Methods for iteratively deriving security keys for communications sessions
First Claim
1. In a computing environment with a network group, an access client and an access server being members of the network group, the access client having authenticated itself to an authentication server serving the network group, the authentication resulting in a master security key known to the access client and to the authentication server, a method for the access client to iteratively derive a transient session security key, the method comprising:
- running a first function, with inputs to the first function comprising the master security key and first liveness information;
assigning an output of the first function to a first master session security key;
deriving a first transient session security key from the first master session security key;
running a second function, with inputs to the second function comprising the first transient session security key and second liveness information;
assigning an output of the second function to a second master session security key; and
deriving a second transient session security key from the second master session security key.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are methods for a client, having established one set of security keys, to establish a new set without having to communicate with an authentication server. When the client joins a group, master session security keys are derived and made known to the client and to the group'"'"'s access server. From the master session security keys, the access server and client each derive transient session security keys, used for authentication and encryption. To change the transient session security keys, the access server creates “liveness” information and sends it to the client. New master session security keys are derived from the liveness information and the current set of transient session security keys. From these new master session security keys are derived new transient session security keys. This process limits the amount of data sent using one set of transient session security keys and thus limits the effectiveness of any statistical attacker.
-
Citations
39 Claims
-
1. In a computing environment with a network group, an access client and an access server being members of the network group, the access client having authenticated itself to an authentication server serving the network group, the authentication resulting in a master security key known to the access client and to the authentication server, a method for the access client to iteratively derive a transient session security key, the method comprising:
-
running a first function, with inputs to the first function comprising the master security key and first liveness information;
assigning an output of the first function to a first master session security key;
deriving a first transient session security key from the first master session security key;
running a second function, with inputs to the second function comprising the first transient session security key and second liveness information;
assigning an output of the second function to a second master session security key; and
deriving a second transient session security key from the second master session security key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-readable medium containing instructions for performing a method for an access client to iteratively derive a transient session security key, the access client and an access server being members of a network group, the access client having authenticated itself to an authentication server serving the network group, the authentication resulting in a master security key known to the access client and to the authentication server, the method comprising:
-
running a first function, with inputs to the first function comprising the master security key and first liveness information;
assigning an output of the first function to a first master session security key;
deriving a first transient session security key from the first master session security key;
running a second function, with inputs to the second function comprising the first transient session security key and second liveness information;
assigning an output of the second function to a second master session security key; and
deriving a second transient session security key from the second master session security key.
-
-
12. In a computing environment with a network group, an access client and an access server being members of the network group, the access client having authenticated itself to an authentication server serving the network group, the authentication resulting in a master security key known to the access client and to the authentication server, a method for the access server to iteratively derive a transient session security key, the method comprising:
-
receiving a first master session security key;
deriving a first transient session security key from the first master session security key;
running a function, with inputs to the function comprising the first transient session security key and liveness information;
assigning an output of the function to a second master session security key; and
deriving a second transient session security key from the second master session security key. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer-readable medium containing instructions for performing a method for an access server to iteratively derive a transient session security key, an access client and the access server being members of a network group, the access client having authenticated itself to an authentication server serving the network group, the authentication resulting in a master security key known to the access client and to the authentication server, the method comprising:
-
receiving a first master session security key;
deriving a first transient session security key from the first master session security key;
running a function, with inputs to the function comprising the first transient session security key and liveness information;
assigning an output of the function to a second master session security key; and
deriving a second transient session security key from the second master session security key.
-
-
21. In a computing environment with a network group, an access client and an access server being members of the network group, a master security key being known to the access client and to the access server, a method for the access client or the access server to iteratively derive a transient session security key, the method comprising:
-
running a first function, with inputs to the first function comprising the master security key and identifier information;
assigning an output of the first function to a first master session security key;
deriving a first transient session security key from the first master session security key;
running a second function, with inputs to the second function comprising the first transient session security key and first liveness information;
assigning an output of the second function to a second master session security key;
deriving a second transient session security key from the second master session security key;
running a third function, with inputs to the third function comprising the second transient session security key and second liveness information;
assigning an output of the third function to a third master session security key; and
deriving a third transient session security key from the third master session security key. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. A computer-readable medium containing instructions for performing a method for an access server or an access client to iteratively derive a transient session security key, the access client and the access server being members of a network group, a master security key being known to the access client and to the access server, the method comprising:
-
running a first function, with inputs to the first function comprising the master security key and identifier information;
assigning an output of the first function to a first master session security key;
deriving a first transient session security key from the first master session security key;
running a second function, with inputs to the second function comprising the first transient session security key and first liveness information;
assigning an output of the second function to a second master session security key;
deriving a second transient session security key from the second master session security key;
running a third function, with inputs to the third function comprising the second transient session security key and second liveness information;
assigning an output of the third function to a third master session security key; and
deriving a third transient session security key from the third master session security key.
-
-
35. In a computing environment with a network group, an access client and an access server being members of the network group, the access client having authenticated itself to an authentication server serving the network group, the authentication resulting in a master security key known to the access client and to the authentication server, a method for iteratively deriving a transient session security key, the method comprising:
-
running, on the access client and on the authentication server, a first function, with inputs to the first function comprising the master security key and first liveness information;
assigning, on the access client and on the authentication server, an output of the first function to a first master session security key;
sending, from the authentication server to the access server, the first master session security key;
deriving, on the access client and on the access server, a first transient session security key from the first master session security key;
running, on the access client and on the access server, a second function, with inputs to the second function comprising the first transient session security key and second liveness information;
assigning, on the access client and on the access server, an output of the second function to a second master session security key; and
deriving, on the access client and on the access server, a second transient session security key from the second master session security key. - View Dependent Claims (36, 37, 38)
-
-
39. A computer-readable medium containing instructions for performing a method for iteratively deriving a transient session security key, an access client and an access server being members of a network group, the access client having authenticated itself to an authentication server serving the network group, the authentication resulting in a master security key known to the access client and to the authentication server, the method comprising:
-
running, on the access client and on the authentication server, a first function, with inputs to the first function comprising the master security key and first liveness information;
assigning, on the access client and on the authentication server, an output of the first function to a first master session security key;
sending, from the authentication server to the access server, the first master session security key;
deriving, on the access client and on the access server, a first transient session security key from the first master session security key;
running, on the access client and on the access server, a second function, with inputs to the second function comprising the first transient session security key and second liveness information;
assigning, on the access client and on the access server, an output of the second function to a second master session security key; and
deriving, on the access client and on the access server, a second transient session security key from the second master session security key.
-
Specification