Multi-party secure session/conference
First Claim
1. A method of providing secure communications between terminals of a communications network, said method comprising:
- (a) storing in a server of said network an initial user key for each of said terminals, each corresponding said user key being known only to said server and a corresponding one of said terminals;
(b) transmitting, upon the event of a group of said terminals indicating a desire to communicate with each other, corresponding alleged identity and corresponding freshness information from each terminal of said group of terminals, said freshness information indicating the happening of said event and the time elapsed since said event occurred and being associated with said group and said event, each said alleged identity information and each said freshness information being transmitted to said server, each said alleged identity and freshness information being dynamically routed to said server on current available paths of said network;
(c) generating a group key which is held in a secure fashion and is usable only by said group of terminals for only a predetermined time interval following said event;
(d) computing coded information for each terminal of said group of terminals, said coded information being dependent upon said group key, corresponding said freshness information, corresponding said user key, and upon an alleged identification of a user;
(e) transmitting to each of said terminals of said group corresponding said coded information along with an attached clear text tag representing said each terminal on said current available paths of said network; and
(f) extracting said group key, by each of said terminals, based upon corresponding said coded information, by employing said user key of said each terminal, said corresponding coded information being identified by a corresponding said attached tag,said extracting in step (f) being successful only if an alleged user is actually the user it alleges to be in step (b), said users communicating securely with each other using said group key,repeating steps (b) through (f) when another group of said terminals indicate that they desire to communicate with each other, wherein a new group key is generated.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for providing authentication among a dynamically selected group of users in a communication system with a dynamically changing network topology. With this invention, freshness information and alleged identity information are transmitted from each of the users in the group using available paths in the network. A group key is then generated, and coded information, derived from the group key and the above transmitted information, is sent to each of the users. Each unit of coded information is accompanied by an identifying tag so as to identify which of the users is to use the appropriate unit of coded information. Each alleged user will then extract the group key from a corresponding coded information unit only if it shares an appropriate secret with a server. Without knowledge of the group key, a user cannot be authenticated.
-
Citations
6 Claims
-
1. A method of providing secure communications between terminals of a communications network, said method comprising:
-
(a) storing in a server of said network an initial user key for each of said terminals, each corresponding said user key being known only to said server and a corresponding one of said terminals; (b) transmitting, upon the event of a group of said terminals indicating a desire to communicate with each other, corresponding alleged identity and corresponding freshness information from each terminal of said group of terminals, said freshness information indicating the happening of said event and the time elapsed since said event occurred and being associated with said group and said event, each said alleged identity information and each said freshness information being transmitted to said server, each said alleged identity and freshness information being dynamically routed to said server on current available paths of said network; (c) generating a group key which is held in a secure fashion and is usable only by said group of terminals for only a predetermined time interval following said event; (d) computing coded information for each terminal of said group of terminals, said coded information being dependent upon said group key, corresponding said freshness information, corresponding said user key, and upon an alleged identification of a user; (e) transmitting to each of said terminals of said group corresponding said coded information along with an attached clear text tag representing said each terminal on said current available paths of said network; and (f) extracting said group key, by each of said terminals, based upon corresponding said coded information, by employing said user key of said each terminal, said corresponding coded information being identified by a corresponding said attached tag, said extracting in step (f) being successful only if an alleged user is actually the user it alleges to be in step (b), said users communicating securely with each other using said group key, repeating steps (b) through (f) when another group of said terminals indicate that they desire to communicate with each other, wherein a new group key is generated. - View Dependent Claims (2, 3)
-
-
4. An apparatus for providing secure communications between terminals of a communications network, said method comprising:
-
(a) means for in a server of said network an initial user key for each of said terminals, each corresponding said user key being known only to said server and a corresponding one of said terminals; (b) means for transmitting, upon the event of a group of said terminals indicating a desire to communicate with each other, corresponding alleged identity and corresponding freshness information from each terminal of said group of terminals, said freshness information indicating the happening of said event and the time elapsed since said event occurred and being associated with said group and said event, each said alleged identity information and each said freshness information being transmitted to said server, each said alleged identity and freshness information being dynamically routed to said server on current available paths of said network; (c) means for generating a group key which is held in a secure fashion and is usable only by said group of terminals for only a predetermined time interval following said event; (d) means for computing coded information for each terminal of said group of terminals, said coded information being dependent upon said group key, corresponding said freshness information, corresponding said user key, and upon an alleged identification of a user; (e) means for transmitting to each of said terminals of said group corresponding said coded information along with an attached clear text tag representing said each terminal on said current available paths of said network; and (f) means for extracting said group key, by each of said terminals, based upon corresponding said coded information, by employing said user key of said each terminal, said corresponding coded information being identified by a corresponding said attached tag, said extracting in step (f) being successful only if an alleged user is actually the user it alleges to be in step (b), said users communicating securely with each other using said group key, repeating steps (b) through (f) when another group of said terminals indicate that they desire to communicate with each other.
