Key Generation Using Multiple Sets of Secret Shares
First Claim
Patent Images
1. A cryptographic method, comprising:
- providing a meta-secret used both to generate a first plurality of cryptographic keys and a second plurality of different sets of secret shares, each of the cryptographic keys being associated with respective key identifier, the meta-secret being a secret data structure including an ordered sequence of data values;
generating each one of the cryptographic keys as a function of the meta-secret and the respective key identifier of the one cryptographic key;
creating, using the meta-secret, the second plurality of different sets of secret-shares, which are capable, by combining all the secrets-shares in any one of the sets together with the respective key identifier without knowledge of the meta-secret, of generating the associated cryptographic key; and
performing cryptographic operations using the cryptographic keys.
2 Assignments
0 Petitions
Accused Products
Abstract
A cryptographic method, including generating, using a meta-secret, a first plurality of cryptographic keys, each cryptographic key associated with a respective key identifier, creating, using the meta-secret, a second plurality of sets of secret-shares, which are capable, by combining all the secrets-shares in any one of the sets together with the respective key identifier, of generating the associated cryptographic key, and performing cryptographic operations using the cryptographic keys. Related methods and apparatus are also included.
34 Citations
56 Claims
-
1. A cryptographic method, comprising:
-
providing a meta-secret used both to generate a first plurality of cryptographic keys and a second plurality of different sets of secret shares, each of the cryptographic keys being associated with respective key identifier, the meta-secret being a secret data structure including an ordered sequence of data values; generating each one of the cryptographic keys as a function of the meta-secret and the respective key identifier of the one cryptographic key; creating, using the meta-secret, the second plurality of different sets of secret-shares, which are capable, by combining all the secrets-shares in any one of the sets together with the respective key identifier without knowledge of the meta-secret, of generating the associated cryptographic key; and performing cryptographic operations using the cryptographic keys. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18-26. -26. (canceled)
-
27. Cryptographic apparatus, comprising:
-
a memory, which is configured to hold a meta-secret used both to generate a first plurality of cryptographic keys and a second plurality of different sets of secret shares, each of the cryptographic keys being associated with a respective key identifier, the meta-secret being a secret data structure including an ordered sequence of data values; and a processor, which is configured to generate each one of the cryptographic keys as a function of the meta-secret and the respective key identifier of the one cryptographic key, and to create, using the meta-secret, the second plurality of different sets of secret-shares, which are capable, by combining all the secrets-shares in any one of the sets together with the respective key identifier without knowledge of the meta-secret, of generating the associated cryptographic key, and to perform cryptographic operations using the cryptographic keys.
-
-
28-53. -53. (canceled)
-
54. A cryptographic system, comprising:
-
a content provider, which is configured to generate a first plurality of cryptographic keys, each cryptographic key associated with a respective key identifier, to encrypt a respective item of content using each cryptographic key, to generate a second plurality of sets of secret-shares, and to produce first tickets, each containing a respective set of the secret-shares; a content broker, which is configured to produce second tickets, each comprising the respective set of the secret-shares in a respective one of the first tickets and the respective key identifier for the item of content that is encrypted using the associated cryptographic key, and to furnish the second tickets to subscribers; a first content access center, which is coupled to receive from a subscriber a first one of the secret-shares in one of the second tickets, to authenticate the subscriber, and to return a first key-share to the subscriber; and a second content access center, which is coupled to receive from the subscriber a second one of the secret-shares in one of the second tickets, to validate access to the item of content, and to return a second key-share to the subscriber, whereby the subscriber combines the first and second key-shares to generate the cryptographic key and decrypt the item of content.
-
-
55. A computer software product, comprising a computer-readable medium in which program instructions are stored, which instructions, when read by a computer, cause the computer to:
-
provide a meta-secret used both to generate a first plurality of cryptographic keys and a second plurality of different sets of secret shares, each of the cryptographic keys being associated with a respective key identifier, the meta-secret being a secret data structure including an ordered sequence of data values; generate each one of the cryptographic keys as a function of the meta-secret and the respective key identifier of the one cryptographic key; create, using the meta-secret, the second plurality of different sets of secret-shares, which are capable, by combining all the secrets-shares in any one of the sets together with the respective key identifier without knowledge of the meta-secret, of generating the associated cryptographic key; and perform cryptographic operations using the cryptographic keys.
-
-
56. (canceled)
Specification