KEY DISTRIBUTING METHOD, PUBLIC KEY OF KEY DISTRIBUTION CENTRE ONLINE UPDATING METHOD AND DEVICE

US 20110103589A1
Filed: 05/26/2009
Published: 05/05/2011
Est. Priority Date: 05/29/2008
Status: Abandoned Application

First Claim

Patent Images

1. A key distribution method, wherein a key distribution center has a public-private key pair, and the method comprises:

receiving, by the key distribution center, a key request message forwarded via a carrier device from a first communication entity, the key request message comprising a temporary public key of a first communication entity;

searching, by the key distribution center, a database for whether the first communication entity and a second communication entity both have registered a security service, and generating a session key for communication between the first communication entity and the second communication entity if they both have registered the security service;

encrypting, by the key distribution center, the session key using the temporary public key of the first communication entity, and calculating a signature using the private key of the key distribution center, to form a key response message;

returning, by the key distribution center, the key response message to the first communication entity via the carrier device;

receiving, by the key distribution center, a key request message forwarded via the carrier device from the second communication entity, the key request message comprising a temporary public key of the second communication entity;

encrypting, by the key distribution center, the session key for communication between the second communication entity and the first communication entity using the temporary public key of the second communication entity, and calculating a signature using the private key of the key distribution center, to form a key response message; and

returning, by the key distribution center, the key response message formed using the temporary public key of the second communication entity to the second communication entity via the carrier device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A key distributing method, a public key of key distribution centre online updating method, a key distribution centre, a communication entity and a key management system. The system includes: communication entities, a carrying device, a key distribution centre and a database, wherein the carrying device carries or transports the information during the key distributing course and the public key online updating course, the database stores whether each communication entity registered secret service; the database connects with the key distribution centre, the key distribution centre connects with the carrying device, and the carrying device connects with each communication entity. Using the cipher technology of public key, a key distribution system is provided based on principle of three-element peer authentication (TePA). The system safely distributes the communication key to each pair entities to enable keys have PFS attribute, reduces the key management complexity of the system, and realizes online updating of the public key of the trusted third party i.e. key distribution centre.

49 Citations

View as Search Results

21 Claims

1. A key distribution method, wherein a key distribution center has a public-private key pair, and the method comprises:
- receiving, by the key distribution center, a key request message forwarded via a carrier device from a first communication entity, the key request message comprising a temporary public key of a first communication entity;
  
  searching, by the key distribution center, a database for whether the first communication entity and a second communication entity both have registered a security service, and generating a session key for communication between the first communication entity and the second communication entity if they both have registered the security service;
  
  encrypting, by the key distribution center, the session key using the temporary public key of the first communication entity, and calculating a signature using the private key of the key distribution center, to form a key response message;
  
  returning, by the key distribution center, the key response message to the first communication entity via the carrier device;
  
  receiving, by the key distribution center, a key request message forwarded via the carrier device from the second communication entity, the key request message comprising a temporary public key of the second communication entity;
  
  encrypting, by the key distribution center, the session key for communication between the second communication entity and the first communication entity using the temporary public key of the second communication entity, and calculating a signature using the private key of the key distribution center, to form a key response message; and
  
  returning, by the key distribution center, the key response message formed using the temporary public key of the second communication entity to the second communication entity via the carrier device.
- View Dependent Claims (4, 5, 6, 7, 8)
- - 4. The key distribution method according to claim 1, wherein the key request message and the key response message further comprise a security parameter for negotiation and advertisement of an encryption algorithm, an operating mode, and an operating parameter.
  - 5. The key distribution method according to claim 1, wherein:
    - the key request message forwarded via the carrier device from the first communication entity further comprises information about the second communication entity; and
      
      the key request message forwarded via the carrier device from the second communication entity further comprises information about the first communication entity.
  - 6. The key distribution method according to claim 1, comprising:
    - searching, by the key distribution center, the database to obtain a list of communication entities that have registered a security service;
      
      generating, by the key distribution center, a public-key update notification message, the public-key update notification message comprising a new public key of the key distribution center and a signature calculated using an old private key of the key distribution center; and
      
      sending, by the key distribution center, the public-key update notification message to a communication entity that has registered the security service according to the list of communication entities that have registered the security service via a carrier device.
  - 7. The key distribution method according to claim 6, further comprising:
    - verifying, by the communication entity, the signature in the public-key update notification message sent via the carrier device from the key distribution center using a locally-stored public key of the key distribution center upon reception of the public-key update notification message, and updating the locally-stored public key of the key distribution center with the new public key in the public-key update notification message if the verification is passed.
  - 8. The key distribution method according to claim 7, further comprising:
    - sending, by the communication entity, a public-key update confirmation message to the key distribution center via the carrier device after finishing updating the locally-stored public key of the key distribution center; and
      
      receiving, by the key distribution center, the public-key update confirmation message via the carrier device that is sent from the communication entity, the public-key update confirmation message comprising information on the communication entity having finished updating the public key of the key distribution center.

