, and quick to install new devices, it will not likely be embraced by the public.
  • Another consumer expectation of home networks is that no new wires should have to be installed in the home to network together smart appliances, such as washing machines, microwave ovens, and air conditioners. In most households, this limits the possible media upon which the home network can be based to RF or PLC. While nearly every household has telephone wiring installed, access to this wiring is usually limited to three or four access points within the home. In contrast, most household appliances are directly connected to a PLC, and RF transport elements by their very nature require no wiring.
  • a problem associated with PLC and RF-based home networks is that the media are not physically constrained to a single home or apartment.
  • RF-based networks the number of homes and apartments that can share the medium is constrained only by the strength of the RF transmissions and the sensitivity of the smart device receivers.
  • PLC-based network the number of homes and apartments that can share the medium is constrained to the number of households physically attached to a common power line transformer. In many cases, a single transformer may service several hundred households.
  • the individual households sharing a common PLC or RF physical network can each be serviced by respective secure logical networks that only allow smart devices physically existing within the individual home access to the network. Accordingly, there exists a need for simple, reliable techniques for configuring smart devices that are attached to a common transmission medium to interoperate in separate, secure logical networks.
  • the established logical networks should be secure from “attacks” from other devices connected to the shared physical medium.
  • a homeowner may wish to install a pair of smart switches and a smart power outlet, and then to configure these devices to operate such that a switch, installed at each door of a room of the house, controls a lamp plugged into the smart outlet.
  • the smart switches it would be desirable for the smart switches to be capable of being installed in locations where existing wiring to other fixtures is already in place, but to be configurable to control only those devices connected into the smart outlet.
  • one object is to provide techniques for simple, reliable techniques for configuring smart devices that are attached to a common transmission medium to interoperate in separate, secure logical networks.
  • Another object is to provide techniques to easily add new or additional smart devices to the home and to configure these devices to join an already established logical network with a minimum of interaction and skill from the homeowner.
  • an apparatus for configuring multiple logical networks of devices on a single physical network.
  • the apparatus includes a transceiver configured to exchange information with devices connected to a shared bus of the physical network.
  • Logic is configured to assign a network number to a new logical network when the apparatus is first activated on the shared bus, the assigned network number being different from network numbers associated with other logical networks using the shared bus.
  • Logic is also configured to enter into a configuration mode for a limited amount of time, during which time the apparatus is capable of participating in a configuration session with at least one of the devices connected to the bus.
  • Additional logic is configured to assign a logical address to the at least one device while participating in the configuration session with the at least one device, the assigned logical address being different from all logical addresses associated with devices belonging to other logical networks on the physical network. After configuration, the at least one device responds only to information addressed to its assigned logical address within the new logical network.
  • the logic configured to assign a logical network number includes logic configured to assign a node address to the at least one device. Additional logic is configured to combine the network number assigned to the new logical network with the node address assigned to the at least one device to form the logical address of the at least one device.
  • the apparatus further includes logic configured to generate a network encryption key associated with the new logical network for encrypting/decrypting information exchanged among devices belonging to the new logical network.
  • the apparatus further includes logic configured to accept a one-time encryption key associated with the at least one device.
  • an arrangement of multiple logical networks of devices operating on a single physical network is provided.
  • the arrangement a shared bus.
  • a number of devices are connected to the shared bus.
  • a network configuration apparatus (NCA) associated with each logical network operating on the physical network is also included.
  • NCA includes a transceiver configured to exchange information with the devices connected to the shared bus.
  • An NCA also includes logic configured to assign a network number to the logical network associated with the NCA when the NCA is first activated on the shared bus, the assigned network number being different from network numbers associated with other logical networks using the shared bus.
  • an NCA includes logic configured to enter into a configuration mode for a limited amount of time, during which time the NCA is capable of participating in a configuration session with at least one of the devices connected to the bus. Also, the NCA includes logic configured to assign a logical address to the at least one device while participating in the configuration session with the at least one device, the assigned logical address being different from all logical addresses associated with devices belonging to other logical networks on the physical network. After configuration, the at least one device responds only to information addressed to its assigned logical address within the logical network associated with the NCA.
  • a method for configuring multiple logical networks of devices connected to a shared bus of a single physical network includes the step of assigning a network number to a new logical network, the assigned network number being different from network numbers associated with other logical networks using the shared bus.
  • a configuration mode is entered into for a limited amount of time, during which time a configuration session is capable of being established with at least one of the devices connected to the bus.
  • a logical address is assigned to the at least one device during the configuration session, the assigned logical address being different from all logical addresses associated with devices belonging to other logical networks on the physical network.
  • the at least one device responds only to information addressed to its assigned logical address within the new logical network.
  • FIG. 1 depicts a PLC network including a number of devices arranged into multiple logical networks
  • FIG. 2 depicts the arrangement of FIG. 1, adding a network configuration apparatus (NCA) and corresponding new logical network to the PLC network;
  • NCA network configuration apparatus
  • FIG. 3 depicts the arrangement of FIG. 2, further adding devices to the new logical network
  • FIG. 4 depicts the arrangement of FIG. 3, further adding a secure NCA and corresponding new secure logical network to the arrangement;
  • FIG. 5 depicts the arrangement of FIG. 4, further adding secure devices to the new secure logical network
  • FIG. 6 is a flowchart depicting an exemplary method for configuring a logical network.
  • Applicant describes techniques for establishing a secure logical network of devices that are connected to one another by a shared physical medium (or bus).
  • these techniques may be managed through at least one network configuration apparatus (NCA) that is also connected to the shared bus, but they need not be.
  • NCA network configuration apparatus
  • the tasks described below as being carried out by an NCA could instead be integrated into one or all of the devices connected to the shared bus, eliminating the need for a separate NCA.
  • a single NCA is used to configure and coordinate the activities of the devices operating within a respective logical network, but again the described techniques are not limited to such an arrangement.
  • exemplary methods for establishing logical networks of devices are described in conjunction with arrangements that include at least one NCA, but the described methods may be applied with other arrangements, including peer-topeer arrangements where the devices themselves configure and control the various logical networks.
  • FIG. 1 shows an arrangement in which a shared bus 102 spans across what are or are to be three separate and distinct logical networks 104 / 106 / 108 .
  • the shared bus 102 is shown as a PLC, but any of the above-described media may have been depicted.
  • Each of the logical networks 104 / 106 / 108 in the figure either correspond to or are to correspond to a physical dwelling, but this need not be the case. For example, more than one logical network could be established within a single physical dwelling.
  • the arrangement describes two logical networks 104 / 106 already being configured in two of the apartments shown, numbers 3 B and 3 C.
  • Each of the logical networks includes several networked devices 110 / 114 , and a dedicated NCA 112 / 116 .
  • a third logical network 108 is yet to be established in apartment 3 A.
  • the devices 110 operating in apartment 3 C must function in complete logical isolation from the devices 114 operating in apartment 3 B (or any other physical location linked by the shared bus 102 ).
  • logical networks are established in each of the apartments 3 B and 3 C.
  • Each logical network is identified by a unique logical network number, e.g., 0 ⁇ 1F and 0 ⁇ 38 for the logical networks of apartments 3 B and 3 C, respectively.
  • all of the devices 110 / 114 in the arrangement share the bandwidth of the physical PLC network, the devices 110 / 114 existing in individual apartments (and thus existing in different logical networks) operate as if being attached to one another in separate, isolated “local” networks.
  • the devices 110 / 114 operating within a given logical network 104 / 106 are preferably assigned respective network node numbers (not shown). According to an exemplary embodiment, a combination of a device's individual node address and the logical network number of the logical network 104 / 106 / 108 , which the device operates in, forms the logical address of the device on the shared bus 102 .
  • the logical address may represent a portion of the physical address of the device on the shared bus 102 that corresponds to the relative portion of the address space the logical network 104 / 106 / 108 occupies of the overall address space of the physical network.
  • device node numbers may be shared (or repeated) among the various logical networks 104 / 106 / 108 established on the shared bus 102 . Moreover, device node numbers may be shared by devices of the same logical network if an arrangement where two or more devices of the same logical network are addressable at the same time is desired.
  • FIG. 2 further illustrates the arrangement of FIG. 1 with the third logical network 108 being newly established in apartment 3 A.
  • An NCA 202 is attached to the shared bus 102 and is used to configure and coordinate devices included in the third logical network 108 .
  • the NCA 202 includes circuitry to enable it to communicate with other NCAs 112 / 116 connected to the shared bus 102 .
  • the NCA 202 will typically include a physical layer (PHY) interface for exchanging information over the bus 102 .
  • the NCA 202 may also include media access control (MAC) circuitry for exchanging logical information with the other devices connected to the shared bus 102 .
  • PHY and MAC functions are typically referred to as a transceiver.
  • MAC information may be exchanged according to the transmission protocol (e.g., Ethernet, ATM, or 802.11(b)) used to send information over the bus 102 .
  • the transmission protocol e.g., Ethernet, ATM, or 802.11(b)
  • the design of specific PHY and MAC circuitry is beyond the scope of this document, those skilled in the art will understand how to incorporate the NCA functionality described below into such designs.
  • the NCA 202 when the NCA 202 is connected to the shared bus 102 , the NCA 202 will query the devices connected to the bus 102 to determine if other NCAs 112 / 116 are present on the bus.
  • the NCAs establishing logical networks in apartments 3 B and 3 C will be detected by the new NCA 202 during the query.
  • the new NCA 202 determines the logical network numbers being used by the detected NCAs 112 / 116 . Once the already used logical network numbers are determined, the new NCA 202 may choose a unique logical network number to identify itself to other devices on the shared bus 102 .
  • the NCA 202 further includes circuitry for generating a network encryption key.
  • the network encryption key may be used to encrypt information exchanged over the shared bus 102 among devices within its logical network 108 .
  • Each NCA 112 / 116 / 202 generates a unique encryption key for use within its logical network.
  • One technique for generating an encryption key is to use the unique logical network number of an NCA as a seed that may be passed to a random number generator. The result will be a pseudo-random number that may then be used as the encryption key for the NCA's logical network.
  • Those skilled in the art will understand that other techniques for generating unique encryption keys are possible, but providing a detailed description of those techniques are beyond the scope of this document.
  • the values are stored in non-volatile memory of the NCA.
  • the NCAs then enter into a so-called passive state, waiting for network devices to request access to the NCA's logical network.
  • FIG. 3 further builds on the arrangement shown in FIGS. 1 and 2, and illustrates how a smart device, in this example a washing machine 302 , may be added to the third logical network 108 .
  • a smart device such as the washing machine 302
  • the device when a smart device, such as the washing machine 302 , is first connected to the PLC bus 102 (e.g, when the device is plugged into an ordinary household power outlet), the device does not initially send any information over the bus 102 .
