Key Sharing System

US 20110194698A1
Filed: 10/21/2009
Published: 08/11/2011
Est. Priority Date: 10/22/2008
Status: Abandoned Application

First Claim

Patent Images

1. An encrypting apparatus comprising:

a parameter selection unit for selecting a parameter used for sharing a session key with another information processing apparatus with which a simultaneous communication, in which a message protected with the session key is exchanged, is performed after the session key is shared, wherein the parameter selection unit selects the parameter as a procedure for sharing the session key in the simultaneous communication;

a member information generation unit for generating member information for transmitting the parameter used as a temporary key by a participating apparatus, i.e., an information processing apparatus participating in the simultaneous communication, by using the parameter selected by the parameter selection unit, a published parameter published in advance, a private key assigned to the encrypting apparatus in advance, and a public key assigned to the participating apparatus in advance;

a session information generation unit for generating session information used for identifying the simultaneous communication and generating the session key for the simultaneous communication, by using the member information, the parameter selected by the parameter selection unit, the published parameter, and the private key;

a session information obtaining unit for respectively obtaining other session information generated by the participating apparatus from the participating apparatus; and

a session key generation unit for generating the session key by using the session information generated by the encrypting apparatus and the session information generated by the participating apparatus.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When each apparatus generates session information needed for calculating a session key used in a simultaneous communication, an encrypting apparatus and a key processing apparatus according to the present invention causes each piece of session information to include a value dependent upon a private key unique to each apparatus, which is assigned to each apparatus in advance. Therefore, this provides protection against spoofing attempt by a member within a group.

Citations

25 Claims

1. An encrypting apparatus comprising:
- a parameter selection unit for selecting a parameter used for sharing a session key with another information processing apparatus with which a simultaneous communication, in which a message protected with the session key is exchanged, is performed after the session key is shared, wherein the parameter selection unit selects the parameter as a procedure for sharing the session key in the simultaneous communication;
  
  a member information generation unit for generating member information for transmitting the parameter used as a temporary key by a participating apparatus, i.e., an information processing apparatus participating in the simultaneous communication, by using the parameter selected by the parameter selection unit, a published parameter published in advance, a private key assigned to the encrypting apparatus in advance, and a public key assigned to the participating apparatus in advance;
  
  a session information generation unit for generating session information used for identifying the simultaneous communication and generating the session key for the simultaneous communication, by using the member information, the parameter selected by the parameter selection unit, the published parameter, and the private key;
  
  a session information obtaining unit for respectively obtaining other session information generated by the participating apparatus from the participating apparatus; and
  
  a session key generation unit for generating the session key by using the session information generated by the encrypting apparatus and the session information generated by the participating apparatus.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The encrypting apparatus according to claim 1, wherein the parameter selection unit selects a parameter δ
    - ε
      
      _RZ_q*, a parameter k₁ε
      
      _RZ_q*, and a parameter r having a predetermined number of bits.
  - 3. The encrypting apparatus according to claim 2, wherein the published parameter includes two groups G₁, G₂of an order q which are different from each other, a bilinear map e for mapping a combination of elements in the group G₁to the group G₂, a plurality of different hash functions, and two parameters P, P_pub, andthe member information generation unit respectively generates member information P_ieach corresponding to the participating apparatus according to Expression 1 below:
    - [Numerical expression 1]
      P_i=r⊕
      
      H_A(e(S₁,δ
      
      Q_i))
      
      (Expression
      
      1),wherein, in Expression 1, H_Adenotes one of the published hash functions, S₁denotes the private key assigned to the encrypting apparatus, Q_idenotes a public key each assigned to the participating apparatus in advance, and i denotes an integer from 2 to n.
  - 4. The encrypting apparatus according to claim 3, wherein the session information generation unit calculates a value X₁represented by Expression 2 below and a value Y₁represented by Expression 3, and generates session information D₁represented by Expression 4 below:
    - [Numerical expression 2]
      X₁=H_B(r∥
      
      L)·
      
      k₁P
      
      (Expression
      
           2),
      Y₁=k₁P_pubH_B(r∥
      
      L)·
      
      S₁
      
      (Expression
      
           3),
      D₁=δ
      
      ,P₂, . . . P_n,X₁,Y₁,L
      
      (Expression
      
           4),wherein, in Expression 2 and Expression 3, H_Bdenotes one of the published hash functions, and wherein, in Expression 4, P₂to P_ndenote the member information corresponding to each participating apparatus, and L denotes information about correspondence between the member information P₂to P_nand the participating apparatuses.
  - 5. The encrypting apparatus according to claim 4, further comprising:
    - a member verification unit for verifying validity of an apparatus participating in the simultaneous communication by using the session information generated by the encrypting apparatus and each of the session information D_i(i=2, . . . , n), represented by Expression 5, obtained from the participating apparatus,wherein the member verification unit calculates a verification parameter z represented by Expression 6 below, and verifies validity of the apparatus participating in the simultaneous communication based on whether Expression 7 below holds or not;
  - 6. The encrypting apparatus according to claim 5, wherein when Expression 7 holds, the member verification unit determines that the participating apparatus is constituted by a valid apparatus, and accordingly, the session key generation unit calculates session key K based on Expression 8 below:
    - [Numerical expression 4]
      K=H_C(z)
      
