| CPC H04L 9/0825 (2013.01) [H04L 9/0822 (2013.01); H04L 9/0841 (2013.01); H04L 9/3247 (2013.01)] | 9 Claims |
|
1. A method of establishing secure communication between a server and a device in a distributed control system, wherein a first public-private key pair comprising a server public key and a server private key is associated with the server, and wherein a second public-private key pair comprising a device public key and a device private key is associated with the device, the method comprising:
with the server, generating a server nonce;
transmitting the server public key, a server key signature comprising the server public key signed with an authorization private key, and the server nonce from the server to the device;
with the device, verifying the server public key by reading the server key signature with an authorization public key and verifying that the reading matches the server public key, signing the server nonce with the device private key, resulting in a server nonce signature, and generating a device nonce;
after verifying the server public key, transmitting the server nonce, the server nonce signature, the device public key, a device key signature comprising the device public key signed with the authorization private key, and the device nonce from the device to the server;
with the server, verifying the server nonce, verifying the device public key, generating a session key, encrypting the session key with the device public key, resulting in an encrypted session key, and signing a combination of the device nonce and the session key with the server private key, resulting in a combined signature;
transmitting the device nonce, the combined signature, and the encrypted session key from the server to the device; and
with the device, verifying the device nonce, decrypting the encrypted session key with the device private key, resulting in a decrypted session key, and verifying the decrypted session key.
|