Methods for iteratively deriving security keys for communications sessions

US 20030208677A1
Filed: 05/03/2002
Published: 11/06/2003
Est. Priority Date: 05/03/2002
Status: Active Grant

First Claim

Patent Images

1. In a computing environment with a network group, an access client and an access server being members of the network group, the access client having authenticated itself to an authentication server serving the network group, the authentication resulting in a master security key known to the access client and to the authentication server, a method for the access client to iteratively derive a transient session security key, the method comprising:

running a first function, with inputs to the first function comprising the master security key and first liveness information;

assigning an output of the first function to a first master session security key;

deriving a first transient session security key from the first master session security key;

running a second function, with inputs to the second function comprising the first transient session security key and second liveness information;

assigning an output of the second function to a second master session security key; and

deriving a second transient session security key from the second master session security key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are methods for a client, having established one set of security keys, to establish a new set without having to communicate with an authentication server. When the client joins a group, master session security keys are derived and made known to the client and to the group'"'"'s access server. From the master session security keys, the access server and client each derive transient session security keys, used for authentication and encryption. To change the transient session security keys, the access server creates “liveness” information and sends it to the client. New master session security keys are derived from the liveness information and the current set of transient session security keys. From these new master session security keys are derived new transient session security keys. This process limits the amount of data sent using one set of transient session security keys and thus limits the effectiveness of any statistical attacker.

56 Citations

View as Search Results

39 Claims

1. In a computing environment with a network group, an access client and an access server being members of the network group, the access client having authenticated itself to an authentication server serving the network group, the authentication resulting in a master security key known to the access client and to the authentication server, a method for the access client to iteratively derive a transient session security key, the method comprising:
- running a first function, with inputs to the first function comprising the master security key and first liveness information;
  
  assigning an output of the first function to a first master session security key;
  
  deriving a first transient session security key from the first master session security key;
  
  running a second function, with inputs to the second function comprising the first transient session security key and second liveness information;
  
  assigning an output of the second function to a second master session security key; and
  
  deriving a second transient session security key from the second master session security key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein running a first function and running a second function comprise running the same function.
  - 3. The method of claim 1 wherein running a first function comprises taking an exclusive bit-wise OR of a first hash function and a second hash function, with inputs to the first hash function comprising a first half of the master security key and the first liveness information, and with inputs to the second hash function comprising a second half of the master security key and the first liveness information.
  - 4. The method of claim 1 wherein the first liveness information comprises information selected from the group consisting of:
    - a random value set by the access client, a random value set by the authentication server, and a timestamp.
  - 5. The method of claim 1 wherein deriving a first transient session security key comprises truncating the first master session security key and wherein deriving a second transient session security key comprises truncating the second master session security key.
  - 6. The method of claim 1 wherein deriving a first transient session security key comprises deriving a key selected from the group consisting of:
    - an access-client-to-access-server encryption key, an access-server-to-access-client encryption key, an access-client-to-access-server authentication key, and an access-server-to-access-client authentication key.
  - 7. The method of claim 1 wherein running a second function comprises taking an exclusive bit-wise OR of a first hash function and a second hash function, with inputs to the first hash function comprising a first half of the first transient session security key and the second liveness information, and with inputs to the second hash function comprising a second half of the first transient session security key and the second liveness information.
  - 8. The method of claim 1 wherein the second liveness information comprises information selected from the group consisting of:
    - a random value set by the access client, a random value set by the access server, and a timestamp.
  - 9. The method of claim 1 further comprising receiving the second liveness information from the access server.
  - 10. The method of claim 9 further comprising decrypting the received second liveness information using an access-server-to-access-client encryption key derived from the first master session security key.

11. A computer-readable medium containing instructions for performing a method for an access client to iteratively derive a transient session security key, the access client and an access server being members of a network group, the access client having authenticated itself to an authentication server serving the network group, the authentication resulting in a master security key known to the access client and to the authentication server, the method comprising:
- running a first function, with inputs to the first function comprising the master security key and first liveness information;
  
  assigning an output of the first function to a first master session security key;
  
  deriving a first transient session security key from the first master session security key;
  
  running a second function, with inputs to the second function comprising the first transient session security key and second liveness information;
  
  assigning an output of the second function to a second master session security key; and
  
  deriving a second transient session security key from the second master session security key.