      (Expression
      
      8),wherein, in Expression 8, H_Cdenotes one of the published hash functions.
  - 7. The encrypting apparatus according to claim 1, wherein the published parameter includes two groups G₁, G₂of an order q which are different from each other, a bilinear map e for mapping a combination of elements in the group G₁to the group G₂, a plurality of different hash functions, and two parameters P, P_pub,the parameter selection unit selects a parameter δ
    - _iε
      
      _RZ_q* and a parameter k_iε
      
      _RZ_q*, and a parameter r_ihaving a predetermined number of bits, andthe member information generation unit respectively generates the member information P_ieach corresponding to the participating apparatus according to Expression 9 below;
      
      [Numerical expression 5]
      P_i^j=H₂(e(S_i,Q_j)·
      
      δ
      
      _i)⊕
      
      r_i
      
      (Expression
      
      9)wherein, in Expression 9, H₂denotes one of the published hash functions, S_idenotes the private key assigned to the encrypting apparatus, and Q_jdenotes a public key each assigned to the participating apparatus in advance.
  - 8. The encrypting apparatus according to claim 7, wherein the session information generation unit calculates a value V_irepresented by Expression 10 below and a value W_irepresented by Expression 11 below, and generates session information D_irepresented by Expression 12 below:
    - [Numerical expression 6]
      V_i=H₃(r_i)⊕
      
      k_i
      
      (Expression
      
           10),
      W_i=SIG_i(H₄(k_i))
      
      (Expression
      
           11),
      D_i=|δ
      
      _i,P_i¹, . . . , P_i^i−
      
      1,P_iⁱ⁺¹, . . . , P_iⁿ,V_i,W_i,L
      
      (Expression
      
           12),wherein, each of H₃in Expression 10 above and H₄in Expression 11 above denotes one of the published hash functions, wherein in Expression 11 below, SIG_i(x) denotes a digital signature generated for information x using a predetermined signature generation key, and wherein in Expression 12 above, P₂to P_ndenote the member information corresponding to each participating apparatus, and L denotes information about correspondence between the member information and the participating apparatuses.
  - 9. The encrypting apparatus according to claim 8 further comprising:
    - a member verification unit for verifying validity of an apparatus participating in the simultaneous communication by using the session information D_igenerated by the encrypting apparatus and each of the session information D_iobtained from the participating apparatus, which are represented by Expression 12, wherein the member verification unit calculates a parameter k_j′
      
      (j=1, . . . , n, j≠
      
      i) represented by Expression 13 below, and verifies validity of the apparatus participating in the simultaneous communication based on the calculated parameter k_j′ and
      
      the session information D_i;
      
      [Numerical expression 7]
      k′
      
      _j=H₃(H₂(e(Q_j,S_i)·
      
      δ
      
      _j)⊕
      
      P_jⁱ)⊕
      
      V_j
      
      (Expression
      
      13).
  - 10. The encrypting apparatus according to claim 9, wherein when the member verification unit successfully verifies the validity of the apparatus, the session key generation unit calculates session key K based on Expression 14 below:
    - [Numerical expression 8]
      K=K_i=k₁′
      
      ⊕
      
      k₂′
      
      ⊕
      
      . . . ⊕
      
      k_i−
      
      1′
      
      |k_i|k_i+1′
      
      ⊕
      
      . . . ⊕
      
      k_n′
      
      (Expression
      
      14).
  - 11. The encrypting apparatus according to claim 1, wherein the published parameter includes an encryption function E for encrypting predetermined information, a decryption function D for decrypting encrypted information, a signature generation function S for attaching a digital signature to predetermined information, a signature verification function V for verifying the digital signature, and hash functions,the parameter selection unit selects a parameter N_ihaving a predetermined number of bits, andthe session information generation unit generates a message D having a digital signature represented by Expression 15 below and a cipher text E (e_i, N₁) (i=2, . . . , n):
    - [Numerical expression 9]
      S(s₁,(E(e₂,N₁), . . . , E(e_n,N_i),h(N₁)))
      
      (Expression
      
      15),wherein in Expression 15 above, S(s, x) denotes a digital signature generated for information x using a predetermined signature generation key s, and E(e, x) denotes a cipher text obtained by encrypting the information x using the public key e.
  - 12. The encrypting apparatus according to claim 11, wherein the session key generation unit calculates session key K_Ubased on Expression 16 below, by using a parameter N₁having a predetermined number of bits obtained from another participating apparatus and a parameter N₁selected by the parameter selection unit:
    - [Numerical expression 10]
      K_U=h(N₁∥
      
      N₂∥
      
      . . . ∥
      
      N_n)
      
      (Expression
      
      16).

