Group key distribution
First Claim
1. A method for distributing a secret key K, comprising the steps of:
- verifying a first authentication received from an entity;
applying a reversible function to the secret key K and a first decrypted result to generate an encrypted result, the first decrypted result being generated by decrypting encrypted secret information received from the entity;
transmitting the encrypted result and a second authentication to the entity;
verifying at the entity the second authentication; and
applying at the entity the reversible function to a second decrypted result and the secret information to derive the secret key K, the second decrypted result being generated by decrypting the encrypted result.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for distributing a secret key from a key holder H to intended group members M. The method assumes that during the distribution process each party, a group member M and the key holder H, can decrypt and encrypt exchanged information such that the encrypter knows that the decrypter will be the intended party. The method preferably uses a public key/private key encryption technique in which, for example, a trusted Certificate Authority in a public key infrastructure signs the certificates to provide the public keys involved in the encryption. Alternatively, the method, together with a symmetric cipher, uses a shared secret, established in an authenticated mechanism that is outside the information exchanges of the invention. Additionally, the method uses a strong mixing function that takes several items of data as input and produces a pseudorandom authentication (or digest). Inputs to the mixing function include identity stamps that are generated by each member M and key holder H. These inputs can be the identity of the stamp generator, such as a network address, port, or protocol, a timestamp, and/or a secret value that is known only to the stamp generator. The stamps include information to bind member M if generated by key holder H, and to bind key holder H if generated by member M. Consequently, the invention authenticates each communication exchange between member M and key holder H.
80 Citations
71 Claims
-
1. A method for distributing a secret key K, comprising the steps of:
-
verifying a first authentication received from an entity;
applying a reversible function to the secret key K and a first decrypted result to generate an encrypted result, the first decrypted result being generated by decrypting encrypted secret information received from the entity;
transmitting the encrypted result and a second authentication to the entity;
verifying at the entity the second authentication; and
applying at the entity the reversible function to a second decrypted result and the secret information to derive the secret key K, the second decrypted result being generated by decrypting the encrypted result.
-
-
2. A computer-readable medium embodying instructions for causing a device to perform a distribution of a secret key K, the distribution comprising the steps of:
-
verifying a first authentication received from an entity;
applying a reversible function to the secret key K and a first decrypted result to generate an encrypted result, the first decrypted result being generated by decrypting encrypted secret information received from the entity;
transmitting the encrypted result and a second authentication to the entity;
verifying at the entity the second authentication; and
applying at the entity the reversible function to a second decrypted result and the secret information to derive the secret key K, the second decrypted result being generated by decrypting the encrypted result.
-
-
3. A computer system for distributing a secret key K, comprising:
-
means for verifying a first authentication received from an entity;
means for applying a reversible function to the secret key K and a first decrypted result to generate an encrypted result, the first decrypted result being generated by decrypting encrypted secret information received from the entity;
means for transmitting the encrypted result and a second authentication to the entity;
means for verifying at the entity the second authentication;
means for applying at the entity the reversible function to a second decrypted result and the secret information to derive the secret key K, the second decrypted result being generated by decrypting the encrypted result.
-
-
4. A method for distributing a secret key K from a key holder to a group member, comprising the steps of:
-
the key holder decrypting an encrypted code Rme provided by the group member to acquire a code Rm;
the key holder verifying an authentication-M provided by the group member;
the key holder using the secret key K and the code Rm as inputs to a reversible function to generate a code Rh;
the key holder encrypting the code Rh to form an encrypted code Rhe;
the key holder providing an authentication-H to the group member for verification; and
the key holder providing the encrypted code Rhe to the group member for decrypting to the code Rh for input with the code Rm to the reversible function for deriving the secret key K. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
the key holder providing an Authorization to the group member.
-
-
6. The method of claim 4 wherein the step of the key holder providing the authentication-H comprises the step of:
the key holder signing the authentication-H to form a signature Sh for verification by the group member.
-
7. The method of claim 4 wherein the step of the key holder decrypting the encrypted code Rme uses a private key associated with a public key Kph associated with the key holder.
-
8. The method of claim 7 wherein the step of the key holder encrypting the code Rh uses a public key Kpm associated with the group member.
