Group key distribution

US 6,215,878 B1
Filed: 02/07/2000
Issued: 04/10/2001
Est. Priority Date: 10/20/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for distributing a secret key K, comprising the steps of:

verifying a first authentication received from an entity;

applying a reversible function to the secret key K and a first decrypted result to generate an encrypted result, the first decrypted result being generated by decrypting encrypted secret information received from the entity;

transmitting the encrypted result and a second authentication to the entity;

verifying at the entity the second authentication; and

applying at the entity the reversible function to a second decrypted result and the secret information to derive the secret key K, the second decrypted result being generated by decrypting the encrypted result.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for distributing a secret key from a key holder H to intended group members M. The method assumes that during the distribution process each party, a group member M and the key holder H, can decrypt and encrypt exchanged information such that the encrypter knows that the decrypter will be the intended party. The method preferably uses a public key/private key encryption technique in which, for example, a trusted Certificate Authority in a public key infrastructure signs the certificates to provide the public keys involved in the encryption. Alternatively, the method, together with a symmetric cipher, uses a shared secret, established in an authenticated mechanism that is outside the information exchanges of the invention. Additionally, the method uses a strong mixing function that takes several items of data as input and produces a pseudorandom authentication (or digest). Inputs to the mixing function include identity stamps that are generated by each member M and key holder H. These inputs can be the identity of the stamp generator, such as a network address, port, or protocol, a timestamp, and/or a secret value that is known only to the stamp generator. The stamps include information to bind member M if generated by key holder H, and to bind key holder H if generated by member M. Consequently, the invention authenticates each communication exchange between member M and key holder H.

80 Citations

View as Search Results

71 Claims

1. A method for distributing a secret key K, comprising the steps of:
- verifying a first authentication received from an entity;
  
  applying a reversible function to the secret key K and a first decrypted result to generate an encrypted result, the first decrypted result being generated by decrypting encrypted secret information received from the entity;
  
  transmitting the encrypted result and a second authentication to the entity;
  
  verifying at the entity the second authentication; and
  
  applying at the entity the reversible function to a second decrypted result and the secret information to derive the secret key K, the second decrypted result being generated by decrypting the encrypted result.

2. A computer-readable medium embodying instructions for causing a device to perform a distribution of a secret key K, the distribution comprising the steps of:
- verifying a first authentication received from an entity;
  
  applying a reversible function to the secret key K and a first decrypted result to generate an encrypted result, the first decrypted result being generated by decrypting encrypted secret information received from the entity;
  
  transmitting the encrypted result and a second authentication to the entity;
  
  verifying at the entity the second authentication; and
  
  applying at the entity the reversible function to a second decrypted result and the secret information to derive the secret key K, the second decrypted result being generated by decrypting the encrypted result.

3. A computer system for distributing a secret key K, comprising:
- means for verifying a first authentication received from an entity;
  
  means for applying a reversible function to the secret key K and a first decrypted result to generate an encrypted result, the first decrypted result being generated by decrypting encrypted secret information received from the entity;
  
  means for transmitting the encrypted result and a second authentication to the entity;
  
  means for verifying at the entity the second authentication;
  
  means for applying at the entity the reversible function to a second decrypted result and the secret information to derive the secret key K, the second decrypted result being generated by decrypting the encrypted result.

4. A method for distributing a secret key K from a key holder to a group member, comprising the steps of:
- the key holder decrypting an encrypted code R_meprovided by the group member to acquire a code R_m;
  
  the key holder verifying an authentication-M provided by the group member;
  
  the key holder using the secret key K and the code R_mas inputs to a reversible function to generate a code R_h;
  
  the key holder encrypting the code R_hto form an encrypted code R_he;
  
  the key holder providing an authentication-H to the group member for verification; and
  
