Method and system for providing secure key distribution in a communication system

US 5,729,608 A
Filed: 01/24/1996
Issued: 03/17/1998
Est. Priority Date: 07/27/1993
Status: Expired due to Fees

First Claim

Patent Images

1. A method for providing secure, authenticated distribution in a communication system of a key to be used by a group of selected users, the key being distributed from a server to a sub-group consisting of the users of said group other than said server, each user of said sub-group sharing a secret user key with said server, said method comprising the steps of:

transmitting (501,511) the user'"'"'s identification (A), a user'"'"'s nonce (N_as) and an identification (B) of a user of said sub-group other than said transmitting user from each user of said sub-group to said server through an available path of said system;

generating (502) a new, common group key (K_ab) for all users of said group by said server;

computing (503,512) the value of a first function for each user of said sub-group by said server, said first function depending upon at least said user'"'"'s key (K_as), said user'"'"'s nonce (N_as), said group key (K_ab) and the identification (B) of the user of said group other than said user;

computing (504,513) the value of a second function for each user of said sub-group by said server, said second function depending upon at least said user'"'"'s key (K_as), the value of said user'"'"'s first function and said group key (K_ab);

transmitting (505,514) the values of said user'"'"'s first and second functions from said server to each user of said sub-group through an available path of said system;

extracting (506,515) said group key, by each user of said sub-group, from the value of said user'"'"'s second function, employing said user'"'"'s key and the value of said user'"'"'s first function; and

re-computing (507,516) the value of said user'"'"'s first function by each user of said sub-group and considering authenticated said extracted group key (K_ab) if said re-computed value is equal to the value of said user'"'"'s first function received by said server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for providing secure authenticated cryptographic key distribution in a communication system having properties very similar to a Two-Party Authentication Protocol. A new group key is distributed by a server to a selected group of users in the system. A braided structure of the messages, sent by the server to each user, allows authentication and, at the same time, secure and secret key distribution. Moreover, the braided structure makes it possible to construct minimal-length protocol messages.

108 Citations

22 Claims

1. A method for providing secure, authenticated distribution in a communication system of a key to be used by a group of selected users, the key being distributed from a server to a sub-group consisting of the users of said group other than said server, each user of said sub-group sharing a secret user key with said server, said method comprising the steps of:
- transmitting (501,511) the user'"'"'s identification (A), a user'"'"'s nonce (N_as) and an identification (B) of a user of said sub-group other than said transmitting user from each user of said sub-group to said server through an available path of said system;
  
  generating (502) a new, common group key (K_ab) for all users of said group by said server;
  
  computing (503,512) the value of a first function for each user of said sub-group by said server, said first function depending upon at least said user'"'"'s key (K_as), said user'"'"'s nonce (N_as), said group key (K_ab) and the identification (B) of the user of said group other than said user;
  
  computing (504,513) the value of a second function for each user of said sub-group by said server, said second function depending upon at least said user'"'"'s key (K_as), the value of said user'"'"'s first function and said group key (K_ab);
  
  transmitting (505,514) the values of said user'"'"'s first and second functions from said server to each user of said sub-group through an available path of said system;
  
  extracting (506,515) said group key, by each user of said sub-group, from the value of said user'"'"'s second function, employing said user'"'"'s key and the value of said user'"'"'s first function; and
  
  re-computing (507,516) the value of said user'"'"'s first function by each user of said sub-group and considering authenticated said extracted group key (K_ab) if said re-computed value is equal to the value of said user'"'"'s first function received by said server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method according to claim 1, further comprising the steps of:
    - computing (508,517) the value of a third function by each user of said sub-group, said user'"'"'s third function depending upon at least said user'"'"'s key (K_as), said user'"'"'s nonce (N_as) and said group key (K_ab);
      
      transmitting (509,518) the value of said user'"'"'s third function from each user of said sub-group to said server through an available path of said system; and
      
      re-computing (510,519) the value of said user'"'"'s third function for each user of said sub-group by said server and authenticating each user of said sub-group if said re-computed value if equal to the value of said user'"'"'s third function received by said user.
  - 3. The method according to claims 1 or 2, further comprising the step of:
    - each user of said sub-group authenticating (520 to
      