12. In a computing environment with a network group, an access client and an access server being members of the network group, the access client having authenticated itself to an authentication server serving the network group, the authentication resulting in a master security key known to the access client and to the authentication server, a method for the access server to iteratively derive a transient session security key, the method comprising:
- receiving a first master session security key;
  
  deriving a first transient session security key from the first master session security key;
  
  running a function, with inputs to the function comprising the first transient session security key and liveness information;
  
  assigning an output of the function to a second master session security key; and
  
  deriving a second transient session security key from the second master session security key.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12 wherein deriving a first transient session security key comprises truncating the first master session security key and wherein deriving a second transient session security key comprises truncating the second master session security key.
  - 14. The method of claim 12 wherein deriving a first transient session security key comprises deriving a key selected from the group consisting of:
    - an access-client-to-access-server encryption key, an access-server-to-access-client encryption key, an access-client-to-access-server authentication key, and an access-server-to-access-client authentication key.
  - 15. The method of claim 12 wherein running a function comprises taking an exclusive bit-wise OR of a first hash function and a second hash function, with inputs to the first hash function comprising a first half of the first transient session security key and the liveness information, and with inputs to the second hash function comprising a second half of the first transient session security key and the liveness information.
  - 16. The method of claim 12 wherein the liveness information comprises information selected from the group consisting of:
    - a random value set by the access client, a random value set by the access server, and a timestamp.
  - 17. The method of claim 12 further comprising sending the liveness information to the access client.
  - 18. The method of claim 17 further comprising determining when to send the second liveness information to the access client, the determining based upon a criterion selected from the group consisting of:
    - time since an access-server-to-access-client encryption key was derived from an output of the first function and amount of data sent to the access client encrypted using an access-server-to-access-client encryption key derived from an output of the first function.
  - 19. The method of claim 17 further comprising encrypting the liveness information using an access-server-to-access-client encryption key derived from the first master session security key.

20. A computer-readable medium containing instructions for performing a method for an access server to iteratively derive a transient session security key, an access client and the access server being members of a network group, the access client having authenticated itself to an authentication server serving the network group, the authentication resulting in a master security key known to the access client and to the authentication server, the method comprising:
- receiving a first master session security key;
  
  deriving a first transient session security key from the first master session security key;
  
  running a function, with inputs to the function comprising the first transient session security key and liveness information;
  
  assigning an output of the function to a second master session security key; and
  
  deriving a second transient session security key from the second master session security key.

21. In a computing environment with a network group, an access client and an access server being members of the network group, a master security key being known to the access client and to the access server, a method for the access client or the access server to iteratively derive a transient session security key, the method comprising:
- running a first function, with inputs to the first function comprising the master security key and identifier information;
  
  assigning an output of the first function to a first master session security key;
  
  deriving a first transient session security key from the first master session security key;
  
  running a second function, with inputs to the second function comprising the first transient session security key and first liveness information;
  
  assigning an output of the second function to a second master session security key;
  
  deriving a second transient session security key from the second master session security key;
  
  running a third function, with inputs to the third function comprising the second transient session security key and second liveness information;
  
  assigning an output of the third function to a third master session security key; and
  
  deriving a third transient session security key from the third master session security key.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 22. The method of claim 21 wherein running a first function, running a second function, and running a third function comprise running the same function.
  - 23. The method of claim 21 wherein running a first function comprises taking an exclusive bit-wise OR of a first hash function and a second hash function, with inputs to the first hash function comprising a first half of the master security key and the identifier information, and with inputs to the second hash function comprising a second half of the master security key and the identifier information.
  - 24. The method of claim 21 wherein the identifier information comprises a hardware address of the access server concatenated with a hardware address of the access client.
  - 25. The method of claim 21 wherein deriving a first transient session security key comprises truncating the first master session security key, wherein deriving a second transient session security key comprises truncating the second master session security key, and wherein deriving a third transient session security key comprises truncating the third master session security key.
  - 26. The method of claim 21 wherein running a second function comprises taking an exclusive bit-wise OR of a first hash function and a second hash function, with inputs to the first hash function comprising a first half of the first transient session security key and the first liveness information, and with inputs to the second hash function comprising a second half of the first transient session security key and the first liveness information.
  - 27. The method of claim 21 wherein the second liveness information comprises information selected from the group consisting of:
    - a random value set by the access client, a random value set by the access server, and a timestamp.
  - 28. The method of claim 21 wherein deriving a second transient session security key comprises deriving a key selected from the group consisting of:
    - an access-client-to-access-server encryption key, an access-server-to-access-client encryption key, an access-client-to-access-server authentication key, and an access-server-to-access-client authentication key.
  - 29. The method of claim 21 performed on the access client and further comprising receiving the second liveness information from the access server.
  - 30. The method of claim 29 further comprising decrypting the received second liveness information using an access-server-to-access-client encryption key derived from an output of the second function.
  - 31. The method of claim 21 performed on the access server and further comprising sending the second liveness information to the access client.
  - 32. The method of claim 31 further comprising determining when to send the second liveness information to the access client, the determining based upon a criterion selected from the group consisting of:
    - time since an access-server-to-access-client encryption key was derived from an output of the second function and amount of data sent to the access client encrypted using an access-server-to-access-client encryption key derived from an output of the second function.
  - 33. The method of claim 31 further comprising encrypting the second liveness information using an access-server-to-access-client encryption key derived from the second master session security key.