  the key holder providing the encrypted code R_heto the group member for decrypting to the code R_hfor input with the code R_mto the reversible function for deriving the secret key K.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 5. The method of claim 4 comprising the further step of:
6. The method of claim 4 wherein the step of the key holder providing the authentication-H comprises the step of:
- the key holder signing the authentication-H to form a signature S_hfor verification by the group member.
7. The method of claim 4 wherein the step of the key holder decrypting the encrypted code R_meuses a private key associated with a public key K_phassociated with the key holder.
8. The method of claim 7 wherein the step of the key holder encrypting the code R_huses a public key K_pmassociated with the group member.
9. The method of claim 8 wherein the authentication-M results from a mixing function of at least one authentication-M input.
10. The method of claim 9 comprising the further steps of:
- the key holder providing a stamp C_hto the group member;
  
  the authentication-M including the stamp C_has an input; and
  
  the key holder H verifying the stamp C_h.
11. The method of claim 10 wherein the stamp C_hresults from a mixing function of an identity of the group member, a timestamp, and a secret known only to the key holder.
12. The method of claim 11 wherein said authentication-H results from a mixing function of at least one authentication-H input.
13. The method of claim 12 wherein the code R_mand the key K are numbers.
14. The method of claim 13 wherein the step of the key holder using the secret key K uses an exclusive-OR function.
15. The method of claim 14 wherein the step of the key holder providing the authentication-H comprises the step of:
- the key holder signing the authentication-H to form a signature S_hfor verification by the group member.
16. The method of claim 15 comprising the further step of:
- the key holder providing an Authorization to the group member.
17. The method of claim 14 wherein the authentication-H further includes as inputs the stamp C_h, the code R_h, the identity of the group member, and the identity of the key holder.
18. The method of claim 17 wherein the step of the key holder providing the authentication-H to the group member comprises the step of:
- the key holder signing the authentication-H to form a signature S_hfor verification by the group member.
19. The method of claim 18 comprising the further step of:
- the key holder providing an Authorization to the group member.

20. A method for distributing a secret key K from a key holder to a group member, comprising the steps of:
- the group member encrypting a code R_mto form an encrypted code R_me;
  
  the group member providing the encrypted code R_meto the key holder for decrypting to the code R_mfor input with the secret key K to a reversible function to generate a code R_hfor encryption to a code R_he;
  
  the group member providing an authentication-M to the key holder for verification;
  
  the group member decrypting the encrypted code R_heprovided by the key holder to acquire the code R_h;
  
  the group member verifying an authentication-H provided by the key holder; and
  
  the group member deriving the secret key K having the code R_hand the code R_mas inputs to the reversible function.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 21. The method of claim 20 comprising the further step of:
22. The method of claim 20 wherein the step of the group member providing the authentication-M comprises the step of:
- the group member signing the authentication-M to form a signature S_mfor verification by the key holder.
23. The method of claim 20 wherein the step of the group member encrypting the code R_muses a public key K_phassociated with the key holder.
24. The method of claim 23 wherein the step of the group member decrypting the encrypted code R_heuses a private key associated with a public key associated with the group member.
25. The method of claim 24 wherein the authentication-M results from a mixing function of at least one authentication-M input.
26. The method of claim 25 wherein said authentication-H results from a mixing function of at least one authentication-H input.
27. The method of claim 26 comprising the further steps of:
- the group member providing a stamp C_mto the key holder;
  
  the authentication-H including the stamp C_mand the code R_mas inputs; and
  
  the group member verifying the stamp C_m.
28. The method of claim 27 wherein the stamp C_mcomprises an identity of the key holder H, a timestamp, and a secret known only to the group member.
29. The method of claim 28 wherein the code R_mand the key K are numbers.
30. The method of claim 29 wherein the step of the group member deriving the secret key K uses an exclusive-OR function.
31. The method of claim 30 wherein the step of the group member providing the authentication-M comprises the step of:
- the group member signing the authentication-M to form a signature S_mfor verification by the key holder.
32. The method of claim 31 comprising the further step of:
- the group member providing a Request to the key holder.
33. The method of claim 30 wherein the authentication-M further includes as inputs the code R_m, the stamp C_mand the identity of the group member.
34. The method of claim 33 wherein the step of the group member providing the authentication-M to the key holder comprises the step of:
- the group member signing the authentication-M to form a signature S_mfor verification by the key holder.
35. The method of claim 34 comprising the further step of:
- the group member providing a Request to the key holder.