      526) itself to any other user of said sub-group by encrypting and exchanging information with said group key (K_ab) between said users.
  - 4. The method according to claims 1 or 2, wherein said first, second and third functions are encryption functions under said user'"'"'s key (K_as).
  - 5. The method according to claims 1 or 2, wherein said second function is an encryption function under said user'"'"'s key (K_as) of at least said user'"'"'s first function, exclusively OR-ed with said group key (K_ab).
  - 6. The method according to claim 5, wherein said group key (K_ab) is extracted by each user of said sub-group by re-computing the value of said user'"'"'s encryption function and XOR-ing said result with the value of said user'"'"'s second function.
  - 7. The method according to claims 1 or 2, further characterized in that:
    - the information to be transmitted from each user of said sub-group to the server is collected by one of the users of the system and then transmitted from said one user to said server.
  - 8. The method according to claims 1 or 2, further characterized in that:
    - the information to be transmitted over the system is identified by a tag identifying the addressed user or server.
  - 11. The method according to claim 3, wherein said first, second and third functions are encryption functions under said user'"'"'s key (K_as).
  - 12. The method according to claim 3, wherein said second function is an encryption function under said user'"'"'s key (K_as) of at least said user'"'"'s first function, exclusively OR-ed with said group key (K_ab).
  - 13. The method according to claim 4, wherein said second function is an encryption function under said user'"'"'s key (K_as) of at least said user'"'"'s first function, exclusively OR-ed with said group key (K_ab).
  - 14. The method according to claim 3, further characterized in that:
    - the information to be transmitted from each user of said sub-group to the server is collected by one of the users of the system and then transmitted from said one user to said server.
  - 15. The method according to claim 4, further characterized in that:
    - the information to be transmitted from each user of said sub-group to the server is collected by one of the users of the system and then transmitted from said one user to said server.
  - 16. The method according to claim 5, further characterized in that:
    - the information to be transmitted from each user of said sub-group to the server is collected by one of the users of the system and then transmitted from said one user to said server.
  - 17. The method according to claim 6, further characterized in that:
    - the information to be transmitted from each user of said sub-group to the server is collected by one of the users of the system and then transmitted from said one user to said server.
  - 18. The method according to claim 3, further characterized in that:
    - the information to be transmitted over the system is identified by a tag identifying the addressed user or server.
  - 19. The method according to claim 4, further characterized in that:
    - the information to be transmitted over the system is identified by a tag identifying the addressed user or server.
  - 20. The method according to claim 5, further characterized in that:
    - the information to be transmitted over the system is identified by a tag identifying the addressed user or server.
  - 21. The method according to claim 6, further characterized in that:
    - the information to be transmitted over the system is identified by a tag identifying the addressed user or server.
  - 22. The method according to claim 7, further characterized in that:
    - the information to be transmitted over the system is identified by a tag identifying the addressed user or server.

9. A communication system (100) for providing secure, authenticated distribution of a key to be used by a group of selected users (101,102,103,109), the key being distributed from a server (109) to a sub-group of users (101,102,103) consisting of the users of said group other than said server, each user of said sub-group sharing a corresponding secret user key with said server, said system comprising:
- means for transmitting (501,511) the user'"'"'s identification, a user'"'"'s nonce and an identification of a user of said sub-group other than said user from each user of said sub-group to said server through an available path of said system;
  
  means for generating (502) a new, common group key for all users of said group by said server;
  
  means for computing (503,512) the value of a first function for each user of said sub-group by said server, said first function depending upon at least said user'"'"'s key, said user'"'"'s nonce, said group key and the identification of the user of said group other than said user;
  
  means for computing (504,513) the value of a second function for each user of said sub-group by said server, said second function depending upon at least said user'"'"'s key, the value of said user'"'"'s first function and said group key;
  
  means for transmitting (505,514) the values of said user'"'"'s first and second functions from said server to each user of said sub-group through an available path of said system;
  
  means for extracting (506,515) said group key, by each user of said sub-group, from the value of said user'"'"'s second function, employing said user'"'"'s key and the value of said user'"'"'s first function; and
  
  means for re-computing (507,516) the value of said user'"'"'s first function by each user of said sub-group and considering authenticated said extracted group key if said re-computed value is equal to the value of said user'"'"'s first function received by said server.
- View Dependent Claims (10)
- - 10. The communication system according to claim 9, further comprising:
    - means for computing (508,517) the value of a third function by each user of said sub-group, said user'"'"'s third function depending upon at least said user'"'"'s key, said user'"'"'s nonce and said group key;
      
      means for transmitting (509,518) the value of said user'"'"'s third function from each user of said sub-group to said server through an available path of said system; and
      
      means for re-computing (510,519) the value of said user'"'"'s third function for each user of said sub-group by said server and authenticating each user of said sub-group if said re-computed value is equal to the value of said user'"'"'s third function received by said user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Tsudik, Gene, Janson, Philippe
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/591,638
Time in Patent Office

783 Days
Field of Search

380/21, 380/28, 380/30, 380/25
US Class Current

713/171
CPC Class Codes

H04L 9/0827   involving distinctive inter...

H04L 9/0833   involving conference or gro...

H04L 9/0897   involving additional device...

H04L 9/321   involving a third party or ...

Method and system for providing secure key distribution in a communication system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

108 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing secure key distribution in a communication system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

108 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links