2. A key distribution method, wherein communication entities obtain a public key of a key distribution center before secure communication, and the method comprises:
- generating, by a first communication entity and a second communication entity, their respective temporary public-private key pairs;
  
  sending, by each of the first communication entity and the second communication entity, a key request message using its generated temporary public key to the key distribution center via a carrier device, the key request message comprising the temporary public key of the corresponding communication entity;
  
  receiving, a key response message sent from the key distribution center via the carrier device, the key response message comprising a session key for communication between the first communication entity and the second communication entity; and
  
  performing, by each of the first communication entity and the second communication entity, signature verification on the key response message using the public key of the key distribution center, and decrypting the key response message using its temporary private key if the verification is passed, to obtain the session key.
- View Dependent Claims (3, 19, 20, 21)
- - 3. The key distribution method according to claim 2, further comprising:
    - removing, by the first communication entity and the second communication entity, their respective temporary public-private key pairs after communication using the session key, and when secure communication is to be started next time, or when the session key is to be updated during secure communication, regenerating their respective temporary public-private key pairs, sending key request messages to the key distribution center via the carrier device, and repeating the steps above, to obtain a new session key.
  - 19. The key distribution method according to claim 2, wherein the key request message and the key response message further comprise a security parameter for negotiation and advertisement of an encryption algorithm, an operating mode, and an operating parameter.
  - 20. The key distribution method according to claim 2, wherein:
    - the key request message forwarded via the carrier device from the first communication entity further comprises information about the second communication entity; and
      
      the key request message forwarded via the carrier device from the second communication entity further comprises information about the first communication entity.
  - 21. The key distribution method according to claim 2, comprising:
    - searching, by the key distribution center, the database to obtain a list of communication entities that have registered a security service;
      
      generating, by the key distribution center, a public-key update notification message, the public-key update notification message comprising a new public key of the key distribution center and a signature calculated using an old private key of the key distribution center; and
      
      sending, by the key distribution center, the public-key update notification message to a communication entity that has registered the security service according to the list of communication entities that have registered the security service via a carrier device.

9. A key distribution center, wherein the key distribution center having a public-private key pair, and the key distribution center comprises:
- a first reception unit, adapted to receive a key request message forwarded via a carrier device from the first communication entity, the key request message comprising a temporary public key of a first communication entity and information about a second communication entity that the first communication entity is to communicate with, and receive a second key request message forwarded via the carrier device from the second communication entity, the second key request message comprising a temporary public key of the second communication entity and information about the first communication entity that the second communication entity is to communicate with;
  
  a querying unit, adapted to search a database for whether the first communication entity and the second communication entity both have registered a security service, and send a query result;
  
  a first generation unit, adapted to generate a session key for communication between the first communication entity and the second communication entity upon reception of the query result sent by the querying unit that the first communication entity and the second communication entity both have registered the security service;
  
  an encryption unit, adapted to encrypt the session key generated by the generation unit using the temporary public key of the first communication entity and calculate a signature using the private key of the key distribution center, to form a key response message, and, encrypt the session key for communication between the second communication entity and the first communication entity using the temporary public key of the second communication entity and calculate a signature using the private key of the key distribution center, to form a key response message; and
  
  a first sending unit, adapted to return the key response message formed by the encryption unit using the temporary public key of the first communication entity to the first communication entity via the carrier device, and return the key response message formed using the temporary public key of the second communication entity to the second communication entity via the carrier device.
- View Dependent Claims (10, 11)
- - 10. The key distribution center according to claim 9, further comprising:
    - an obtaining unit, adapted to search the database to obtain a list of communication entities that have registered the security service;
      
      a second generation unit, adapted to generate a public-key update notification message, the public-key update notification message comprising a new public key of the key distribution center and a signature calculated using an old private key of the key distribution center; and
      
      a second sending unit, adapted to send the public-key update notification message to a communication entity that has registered the security service via the carrier device according to the list obtained by the obtaining unit of communication entities that have registered the security service.
  - 11. The key distribution center according to claim 10, further comprising:
    - a second reception unit, adapted to receive a public-key update confirmation message sent via the carrier device from the communication entity, the public-key update confirmation message comprising information on the communication entity having finished updating the public key of the key distribution center.

