Method and apparatus for generating large numbers of encryption keys
First Claim
1. A method of generating encryption keys, the method comprising the steps of:
- obtaining information associated with key exchange sessions from group members;
generating keys for the group members from the information;
generating additional random information during the step of generating keys; and
combining the additional random information with a fresh random secret to stretch the fresh random secret to enable a large number of encryption keys to be generated from the fresh random secret.
6 Assignments
0 Petitions
Accused Products
Abstract
Entropy obtained from a series of key generation exchanges may be combined with entropy from a strong entropy source to allow the strong entropy to be stretched to generate a larger number of keys for use on a communication network, without requiring additional information from the group members and without requiring the entropy source to be increased in size or in number. In one embodiment, nonces exchanged during an initial key exchange are used to generate additional key material that is then fed, together with a fresh random secret, to another pseudo-random function to generate an additional key stream. The fresh ransom secret may be generated at the GCKS from a physical entropy source or other entropy source, and may be changed at will by the GCKS to further increase the strength of the keys. The methods are particularly useful for group key management where a large number of keys are required to be generated in a short time frame.
69 Citations
17 Claims
-
1. A method of generating encryption keys, the method comprising the steps of:
-
obtaining information associated with key exchange sessions from group members;
generating keys for the group members from the information;
generating additional random information during the step of generating keys; and
combining the additional random information with a fresh random secret to stretch the fresh random secret to enable a large number of encryption keys to be generated from the fresh random secret.
-
-
2. A method of generating encryption keys, comprising:
-
combining, using a first pseudo-random function, a plurality of nonces and Diffie-Hellman values to create a first plurality of encryption keys and additional encryption material;
combining, using a second pseudo-random function, the additional encryption material with a fresh random secret to create a second plurality of encryption keys. - View Dependent Claims (3, 4)
-
-
5. A Group Controller Key Server (GCKS), comprising:
-
program logic code configured to participate in encryption key exchanges with group members;
program logic code configured to generate encryption keys for the group members;
program logic code configured to generate additional encryption key material in connection with generating encryption keys for the group members; and
program logic code configured to combine the additional encryption key material with a fresh random secret to generate additional keys from entropy contained in the additional encryption key material and entropy contained in the fresh random secret. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A method of generating encryption keys for use on a communication network, the method comprising the steps of:
-
obtaining first entropy from key exchanges with group members; and
combining the first entropy with second entropy contained in a fresh random secret to generate additional keys for use on the communication network. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
Specification