Key Distribution in Systems for Selective Access to Information
First Claim
1. A method for improved key distribution in a system for selective access to services, wherein a group key management message, including a service access key, is transferred to a group of users for access to a selected service, said method comprising:
- creating a set of encryption keys based on a stateless subset cover scheme, each user being associated with a leaf in said subset cover scheme;
establishing a state key and a corresponding state representing a subset of users that have the state key and a subset of users that do not have the state key;
determining a subset cover based on information representative of the established state; and
determining said group key management message at least partly based on the determined subset cover.
1 Assignment
0 Petitions
Accused Products
Abstract
A combination of stateless and state-full techniques enable reduced overall key management messages. A set of encryption keys is created based on a stateless subset cover scheme, where each user is associated with a leaf in the subset cover scheme. A state key and a corresponding state representing a subset of users that have the state key and a subset of users that do not have the state key is established, and a subset cover based on information representative of the established state is determined. Finally, a group key management message can be determined at least partly based on the calculated subset cover. The introduced state opens up for efficient subset cover calculation, reducing the size of the key management message.
36 Citations
39 Claims
-
1. A method for improved key distribution in a system for selective access to services, wherein a group key management message, including a service access key, is transferred to a group of users for access to a selected service, said method comprising:
-
creating a set of encryption keys based on a stateless subset cover scheme, each user being associated with a leaf in said subset cover scheme; establishing a state key and a corresponding state representing a subset of users that have the state key and a subset of users that do not have the state key; determining a subset cover based on information representative of the established state; and determining said group key management message at least partly based on the determined subset cover. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An arrangement for improved key distribution in a system for selective access to services, wherein a group key management message is transferred to a group of users, said arrangement comprising:
-
means for creating set of encryption keys based on a stateless subset cover scheme, each user being associated with a leaf in said scheme; means for establishing at least a state key and a corresponding at least a state representing a subset of users that have the at least a state key and a subset of users that do not have the at least a state key; means for determining at least a subset cover based on information representative of the established at least a state; and means for determining at least part of said group key management message at least partly based on the determined said at least a subset cover. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
Specification