13. A key processing apparatus comprising:
- a session information obtaining unit for obtaining session information transmitted from an encrypting apparatus for transmitting a parameter used as a temporary key by a participating apparatus participating in a simultaneous communication, wherein the session information is used for generating a session key for the simultaneous communication and identifying the simultaneous communication which is performed with the encrypting apparatus after the session key is shared and in which a message protected with the session key is exchanged, and wherein the session information obtaining unit also obtains session information transmitted from another participating apparatus participating in the simultaneous communication, which is different from the session information transmitted from the encrypting apparatus;
  
  a temporary key calculation unit for calculating a temporary key by using the session information transmitted from the encrypting apparatus, a public key assigned to the encrypting apparatus in advance, and a private key assigned to the key processing apparatus in advance, and a published parameter published in advance, wherein the temporary key is set by the encrypting apparatus to be used in the simultaneous communication;
  
  a parameter selection unit for selecting a parameter used for calculating the session information generated by the key processing apparatus to be transmitted to the encrypting apparatus;
  
  a session information generation unit for generating the session information transmitted to the encrypting apparatus and the another participating apparatus, by using the parameter selected by the parameter selection unit, the published parameter, the private key, and the session information transmitted from the encrypting apparatus; and
  
  a session key generation unit for generating the session key by using the session information generated by the key processing apparatus, the session information transmitted from the encrypting apparatus, and the session information transmitted from the another participating apparatus.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The key processing apparatus according to claim 13, wherein the published parameter includes two groups G₁, G₂of an order q which are different from each other, a bilinear map e for mapping a combination of elements in the group G₁to the group G₂, a plurality of different hash functions, and two parameters P, P_pub,the session key obtaining unit obtains the session information D₁represented by Expression 17 below from the encrypting apparatus, andthe temporary key calculation unit calculates a temporary key r′
    - based on Expression 18 below, by using member information P, and a parameter δ
      
      corresponding to the encrypting apparatus included in the session information D₁transmitted from the encrypting apparatus, the private key, and the public key assigned to the encrypting apparatus in advance, and the published parameter;
      
      [Numerical expression 11]
      D₁=δ
      
      ,P₂, . . . , P_n,H_B(r∥
      
      L)·
      
      k₁P,k₁P_pub+H_B(r∥
      
      L)·
      
      S₁,L)
      
      (Expression
      
      17)
      r′
      
      =H_A(e(S_i,δ
      
      Q₁)⊕
      
      P_i=r
      
      (Expression
      
      18),wherein each of H_Bin Expression 17 and H_Ain Expression 10 denotes one of the published hash functions.
  - 15. The key processing apparatus according to claim 14, wherein the session key generation unit generates the session information D_irepresented by Expression 19 below:
  - 16. The key processing apparatus according to claim 15, wherein the session information obtaining unit obtains the session information represented by Expression 19 from the another participating apparatus participating in the simultaneous communication,the key processing apparatus further includes a member verification unit for verifying validity of an apparatus participating in the simultaneous communication by using the session information generated by the key processing apparatus, the session information D₁represented by Expression 17 obtained from the encrypting apparatus, and the session information obtained from the another participating apparatus, andthe member verification unit calculates a verification parameter z represented by Expression 20 below, and verifies validity of the apparatus participating in the simultaneous communication based on whether Expression 21 below holds or not:
  - 17. The key processing apparatus according to claim 16, wherein when Expression 21 holds, the member verification unit determines that the apparatus participating in the simultaneous communication is constituted by a valid apparatus, and accordingly, the session key generation unit calculates session key K based on Expression 22 below:
    - [Numerical expression 14]
      K=H_C(z)
      