  • the smart device waits to request access (or to respond to a solicitation for access) to a logical network until some triggering event occurs, but this need not be the case.
  • the triggering event may be generated by circuitry, included within the device and/or an NCA, that is responsive to a number of device-related and/or environmental conditions. For example, the triggering event may occur automatically after a set period of time elapses from the time the device is first attached to the PLC.
  • the device and/or the NCA may include circuitry that monitors network traffic on the bus 102 and then searches for information in the traffic to initiate the triggering event. This information may include, but is not limited to, indications that new devices have been connected to the shared bus.
  • both the smart device (or washing machine 302 ) and the NCA 202 include configure switches 304 / 306 that may be used to initiate the triggering event.
  • the configure switches 304 / 306 enable the device 302 and NCA 202 to enter into a configuration mode.
  • the device 302 and the NCA 202 are simultaneously operating in their respective configuration modes, they enter into a configuration session, after which the device 302 will be added to the logical network 108 managed by the NCA 202 .
  • the device 302 and NCA 202 preferably remain in their respective configuration modes only for a limited period of time, e.g., five seconds, after their respective configure switches 304 / 306 are closed. If either the device 302 or the NCA 202 does not enter into its configuration mode while the other device is operating in its configuration mode, a configuration session between the device 302 and the NCA 202 will not be established. While, strictly speaking, the device 302 and the NCA 202 may operate in a “configuration mode” during the configuration session, the phrase “configuration mode” in this document refers to the limited time period that the NCAs and devices operate in when capable of participating in, but just prior to entering, a configuration session
  • One or both of the configure switches 304 / 306 may be used to establish the configuration session between the device 302 and the NCA 202 .
  • the configuration session may be initiated by the device 302 advertising its presence on the bus 102 and requesting to be configured into the logical network 108 in response to the configure switch 304 being closed.
  • the NCA 202 may then participate in a configuration session with the device 302 by first entering into its configuration mode. This can occur either in response to the NCA 202 detecting the request sent by the device 302 in the traffic carried over the bus 102 or in response to the switch 306 being closed.
  • the NCA 202 must enter its configuration mode while the device 302 is operating in its configuration mode, or the configuration session will not be established.
  • the NCA 202 could solicit new devices requiring configuration, such as the new device 302 , to be configured to operate in its logical network 108 in response to the switch 306 being closed.
  • the device 302 may then participate in a configuration session with the NCA 202 by first entering into its configuration mode. This can occur either in response to the device 302 detecting the solicitation sent by the NCA 202 in the traffic carried over the bus 102 or in response to the switch 304 being closed.
  • the device 202 must enter its configuration mode while the NCA 202 is operating in its configuration mode, or the configuration session will not be established.
  • the NCA 202 uses its circuitry for communicating over the bus 102 to transfer a logical address to the device 302 .
  • the logical address of the device 302 is preferably a combination of an unused individual node address, assigned by the NCA 202 to the new device 302 during the configuration session, and the network number of the logical network 108 .
  • the NCA 202 preferably also transfers the network encryption key, generated by the NCA 202 for its logical network 108 , to the device 302 .
  • the device 302 stores the logical address and the network encryption key received from the NCA 202 into non-volatile memory.
  • the configuration session is then ended, after which time the device 302 will only respond to commands sent over the shared bus 102 that are addressed to its logical address and encrypted using the assigned network encryption key.
  • the device 302 is thus “captured” into the logical network 108 even though it is physically connected to all other devices attached to the shared bus 102 .
  • FIGS. 1 - 3 Two security issues may arise with the arrangement depicted in FIGS. 1 - 3 .
  • a new network device may be captured into the wrong logical network (e.g., into the logical network of a neighboring apartment) during the configuration process.
  • the NCAs and smart devices are preferably designed to remain in their respective configuration modes for only a limited amount of time, a device in one household could enter its configuration mode within the period that an NCA in another household is also operating in its configuration mode, and thus be improperly captured into the other household's logical network.
  • the network encryption key used to ensure secure transmissions over the shared bus 102 , is transferred over the bus 102 unencrypted each time a new device is configured to join a logical network. This leaves open the possibility of the encryption key being acquired by unauthorized devices connected to the network.
  • FIG. 4 further builds on the arrangement depicted in FIGS. 1 - 3 , and illustrates the addition of a secure NCA 402 to the arrangement that may be used to address the above-identified security concerns.
  • the secure NCA 402 is connected physically to the shared bus 102 within apartment 3 A.
  • the secure NCA 402 includes circuitry for accepting a device-related encryption key. This circuitry may include a keypad, an optical scanner, or any other conventional type of input device.
  • the NCA 402 includes an input keypad 404 .
  • the secure NCA 402 is added to the physical network and establishes a logical network 406 in precisely the same manner as described above in conjunction with the non-secure NCA 202 illustrated in FIG. 2.
  • the secure NCA 402 is capable of establishing a new logical network 406 , having a corresponding unique network number 0 ⁇ 27, even though the secure NCA 402 is physically located in the same apartment ( 3 A) where the non-secure logical network 108 , having the network number 0 ⁇ 0D, already exists.
  • FIG. 5 illustrates an arrangement in which a secure device, e.g., a security system 502 , is added to the new secure logical network 406 of FIG. 4.
  • the secure device 502 differs from other smart devices 110 / 302 shown in the arrangement at least in that the smart device is designed to respond only to configuration messages that are encrypted with a “one-time” encryption key associated with the secure device 502 .
  • the one-time encryption key is associated with a single smart device, or is sufficiently randomized such that the possibility of multiple secure devices having the same one-time encryption key and being attached to the same shared bus is acceptably small.
  • the one-time encryption key is preferably stored in non-volatile memory of the device 502 .
  • the phrase “one-time” is used to distinguish this encryption key from the network encryption key described above.
  • the encryption key associated with the secure device 502 is used only when the device 502 is participating in a configuration session. This key is to be contrasted with the network encryption key which may be used to encrypt every message exchanged between devices of a given logical network. Thus, the key will be used only one time if the device is never reconfigured into another logical network. Of course, it will be understood that the key can be used any number of times, should the device later be reconfigured into a different logical network.
  • this key may be input into the memory of the secure NCA 402 , e.g., using the keypad 404 .
  • the secure device 502 and the secure NCA 402 may exchange secure configuration messages over the shared bus 102 during a configuration session.
  • the secure NCA 402 will be capable of responding to requests for configuration received from the secure device 502 that are encrypted with the one-time key.
  • the secure device 502 will be capable of responding to solicitations received from the secure NCA 402 that are encrypted with the one-time key.
  • the arrangement of FIG. 5 prevents the secure device 502 from being captured into an incorrect logical network.
  • the secure NCA 402 uses the one-time key to encrypt the network encryption key for the logical network 406 prior to sending the network encryption key to the secure device over the shared bus 102 . This will prevent the network encryption key from being acquired by unauthorized devices during any configuration session that takes place between the secure device 502 and the secure NCA 402 . While it would be possible to configure the secure NCA 402 to both secure and non-secure devices join its logical network, doing so may result in the encryption key for the logical network being compromised during the configuration of non-secure devices. Accordingly, its is preferred that secure NCAs only respond to configuration requests from, and take part in configuration sessions with, secure devices for which a corresponding one-time encryption key has been accepted by the secure NCA 402 .
  • FIG. 6 is a flowchart describing an exemplary method for establishing a logical network of devices that share a common physical bus.
  • the method is described in conjunction with the arrangement depicted in FIGS. 1 - 5 , but it will be understood that the method can be employed with other arrangements of networked devices. Steps of the method depicted in hashed shapes represent different exemplary embodiments.
  • the method begins at step 602 by assigning a unique network number to the new logical network that is to be established.
  • an NCA scans for other logical networks operating in the shared bus network when the NCA is first connected to the bus.
  • the NCA determines the network numbers of any logical networks operating on the shared bus, and chooses an unused network number to uniquely identify its new logical network.
  • a network encryption key for the new logical network is generated.
  • the NCA may generate the unique key based on the network number used to identify the new logical network.
  • a one-time encryption key may be accepted by the NCA. Recall that this one-time key is preferably associated with a single secure smart device, and may be accepted by a secure NCA that includes input circuitry for accepting the key.
  • either the smart device may request a configuration session with an NCA or an NCA may solicit unconfigured devices to participate in a configuration session. If a one-time encryption key was accepted by the NCA at step 606 , then a determination is made at step 610 as to whether the requests from the device and/or solicitations from the NCA are encrypted using a valid one-time key. If it is determined that a valid one-time key was not used, then the method returns to step 608 where device requests or NCA solicitations occur. If instead it is determined at step 610 that a valid one-time key was used, then the method proceeds to step 612 where the device and NCA enter a configuration session.
  • an unused node address is assigned to the new device at step 614 .
  • the NCA could co-assign a node number already assigned within the NCA's logical network to be able to address multiple devices within the logical network using a single logical address.
  • the assigned node number may be combined with the network number of the logical network to form a corresponding unique logical address for the new device on the shared bus.
  • the logical address differs from the physical address of the device on the shared bus. This allows the device to intercommunicate with other devices belonging to its logical network, while essentially remaining isolated from the operation of other devices connected to the same shared bus.
  • the logical address of the device and possibly the encryption key for the logical network are encrypted using the accepted one-time key at step 616 .
  • the logical address formed from the combination assigned node and network numbers, is sent to the device over the shared bus at step 618 .
  • this encryption key is also sent to the device at step 620 .
  • the configuration session between the new device and the NCA ends, and the device now logically belongs to the NCA's logical network, while being physically connected to the shared bus. From this point, the newly configured device will only respond to messages addressed to its logical address until reconfigured into a different logical network space.
  • any messages to be exchanged between the newly configured device and the NCA are encrypted with the network encryption key at step 622 .
  • Messages are then exchanged over the shared network, securely if one-time and network encryption keys are employed, between devices in the logical network using the devices' respective logical addresses.
  • the techniques for configuring multiple logical networks of devices on a single physical network may be applied to networks that use wired or wireless media. Applicant acknowledges that many of the hardware devices designed to operate over these media, especially those designed to operate over wireless media, have hardware identifiers (or addresses) pre-assigned to them by manufacturers. Unique hardware addresses are pre-assigned based on the various communication protocols used by the devices. In these cases where the devices already have preassigned hardware devices, the NCA need not necessarily assign a logical address using the techniques described above. Instead, the devices may be addressed within the logical network using their pre-assigned addresses. Still, it will be advantageous for the NCA to facilitate the transfer of network and one-time encryption keys between devices of a given logical network in order to support the secure exchange of messages over the shared bus.
  • any such form of embodiment may be referred to herein as “logic configured to” perform a described action, or alternatively as “logic that” performs a described action.

