METHOD AND APPARATUS FOR KEY REVOCATION IN AN ATTRIBUTE-BASED ENCRYPTION SCHEME

US 20110320809A1
Filed: 06/23/2010
Published: 12/29/2011
Est. Priority Date: 06/23/2010
Status: Active Grant

First Claim

Patent Images

1. A method for attribute revocation in an attribute-based encryption system, the method comprising the steps of:

receiving a revocation request for a particular attribute;

updating an attribute string used for key creation in an attribute-based encryption for the particular attribute; and

providing the updated attribute string to an authorized system participant using the attribute-based encryption system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for key revocation in an attribute-based encryption scheme is provided herein. Prior to operation, a key management service performs a randomized setup algorithm resulting in the generation of public parameters and the key management service'"'"'s master secret, MK. During operation, the key management service is provided with verified user attribute information. The key management service creates keys for users based on their list of attributes. The keys can then be used to decode appropriate ciphertext. During the key creation, each attribute is associated with a particular text string. As attributes are revoked, the text string is updated.

38 Citations

View as Search Results

19 Claims

1. A method for attribute revocation in an attribute-based encryption system, the method comprising the steps of:
- receiving a revocation request for a particular attribute;
  
  updating an attribute string used for key creation in an attribute-based encryption for the particular attribute; and
  
  providing the updated attribute string to an authorized system participant using the attribute-based encryption system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the authorized system participant comprises an encryption agent that uses the updated attribute string when encrypting the data.
  - 3. The method of claim 1 further comprising the steps of:
    - receiving a second revocation request for the particular attribute;
      
      again updating the attribute string used for key creation; and
      
      providing the again-updated attribute string to the authorized system participant.
  - 4. The method of claim 1 wherein the step of updating the attribute string comprises the step of concatenating a revocation identifier to the string.
  - 5. The method of claim 4 wherein the revocation identifier comprises a monotonic counter.
  - 6. The method of claim 1 wherein the step of providing the updated attribute string to the authorized system participant comprises the steps of:
    - receiving a request from the participant for the updated attribute string; and
      
      providing the updated string to the participant based on the request.
  - 7. The method of claim 1 wherein the step of providing the updated attribute string to the authorized system participant comprises the step of periodically pushing the updated string to the participant.
  - 8. The method of claim 1 wherein the step of providing the updated attribute string to the authorized system participant comprises the step of providing the updated attribute string to the authorized system participant when requested by the participant.

9. An apparatus comprising:
- logic circuitry receiving a revocation request for a particular attribute, updating an attribute string used for key creation in an attribute-based encryption, and the logic circuitry providing the updated attribute string to an authorized system participant; and
  
  a data store coupled to the logic circuitry for storing the updated attribute string.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The apparatus of claim 9 wherein the authorized system participant comprises an encryption agent that uses the updated attribute string to when encrypting the data.
  - 11. The apparatus of claim 9 wherein the logic circuitry receives a second revocation request for the particular attribute and again updates the attribute string used for key creation, and provides the again-updated attribute string to the system participant.
  - 12. The apparatus of claim 9 wherein the attribute string is updated by concatenating a revocation identifier to the string.
  - 13. The apparatus of claim 12 wherein the revocation identifier comprises a monotonic counter.
  - 14. The apparatus of claim 9 wherein the updated attribute string is provided to the authorized system participant in response to a received request from the participant for the updated attribute string.
  - 15. The apparatus of claim 9 wherein the updated attribute string is provided to the authorized system participant by periodically pushing the updated string to the participant.
  - 16. The apparatus of claim 9 wherein the updated attribute string is provided to the authorized system participant by providing the updated string to the participant when requested by the participant.

17. A system for managing attribute revocation in an attribute-based encryption scheme, the system comprising:
- an attribute authority responsible for maintaining a list of valid and revoked attribute strings and making that list available to an authorized system participant, wherein the attribute authority updates the attribute string used for a revoked attribute; and
  
  an encryption agent obtaining the attribute string used for the revoked attribute and using the attribute string when encrypting the data.
- View Dependent Claims (18, 19)
- - 18. The system of claim 17 further comprising:
    - a key management service for generating cryptographic keys using the attribute string, where the keys can be used to decrypt data that has been protected under an attribute-based encryption scheme.
  - 19. The system of claim 17 further comprising:
    - a decryption agent obtaining the keying material for an updated attribute string and using the keying material when decrypting the data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Motorola Solutions, Inc.
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Amendola, Raffaele G., Pirretti, Matthew G.

Granted Patent

US 8,423,764 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/158
CPC Class Codes

H04L 63/068   using time-dependent keys, ...

H04L 69/08   Protocols for interworking;...

H04L 9/088   Usage controlling of secret...

H04L 9/0891   Revocation or update of sec...

H04L 9/3073   involving pairings, e.g. id...

METHOD AND APPARATUS FOR KEY REVOCATION IN AN ATTRIBUTE-BASED ENCRYPTION SCHEME

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR KEY REVOCATION IN AN ATTRIBUTE-BASED ENCRYPTION SCHEME

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links