34. A computer-readable medium containing instructions for performing a method for an access server or an access client to iteratively derive a transient session security key, the access client and the access server being members of a network group, a master security key being known to the access client and to the access server, the method comprising:
- running a first function, with inputs to the first function comprising the master security key and identifier information;
  
  assigning an output of the first function to a first master session security key;
  
  deriving a first transient session security key from the first master session security key;
  
  running a second function, with inputs to the second function comprising the first transient session security key and first liveness information;
  
  assigning an output of the second function to a second master session security key;
  
  deriving a second transient session security key from the second master session security key;
  
  running a third function, with inputs to the third function comprising the second transient session security key and second liveness information;
  
  assigning an output of the third function to a third master session security key; and
  
  deriving a third transient session security key from the third master session security key.

35. In a computing environment with a network group, an access client and an access server being members of the network group, the access client having authenticated itself to an authentication server serving the network group, the authentication resulting in a master security key known to the access client and to the authentication server, a method for iteratively deriving a transient session security key, the method comprising:
- running, on the access client and on the authentication server, a first function, with inputs to the first function comprising the master security key and first liveness information;
  
  assigning, on the access client and on the authentication server, an output of the first function to a first master session security key;
  
  sending, from the authentication server to the access server, the first master session security key;
  
  deriving, on the access client and on the access server, a first transient session security key from the first master session security key;
  
  running, on the access client and on the access server, a second function, with inputs to the second function comprising the first transient session security key and second liveness information;
  
  assigning, on the access client and on the access server, an output of the second function to a second master session security key; and
  
  deriving, on the access client and on the access server, a second transient session security key from the second master session security key.
- View Dependent Claims (36, 37, 38)
- - 36. The method of claim 35 further comprising:
    - sending, from the access client to the authentication server, a random value set by the access client; and
      
      sending, from the authentication server to the access client, a random value set by the authentication server wherein the first liveness information comprises information selected from the group consisting of;
      
      the random value set by the access client, the random value set by the authentication server, and a timestamp.
  - 37. The method of claim 35 further comprising:
    - sending, from the access server to the access client, the second liveness information wherein the second liveness information comprises information selected from the group consisting of;
      
      a random value set by the access server and a timestamp.
  - 38. The method of claim 37 further comprising:
    - encrypting, on the access server, the second liveness information using an access-server-to-access-client encryption key derived from an output of the first function; and
      
      decrypting, on the access client, the received second liveness information using an access-server-to-access-client encryption key derived from an output of the first function.

39. A computer-readable medium containing instructions for performing a method for iteratively deriving a transient session security key, an access client and an access server being members of a network group, the access client having authenticated itself to an authentication server serving the network group, the authentication resulting in a master security key known to the access client and to the authentication server, the method comprising:
- running, on the access client and on the authentication server, a first function, with inputs to the first function comprising the master security key and first liveness information;
  
  assigning, on the access client and on the authentication server, an output of the first function to a first master session security key;
  
  sending, from the authentication server to the access server, the first master session security key;
  
  deriving, on the access client and on the access server, a first transient session security key from the first master session security key;
  
  running, on the access client and on the access server, a second function, with inputs to the second function comprising the first transient session security key and second liveness information;
  
  assigning, on the access client and on the access server, an output of the second function to a second master session security key; and
  
  deriving, on the access client and on the access server, a second transient session security key from the second master session security key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Moore, Timothy M., Simon, Daniel R., Ayyagari, Arun, Bahl, Pradeep, Aboba, Bernard D., Ganugapati, Krishna

Granted Patent

US 7,464,265 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 2463/061   applying further key deriva...

H04L 63/065   for group communications cr...

H04L 63/08   for authentication of entit...

H04L 63/104   Grouping of entities

H04L 67/14   Session management for real...

H04L 9/0833   involving conference or gro...

H04L 9/0841   involving Diffie-Hellman or...

Methods for iteratively deriving security keys for communications sessions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Methods for iteratively deriving security keys for communications sessions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links