Abstract

Methods and apparatus for configuring multiple logical networks that share a common transmission medium are presented. According to an exemplary embodiment, an apparatus for configuring multiple logical networks of devices on a single physical network includes a transceiver configured to exchange information with devices connected to a shared bus of the physical network. The apparatus includes logic configured to assign a network number to a new logical network when the apparatus is first activated on the shared bus, the assigned network number being different from network numbers associated with other logical networks using the shared bus. Also, the apparatus includes logic configured to enter into a configuration mode for a limited amount of time, during which time the apparatus is capable of participating in a configuration session with at least one of the devices connected to the bus. The apparatus further includes logic configured to assign a logical address to the at least one device while participating in the configuration session with the at least one device, the assigned logical address being different from all logical addresses associated with devices belonging to other logical networks on the physical network. After configuration, the at least one device responds only to information addressed to its assigned logical address within the new logical network.

Description

    RELATED APPLICATIONS
  • This application claims priority under 35 U.S.C. §119(e) to U.S. Patent Application No. 60/335,041, entitled “Logical Network Configuration Apparatus”, filed on Oct. 19, 2001, the entire content of which is hereby incorporated by reference.[0001]
    • BACKGROUND
  • What is described are methods and apparatus for configuring a logical network of devices. In particular, methods and apparatus for configuring multiple logical networks that share a common transmission medium are presented. [0002]
  • Home network is a phrase often used to refer to the last hundred feet of any consumer-related network. Traditionally, home networks have largely been used to interconnect personal computers (PCs) and computer peripheral devices, such as printers and scanners, within the home, so that the resources of the peripheral devices could be shared among PC users. In addition, home networks have enabled PC users to share access to broadband Internet connections that are linked to the network. [0003]
  • Recent advancements in the development of smart devices and appliances are causing a paradigm shift to occur in the public's perception of the home network. These advanced smart devices now allow users to control and monitor events in such devices as consumer-based appliances, home electronics, and home-security systems. Indeed, the sales of non-PC central processing unit (CPU)-powered devices, such as computer games, telephones, personal digital assistants (PDAs), set top boxes, and other consumer goods, now surpass the sales of PCs. [0004]
  • Like most networks, home networks are either built around a shared wired or a shared wireless medium. Popular wired mediums include category 5 twisted-pair (used with Ethernet-based systems), telephone line (or category 3 twisted-pair), broadband cable, and powerline carrier (PLC), which uses AC power lines to carry network information throughout the home. Several wireless (or radio frequency [RF]) transport elements are emerging for home networking, including IEEE 802.11, HomeRF, Bluetooth™, and standard wireless access protocol (SWAP). [0005]
  • Whether wired or wireless, home networks should be simple to configure and should operate reliably over long periods of time. If the configuration process is not maintenance-free, easy to use, and quick to install new devices, it will not likely be embraced by the public. Another consumer expectation of home networks is that no new wires should have to be installed in the home to network together smart appliances, such as washing machines, microwave ovens, and air conditioners. In most households, this limits the possible media upon which the home network can be based to RF or PLC. While nearly every household has telephone wiring installed, access to this wiring is usually limited to three or four access points within the home. In contrast, most household appliances are directly connected to a PLC, and RF transport elements by their very nature require no wiring. [0006]
  • A problem associated with PLC and RF-based home networks is that the media are not physically constrained to a single home or apartment. With RF-based networks, the number of homes and apartments that can share the medium is constrained only by the strength of the RF transmissions and the sensitivity of the smart device receivers. With PLC-based network, the number of homes and apartments that can share the medium is constrained to the number of households physically attached to a common power line transformer. In many cases, a single transformer may service several hundred households. [0007]
  • To address this problem, the individual households sharing a common PLC or RF physical network can each be serviced by respective secure logical networks that only allow smart devices physically existing within the individual home access to the network. Accordingly, there exists a need for simple, reliable techniques for configuring smart devices that are attached to a common transmission medium to interoperate in separate, secure logical networks. The established logical networks should be secure from “attacks” from other devices connected to the shared physical medium. [0008]
  • As the paradigm shift to non-PC-based home networks begins to occur, it is unlikely that homeowners will install traditional networking elements, such as routers, switches, and control points, into the home. Yet, it will be desirable to configure devices operating in the home network to use many of the complex functions and capabilities available with these traditional networking elements. [0009]
  • For example, a homeowner may wish to install a pair of smart switches and a smart power outlet, and then to configure these devices to operate such that a switch, installed at each door of a room of the house, controls a lamp plugged into the smart outlet. Moreover, it would be desirable for the smart switches to be capable of being installed in locations where existing wiring to other fixtures is already in place, but to be configurable to control only those devices connected into the smart outlet. [0010]
  • Accordingly, there also exists a need for techniques to easily add new or additional smart devices to the home and to configure these devices to join an already established logical network with a minimum of interaction and skill from the homeowner. The techniques should be such that newly or additionally installed devices should be configurable to not interfere with the operation of existing household wiring or to override existing wired connections if the homeowner so desires. [0011]
  • Conventional techniques for configuring individual logical networks typically require that the individual network devices be configured physically, e.g., using switches, to define both a physical address and a network node address for the devices. Other conventional techniques require that a sophisticated device having a user interface, e.g, a PC or a central home controller, be used to assign the network addresses to the smart devices. Home networks requiring such sophisticated devices are often referred to as PC-centric or controller-based networks. Both of these conventional logical network configuration techniques have their drawbacks. [0012]
  • First, conventional techniques that employ physical configuration typically require that the person(s) configuring the network have knowledge of all logical network numbers and all network node numbers currently in use on the physical network. As discussed above, since a PLC physical network may be shared among several households, this technique requires that the logical network numbers and network node numbers in all neighboring homes on the shared PLC must be known. Moreover, such conventional configurable networks are generally not secure, as the established logical networks are open to attacks by persons that deliberately install devices on the logical network whose address is currently in use. [0013]
  • Second, conventional techniques that require PC-centric or controller-based networks require that a relatively expensive PC or controller be installed in the home, and that a sufficiently skilled person carry out the configuration using the PC or controller. Such a conventional PC-centric based system is described in U.S. Pat. No. 6,175,860 to Gaucher, titled “Method and Apparatus for an Automatic Multi-Rate Wireless/Wired Computer Network”. [0014]
    • SUMMARY
  • Accordingly, one object is to provide techniques for simple, reliable techniques for configuring smart devices that are attached to a common transmission medium to interoperate in separate, secure logical networks. Another object is to provide techniques to easily add new or additional smart devices to the home and to configure these devices to join an already established logical network with a minimum of interaction and skill from the homeowner. These objects are addressed by methods and apparatus for configuring multiple logical networks of devices on a single physical network. [0015]
  • According to one aspect, an apparatus is provided for configuring multiple logical networks of devices on a single physical network. The apparatus includes a transceiver configured to exchange information with devices connected to a shared bus of the physical network. Logic is configured to assign a network number to a new logical network when the apparatus is first activated on the shared bus, the assigned network number being different from network numbers associated with other logical networks using the shared bus. Logic is also configured to enter into a configuration mode for a limited amount of time, during which time the apparatus is capable of participating in a configuration session with at least one of the devices connected to the bus. Additional logic is configured to assign a logical address to the at least one device while participating in the configuration session with the at least one device, the assigned logical address being different from all logical addresses associated with devices belonging to other logical networks on the physical network. After configuration, the at least one device responds only to information addressed to its assigned logical address within the new logical network. [0016]
  • According to a related aspect, the logic configured to assign a logical network number includes logic configured to assign a node address to the at least one device. Additional logic is configured to combine the network number assigned to the new logical network with the node address assigned to the at least one device to form the logical address of the at least one device. [0017]
  • According to another related aspect, the apparatus further includes logic configured to generate a network encryption key associated with the new logical network for encrypting/decrypting information exchanged among devices belonging to the new logical network. [0018]
  • According to yet another related aspect, the apparatus further includes logic configured to accept a one-time encryption key associated with the at least one device. [0019]
  • According to another aspect, an arrangement of multiple logical networks of devices operating on a single physical network is provided. The arrangement a shared bus. A number of devices are connected to the shared bus. A network configuration apparatus (NCA) associated with each logical network operating on the physical network is also included. Each NCA includes a transceiver configured to exchange information with the devices connected to the shared bus. An NCA also includes logic configured to assign a network number to the logical network associated with the NCA when the NCA is first activated on the shared bus, the assigned network number being different from network numbers associated with other logical networks using the shared bus. In addition, an NCA includes logic configured to enter into a configuration mode for a limited amount of time, during which time the NCA is capable of participating in a configuration session with at least one of the devices connected to the bus. Also, the NCA includes logic configured to assign a logical address to the at least one device while participating in the configuration session with the at least one device, the assigned logical address being different from all logical addresses associated with devices belonging to other logical networks on the physical network. After configuration, the at least one device responds only to information addressed to its assigned logical address within the logical network associated with the NCA. [0020]
  • According to another aspect, a method for configuring multiple logical networks of devices connected to a shared bus of a single physical network is provided. The method includes the step of assigning a network number to a new logical network, the assigned network number being different from network numbers associated with other logical networks using the shared bus. A configuration mode is entered into for a limited amount of time, during which time a configuration session is capable of being established with at least one of the devices connected to the bus. A logical address is assigned to the at least one device during the configuration session, the assigned logical address being different from all logical addresses associated with devices belonging to other logical networks on the physical network. After configuration, the at least one device responds only to information addressed to its assigned logical address within the new logical network. [0021]
  • It should be emphasized that the terms “comprises” and “comprising”, when used in this specification as well as the claims, are taken to specify the presence of stated features, steps or components; but the use of these terms does not preclude the presence or addition of one or more other features, steps, components or groups thereof.[0022]
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The above objects, features, and advantages will become more apparent in light of the following detailed description in conjunction with the drawings, in which like reference numerals identify similar or identical elements, and in which: [0023]
  • FIG. 1 depicts a PLC network including a number of devices arranged into multiple logical networks; [0024]
  • FIG. 2 depicts the arrangement of FIG. 1, adding a network configuration apparatus (NCA) and corresponding new logical network to the PLC network; [0025]
  • FIG. 3 depicts the arrangement of FIG. 2, further adding devices to the new logical network; [0026]
  • FIG. 4 depicts the arrangement of FIG. 3, further adding a secure NCA and corresponding new secure logical network to the arrangement; [0027]
  • FIG. 5 depicts the arrangement of FIG. 4, further adding secure devices to the new secure logical network; and [0028]
  • FIG. 6 is a flowchart depicting an exemplary method for configuring a logical network.[0029]
    • DETAILED DESCRIPTION
  • Preferred embodiments are described below with reference to the accompanying drawings. In the following description, well-known functions and/or constructions are not described in detail to avoid obscuring the description in unnecessary detail. [0030]
  • Applicant describes techniques for establishing a secure logical network of devices that are connected to one another by a shared physical medium (or bus). According to an exemplary embodiment, these techniques may be managed through at least one network configuration apparatus (NCA) that is also connected to the shared bus, but they need not be. For example, the tasks described below as being carried out by an NCA could instead be integrated into one or all of the devices connected to the shared bus, eliminating the need for a separate NCA. Preferably, a single NCA is used to configure and coordinate the activities of the devices operating within a respective logical network, but again the described techniques are not limited to such an arrangement. Moreover, exemplary methods for establishing logical networks of devices are described in conjunction with arrangements that include at least one NCA, but the described methods may be applied with other arrangements, including peer-topeer arrangements where the devices themselves configure and control the various logical networks. [0031]
  • With these concepts in mind, FIG. 1 shows an arrangement in which a shared [0032] bus 102 spans across what are or are to be three separate and distinct logical networks 104/106/108. The shared bus 102 is shown as a PLC, but any of the above-described media may have been depicted. Each of the logical networks 104/106/108 in the figure either correspond to or are to correspond to a physical dwelling, but this need not be the case. For example, more than one logical network could be established within a single physical dwelling. The arrangement describes two logical networks 104/106 already being configured in two of the apartments shown, numbers 3B and 3C. Each of the logical networks includes several networked devices 110/114, and a dedicated NCA 112/116. A third logical network 108 is yet to be established in apartment 3A.
  • It will be understood that the [0033] devices 110 operating in apartment 3C must function in complete logical isolation from the devices 114 operating in apartment 3B (or any other physical location linked by the shared bus 102). To achieve this functional isolation, logical networks are established in each of the apartments 3B and 3C. Each logical network is identified by a unique logical network number, e.g., 0×1F and 0×38 for the logical networks of apartments 3B and 3C, respectively. Although all of the devices 110/114 in the arrangement share the bandwidth of the physical PLC network, the devices 110/114 existing in individual apartments (and thus existing in different logical networks) operate as if being attached to one another in separate, isolated “local” networks.
  • The [0034] devices 110/114 operating within a given logical network 104/106 are preferably assigned respective network node numbers (not shown). According to an exemplary embodiment, a combination of a device's individual node address and the logical network number of the logical network 104/106/108, which the device operates in, forms the logical address of the device on the shared bus 102. The logical address may represent a portion of the physical address of the device on the shared bus 102 that corresponds to the relative portion of the address space the logical network 104/106/108 occupies of the overall address space of the physical network. This allows the device to intercommunicate only with other devices belonging to its logical network, while essentially remaining isolated from the operation of other devices connected to the same shared bus. Also, using only a portion of the physical address of the device to form its logical address, allows for more efficient addressing techniques to be employed.
  • Since unique logical network numbers are used to form a device's logical address on the [0035] bus 102, device node numbers may be shared (or repeated) among the various logical networks 104/106/108 established on the shared bus 102. Moreover, device node numbers may be shared by devices of the same logical network if an arrangement where two or more devices of the same logical network are addressable at the same time is desired.
