Group key distribution

US 6,038,322 A
Filed: 10/20/1998
Issued: 03/14/2000
Est. Priority Date: 10/20/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for distributing a secret key K from a key holder to a group member, comprising the steps of:

the group member encrypting a code R_m to form an encrypted code R_me ;

the group member providing said encrypted code R_me and an authentication-M to said key holder;

the key holder decrypting said encrypted code R_me to acquire said code R_m ;

the key holder verifying said authentication-M;

the key holder using said secret key K and said code R_m as inputs to a reversible function to generate a code R_h ;

the key holder encrypting said code R_h to form an encrypted code R_he ;

the key holder providing said code R_he and an authentication-H to the group member;

the group member decrypting said encrypted code R_he to acquire said code R_h ;

the group member verifying said authentication-H; and

the group member deriving said secret key K having said code R_h and said code R_m as inputs to the reversible function.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for distributing a secret key from a key holder H to intended group members M. The method assumes that during the distribution process each party, a group member M and the key holder H, can decrypt and encrypt exchanged information such that the encrypter knows that the decrypter will be the intended party. The method preferably uses a public key/private key encryption technique in which, for example, a trusted Certificate Authority in a public key infrastructure signs the certificates to provide the public keys involved in the encryption. Alternatively, the method, together with a symmetric cipher, uses a shared secret, established in an authenticated mechanism that is outside the information exchanges of the invention. Additionally, the method uses a strong mixing function that takes several items of data as input and produces a pseudo-random authentication (or digest). Inputs to the mixing function include identity stamps that are generated by each member M and key holder H. These inputs can be the identity of the stamp generator, such as a network address, port, or protocol, a timestamp, and/or a secret value that is known only to the stamp generator. The stamps include information to bind member M if generated by key holder H, and to bind key holder H if generated by member M. Consequently, the invention authenticates each communication exchange between member M and key holder H.

202 Citations

45 Claims

1. A method for distributing a secret key K from a key holder to a group member, comprising the steps of:
- the group member encrypting a code R_m to form an encrypted code R_me ;
  
  the group member providing said encrypted code R_me and an authentication-M to said key holder;
  
  the key holder decrypting said encrypted code R_me to acquire said code R_m ;
  
  the key holder verifying said authentication-M;
  
  the key holder using said secret key K and said code R_m as inputs to a reversible function to generate a code R_h ;
  
  the key holder encrypting said code R_h to form an encrypted code R_he ;
  
  the key holder providing said code R_he and an authentication-H to the group member;
  
  the group member decrypting said encrypted code R_he to acquire said code R_h ;
  
  the group member verifying said authentication-H; and
  
  the group member deriving said secret key K having said code R_h and said code R_m as inputs to the reversible function.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1 comprising the further steps of:
    - the group member providing a Request to the key holder; and
      
      the key holder providing an Authorization to the group member.
  - 3. The method of claim 1 wherein said step of the group member providing said authentication-M comprises the steps of:
    - the group member signing said authentication-M to form a signature S_m ; and
      
      the key holder verifying said signature S_m.
  - 4. The method of claim 3 wherein said step of the key holder providing said authentication-H comprises the steps of:
    - the key holder signing said authentication-H to form a signature S_h ; and
      
      the group member verifying said signature S_h.
  - 5. The method of claim 1 wherein said step of the group member encrypting said code R_m uses a public key K_ph associated with said key holder, and said step of the key holder decrypting said encrypted code R_me uses a private key associated with said public key K_ph.
  - 6. The method of claim 5 wherein said step of the key holder encrypting said code R_h uses a public key K_pm associated with the group member, and said step of the group member decrypting said encrypted code R_he uses a private key associated with said public key K_pm.
  - 7. The method of claim 6 wherein said authentication-M results from a mixing function of at least one authentication-M input.
  - 8. The method of claim 7 comprising the further steps of:
    - the key holder providing a stamp C_h to the group member;
      
      said authentication-M including said stamp C_h as an input; and
      
      the key holder H verifying said stamp C_h.
  - 9. The method of claim 8 wherein said stamp C_h results from a mixing function of an identity of the group member, a timestamp, and a secret known only to the key holder.
  - 10. The method of claim 9 wherein said authentication-H results from a mixing function of at least one authentication-H input.
  - 11. The method of claim 10 comprising the further steps of:
    - the group member providing a stamp C_m to the key holder;
      
      said authentication-H including said stamp C_m and said code R_m as inputs; and
      
      the group member verifying said stamp C_m.
  - 12. The method of claim 11 wherein said stamp C_m comprises an identity of the key holder H, a timestamp, and a secret known only to the group member.
  - 13. The method of claim 12 wherein said code R_m and said key K are numbers.
  - 14. The method of claim 13 wherein said step of the key holder using said secret key K and said step of the group member deriving said secret key K use an exclusive-OR function.
  - 15. The method of claim 14 wherein said step of the group member providing said authentication-M comprises the steps of:
    - the group member signing said authentication-M to form a signature S_m ; and
      