-
-
5. In a communications network having N interconnected terminals, a method of authenticating any selected group of n of said N terminals to each other, said method comprising:
-
(a) storing an initial user key Ki for each of said N terminals, where i≦
1≦
N, where Ki is a secret shared only between terminal Ui and a server;(b) transmitting, upon the event of a group of said terminals indicating a desire to communicate with each other, freshness information Ni from each of said selected terminals of said group Ui to said server terminals, said group key Kg being held in a secure fashion and being usable only by said group of terminals for only a predetermined time following said event off; (c) generating a group key Kg by said server for said selected group of n, said freshness information indicating the happening of said event and the time elapsed since said event occurred and being associated with said group and said event; (d) transmitting a unit of coded information Ci from said server to each terminal Ui of said group of n terminals, each coded information Ci being information Fi exclusively OR'"'"'d with said group key and identified by a clear text tag Ti corresponding to terminal Ui, said Ci '"'"'s being transmitted in an arbitrary order, where said Cis can be dynamically routed on current available paths of said network; and (e) extracting said group key by each user Ui from said corresponding unit of coded information Ci by exclusive-OR-ing Ci with information Ii where Ii can only be determined with knowledge of Ki, each terminal Ui authenticating itself to other users of said selected group of n users by encryption of information with said group key Kg, repeating steps (b) through (f) when another group of said terminals indicate that they desire to communicate with each other.
-
-
6. In a communications network having N interconnected terminals, a method of authenticating any selected group of n of said N terminals to each other, said method comprising:
-
(a) means for storing an initial user key Ki for each of said N terminals, where i≦
1≦
N, where Ki is a secret shared only between terminal Ui and a server;(b) means for transmitting, upon the event of a group of said terminals indicating a desire to communicate with each other, freshness information Ni from each of said selected terminals of said group Ui to said server terminals, said group key Kg being held in a secure fashion and being usable only by said group of terminals for only a predetermined time following said event off; (c) means for generating a group key Kg by said server for said selected group of n, said freshness information indicating the happening of said event and the time elapsed since said event occurred and being associated with said group and said event; (d) means for transmitting a unit of coded information Ci from said server to each terminal Ui of said group of n terminals, each coded information Ci being information Fi exclusively OR'"'"'d with said group key and identified by a clear text tag Ti corresponding to terminal Ui, said Ci '"'"'s being transmitted in an arbitrary order, where said Ci '"'"'s can be dynamically routed on current available paths of said network; and (e) means for extracting said group key by each user Ui from said corresponding unit of coded information Ci by exclusive-OR-ing Ci with information Ii where Ii can only be determined with knowledge of Ki, each terminal Ui authenticating itself to other users of said selected group of n users by encryption of information with said group key Kg, repeating steps (b) through (f) when another group of said terminals indicate that they desire to communicate with each other.
-
Specification