-
9. The method of claim 8 wherein the authentication-M results from a mixing function of at least one authentication-M input.
-
10. The method of claim 9 comprising the further steps of:
-
the key holder providing a stamp Ch to the group member;
the authentication-M including the stamp Ch as an input; and
the key holder H verifying the stamp Ch.
-
-
11. The method of claim 10 wherein the stamp Ch results from a mixing function of an identity of the group member, a timestamp, and a secret known only to the key holder.
-
12. The method of claim 11 wherein said authentication-H results from a mixing function of at least one authentication-H input.
-
13. The method of claim 12 wherein the code Rm and the key K are numbers.
-
14. The method of claim 13 wherein the step of the key holder using the secret key K uses an exclusive-OR function.
-
15. The method of claim 14 wherein the step of the key holder providing the authentication-H comprises the step of:
the key holder signing the authentication-H to form a signature Sh for verification by the group member.
-
16. The method of claim 15 comprising the further step of:
the key holder providing an Authorization to the group member.
-
17. The method of claim 14 wherein the authentication-H further includes as inputs the stamp Ch, the code Rh, the identity of the group member, and the identity of the key holder.
-
18. The method of claim 17 wherein the step of the key holder providing the authentication-H to the group member comprises the step of:
the key holder signing the authentication-H to form a signature Sh for verification by the group member.
-
19. The method of claim 18 comprising the further step of:
the key holder providing an Authorization to the group member.
-
20. A method for distributing a secret key K from a key holder to a group member, comprising the steps of:
-
the group member encrypting a code Rm to form an encrypted code Rme;
the group member providing the encrypted code Rme to the key holder for decrypting to the code Rm for input with the secret key K to a reversible function to generate a code Rh for encryption to a code Rhe;
the group member providing an authentication-M to the key holder for verification;
the group member decrypting the encrypted code Rhe provided by the key holder to acquire the code Rh;
the group member verifying an authentication-H provided by the key holder; and
the group member deriving the secret key K having the code Rh and the code Rm as inputs to the reversible function. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
the group member providing a Request to the key holder.
-
-
22. The method of claim 20 wherein the step of the group member providing the authentication-M comprises the step of:
the group member signing the authentication-M to form a signature Sm for verification by the key holder.
-
23. The method of claim 20 wherein the step of the group member encrypting the code Rm uses a public key Kph associated with the key holder.
-
24. The method of claim 23 wherein the step of the group member decrypting the encrypted code Rhe uses a private key associated with a public key associated with the group member.
-
25. The method of claim 24 wherein the authentication-M results from a mixing function of at least one authentication-M input.
-
26. The method of claim 25 wherein said authentication-H results from a mixing function of at least one authentication-H input.
-
27. The method of claim 26 comprising the further steps of:
-
the group member providing a stamp Cm to the key holder;
the authentication-H including the stamp Cm and the code Rm as inputs; and
the group member verifying the stamp Cm .
-
-
28. The method of claim 27 wherein the stamp Cm comprises an identity of the key holder H, a timestamp, and a secret known only to the group member.
-
29. The method of claim 28 wherein the code Rm and the key K are numbers.
-
30. The method of claim 29 wherein the step of the group member deriving the secret key K uses an exclusive-OR function.
-
31. The method of claim 30 wherein the step of the group member providing the authentication-M comprises the step of:
the group member signing the authentication-M to form a signature Sm for verification by the key holder.
-
32. The method of claim 31 comprising the further step of:
- the group member providing a Request to the key holder.
-
33. The method of claim 30 wherein the authentication-M further includes as inputs the code Rm, the stamp Cm and the identity of the group member.
-
34. The method of claim 33 wherein the step of the group member providing the authentication-M to the key holder comprises the step of:
the group member signing the authentication-M to form a signature Sm for verification by the key holder.
-
35. The method of claim 34 comprising the further step of:
the group member providing a Request to the key holder.