  • FIG. 2 further illustrates the arrangement of FIG. 1 with the third [0036] logical network 108 being newly established in apartment 3A. An NCA 202 is attached to the shared bus 102 and is used to configure and coordinate devices included in the third logical network 108. The NCA 202 includes circuitry to enable it to communicate with other NCAs 112/116 connected to the shared bus 102. For example, the NCA 202 will typically include a physical layer (PHY) interface for exchanging information over the bus 102. The NCA 202 may also include media access control (MAC) circuitry for exchanging logical information with the other devices connected to the shared bus 102. Together, the PHY and MAC functions are typically referred to as a transceiver. MAC information may be exchanged according to the transmission protocol (e.g., Ethernet, ATM, or 802.11(b)) used to send information over the bus 102. While the design of specific PHY and MAC circuitry is beyond the scope of this document, those skilled in the art will understand how to incorporate the NCA functionality described below into such designs.
  • According to an exemplary embodiment, when the [0037] NCA 202 is connected to the shared bus 102, the NCA 202 will query the devices connected to the bus 102 to determine if other NCAs 112/116 are present on the bus. In the exemplary arrangement, the NCAs establishing logical networks in apartments 3B and 3C will be detected by the new NCA 202 during the query. The new NCA 202 determines the logical network numbers being used by the detected NCAs 112/116. Once the already used logical network numbers are determined, the new NCA 202 may choose a unique logical network number to identify itself to other devices on the shared bus 102.
  • According to a preferred embodiment, the [0038] NCA 202 further includes circuitry for generating a network encryption key. The network encryption key may be used to encrypt information exchanged over the shared bus 102 among devices within its logical network 108. Each NCA 112/116/202 generates a unique encryption key for use within its logical network. One technique for generating an encryption key is to use the unique logical network number of an NCA as a seed that may be passed to a random number generator. The result will be a pseudo-random number that may then be used as the encryption key for the NCA's logical network. Those skilled in the art will understand that other techniques for generating unique encryption keys are possible, but providing a detailed description of those techniques are beyond the scope of this document.
  • Once the logical network number is assigned and the network encryption key generated for a [0039] particular NCA 112/116/202, the values are stored in non-volatile memory of the NCA. The NCAs then enter into a so-called passive state, waiting for network devices to request access to the NCA's logical network.
  • FIG. 3 further builds on the arrangement shown in FIGS. 1 and 2, and illustrates how a smart device, in this example a [0040] washing machine 302, may be added to the third logical network 108. According to a preferred embodiment, when a smart device, such as the washing machine 302, is first connected to the PLC bus 102 (e.g, when the device is plugged into an ordinary household power outlet), the device does not initially send any information over the bus 102.
  • Instead, the smart device waits to request access (or to respond to a solicitation for access) to a logical network until some triggering event occurs, but this need not be the case. The triggering event may be generated by circuitry, included within the device and/or an NCA, that is responsive to a number of device-related and/or environmental conditions. For example, the triggering event may occur automatically after a set period of time elapses from the time the device is first attached to the PLC. Alternatively, the device and/or the NCA may include circuitry that monitors network traffic on the [0041] bus 102 and then searches for information in the traffic to initiate the triggering event. This information may include, but is not limited to, indications that new devices have been connected to the shared bus.
  • According to an exemplary embodiment, both the smart device (or washing machine [0042] 302) and the NCA 202 include configure switches 304/306 that may be used to initiate the triggering event. When closed, the configure switches 304/306 enable the device 302 and NCA 202 to enter into a configuration mode. Whenever the device 302 and the NCA 202 are simultaneously operating in their respective configuration modes, they enter into a configuration session, after which the device 302 will be added to the logical network 108 managed by the NCA 202.
  • The [0043] device 302 and NCA 202 preferably remain in their respective configuration modes only for a limited period of time, e.g., five seconds, after their respective configure switches 304/306 are closed. If either the device 302 or the NCA 202 does not enter into its configuration mode while the other device is operating in its configuration mode, a configuration session between the device 302 and the NCA 202 will not be established. While, strictly speaking, the device 302 and the NCA 202 may operate in a “configuration mode” during the configuration session, the phrase “configuration mode” in this document refers to the limited time period that the NCAs and devices operate in when capable of participating in, but just prior to entering, a configuration session
  • One or both of the configure switches [0044] 304/306 may be used to establish the configuration session between the device 302 and the NCA 202. For example, the configuration session may be initiated by the device 302 advertising its presence on the bus 102 and requesting to be configured into the logical network 108 in response to the configure switch 304 being closed. The NCA 202 may then participate in a configuration session with the device 302 by first entering into its configuration mode. This can occur either in response to the NCA 202 detecting the request sent by the device 302 in the traffic carried over the bus 102 or in response to the switch 306 being closed. As described above, the NCA 202 must enter its configuration mode while the device 302 is operating in its configuration mode, or the configuration session will not be established.
  • Alternatively, the [0045] NCA 202 could solicit new devices requiring configuration, such as the new device 302, to be configured to operate in its logical network 108 in response to the switch 306 being closed. The device 302 may then participate in a configuration session with the NCA 202 by first entering into its configuration mode. This can occur either in response to the device 302 detecting the solicitation sent by the NCA 202 in the traffic carried over the bus 102 or in response to the switch 304 being closed. As described above, the device 202 must enter its configuration mode while the NCA 202 is operating in its configuration mode, or the configuration session will not be established.
  • While participating in the configuration session, the [0046] NCA 202 uses its circuitry for communicating over the bus 102 to transfer a logical address to the device 302. Recall from above that the logical address of the device 302 is preferably a combination of an unused individual node address, assigned by the NCA 202 to the new device 302 during the configuration session, and the network number of the logical network 108. During the configuration session, the NCA 202 preferably also transfers the network encryption key, generated by the NCA 202 for its logical network 108, to the device 302. The device 302 stores the logical address and the network encryption key received from the NCA 202 into non-volatile memory. The configuration session is then ended, after which time the device 302 will only respond to commands sent over the shared bus 102 that are addressed to its logical address and encrypted using the assigned network encryption key. The device 302 is thus “captured” into the logical network 108 even though it is physically connected to all other devices attached to the shared bus 102.
  • Two security issues may arise with the arrangement depicted in FIGS. [0047] 1-3. First, there exists a relatively small, but finite, possibility that a new network device may be captured into the wrong logical network (e.g., into the logical network of a neighboring apartment) during the configuration process. Although the NCAs and smart devices are preferably designed to remain in their respective configuration modes for only a limited amount of time, a device in one household could enter its configuration mode within the period that an NCA in another household is also operating in its configuration mode, and thus be improperly captured into the other household's logical network. Second, with arrangement described above, the network encryption key, used to ensure secure transmissions over the shared bus 102, is transferred over the bus 102 unencrypted each time a new device is configured to join a logical network. This leaves open the possibility of the encryption key being acquired by unauthorized devices connected to the network.
  • FIG. 4 further builds on the arrangement depicted in FIGS. [0048] 1-3, and illustrates the addition of a secure NCA 402 to the arrangement that may be used to address the above-identified security concerns. The secure NCA 402 is connected physically to the shared bus 102 within apartment 3A. The secure NCA 402 includes circuitry for accepting a device-related encryption key. This circuitry may include a keypad, an optical scanner, or any other conventional type of input device. In the arrangement shown, the NCA 402 includes an input keypad 404. The secure NCA 402 is added to the physical network and establishes a logical network 406 in precisely the same manner as described above in conjunction with the non-secure NCA 202 illustrated in FIG. 2. The secure NCA 402 is capable of establishing a new logical network 406, having a corresponding unique network number 0×27, even though the secure NCA 402 is physically located in the same apartment (3A) where the non-secure logical network 108, having the network number 0×0D, already exists.
  • FIG. 5 illustrates an arrangement in which a secure device, e.g., a [0049] security system 502, is added to the new secure logical network 406 of FIG. 4. The secure device 502 differs from other smart devices 110/302 shown in the arrangement at least in that the smart device is designed to respond only to configuration messages that are encrypted with a “one-time” encryption key associated with the secure device 502. Preferably, the one-time encryption key is associated with a single smart device, or is sufficiently randomized such that the possibility of multiple secure devices having the same one-time encryption key and being attached to the same shared bus is acceptably small. Also, the one-time encryption key is preferably stored in non-volatile memory of the device 502.
  • The phrase “one-time” is used to distinguish this encryption key from the network encryption key described above. The encryption key associated with the [0050] secure device 502 is used only when the device 502 is participating in a configuration session. This key is to be contrasted with the network encryption key which may be used to encrypt every message exchanged between devices of a given logical network. Thus, the key will be used only one time if the device is never reconfigured into another logical network. Of course, it will be understood that the key can be used any number of times, should the device later be reconfigured into a different logical network.
  • Returning to the arrangement of FIG. 5, once the one-time encryption key for the [0051] secure device 502 is known, this key may be input into the memory of the secure NCA 402, e.g., using the keypad 404. Using the one-time encryption key, the secure device 502 and the secure NCA 402 may exchange secure configuration messages over the shared bus 102 during a configuration session. Thus, only the secure NCA 402 will be capable of responding to requests for configuration received from the secure device 502 that are encrypted with the one-time key. Similarly, only the secure device 502 will be capable of responding to solicitations received from the secure NCA 402 that are encrypted with the one-time key. Thus, the arrangement of FIG. 5 prevents the secure device 502 from being captured into an incorrect logical network.
  • According to a preferred embodiment, the [0052] secure NCA 402 uses the one-time key to encrypt the network encryption key for the logical network 406 prior to sending the network encryption key to the secure device over the shared bus 102. This will prevent the network encryption key from being acquired by unauthorized devices during any configuration session that takes place between the secure device 502 and the secure NCA 402. While it would be possible to configure the secure NCA 402 to both secure and non-secure devices join its logical network, doing so may result in the encryption key for the logical network being compromised during the configuration of non-secure devices. Accordingly, its is preferred that secure NCAs only respond to configuration requests from, and take part in configuration sessions with, secure devices for which a corresponding one-time encryption key has been accepted by the secure NCA 402.
  • FIG. 6 is a flowchart describing an exemplary method for establishing a logical network of devices that share a common physical bus. For illustrative purposes, the method is described in conjunction with the arrangement depicted in FIGS. [0053] 1-5, but it will be understood that the method can be employed with other arrangements of networked devices. Steps of the method depicted in hashed shapes represent different exemplary embodiments.
  • The method begins at [0054] step 602 by assigning a unique network number to the new logical network that is to be established. As described above, an NCA scans for other logical networks operating in the shared bus network when the NCA is first connected to the bus. The NCA determines the network numbers of any logical networks operating on the shared bus, and chooses an unused network number to uniquely identify its new logical network.
  • The method continues at [0055] step 604, in which a network encryption key for the new logical network is generated. Recall, that the NCA may generate the unique key based on the network number used to identify the new logical network. Next, at step 606, a one-time encryption key may be accepted by the NCA. Recall that this one-time key is preferably associated with a single secure smart device, and may be accepted by a secure NCA that includes input circuitry for accepting the key.
  • At [0056] step 608, either the smart device may request a configuration session with an NCA or an NCA may solicit unconfigured devices to participate in a configuration session. If a one-time encryption key was accepted by the NCA at step 606, then a determination is made at step 610 as to whether the requests from the device and/or solicitations from the NCA are encrypted using a valid one-time key. If it is determined that a valid one-time key was not used, then the method returns to step 608 where device requests or NCA solicitations occur. If instead it is determined at step 610 that a valid one-time key was used, then the method proceeds to step 612 where the device and NCA enter a configuration session.
  • While in the configuration session, preferably an unused node address is assigned to the new device at [0057] step 614. Alternatively, the NCA could co-assign a node number already assigned within the NCA's logical network to be able to address multiple devices within the logical network using a single logical address. By assigning a unique node number to the new device, the assigned node number may be combined with the network number of the logical network to form a corresponding unique logical address for the new device on the shared bus. Recall that the logical address differs from the physical address of the device on the shared bus. This allows the device to intercommunicate with other devices belonging to its logical network, while essentially remaining isolated from the operation of other devices connected to the same shared bus.
  • If a one-time key for the new device was accepted at [0058] step 606, the logical address of the device and possibly the encryption key for the logical network are encrypted using the accepted one-time key at step 616. Next, the logical address, formed from the combination assigned node and network numbers, is sent to the device over the shared bus at step 618. If a network encryption key was generated at step 604, this encryption key is also sent to the device at step 620. At this point, the configuration session between the new device and the NCA ends, and the device now logically belongs to the NCA's logical network, while being physically connected to the shared bus. From this point, the newly configured device will only respond to messages addressed to its logical address until reconfigured into a different logical network space.
  • If a network encryption key was generated at [0059] step 604, any messages to be exchanged between the newly configured device and the NCA are encrypted with the network encryption key at step 622. Messages are then exchanged over the shared network, securely if one-time and network encryption keys are employed, between devices in the logical network using the devices' respective logical addresses.
  • As described above, the techniques for configuring multiple logical networks of devices on a single physical network may be applied to networks that use wired or wireless media. Applicant acknowledges that many of the hardware devices designed to operate over these media, especially those designed to operate over wireless media, have hardware identifiers (or addresses) pre-assigned to them by manufacturers. Unique hardware addresses are pre-assigned based on the various communication protocols used by the devices. In these cases where the devices already have preassigned hardware devices, the NCA need not necessarily assign a logical address using the techniques described above. Instead, the devices may be addressed within the logical network using their pre-assigned addresses. Still, it will be advantageous for the NCA to facilitate the transfer of network and one-time encryption keys between devices of a given logical network in order to support the secure exchange of messages over the shared bus. [0060]
  • It will be appreciated that the steps of the methods illustrated above may be readily implemented either by software that is executed by a suitable processor or by hardware, such as an application-specific integrated circuit (ASIC). [0061]
  • Various aspects have been described in connection with a number of exemplary embodiments. To facilitate an understanding of these embodiments, many aspects were described in terms of sequences of actions that may be performed by elements of a computer system. For example, it will be recognized that in each of the embodiments, the various actions could be performed by specialized circuits or circuitry (e.g., discrete logic gates interconnected to perform a specialized function), by program instructions being executed by one or more processors, or by a combination of both. Moreover, the exemplary embodiments can be considered part of any form of computer readable storage medium having stored therein an appropriate set of computer instructions that would cause a processor to carry out the techniques described herein. [0062]
  • Thus, the various aspects may be embodied in many different forms, and all such forms are contemplated to be within the scope of what has been described. For each of the various aspects, any such form of embodiment may be referred to herein as “logic configured to” perform a described action, or alternatively as “logic that” performs a described action. [0063]
  • Although various exemplary embodiments have been described, it will be understood by those of ordinary skill in this art that these embodiments are merely illustrative and that many other embodiments are possible. The intended scope of the invention is defined by the following claims rather than the preceding description, and all variations that fall within the scope of the claims are intended to be embraced therein. [0064]