12. A communication entity, wherein the communication entity is adapted to obtain a public key of a key distribution center before secure communication, and the communication entity comprises:
- a generation unit, adapted to generate a temporary public-private key pair;
  
  a sending unit, adapted to send a key request message using the generated temporary public key to a key distribution center via a carrier device, the key request message comprising the temporary public key of the communication entity and information about a corresponding communication entity that the communication entity is to communicate with;
  
  a reception unit, adapted to receive a key response message sent from the key distribution center, the key response message comprising a session key for communication between the communication entity and the corresponding communication entity that the communication entity is to communicate with; and
  
  a verification unit, adapted to perform signature verification on the key response message using the public key of the key distribution center, and decrypt the key response message using the temporary private key of the communication entity if the verification is passed, to obtain the session key.
- View Dependent Claims (13, 14, 15)
- - 13. The communication entity according to claim 12, further comprising:
    - a key removal unit, adapted to remove the temporary public-private key pair after communication using the session key, and send to the generation unit a notification of regenerating a temporary public-private key pair when secure communication is to be started next time, or when the session key is to be updated during secure communication.
  - 14. The communication entity according to claim 12, further comprising:
    - a key updating unit, adapted to verify a signature in a public-key update notification message sent via the carrier device from the key distribution center using a locally-stored public key of the key distribution center upon reception of the public-key update notification message, and, update the locally-stored public key of the key distribution center with a new public key in the public-key update notification message if the verification is passed.
  - 15. The communication entity according to claim 14, further comprising:
    - a key update confirmation unit, adapted to send a public-key update confirmation message to the key distribution center via the carrier device after the key updating unit finishes updating the locally-stored public key of the key distribution center, the public-key update confirmation message comprising information on the communication entity having finished updated the public key of the key distribution center.

16. A key management system, comprising a communication entity, a carrier device, a key distribution center and a database, wherein:
- the carrier device is adapted to transport a key request message, a key response message, a public-key update notification or a public-key update confirmation message during key distribution process and public-key update processes;
  
  the database is adapted to store whether the communication entity has registered a security service and support the key distribution center;
  
  or, to return a list of communication entities that have registered the security service to the key distribution center;
  
  the key distribution center is connected with the carrier device and the database, and is adapted to determine whether to generate a session key according to a result from searching the database upon reception of the key request message forwarded via the carrier device, encrypt and sign the generated session key to form a key response message, and send the key response message to the communication entity via the carrier device;
  
  or, to search the database to obtain the list of communication entities that have registered the security service, send the generated public-key update notification message to the communication entity via the carrier device, and receive the public-key update confirmation message via the carrier device that is sent from the communication entity; and
  
  the communication entity is adapted to generate a temporary public-private key pair, send the key request message to the key distribution center via the carrier device, and perform signature verification on and decrypt the received key response message using a public key of the key distribution center and the temporary private key of the communication entity to obtain the session key;
  
  or, to update a stored public key upon reception of the public key update notification message via the carrier device that is sent from the key distribution center, and send the public-key update confirmation message to the key distribution center via the carrier device after finishing updating the stored public key.
- View Dependent Claims (17, 18)
- - 17. The key management system according to claim 16, wherein the key management system comprises two or more of the communication entities.
  - 18. The key management system according to claim 16, wherein the carrier device is:
    - a short messaging system, a Global System for Mobile communications system, a Code Division Multiple Access system, a Public Switched Telephone Network, or the Internet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
China Iwncomm Co., Ltd
Original Assignee
China Iwncomm Co., Ltd
Inventors
Huang, Zhenhai, Cao, Jun, Tie, Manxia, Lai, Xiaolong

Application Number

US12/994,690
Publication Number

US 20110103589A1
Time in Patent Office

Days
Field of Search
US Class Current

380/282
CPC Class Codes

H04L 9/0825   using asymmetric-key encryp...

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

KEY DISTRIBUTING METHOD, PUBLIC KEY OF KEY DISTRIBUTION CENTRE ONLINE UPDATING METHOD AND DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

49 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

KEY DISTRIBUTING METHOD, PUBLIC KEY OF KEY DISTRIBUTION CENTRE ONLINE UPDATING METHOD AND DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others