-
36. A method for distributing a secret key K from a key holder to a group member, comprising the steps of:
-
the key holder decrypting an encrypted code Rme provided by the group member to acquire a code Rm;
the key holder verifying an authentication-M and a signature Sm provided by the group member and formed by the group member signing the authentication-M;
the key holder using the secret key K and the code Rm as inputs to a reversible function to generate a code Rh;
the key holder providing an authentication-H to the group member for verification; and
the key holder providing the code Rh to the group member for input with the code Rm to the reversible function for deriving the secret key K. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
the key holder providing a stamp Ch to the group member;
the authentication-M including the stamp Ch and the code Rm as inputs; and
the key holder H verifying the stamp Ch.
-
-
40. The method of claim 39 wherein the stamp Ch results from a mixing function of an identity of the group member, a timestamp, and a secret known only to the key holder.
-
41. The method of claim 40 wherein the authentication-H results from a mixing function of at least one authentication-H input.
-
42. The method of claim 41 wherein the code Rm and the key K are numbers.
-
43. The method of claim 42 wherein the step of the key holder using the secret key K uses an exclusive-OR function.
-
44. The method of claim 43 comprising the further step of:
the key holder providing an Authorization to the group member.
-
45. The method of claim 44 wherein the authentication-M further includes as inputs a stamp Cm and the identity of the group member.
-
46. The method of claim 45 wherein the authentication-H further includes as inputs the stamp Ch, the code Rh, the identity of the group member, and an identity of the key holder.
-
47. A method for distributing a secret key K from a key holder to a group member, comprising the steps of:
-
the group member encrypting a code Rm to form an encrypted code Rme;
the group member signing an authentication-M to form a signature Sm;
the group member providing the encrypted code Rme to the key holder for decrypting to the code Rm for input with the secret key K to a reversible function to generate a code Rh;
the group member providing the signature Sm to the key holder for verification of the signature Sm and the authentication-M;
the group member verifying an authentication-H provided by the key holder; and
the group member deriving the secret key K having the code Rh provided by the key holder and the code Rm as inputs to the reversible function. - View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
the group member providing a stamp Cm to the key holder;
the authentication-H including the stamp Cm and the code Rm as inputs; and
the group member verifying said stamp Cm.
-
-
52. The method of claim 51 wherein the stamp Cm results from a mixing function of an identity of the key holder, a timestamp, and a secret known only to the group member.
-
53. The method of claim 52 wherein the code Rm and the key K are numbers.
-
54. The method of claim 53 wherein the step of the group member deriving the secret key K uses an exclusive-OR function.
-
55. The method of claim 54 comprising the further step of:
the group member providing a Request to the key holder.
-
56. The method of claim 55 wherein the authentication-M further includes as inputs the stamp Cm and the identity of the group member.
-
57. The method of claim 56 wherein the authentication-H further includes as inputs a stamp Ch the code Rh, the identity of group member and identity of the key holder.
-
58. A computer-readable medium embodying instructions for causing a device to perform a distribution of a secret key K from a key holder to a group member, the distribution comprising the steps of:
-
the key holder decrypting an encrypted code Rm provided by the group member to acquire a code Rm;
the key holder verifying an authentication-M provided by the group member;
the key holder using the secret key K and the code Rm as inputs to a reversible function to generate a code Rh;
the key holder encrypting the code Rh to form an encrypted code Rhe;
the key holder providing an authentication-H to the group member for verification; and
the key holder providing the encrypted code Rhe to the group member for decrypting to the code Rh for input with the code Rm to the reversible function for deriving the secret key K. - View Dependent Claims (59)
the key holder signing the authentication-H to form a signature Sh for verification by the group member.
-
-
60. A computer-readable medium embodying instructions for causing a device to perform a distribution of a secret key K from a key holder to a group member, said distribution comprising the steps of:
-
the group member encrypting a code Rm to form an encrypted code Rme;
the group member providing the encrypted code Rme to the key holder for decrypting to the code Rm for input with the secret key K to a reversible function to generate a code Rh for encryption to a code Rhe;
the group member providing an authentication-M to the key holder for verification;
the group member decrypting the encrypted code Rhe provided by the key holder to acquire the code Rh;
the group member verifying an authentication-H provided by the key holder; and
the group member deriving the secret key K having the code Rh and the code Rm as inputs to the reversible function. - View Dependent Claims (61)
the group member signing the authentication-M to form a signature Sm for verification by the key holder.