Claims (47)

What is claimed is:
1. An apparatus for configuring multiple logical networks of devices on a single physical network, the apparatus comprising:
a transceiver configured to exchange information with devices connected to a shared bus of the physical network;
logic configured to assign a network number to a new logical network when the apparatus is first activated on the shared bus, the assigned network number being different from network numbers associated with other logical networks using the shared bus;
logic configured to enter into a configuration mode for a limited amount of time, during which time the apparatus is capable of participating in a configuration session with at least one of the devices connected to the bus; and
logic configured to assign a logical address to the at least one device while participating in the configuration session with the at least one device, the assigned logical address being different from all logical addresses associated with devices belonging to other logical networks on the physical network;
wherein after configuration, the at least one device responds only to information addressed to its assigned logical address within the new logical network.
2. The apparatus of claim 1, wherein the logic configured to assign a network number comprises:
logic configured to identify the network numbers associated with other logical networks using the shared bus.
3. The apparatus of claim 1, wherein the logic configured to assign a logical network number comprises:
logic configured to assign a node address to the at least one device; and
logic configured to combine the network number assigned to the new logical network with the node address assigned to the at least one device to form the logical address of the at least one device.
4. The apparatus of claim 3, wherein the logic configured to assign a node address is further configured to assign a unique node address to each device belonging to the new logical network.
5. The apparatus of claim 1, wherein the logic configured to enter into a configuration mode comprises:
logic configured to monitor network traffic on the shared bus;
logic configured to search the network traffic for information relating to the at least one device; and
logic configured to enter into the configuration mode based on the information relating to the at least one device.
6. The apparatus of claim 1, wherein the logic configured to enter into a configuration mode comprises:
a switch that, when activated, enables the apparatus to enter into the configuration mode.
7. The apparatus of claim 1, further comprising:
logic configured to accept a request from the at least one device to enter the configuration session with the apparatus only while the apparatus is operating in its configuration mode.
8. The apparatus of claim 1, further comprising:
logic configured to generate a network encryption key associated with the new logical network for encrypting/decrypting information exchanged among devices belonging to the new logical network.
9. The apparatus of claim 8, wherein the logic configured to generate a network encryption key comprises:
a random number generator that uses the network number assigned to the new logical network as a seed for generating the network encryption key.
10. The apparatus of claim 1, further comprising:
logic configured to accept a one-time encryption key associated with the at least one device.
11. The apparatus of claim 10, wherein the logic configured to accept a onetime encryption key comprises at least one of:
a keypad; and
a barcode reader.
12. The apparatus of claim 10, further comprising:
logic configured to encrypt/decrypt information exchanged over the bus between the at least one device and the apparatus during the configuration session using the one-time encryption key.
13. The apparatus of claim 12, wherein the information encrypted/decrypted using the one-time key includes at least the logical address assigned to the at least one device and a network encryption key associated with the new logical network for encrypting/decrypting information exchanged among devices belonging to the new logical network.
14. An arrangement of multiple logical networks of devices operating on a single physical network, the arrangement comprising:
a shared bus;
a number of devices connected to the shared bus; and
a network configuration apparatus (NCA) associated with each logical network operating on the physical network, each NCA including
a transceiver configured to exchange information with the devices connected to the shared bus;
logic configured to assign a network number to the logical network associated with the NCA when the NCA is first activated on the shared bus, the assigned network number being different from network numbers associated with other logical networks using the shared bus;
logic configured to enter into a configuration mode for a limited amount of time, during which time the NCA is capable of participating in a configuration session with at least one of the devices connected to the bus; and
logic configured to assign a logical address to the at least one device while participating in the configuration session with the at least one device, the assigned logical address being different from all logical addresses associated with devices belonging to other logical networks on the physical network;
wherein after configuration, the at least one device responds only to information addressed to its assigned logical address within the logical network associated with the NCA.
15. The arrangement of claim 14, wherein the logic configured to assign a network number comprises:
logic configured to identify the network numbers associated with other logical networks using the shared bus.
16. The arrangement of claim 14, wherein the logic configured to assign a logical network number comprises:
logic configured to assign a node address to the at least one device; and
logic configured to combine the network number assigned to the logical network associated with the NCA with the node address assigned to the at least one device to form the logical address of the at least one device.
17. The arrangement of claim 16, wherein the logic configured to assign a node address is further configured to assign a unique node address to each device belonging to the logical network associated with the NCA.
18. The arrangement of claim 14, wherein the logic configured to enter into a configuration mode comprises:
logic configured to monitor network traffic on the shared bus;
logic configured to search the network traffic for information relating to the at least one device; and
logic configured to enter into the configuration mode based on the information relating to the at least one device.
19. The arrangement of claim 14, wherein the logic configured to enter into a configuration mode comprises:
a switch that, when activated, enables the NCA to enter into the configuration mode.
20. The arrangement of claim 14, wherein each NCA further includes:
logic configured to accept a request from the at least one device to enter the configuration session with the NCA only while the NCA is operating in its configuration mode.
21. The arrangement of claim 14, wherein the at least one device comprises:
logic configured to enter into a configuration mode for a limited amount of time, during which time the at least one of the device is capable of participating in the configuration session with the NCA.
22. The arrangement of claim 21, wherein the logic configured to enter into a configuration mode included in the at least one device comprises:
logic configured to enter the configuration mode after a predetermined amount of time elapses from a time when the at least one device is connected to the shared bus.
23. The arrangement of claim 21, wherein the logic configured to enter into a configuration mode included in the at least one device comprises:
a switch that, when activated, enables the at least one device to enter into the configuration mode.
24. The arrangement of claim 14, wherein the at least one device comprises:
logic configured to accept a solicitation from the NCA to enter the configuration session with the at least one device only while the at least one device is operating in a configuration mode for a limited amount of time.
25. The arrangement of claim 14, wherein each NCA further includes:
logic configured to generate a network encryption key for the logical network associated with the NCA, the network encryption key for encrypting/decrypting information exchanged among devices belonging to the logical network associated with the NCA.
26. The arrangement of claim 25, wherein the logic configured to generate a network encryption key comprises:
a random number generator that uses the network number assigned to the logical network associated with the NCA as a seed for generating the network encryption key.
27. The arrangement of claim 14, wherein the NCA further includes:
logic configured to accept a one-time encryption key associated with the at least one device.
28. The arrangement of claim 27, wherein the logic configured to accept a one-time encryption key comprises at least one of:
a keypad; and
a barcode reader.
29. The arrangement of claim 27, where the NCA further includes:
logic configured to encrypt/decrypt information exchanged over the bus between the at least one device and the NCA during the configuration session using the one-time encryption key.
30. The arrangement of claim 29, wherein the information encrypted/decrypted using the one-time key includes at least the logical address assigned to the at least one device and a network encryption key for the logical network associated with the NCA, the network encryption key for encrypting/decrypting information exchanged among devices belonging to the logical network associated with the NCA.
31. A method for configuring multiple logical networks of devices connected to a shared bus of a single physical network, the method comprising the steps of:
assigning a network number to a new logical network, the assigned network number being different from network numbers associated with other logical networks using the shared bus;
entering into a configuration mode for a limited amount of time, during which time a configuration session is capable of being established with at least one of the devices connected to the bus; and
assigning a logical address to the at least one device during the configuration session, the assigned logical address being different from all logical addresses associated with devices belonging to other logical networks on the physical network;
wherein after configuration, the at least one device responds only to information addressed to its assigned logical address within the new logical network.
32. The method of claim 31, wherein the step of assigning a network number comprises the step of:
identifying the network numbers associated with other logical networks using the shared bus.
33. The method of claim 31, wherein the step of assigning a logical network number comprises the steps of:
assigning a node address to the at least one device; and
combining the network number assigned to the new logical network with the node address assigned to the at least one device to form the logical address of the at least one device.
34. The method of claim 33, wherein the step of assigning a node address includes the step of:
assigning a unique node address to each device belonging to the new logical network.
35. The method of claim 31, wherein the step of entering into a configuration mode comprises the steps of:
monitoring network traffic on the shared bus;
searching the network traffic for information relating to the at least one device; and
entering the configuration mode based on the information relating to the at least one device.
36. The method of claim 31, wherein the step of entering into a configuration mode comprises the step of:
entering into the configuration mode in response to the activation of a switch.
37. The method of claim 31, further comprising the step of:
accepting a request from the at least one device to enter the configuration session only while operating in the configuration mode.
38. The method of claim 31, further comprising the step of:
in the at least one device, entering into a configuration mode for a limited amount of time, during which time the at least one of the device is capable of participating in the configuration session.
39. The method of claim 38, wherein the step of entering into a configuration mode in the at least one device comprises the step of:
entering the configuration mode after a predetermined amount of time elapses from a time when the at least one device is connected to the shared bus.
40. The method of claim 38, wherein the step of entering into a configuration mode in the at least one device comprises the step of:
entering into the configuration mode in response to the activation of a switch included in the at least one device.
41. The method of claim 31, further including the step of:
in the at least one device, accepting a solicitation to enter the configuration session only while the at least one device is operating in a configuration mode for a limited amount of time.
42. The method of claim 31, further comprising the steps of:
generating a network encryption key associated with the new logical network; and
encrypting/decrypting information exchanged among devices belonging to the new logical network using the generated network encryption key.
43. The method of claim 42, wherein the step of generating a network encryption key comprises the step of:
generating a random number using the network number assigned to the new logical network associated as a seed.
44. The method of claim 31, further comprising the step of:
accepting a one-time encryption key associated with the at least one device.
45. The method of claim 44, wherein the one-time encryption key is accepted using at least one of:
a keypad; and
a barcode reader.
46. The method of claim 44, further comprising the step of:
encrypting/decrypting information exchanged with the at least one device during the configuration session using the one-time encryption key.
47. The method of claim 46, wherein the information encrypted/decrypted using the one-time key includes at least the logical address assigned to the at least one device and a network encryption key associated with the new logical network for encrypting/decrypting information exchanged among devices belonging to the new logical network.
US10/253,708 2001-10-19 2002-09-25 Methods and apparatus for configuring multiple logical networks of devices on a single physical network Abandoned US20030079000A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US10/253,708 US20030079000A1 (en) 2001-10-19 2002-09-25 Methods and apparatus for configuring multiple logical networks of devices on a single physical network
JP2002302908A JP3946122B2 (en) 2001-10-19 2002-10-17 Method and apparatus for configuring multiple logical networks of devices on a single physical network
US13/274,925 US9401836B2 (en) 2001-10-19 2011-10-17 Methods and apparatus for configuring multiple logical networks of devices on a single physical network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US33504101P 2001-10-19 2001-10-19
US10/253,708 US20030079000A1 (en) 2001-10-19 2002-09-25 Methods and apparatus for configuring multiple logical networks of devices on a single physical network