      (Expression
      
      22),wherein, in Expression 22, H_Cdenotes one of the published hash functions.
  - 18. The key processing apparatus according to claim 13, wherein the published parameter includes an encryption function E for encrypting predetermined information, a decryption function D for decrypting encrypted information, a signature generation function S for attaching a digital signature to predetermined information, a signature verification function V for verifying the digital signature, and hash functions,the key processing apparatus further includes a member verification unit for verifying validity of the encrypting apparatus by using the session information represented by Expression 23 below obtained from the encrypting apparatus and the temporary key calculated by the temporary key calculation unit,the temporary key calculation unit uses the private key held in the key processing apparatus to decrypt a cipher text E (e_i, N₁) transmitted from the encrypting apparatus, and calculates a parameter N₁as the temporary key, andthe member verification unit verifies the encrypting apparatus based on a verification result of the digital signature attached to the session information represented by Expression 23 below and h(N₁) calculated using the hash functions and the parameter N₁:
    - [Numerical expression 15]
      S(s₁,(E(e₂,N₁), . . . , E(e_n,N₁),h(N₁)))
      
      (Expression
      
      23),wherein in Expression 23, S(s, x) denotes a digital signature generated for information x using a predetermined signature generation key s, and E(e, x) denotes a cipher text obtained by encrypting the information x using the public key e.
  - 19. The key processing apparatus according to claim 18, wherein when the member verification unit successfully verifies the validity of the apparatus, the parameter selection unit selects a parameter N_ihaving a predetermined number of bits, and the session information generation unit adopts the parameter N_iselected by the parameter selection unit as the session information, and transmits the session information to the encrypting apparatus and the another participating apparatus.
  - 20. The key processing apparatus according to claim 19, wherein the session key generation unit calculates session key K_Ubased on Expression 24 below, by using the parameter N₁calculated by the temporary key calculation unit, the parameter N_iselected by the parameter selection unit, and the parameter N_iobtained from the another participating apparatus:
    - [Numerical expression 16]
      K_U=h(N₁∥
      
      N₂∥
      
      . . . ∥
      
      N_n)
      
      (Expression
      
      24).

21. An encrypting method comprising the steps of:
- selecting a parameter used for sharing a session key with another information processing apparatus with which a simultaneous communication, in which a message protected with the session key is exchanged, is performed after the session key is shared, wherein the parameter is selected as a procedure for sharing the session key in the simultaneous communication;
  
  generating member information for transmitting the parameter used as a temporary key by a participating apparatus, i.e., an information processing apparatus participating in the simultaneous communication, by using the parameter selected by the parameter selection unit, a published parameter published in advance, a private key assigned to an apparatus carrying out the encrypting method in advance, and a public key assigned to the participating apparatus in advance;
  
  generating session information used for identifying the simultaneous communication and generating the session key for the simultaneous communication, by using the member information, the parameter selected by the parameter selection unit, the published parameter, and the private key;
  
  obtaining other session information generated by the participating apparatus from the participating apparatus; and
  
  generating the session key by using the session information generated by the apparatus carrying out the encrypting method and the session information generated by the participating apparatus.

22. A key processing method comprising the steps of:
- obtaining session information transmitted from an encrypting apparatus for transmitting a parameter used as a temporary key by a participating apparatus participating in a simultaneous communication, wherein the session information is used for generating a session key for the simultaneous communication, and identifying the simultaneous communication, in which a message protected with the session key is exchanged, performed with the encrypting apparatus after the session key is shared;
  
  calculating a temporary key by using the session information transmitted from the encrypting apparatus, a public key assigned to the encrypting apparatus in advance, and a private key assigned to an apparatus carrying out the key processing method in advance, and a published parameter published in advance, wherein the temporary key is set by the encrypting apparatus to be used in the simultaneous communication;
  
  selecting a parameter used for calculating the session information generated by the apparatus carrying out the key processing method to be transmitted to the encrypting apparatus;
  
  session information generation step for generating the session information transmitted to the encrypting apparatus and the another participating apparatus, by using the selected parameter, the published parameter, the private key, and the session information transmitted from the encrypting apparatus;
  
  obtaining session information transmitted from another participating apparatus participating in the simultaneous communication, which is different from the session information transmitted from the encrypting apparatus; and
  
  generating the session key by using the session information generated by the apparatus carrying out the key processing method, the session information transmitted from the encrypting apparatus, and the session information transmitted from the another participating apparatus.

