Method and apparatus for generating large numbers of encryption keys

US 20060062384A1
Filed: 09/21/2004
Published: 03/23/2006
Est. Priority Date: 09/21/2004
Status: Active Grant

First Claim

Patent Images

1. A method of generating encryption keys, the method comprising the steps of:

obtaining information associated with key exchange sessions from group members;

generating keys for the group members from the information;

generating additional random information during the step of generating keys; and

combining the additional random information with a fresh random secret to stretch the fresh random secret to enable a large number of encryption keys to be generated from the fresh random secret.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Entropy obtained from a series of key generation exchanges may be combined with entropy from a strong entropy source to allow the strong entropy to be stretched to generate a larger number of keys for use on a communication network, without requiring additional information from the group members and without requiring the entropy source to be increased in size or in number. In one embodiment, nonces exchanged during an initial key exchange are used to generate additional key material that is then fed, together with a fresh random secret, to another pseudo-random function to generate an additional key stream. The fresh ransom secret may be generated at the GCKS from a physical entropy source or other entropy source, and may be changed at will by the GCKS to further increase the strength of the keys. The methods are particularly useful for group key management where a large number of keys are required to be generated in a short time frame.

69 Citations

View as Search Results

17 Claims

1. A method of generating encryption keys, the method comprising the steps of:
- obtaining information associated with key exchange sessions from group members;
  
  generating keys for the group members from the information;
  
  generating additional random information during the step of generating keys; and
  
  combining the additional random information with a fresh random secret to stretch the fresh random secret to enable a large number of encryption keys to be generated from the fresh random secret.

2. A method of generating encryption keys, comprising:
- combining, using a first pseudo-random function, a plurality of nonces and Diffie-Hellman values to create a first plurality of encryption keys and additional encryption material;
  
  combining, using a second pseudo-random function, the additional encryption material with a fresh random secret to create a second plurality of encryption keys.
- View Dependent Claims (3, 4)
- - 3. The method of claim 2, wherein the additional encryption material comprises a first string of random numbers and a second string of random numbers.
  - 4. The method of claim 2, wherein a portion of the nonces and Diffie-Hellman values are obtained from a group member seeking encryption keys, and a portion of the nonces and Diffie-Hellman values are obtained from a Group Controller Key Server (GCKS).

5. A Group Controller Key Server (GCKS), comprising:
- program logic code configured to participate in encryption key exchanges with group members;
  
  program logic code configured to generate encryption keys for the group members;
  
  program logic code configured to generate additional encryption key material in connection with generating encryption keys for the group members; and
  
  program logic code configured to combine the additional encryption key material with a fresh random secret to generate additional keys from entropy contained in the additional encryption key material and entropy contained in the fresh random secret.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The GCKS of claim 5, wherein the program logic code configured to generate additional keys implements a pseudo-random function.
  - 7. The GCKS of claim 5, further comprising a fresh random secret generator configured to generate the fresh random secret.
  - 8. The GCKS of claim 7, wherein the fresh random secret generator is a physical entropy source.
  - 9. The GCKS of claim 5, wherein the program logic code configured to generate additional keys is further configured to use entropy from other key exchanges with other group members.

10. A method of generating encryption keys for use on a communication network, the method comprising the steps of:
- obtaining first entropy from key exchanges with group members; and
  
  combining the first entropy with second entropy contained in a fresh random secret to generate additional keys for use on the communication network.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, wherein the first entropy is obtained in connection with participating in a key exchange procedure, said key exchange procedure comprising exchanging nonces and Diffie-Hellman values, generating a seedkey from the nonces and Diffie-Hellman values, and using the seedkey to generate the encryption keys and the first entropy.
  - 12. The method of claim 11, wherein the seedkey is used as input to a first pseudo-random function to generate a stream of pseudo-random information, a first portion of said pseudo-random information being used to form the encryption keys and a second portion of said pseudo-random information being used to form the first entropy.
  - 13. The method of claim 10, wherein the step of combining the first entropy with second entropy comprises combing first entropy from a plurality of key exchanges with different group members.
  - 14. The method of claim 10, further comprising the step of changing the fresh random secret from a first fresh random secret to a second fresh random secret.
  - 15. The method of claim 10, wherein the fresh random secret is generated by a physical entropy source.
  - 16. The method of claim 15, wherein step of combining the first entropy with the second entropy is performed using a pseudo-random function.
  - 17. The method of claim 16, wherein the key exchanges are performed using a first pseudo-random function, and wherein the step of combining the first entropy with the second entropy is performed using a second pseudo-random function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Clearinghouse LLC (RPX Corporation)
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Dondeti, Lakshminath R.

Granted Patent

US 8,594,323 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/44
CPC Class Codes

H04L 9/065   Encryption by serially and ...

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/0869   involving random numbers or...

Method and apparatus for generating large numbers of encryption keys

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

69 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for generating large numbers of encryption keys

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links