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US13/274,925 Continuation US9401836B2 (en) 2001-10-19 2011-10-17 Methods and apparatus for configuring multiple logical networks of devices on a single physical network

Publications (1)

Publication Number Publication Date
US20030079000A1 true US20030079000A1 (en) 2003-04-24

Family

ID=26943493

Family Applications (2)

Application Number Title Priority Date Filing Date
US10/253,708 Abandoned US20030079000A1 (en) 2001-10-19 2002-09-25 Methods and apparatus for configuring multiple logical networks of devices on a single physical network
US13/274,925 Expired - Lifetime US9401836B2 (en) 2001-10-19 2011-10-17 Methods and apparatus for configuring multiple logical networks of devices on a single physical network

Family Applications After (1)

Application Number Title Priority Date Filing Date
US13/274,925 Expired - Lifetime US9401836B2 (en) 2001-10-19 2011-10-17 Methods and apparatus for configuring multiple logical networks of devices on a single physical network

Country Status (2)

Country Link
US (2) US20030079000A1 (en)
JP (1) JP3946122B2 (en)

Cited By (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030009515A1 (en) * 2001-05-02 2003-01-09 Lee Sang Kyun System and method for networking home appliances through multinetwork structure
US20030062990A1 (en) * 2001-08-30 2003-04-03 Schaeffer Donald Joseph Powerline bridge apparatus
US20030079001A1 (en) * 2001-10-19 2003-04-24 Chamberlain Robert L. Methods and arrangements for configuring functional networks
US20040131189A1 (en) * 2002-09-25 2004-07-08 Intellon Corporation Robust system and method for remote setting of an encryption key for logical network separation
US20040133721A1 (en) * 2002-04-26 2004-07-08 Ellerbrock Philip J. Systems and methods for assigning an address to a network device added to an existing network
WO2004107708A1 (en) * 2003-05-30 2004-12-09 Lg Electronics, Inc. Home network system
US20050111660A1 (en) * 2003-09-19 2005-05-26 Sony Corporation Transmitting apparatus and method, receiving apparatus and method, and transmitting and receiving system and method
WO2005076851A2 (en) * 2004-02-01 2005-08-25 Phonex Broadband Corporation A method and system for creating, deleting, and maintaining logical networks
US20060038660A1 (en) * 2004-08-20 2006-02-23 Tohru Doumuki System and method for authenticating/registering network device in power line communication (PLC)
WO2006038160A1 (en) * 2004-10-05 2006-04-13 Koninklijke Philips Electronics N.V. Method of establishing security permissions
US20060248158A1 (en) * 2003-05-30 2006-11-02 Sam-Chul Ha Home network system
US20060251086A1 (en) * 2003-05-30 2006-11-09 Sam-Chul Ha Home network system
US20070019615A1 (en) * 2003-05-30 2007-01-25 Seung-Myun Baek Home network system
US20070025368A1 (en) * 2003-05-30 2007-02-01 Lg Electronics, Inc. Home network system
US20070050615A1 (en) * 2005-09-01 2007-03-01 Shugong Xu System and method for automatic setup of a network device with secure network transmission of setup parameters using a standard remote control
US20070061406A1 (en) * 2003-05-30 2007-03-15 Seung-Myun Baek Home network system
US20070061575A1 (en) * 2005-09-01 2007-03-15 Bennett Richard T System and method for automatic setup of a network device with secure network transmission of setup parameters
US20070067589A1 (en) * 2005-09-20 2007-03-22 Cisco Technology, Inc. Smart zoning to enforce interoperability matrix in a storage area network
US20070133569A1 (en) * 2003-05-30 2007-06-14 Koon-Seok Lee Home network system and its configuration system
US20070223500A1 (en) * 2003-05-30 2007-09-27 Lg Electronics Inc. Home Network System
US20070255796A1 (en) * 2003-05-30 2007-11-01 Lg Electronic Inc. Home Network System
US20090012485A1 (en) * 2007-03-23 2009-01-08 Michaels Thomas L Fluid collection and disposal system having interchangeable collection and other features and methods relating thereto
US20090022151A1 (en) * 2005-02-24 2009-01-22 Lg Electronic Inc. Packet structure and packet transmission method of network control protocol
US20100142540A1 (en) * 2008-12-04 2010-06-10 Jack Thomas Matheney Efficient data transmission within moca
US20100146616A1 (en) * 2008-12-04 2010-06-10 Garrett Albert L Cooperation for consumer and service provider moca networks
US20100180019A1 (en) * 2009-01-13 2010-07-15 Whirlpool Corporation Home network commissioning
US20110118680A1 (en) * 2009-07-15 2011-05-19 Cardinal Health, Inc. Fluid collection and disposal system and related methods
US20110178482A1 (en) * 2007-03-23 2011-07-21 Cardinal Health, Inc. Fluid collection and disposal system and related methods
US8082444B1 (en) * 2004-03-25 2011-12-20 Verizon Corporate Services Group Inc. System and method for adding new network devices to an existing network
US20120082308A1 (en) * 2001-10-19 2012-04-05 Chamberlain Robert L Methods and Apparatus For Configuring Multiple Logical Networks of Devices on a Single Physical Network
US20120271901A1 (en) * 2011-04-21 2012-10-25 Samsung Electronics Co., Ltd. Method and apparatus for connecting devices
WO2013074827A1 (en) * 2011-11-15 2013-05-23 Nicira, Inc. Architecture of networks with middleboxes
US20140180447A1 (en) * 2012-12-26 2014-06-26 Hon Hai Precision Industry Co., Ltd. Smart adapter and remote control system using the same
US8804516B2 (en) 2008-12-04 2014-08-12 Cisco Technology, Inc. Opportunistic transmissions within MoCA
CN105068437A (en) * 2015-08-05 2015-11-18 谭乾俊 Speech recognition intelligent control system based on power carrier wave
US20150381578A1 (en) * 2014-06-30 2015-12-31 Nicira, Inc. Method and Apparatus for Differently Encrypting Data Messages for Different Logical Networks
US9253260B1 (en) * 2011-12-28 2016-02-02 Ewc Controls Incorporated Hybrid zone control system
US20160197899A1 (en) * 2015-01-07 2016-07-07 Ememory Technology Inc. Method of Dynamically Encrypting Fingerprint Data and Related Fingerprint Sensor
WO2017088116A1 (en) * 2015-11-25 2017-06-01 深圳市科诺德智联科技有限公司 Method and system for controlling smart home based on s-link
US10771505B2 (en) 2013-02-12 2020-09-08 Nicira, Inc. Infrastructure level LAN security
US10798073B2 (en) 2016-08-26 2020-10-06 Nicira, Inc. Secure key management protocol for distributed network encryption

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9407624B1 (en) 2015-05-14 2016-08-02 Delphian Systems, LLC User-selectable security modes for interconnected devices
FR3070813B1 (en) * 2017-09-04 2020-11-13 Somfy Activites Sa METHOD OF AUTOMATIC NETWORK ADDRESS CONFIGURATION OF A COMMUNICATING ELEMENT THAT IS PART OF A HOME AUTOMATION SYSTEM, NETWORK INTERFACE, COMMUNICATING ELEMENT AND ASSOCIATED HOME AUTOMATION SYSTEM
CN107911497B (en) * 2017-11-23 2020-10-02 国网河南省电力公司温县供电公司 Power carrier communication address allocation method among multiple power distribution rooms
KR102069577B1 (en) * 2018-03-16 2020-01-23 엘지전자 주식회사 Apparatus for setting communication adress of digital temperature sensor