23. A program for a computer capable of performing a simultaneous communication, in which a message protected with a session key is exchanged, with another information processing apparatus after the session key is shared, wherein the program causes the computer to achieve:
- a parameter selection function for selecting a parameter used for sharing the session key, wherein parameter selection function selects the parameter as a procedure for sharing the session key in the simultaneous communication;
  
  a member information generation function for generating member information for transmitting the parameter used as a temporary key by a participating apparatus, i.e., the information processing apparatus participating in the simultaneous communication, by using the parameter selected by the parameter selection unit, a published parameter published in advance, a private key assigned to the computer in advance, and a public key assigned to the participating apparatus in advance;
  
  a session information generation function for generating session information used for identifying the simultaneous communication and generating the session key for the simultaneous communication, by using the member information, the parameter selected by the parameter selection unit, the published parameter, and the private key;
  
  a session information obtaining function for respectively obtaining other session information generated by the participating apparatus from the participating apparatus; and
  
  a session key generation function for generating the session key by using the session information generated by the program and the session information generated by the participating apparatus.

24. A program for a computer capable of performing a simultaneous communication, in which a message protected with a session key is exchanged, with an encrypting apparatus and another information processing apparatus after the session key is shared, wherein the program causes the computer to achieve:
- a session information obtaining function for obtaining session information transmitted from an encrypting apparatus for transmitting the parameter used as a temporary key by a participating apparatus participating in a simultaneous communication, wherein the session information is used for generating a session key for the simultaneous communication and identifying the simultaneous communication which is performed with the encrypting apparatus, and wherein the session information obtaining unit also obtains session information transmitted from another participating apparatus participating in the simultaneous communication, which is different from the session information transmitted from the encrypting apparatus;
  
  a temporary key calculation function for calculating a temporary key by using the session information transmitted from the encrypting apparatus, a public key assigned to the encrypting apparatus in advance, and a private key assigned in advance, and a published parameter published in advance, wherein the temporary key is set by the encrypting apparatus to be used in the simultaneous communication;
  
  a parameter selection function for selecting a parameter used for calculating the session information generated by the computer to be transmitted to the encrypting apparatus;
  
  a session information generation function for generating the session information transmitted to the encrypting apparatus and the another participating apparatus, by using the selected parameter, the published parameter, the private key, and the session information transmitted from the encrypting apparatus; and
  
  a session key generation function for generating the session key by using the session information generated by the computer, the session information transmitted from the encrypting apparatus, and the session information transmitted from the another participating apparatus.

25. A key sharing system comprising:
- an encrypting apparatus including;
  
  a parameter selection unit for selecting a parameter used for sharing a session key with another information processing apparatus with which a simultaneous communication, in which a message protected with the session key is exchanged, is performed after the session key is shared, wherein parameter selection unit selects the parameter as a procedure for sharing the session key in the simultaneous communication;
  
  a member information generation unit for generating member information for transmitting the parameter used as a temporary key by a participating apparatus, i.e., an information processing apparatus participating in the simultaneous communication, by using the parameter selected by the parameter selection unit, a published parameter published in advance, a private key assigned to the encrypting apparatus in advance, and a public key assigned to the participating apparatus in advance;
  
  a session information generation unit for generating session information used for identifying the simultaneous communication and generating the session key for the simultaneous communication, by using the member information, the parameter selected by the parameter selection unit, the published parameter, and the private key;
  
  a session information obtaining unit for respectively obtaining other session information generated by the participating apparatus from the participating apparatus; and
  
  a session key generation unit for generating the session key by using the session information generated by the encrypting apparatus and the session information generated by the participating apparatus, anda key processing apparatus including;
  
  a session information obtaining unit for obtaining session information transmitted from the encrypting apparatus and also obtaining session information transmitted from another participating apparatus participating in the simultaneous communication, which is different from the session information transmitted from the encrypting apparatus;
  
  a temporary key calculation unit for calculating a temporary key by using the session information transmitted from the encrypting apparatus, a public key assigned to the encrypting apparatus in advance, and a private key assigned to the key processing apparatus in advance, and a published parameter published in advance, wherein the temporary key is set by the encrypting apparatus to be used in the simultaneous communication;
  
  a parameter selection unit for selecting a parameter used for calculating the session information generated by the key processing apparatus to be transmitted to the encrypting apparatus;
  
  a session information generation unit for generating the session information transmitted to the encrypting apparatus and the another participating apparatus, by using the parameter selected by the parameter selection unit, the published parameter, the private key, and the session information transmitted from the encrypting apparatus; and
  
  a session key generation unit for generating the session key by using the session information generated by the key processing apparatus, the session information transmitted from the encrypting apparatus, and the session information transmitted from the another participating apparatus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Corporation (Sony Group Corp.)
Original Assignee
Sony Corporation (Sony Group Corp.)
Inventors
Park, Hye-won, Asano, Tomoyuki

Application Number

US13/122,233
Publication Number

US 20110194698A1
Time in Patent Office

Days
Field of Search
US Class Current

380/282
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0833   involving conference or gro...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/3073   involving pairings, e.g. id...

Key Sharing System

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Key Sharing System

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links