      the key holder verifying said signature S_m.
  - 16. The method of claim 15 wherein said step of the key holder providing said authentication-H comprises the steps of:
    - the key holder signing said authentication-H to form a signature S_h ; and
      
      the group member verifying said signature S_h.
  - 17. The method of claim 16 comprising the further steps of:
    - group member providing a Request to the key holder; and
      
      the key holder providing an Authorization to the group member.
  - 18. The method of claim 14 wherein said authentication-M further includes as inputs said code R_m, said stamp C_m and said identity of the group member.
  - 19. The method of claim 18 wherein said authentication-H further includes as inputs said stamp C_h, said code R_h, said identity of the group member, and said identity of the key holder.
  - 20. The method of claim 19 wherein said step of the group member providing said authentication-M to the key holder comprises the steps of:
    - group member signing said authentication-M to form a signature S_m ; and
      
      the key holder verifying said signature S_m.
  - 21. The method of claim 20 wherein said step of the key holder providing said authentication-H to the group member comprises the steps of:
    - the key holder signing said authentication-H to form a signature S_h ; and
      
      the group member verifying said signature S_h.
  - 22. The method of claim 21 comprising the further steps of:
    - the group member providing a Request to the key holder; and
      
      the key holder providing an Authorization to the group member.

23. A method for distributing a secret key K from a key holder to a group member, comprising the steps of:
- the group member encrypting a code R_m to form an encrypted code R_m ;
  
  the group member signing an authentication-M to form a signature S_m ;
  
  the group member providing said encrypted code R_me and said signature S_m to the key holder;
  
  the key holder decrypting said encrypted code R_me to acquire said code R_m ;
  
  the key holder verifying said signature S_m and said authentication-M;
  
  the key holder using said secret key K and said code R_m as inputs to a reversible function to generate a code R_h ;
  
  the key holder providing said code R_h and an authentication-H to the group member;
  
  the group member verifying said authentication-H; and
  
  the group member deriving said secret key K having said code R_h and said code R_m as inputs to the reversible function.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 24. The method of claim 23 wherein said step of the group member encrypting said code R_m uses a public key K_ph associated with said key holder, and said step of the key holder decrypting said encrypted code R_me uses a private key associated with said public key K_ph.
  - 25. The method of claim 24 wherein said authentication-M results from a mixing function of at least one authentication-M input.
  - 26. The method of claim 25 comprising the further steps of:
    - the key holder providing a stamp C_h to said group member;
      
      said authentication-M including said stamp C_h and said code R_m as inputs; and
      
      the key holder H verifying said stamp C_h.
  - 27. The method of claim 26 wherein said stamp C_h results from a mixing function of an identity of the group member, a timestamp, and a secret known only to the key holder.
  - 28. The method of claim 27 wherein said authentication-H results from a mixing function of at least one authentication-H input.
  - 29. The method of claim 28 comprising the further steps of:
    - the group member providing a stamp C_m to the key holder;
      
      said authentication-H including said stamp C_m and said code R_m as inputs; and
      
      the group member verifying said stamp C_m.
  - 30. The method of claim 29 wherein said stamp C_m results from a mixing function of an identity of the key holder, a timestamp, and a secret known only to the group member.
  - 31. The method of claim 30 wherein said code R_m and said key K are numbers.
  - 32. The method of claim 31 wherein said step of the key holder using said secret key K and said step of the group member deriving said secret key K use an exclusive-OR function.
  - 33. The method of claim 32 comprising the further steps of:
    - the group member providing a Request to the key holder; and
      
      the key holder providing an Authorization to the group member.
  - 34. The method of claim 33 wherein said authentication-M further includes as inputs said stamp C_m and said identity of the group member.
  - 35. The method of claim 34 wherein said authentication-H further includes as inputs said stamp C_h, said code R_h, said identity of group member M, and said identity of the key holder H.