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5838918A (en) * 1993-12-13 1998-11-17 International Business Machines Corporation Distributing system configuration information from a manager machine to subscribed endpoint machines in a distrubuted computing environment
US6098098A (en) * 1997-11-14 2000-08-01 Enhanced Messaging Systems, Inc. System for managing the configuration of multiple computer devices
US6199133B1 (en) * 1996-03-29 2001-03-06 Compaq Computer Corporation Management communication bus for networking devices
US6499054B1 (en) * 1999-12-02 2002-12-24 Senvid, Inc. Control and observation of physical devices, equipment and processes by multiple users over computer networks
US20030018889A1 (en) * 2001-07-20 2003-01-23 Burnett Keith L. Automated establishment of addressability of a network device for a target network enviroment
US6549943B1 (en) * 1999-06-16 2003-04-15 Cisco Technology, Inc. Network management using abstract device descriptions
US20030191848A1 (en) * 1999-12-02 2003-10-09 Lambertus Hesselink Access and control system for network-enabled devices
US6657991B1 (en) * 1998-12-21 2003-12-02 3Com Corporation Method and system for provisioning network addresses in a data-over-cable system
US20040122952A1 (en) * 2002-12-18 2004-06-24 International Business Machines Corporation Optimizing network connections in a data processing system with multiple network devices
US20050198371A1 (en) * 2004-02-19 2005-09-08 Smith Michael R. Interface bundles in virtual network devices
US20070027996A1 (en) * 2005-08-01 2007-02-01 Microsoft Corporation Configuring application settings based on changes associated with a network identifier

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5627987A (en) * 1991-11-29 1997-05-06 Kabushiki Kaisha Toshiba Memory management and protection system for virtual memory in computer system
US5671439A (en) * 1995-01-10 1997-09-23 Micron Electronics, Inc. Multi-drive virtual mass storage device and method of operating same
DE69636138T2 (en) * 1995-09-11 2007-05-10 Kabushiki Kaisha Toshiba, Kawasaki Method and device for communication control
JP3991458B2 (en) * 1998-07-31 2007-10-17 ヤマハ株式会社 Musical sound data processing apparatus and computer system
US6618377B1 (en) * 1999-03-30 2003-09-09 Cisco Technology, Inc. Flexible scheduling of network devices within redundant aggregate configurations
US6148354A (en) * 1999-04-05 2000-11-14 M-Systems Flash Disk Pioneers Ltd. Architecture for a universal serial bus-based PC flash disk
DE19961399C2 (en) * 1999-12-20 2002-08-22 Mueschenborn Hans Joachim Protection of security-critical data in networks
US7003571B1 (en) * 2000-01-31 2006-02-21 Telecommunication Systems Corporation Of Maryland System and method for re-directing requests from browsers for communication over non-IP based networks
US7058973B1 (en) * 2000-03-03 2006-06-06 Symantec Corporation Network address translation gateway for local area networks using local IP addresses and non-translatable port addresses
US6934269B1 (en) * 2000-04-24 2005-08-23 Microsoft Corporation System for networked component address and logical network formation and maintenance
US6785736B1 (en) * 2000-09-12 2004-08-31 International Business Machines Corporation Method and system for optimizing the network path of mobile programs
US20030079000A1 (en) * 2001-10-19 2003-04-24 Chamberlain Robert L. Methods and apparatus for configuring multiple logical networks of devices on a single physical network
US7940685B1 (en) * 2005-11-16 2011-05-10 At&T Intellectual Property Ii, Lp Method and apparatus for monitoring a network
ES2584077T3 (en) * 2011-01-18 2016-09-23 Nomadix, Inc. Systems and methods for grouping bandwidth management in a network of communication systems

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5838918A (en) * 1993-12-13 1998-11-17 International Business Machines Corporation Distributing system configuration information from a manager machine to subscribed endpoint machines in a distrubuted computing environment
US6199133B1 (en) * 1996-03-29 2001-03-06 Compaq Computer Corporation Management communication bus for networking devices
US6098098A (en) * 1997-11-14 2000-08-01 Enhanced Messaging Systems, Inc. System for managing the configuration of multiple computer devices
US6657991B1 (en) * 1998-12-21 2003-12-02 3Com Corporation Method and system for provisioning network addresses in a data-over-cable system
US6549943B1 (en) * 1999-06-16 2003-04-15 Cisco Technology, Inc. Network management using abstract device descriptions
US6499054B1 (en) * 1999-12-02 2002-12-24 Senvid, Inc. Control and observation of physical devices, equipment and processes by multiple users over computer networks
US20030191848A1 (en) * 1999-12-02 2003-10-09 Lambertus Hesselink Access and control system for network-enabled devices
US20030018889A1 (en) * 2001-07-20 2003-01-23 Burnett Keith L. Automated establishment of addressability of a network device for a target network enviroment
US20040122952A1 (en) * 2002-12-18 2004-06-24 International Business Machines Corporation Optimizing network connections in a data processing system with multiple network devices
US20050198371A1 (en) * 2004-02-19 2005-09-08 Smith Michael R. Interface bundles in virtual network devices
US20070027996A1 (en) * 2005-08-01 2007-02-01 Microsoft Corporation Configuring application settings based on changes associated with a network identifier