-
-
62. A computer system for distributing a secret key K from a key holder to a group member, comprising:
-
means for the key holder to decrypt an encrypted code Rme provided by the group member to acquire a code Rm;
means for the key holder to verify an authentication-M provided by the group member;
means for the key holder to use the secret key K and the code Rm as inputs to a reversible function to generate a code Rh;
means for the key holder to encrypt the code Rh to form an encrypted code Rhe;
means for the key holder to provide an authentication-H to the group member for verification; and
means for the key holder to provide the encrypted code Rhe to the group member for decrypting to the code Rh for input with the code Rm to the reversible function for deriving the secret key K. - View Dependent Claims (63)
means for the key holder to sign the authentication-H to form a signature Shfor verification by the group member.
-
-
64. A computer system for distributing a secret key K from a key holder to a group member, comprising:
-
means for the group member to encrypt a code Rm to form an encrypted code Rme;
means for the group member to provide the encrypted code Rme to the key holder for decrypting to the code Rm for input with the secret key K to a reversible function to generate a code Rh for encryption to a code Rhe;
means for the group member to provide an authentication-M to the key holder for verification;
means for the group member to decrypt the encrypted code Rhe provided by the key holder to acquire the code Rh;
means for the group member to verify an authentication-H provided by the key holder; and
means for the group member to derive the secret key K having the code Rh and the code Rm as inputs to the reversible function. - View Dependent Claims (65)
means for the group member to sign the authentication-M to form a signature Sm for verification by the key holder.
-
-
66. A computer-readable medium embodying instructions for causing a device to perform a distribution of a secret key K from a key holder to a group member, the distribution comprising the steps of:
-
the key holder decrypting an encrypted code Rme provided by the group member to acquire a code Rm;
the key holder verifying an authentication-M and a signature Sm provided by the group member and formed by the group member signing the authentication-M;
the key holder using the secret key K and the code Rm as inputs to a reversible function to generate a code Rh;
the key holder providing an authentication-H to the group member for verification; and
the key holder providing the code Rh to the group member for input with the code Rm to the reversible function for deriving the secret key. - View Dependent Claims (67)
the key holder signing the authentication-H to form a signature Sh for verification by the group member.
-
-
68. A computer-readable medium embodying instructions for causing a device to perform a distribution of a secret key K from a key holder to a group member, the distribution comprising the steps of:
-
the group member encrypting a code Rm to form an encrypted code Rme;
the group member signing an authentication-M to form a signature Sm;
the group member providing the signature Sm to the key holder for verification;
the group member providing the encrypted code Rme to the key holder for decrypting to the code Rm for input with the secret key K to a reversible function to generate a code Rh for providing to the group member;
the group member verifying an authentication-H provided by the key holder; and
the group member deriving said secret key K having the code Rh and the code Rm as inputs to the reversible function.
-
-
69. A computer system for distributing a secret key K from a key holder to a group member, comprising:
-
means for the key holder to decrypt an encrypted code Rme provided by the group member to acquire a code Rm;
means for the key holder to verify an authentication-M and a signature Sm provided by the group member and formed by the group member signing the authentication-M;
means for the key holder to use the secret key K and the code Rm as inputs to a reversible function to generate a code Rh;
means for the key holder to provide an authentication-H to the group member for verification; and
means for the key holder to provide the code Rh to the group member for input with the code Rm to the reversible function for deriving the secret key K. - View Dependent Claims (70)
means for the key holder to sign said authentication-H to form a signature Shfor verification by the group member.
-
-
71. A computer system for distributing a secret key K from a key holder to a group member, comprising:
-
means for the group member to encrypt a code Rm n to form an encrypted code Rme;
means for the group member to sign an authentication-M to form a signature Sm;
means for the group member to provide the signature Sm and the authentication-M to the key holder for verification;
means for the group member to provide the encrypted code Rme to the key holder for decrypting to the code Rm for input with the secret key K to a reversible function to generate a code Rh for providing to the group member;
means for the group member to verify an authentication-H provided by the key holder; and
means for the group member to derive the secret key K having said number Rh and said Rm as inputs to the reversible function.
-
Specification