36. A computer-readable medium embodying instructions for causing a device to perform a distribution of a secret key K from a key holder to a group member, said distribution comprising the steps of:
- the group member encrypting a code R_m to form an encrypted code R_me ;
  
  the group member providing said encrypted code R_me and an authentication-M to said key holder;
  
  the key holder decrypting said encrypted code R_me to acquire said code R_m ;
  
  the key holder verifying said authentication-M;
  
  the key holder using said secret key K and said code R_m as inputs to a reversible function to generate a code R_h ;
  
  the key holder encrypting said code R_h to form an encrypted code R_he ;
  
  the key holder providing said code R_he and an authentication-H to the group member;
  
  the group member decrypting said encrypted code R_he to acquire said code R_h ;
  
  the group member verifying said authentication-H; and
  
  the group member deriving said secret key K having said code R_h and said code R_m as inputs to the reversible function.
- View Dependent Claims (37, 38)
- - 37. The computer-readable medium of claim 36 wherein the step of the group member providing said authentication-M comprises the steps of:
    - the group member signing the said authentication-M to form a signature S_m ; and
      
      the key holder verifying said signature S_m.
  - 38. The computer-readable medium of claim 37 wherein the step of the key holder providing said authentication-H comprises the steps of:
    - the key holder signing said authentication-H to form a signature S_h ; and
      
      the group member verifying said signature S_h.

39. A computer system for distributing a secret key K from a key holder to a group member, comprising:
- means for the group member to encrypt a code R_m to form an encrypted code R_me ;
  
  means for the group member to provide said encrypted code R_me, and an authentication-M to said key holder;
  
  means for the key holder to decrypt said encrypted code R_me to acquire said code R_m ;
  
  means for the key holder to verify said authentication-M;
  
  means for the key holder to use said secret key K and said code R_m as inputs to a reversible function to generate a code R_h ;
  
  means for the key holder to encrypt said code R_h to form an encrypted code R_he ;
  
  means for the key holder to provide said code R_he, and an authentication-H to the group member;
  
  means for the group member to decrypt said encrypted code R_he to acquire said code R_h ;
  
  means for the group member to verify said authentication-H; and
  
  means for the group member to derive said secret key K having said code R_h and said code R_m as inputs to the reversible function.
- View Dependent Claims (40, 41)
- - 40. The computer system of claim 39 wherein means for the group member to provide said authentication-M comprises:
    - means for the group member to sign said authentication-M to form a signature S_m ; and
      
      means for the key holder to verify said signature S_m.
  - 41. The computer system of claim 40 wherein means for the key holder to provide said authentication-H comprises:
    - means for they key holder to sign said authentication-H to form a signature S_h ; and
      
      means for the group member to verify said signature S_h.

42. A computer-readable medium embodying instructions for causing a device to perform a distribution of a secret key K from a key holder to a group member, said distribution comprising the steps of:
- the group member encrypting a code R_m to form an encrypted code R_me ;
  
  the group member signing an authentication-M to form a signature S_m ;
  
  the group member providing said encrypted code R_me and said signature S_m to the key holder;
  
  the key holder decrypting said encrypted code R_me to acquire said code R_m ;
  
  the key holder verifying said signature S_m and said authentication-M;
  
  the key holder using said secret key K and said code R_m as inputs to a reversible function to generate a code R_h ;
  
  the key holder providing said code R_h and an authentication-H to the group member;
  
  the group member verifying said authentication-H; and
  
  the group member deriving said secret key K having said code R_h and said code R_m as inputs to the reversible function.
- View Dependent Claims (43)
- - 43. The computer-readable medium of claim 42 wherein the step of the key holder providing said authentication-H comprises the steps of:
    - the key holder signing said authentication-H to form a signature S_h ; and
      
      the group member verifying said signature S_h.

44. A computer system for distributing a secret key K from a key holder to a group member, comprising:
- means for the group member to encrypt a code R_m to form an encrypted code R_me ;
  
  means for the group member to sign an authentication-M to form a signature S_m ;
  
  means for the group member to provide said encrypted code R_me and said signature S_m to the key holder;
  
  means for the key holder to decrypt said encrypted code R_me to acquire said code R_m ;
  
  means for the key holder to verify said signature S_m and said authentication-M;
  
  means for the key holder to use said secret key K and said code R_m as inputs to a reversible function to generate a code R_h ;
  
  means for the key holder to provide said code R_h and an authentication-H to the group member;
  
  means for the group member to verify said authentication-H; and
  
  means for the group member to derive said secret key K having said number R_h and said R_m as inputs to the reversible function.
- View Dependent Claims (45)
- - 45. The computer system of claim 44 wherein means for the key holder to provide said authentication-H comprises:
    - means for the key holder to sign said authentication-H to form a signature S_h ; and
      
      means for the group member to verify said signature S_h.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Harkins, Dan
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Darrow, Justin T.

Application Number

US09/175,240
Time in Patent Office

511 Days
Field of Search

380/279, 380/281, 380/282, 713/155, 713/156, 713/163, 713/170, 713/171, 713/176, 713/178
US Class Current

380/279
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/065   for group communications cr...

H04L 63/0823   using certificates cryptogr...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0833   involving conference or gro...

H04L 9/3247   involving digital signatures

Group key distribution

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

202 Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

Group key distribution

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

202 Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links