Cited By (99)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7437494B2 (en) * 2001-04-26 2008-10-14 The Boeing Company Systems and methods for assigning an address to a network device added to an existing network
US20070088885A1 (en) * 2001-04-26 2007-04-19 The Boeing Company Systems and methods for assigning an address to a network device added to an existing network
US20030009515A1 (en) * 2001-05-02 2003-01-09 Lee Sang Kyun System and method for networking home appliances through multinetwork structure
US20030062990A1 (en) * 2001-08-30 2003-04-03 Schaeffer Donald Joseph Powerline bridge apparatus
US20030079001A1 (en) * 2001-10-19 2003-04-24 Chamberlain Robert L. Methods and arrangements for configuring functional networks
US7430591B2 (en) * 2001-10-19 2008-09-30 Renesas Technology America, Inc. Methods and arrangements for configuring functional networks
US9401836B2 (en) * 2001-10-19 2016-07-26 Renesas Electronics America Inc. Methods and apparatus for configuring multiple logical networks of devices on a single physical network
US20120082308A1 (en) * 2001-10-19 2012-04-05 Chamberlain Robert L Methods and Apparatus For Configuring Multiple Logical Networks of Devices on a Single Physical Network
US20040133721A1 (en) * 2002-04-26 2004-07-08 Ellerbrock Philip J. Systems and methods for assigning an address to a network device added to an existing network
US7111100B2 (en) * 2002-04-26 2006-09-19 The Boeing Company Systems and methods for assigning an address to a network device added to an existing network
US20040131189A1 (en) * 2002-09-25 2004-07-08 Intellon Corporation Robust system and method for remote setting of an encryption key for logical network separation
US7529372B2 (en) * 2002-09-25 2009-05-05 Intellon Corporation Method for setting an encryption key for logical network separation
US7903670B2 (en) 2003-05-30 2011-03-08 Lg Electronics Inc. Home network system
US20070223500A1 (en) * 2003-05-30 2007-09-27 Lg Electronics Inc. Home Network System
US20060248158A1 (en) * 2003-05-30 2006-11-02 Sam-Chul Ha Home network system
US20060251086A1 (en) * 2003-05-30 2006-11-09 Sam-Chul Ha Home network system
US20070019615A1 (en) * 2003-05-30 2007-01-25 Seung-Myun Baek Home network system
US20070025368A1 (en) * 2003-05-30 2007-02-01 Lg Electronics, Inc. Home network system
US8031724B2 (en) 2003-05-30 2011-10-04 Lg Electronics Inc. Home network system
US20070061406A1 (en) * 2003-05-30 2007-03-15 Seung-Myun Baek Home network system
US7949786B2 (en) 2003-05-30 2011-05-24 Lg Electronics Inc. Method of assigning a node address in a local network
US7715325B2 (en) 2003-05-30 2010-05-11 Lg Electronics Inc Home network system
WO2004107708A1 (en) * 2003-05-30 2004-12-09 Lg Electronics, Inc. Home network system
US7729282B2 (en) 2003-05-30 2010-06-01 Lg Electronics Inc. Home network system and its configuration system
US20070133569A1 (en) * 2003-05-30 2007-06-14 Koon-Seok Lee Home network system and its configuration system
US20080097631A1 (en) * 2003-05-30 2008-04-24 Lg Electronics Inc. Home Network System
US20070255796A1 (en) * 2003-05-30 2007-11-01 Lg Electronic Inc. Home Network System
US20050111660A1 (en) * 2003-09-19 2005-05-26 Sony Corporation Transmitting apparatus and method, receiving apparatus and method, and transmitting and receiving system and method
WO2005076851A3 (en) * 2004-02-01 2005-12-15 Phonex Broadband Corp A method and system for creating, deleting, and maintaining logical networks
WO2005076851A2 (en) * 2004-02-01 2005-08-25 Phonex Broadband Corporation A method and system for creating, deleting, and maintaining logical networks
US20050198370A1 (en) * 2004-02-01 2005-09-08 Phonex Broadband Corporation Method for creating, deleting, and maintaining logical networks
US8082444B1 (en) * 2004-03-25 2011-12-20 Verizon Corporate Services Group Inc. System and method for adding new network devices to an existing network
US7616762B2 (en) 2004-08-20 2009-11-10 Sony Corporation System and method for authenticating/registering network device in power line communication (PLC)
EP1779541A1 (en) * 2004-08-20 2007-05-02 Sony Electronics, Inc. System and method for authenticating/registering network device in power line communication (plc)
WO2006033745A1 (en) 2004-08-20 2006-03-30 Sony Electronics Inc. System and method for authenticating/registering network device in power line communication (plc)
US20060038660A1 (en) * 2004-08-20 2006-02-23 Tohru Doumuki System and method for authenticating/registering network device in power line communication (PLC)
EP1779541A4 (en) * 2004-08-20 2011-08-10 Sony Electronics Inc System and method for authenticating/registering network device in power line communication (plc)
WO2006038160A1 (en) * 2004-10-05 2006-04-13 Koninklijke Philips Electronics N.V. Method of establishing security permissions
US20090022151A1 (en) * 2005-02-24 2009-01-22 Lg Electronic Inc. Packet structure and packet transmission method of network control protocol
US20070061575A1 (en) * 2005-09-01 2007-03-15 Bennett Richard T System and method for automatic setup of a network device with secure network transmission of setup parameters
US7609837B2 (en) * 2005-09-01 2009-10-27 Sharp Laboratories Of America, Inc. System and method for automatic setup of a network device with secure network transmission of setup parameters
US20070050615A1 (en) * 2005-09-01 2007-03-01 Shugong Xu System and method for automatic setup of a network device with secure network transmission of setup parameters using a standard remote control
US7916869B2 (en) * 2005-09-01 2011-03-29 Sharp Laboratories Of America, Inc. System and method for automatic setup of a network device with secure network transmission of setup parameters using a standard remote control
US20070067589A1 (en) * 2005-09-20 2007-03-22 Cisco Technology, Inc. Smart zoning to enforce interoperability matrix in a storage area network
US8161134B2 (en) * 2005-09-20 2012-04-17 Cisco Technology, Inc. Smart zoning to enforce interoperability matrix in a storage area network
US10252856B2 (en) 2007-03-23 2019-04-09 Allegiance Corporation Fluid collection and disposal system having interchangeable collection and other features and methods relating thereof
US9604778B2 (en) 2007-03-23 2017-03-28 Allegiance Corporation Fluid collection and disposal system having interchangeable collection and other features and methods relating thereto
US9889239B2 (en) 2007-03-23 2018-02-13 Allegiance Corporation Fluid collection and disposal system and related methods
US20090012485A1 (en) * 2007-03-23 2009-01-08 Michaels Thomas L Fluid collection and disposal system having interchangeable collection and other features and methods relating thereto
US8500706B2 (en) 2007-03-23 2013-08-06 Allegiance Corporation Fluid collection and disposal system having interchangeable collection and other features and methods relating thereto
US20110178482A1 (en) * 2007-03-23 2011-07-21 Cardinal Health, Inc. Fluid collection and disposal system and related methods
US8468223B2 (en) * 2008-12-04 2013-06-18 Cisco Technology, Inc. Cooperation for consumer and service provider MoCA networks
US20100142540A1 (en) * 2008-12-04 2010-06-10 Jack Thomas Matheney Efficient data transmission within moca
US20100146616A1 (en) * 2008-12-04 2010-06-10 Garrett Albert L Cooperation for consumer and service provider moca networks
US8804516B2 (en) 2008-12-04 2014-08-12 Cisco Technology, Inc. Opportunistic transmissions within MoCA
US9998402B2 (en) 2008-12-04 2018-06-12 Cisco Technology, Inc. MoCA packet aggregation
US9106435B2 (en) 2008-12-04 2015-08-11 Cisco Technology, Inc. Efficient data transmission within MoCA
US9742620B2 (en) 2008-12-04 2017-08-22 Cisco Technology, Inc. Cooperation between MoCA service provider and consumer networks
US8655995B2 (en) 2009-01-13 2014-02-18 Whirlpool Corporation Home network commissioning
US20100180019A1 (en) * 2009-01-13 2010-07-15 Whirlpool Corporation Home network commissioning
US8460256B2 (en) 2009-07-15 2013-06-11 Allegiance Corporation Collapsible fluid collection and disposal system and related methods
US20110118680A1 (en) * 2009-07-15 2011-05-19 Cardinal Health, Inc. Fluid collection and disposal system and related methods
US11190605B2 (en) 2011-04-21 2021-11-30 Samsung Electronics Co., Ltd. Method and apparatus for connecting devices
US20120271901A1 (en) * 2011-04-21 2012-10-25 Samsung Electronics Co., Ltd. Method and apparatus for connecting devices
US10235199B2 (en) 2011-11-15 2019-03-19 Nicira, Inc. Migrating middlebox state for distributed middleboxes
US10977067B2 (en) 2011-11-15 2021-04-13 Nicira, Inc. Control plane interface for logical middlebox services
US11740923B2 (en) * 2011-11-15 2023-08-29 Nicira, Inc. Architecture of networks with middleboxes
US9552219B2 (en) 2011-11-15 2017-01-24 Nicira, Inc. Migrating middlebox state for distributed middleboxes
US9558027B2 (en) 2011-11-15 2017-01-31 Nicira, Inc. Network control system for configuring middleboxes
US11593148B2 (en) 2011-11-15 2023-02-28 Nicira, Inc. Network control system for configuring middleboxes
US20220326980A1 (en) * 2011-11-15 2022-10-13 Nicira, Inc. Architecture of networks with middleboxes
US9697033B2 (en) * 2011-11-15 2017-07-04 Nicira, Inc. Architecture of networks with middleboxes
US9697030B2 (en) 2011-11-15 2017-07-04 Nicira, Inc. Connection identifier assignment and source network address translation
US11372671B2 (en) * 2011-11-15 2022-06-28 Nicira, Inc. Architecture of networks with middleboxes
US20170277557A1 (en) * 2011-11-15 2017-09-28 Nicira, Inc. Architecture of networks with middleboxes
US20150142938A1 (en) * 2011-11-15 2015-05-21 Nicira, Inc. Architecture of networks with middleboxes
US8966024B2 (en) * 2011-11-15 2015-02-24 Nicira, Inc. Architecture of networks with middleboxes
US10089127B2 (en) 2011-11-15 2018-10-02 Nicira, Inc. Control plane interface for logical middlebox services
US10191763B2 (en) * 2011-11-15 2019-01-29 Nicira, Inc. Architecture of networks with middleboxes
WO2013074827A1 (en) * 2011-11-15 2013-05-23 Nicira, Inc. Architecture of networks with middleboxes
US20130132531A1 (en) * 2011-11-15 2013-05-23 Nicira, Inc. Architecture of networks with middleboxes
US10310886B2 (en) 2011-11-15 2019-06-04 Nicira, Inc. Network control system for configuring middleboxes
US10514941B2 (en) 2011-11-15 2019-12-24 Nicira, Inc. Load balancing and destination network address translation middleboxes
US10949248B2 (en) 2011-11-15 2021-03-16 Nicira, Inc. Load balancing and destination network address translation middleboxes
US10922124B2 (en) 2011-11-15 2021-02-16 Nicira, Inc. Network control system for configuring middleboxes
US10884780B2 (en) * 2011-11-15 2021-01-05 Nicira, Inc. Architecture of networks with middleboxes
US9253260B1 (en) * 2011-12-28 2016-02-02 Ewc Controls Incorporated Hybrid zone control system
US20140180447A1 (en) * 2012-12-26 2014-06-26 Hon Hai Precision Industry Co., Ltd. Smart adapter and remote control system using the same
US10771505B2 (en) 2013-02-12 2020-09-08 Nicira, Inc. Infrastructure level LAN security
US11411995B2 (en) 2013-02-12 2022-08-09 Nicira, Inc. Infrastructure level LAN security
US11743292B2 (en) 2013-02-12 2023-08-29 Nicira, Inc. Infrastructure level LAN security
US20150381578A1 (en) * 2014-06-30 2015-12-31 Nicira, Inc. Method and Apparatus for Differently Encrypting Data Messages for Different Logical Networks
US10747888B2 (en) * 2014-06-30 2020-08-18 Nicira, Inc. Method and apparatus for differently encrypting data messages for different logical networks
US11087006B2 (en) 2014-06-30 2021-08-10 Nicira, Inc. Method and apparatus for encrypting messages based on encryption group association
US20160197899A1 (en) * 2015-01-07 2016-07-07 Ememory Technology Inc. Method of Dynamically Encrypting Fingerprint Data and Related Fingerprint Sensor
CN105068437A (en) * 2015-08-05 2015-11-18 谭乾俊 Speech recognition intelligent control system based on power carrier wave
WO2017088116A1 (en) * 2015-11-25 2017-06-01 深圳市科诺德智联科技有限公司 Method and system for controlling smart home based on s-link
US11533301B2 (en) 2016-08-26 2022-12-20 Nicira, Inc. Secure key management protocol for distributed network encryption
US10798073B2 (en) 2016-08-26 2020-10-06 Nicira, Inc. Secure key management protocol for distributed network encryption

Also Published As

Publication number Publication date
US20120082308A1 (en) 2012-04-05
US9401836B2 (en) 2016-07-26
JP3946122B2 (en) 2007-07-18
JP2003143188A (en) 2003-05-16

Similar Documents

Publication Publication Date Title
US9401836B2 (en) Methods and apparatus for configuring multiple logical networks of devices on a single physical network
US7430591B2 (en) Methods and arrangements for configuring functional networks
KR100628493B1 (en) Communication device
CA2530343C (en) System for the internet connections, and server for routing connections to a client machine
KR100695242B1 (en) The method for connecting devices in dynamic family networking
US7327701B2 (en) System, computer program product and method for accessing a local network of electronic devices
KR100823705B1 (en) Method and system for optimization of data transfer between networked devices
US20020040397A1 (en) IP based network system and networking method thereof
US20110026535A1 (en) Bridge apparatus and bridge system
JP2004080755A (en) Method for connecting electronic device to network, wireless electronic device and control device
JP2003337772A (en) Device for providing remote control service through communication network, system using the same, and method therefor
JP2013530601A (en) Method and system for Wi-Fi setup and configuration
KR100906677B1 (en) Secure remote access system and method for universal plug and play
KR100645182B1 (en) Control method of home-network system
KR100631515B1 (en) Device Control Method in JPNP Based Network
KR100455123B1 (en) Control message multicasting method and apparatus for universal plug and play network system
KR100400459B1 (en) Home Appliance Networking System and Method for the same
KR100548265B1 (en) Device controlling system and method for network based to privately internet protocol
KR100565499B1 (en) Plug-in method of master appliances
JP4087366B2 (en) COMMUNICATION DEVICE, COMMUNICATION SYSTEM, AND COMMUNICATION METHOD
Brunen et al. The Future of Transmission Protocols in the Context of a Smart Home System
Kyntaja et al. Wireless residential network based on IPv6
JP2005110309A (en) Communication apparatus
KR20050076962A (en) Apparatus and method for setting network address
JP2009071866A (en) Communication apparatus

Legal Events

Date Code Title Description
AS Assignment

Owner name: MITSUBISHI ELECTRIC AND ELECTRONICS, U.S.A. INC.,

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CHAMBERLAIN, ROBERT L.;REEL/FRAME:013329/0400

Effective date: 20020916

AS Assignment

Owner name: HITACHI SEMICONDUCTOR (AMERICA) INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MITSUBISHI ELECTRIC AND ELECTRONICS USA, INC.;REEL/FRAME:021798/0174

Effective date: 20030331

Owner name: RENESAS TECHNOLOGY AMERICA, INC., CALIFORNIA

Free format text: CHANGE OF NAME;ASSIGNOR:HITACHI SEMICONDUCTOR (AMERICA) INC.;REEL/FRAME:021798/0367

Effective date: 20030331

Owner name: HITACHI SEMICONDUCTOR (AMERICA) INC.,CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MITSUBISHI ELECTRIC AND ELECTRONICS USA, INC.;REEL/FRAME:021798/0174

Effective date: 20030331

Owner name: RENESAS TECHNOLOGY AMERICA, INC.,CALIFORNIA

Free format text: CHANGE OF NAME;ASSIGNOR:HITACHI SEMICONDUCTOR (AMERICA) INC.;REEL/FRAME:021798/0367

Effective date: 20030331

AS Assignment

Owner name: RENESAS ELECTRONICS AMERICA INC.,CALIFORNIA

Free format text: MERGER;ASSIGNOR:RENESAS TECHNOLOGY AMERICA, INC.;REEL/FRAME:024389/0283

Effective date: 20100401

Owner name: RENESAS ELECTRONICS AMERICA INC., CALIFORNIA

Free format text: MERGER;ASSIGNOR:RENESAS TECHNOLOGY AMERICA, INC.;REEL/FRAME:024389/0283

Effective date: 20100401

STCB Information on status: application discontinuation

Free format text: ABANDONED -- AFTER EXAMINER'S ANSWER OR BOARD OF APPEALS DECISION