36. A method for distributing a secret key K from a key holder to a group member, comprising the steps of:
- the key holder decrypting an encrypted code R_meprovided by the group member to acquire a code R_m;
  
  the key holder verifying an authentication-M and a signature S_mprovided by the group member and formed by the group member signing the authentication-M;
  
  the key holder using the secret key K and the code R_mas inputs to a reversible function to generate a code R_h;
  
  the key holder providing an authentication-H to the group member for verification; and
  
  the key holder providing the code R_hto the group member for input with the code R_mto the reversible function for deriving the secret key K.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
- - 37. The method of claim 36 wherein the step of the key holder decrypting the encrypted code R_meuses a private key associated with a public key K_phassociated with the key holder.
  - 38. The method of claim 37 wherein the authentication-M results from a mixing function of at least one authentication-M input.
  - 39. The method of claim 38 comprising the further steps of:
40. The method of claim 39 wherein the stamp C_hresults from a mixing function of an identity of the group member, a timestamp, and a secret known only to the key holder.
41. The method of claim 40 wherein the authentication-H results from a mixing function of at least one authentication-H input.
42. The method of claim 41 wherein the code R_mand the key K are numbers.
43. The method of claim 42 wherein the step of the key holder using the secret key K uses an exclusive-OR function.
44. The method of claim 43 comprising the further step of:
- the key holder providing an Authorization to the group member.
45. The method of claim 44 wherein the authentication-M further includes as inputs a stamp C_mand the identity of the group member.
46. The method of claim 45 wherein the authentication-H further includes as inputs the stamp C_h, the code R_h, the identity of the group member, and an identity of the key holder.

47. A method for distributing a secret key K from a key holder to a group member, comprising the steps of:
- the group member encrypting a code R_mto form an encrypted code R_me;
  
  the group member signing an authentication-M to form a signature S_m;
  
  the group member providing the encrypted code R_meto the key holder for decrypting to the code R_mfor input with the secret key K to a reversible function to generate a code R_h;
  
  the group member providing the signature S_mto the key holder for verification of the signature S_mand the authentication-M;
  
  the group member verifying an authentication-H provided by the key holder; and
  
  the group member deriving the secret key K having the code R_hprovided by the key holder and the code R_mas inputs to the reversible function.
- View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
- - 48. The method of claim 47 wherein the step of the group member encrypting the code R_muses a public key K_phassociated with the key holder.
  - 49. The method of claim 48 wherein the authentication-M results from a mixing function of at least one authentication-M input.
  - 50. The method of claim 49 wherein the authentication-H results from a mixing function of at least one authentication-H input.
  - 51. The method of claim 50 comprising the further steps of:
52. The method of claim 51 wherein the stamp C_mresults from a mixing function of an identity of the key holder, a timestamp, and a secret known only to the group member.
53. The method of claim 52 wherein the code R_mand the key K are numbers.
54. The method of claim 53 wherein the step of the group member deriving the secret key K uses an exclusive-OR function.
55. The method of claim 54 comprising the further step of:
- the group member providing a Request to the key holder.
56. The method of claim 55 wherein the authentication-M further includes as inputs the stamp C_mand the identity of the group member.
57. The method of claim 56 wherein the authentication-H further includes as inputs a stamp C_hthe code R_h, the identity of group member and identity of the key holder.

58. A computer-readable medium embodying instructions for causing a device to perform a distribution of a secret key K from a key holder to a group member, the distribution comprising the steps of:
- the key holder decrypting an encrypted code R_mprovided by the group member to acquire a code R_m;
  
  the key holder verifying an authentication-M provided by the group member;
  
  the key holder using the secret key K and the code R_mas inputs to a reversible function to generate a code R_h;
  
  the key holder encrypting the code R_hto form an encrypted code R_he;
  
  the key holder providing an authentication-H to the group member for verification; and
  
  the key holder providing the encrypted code R_heto the group member for decrypting to the code R_hfor input with the code R_mto the reversible function for deriving the secret key K.
- View Dependent Claims (59)
- - 59. The computer-readable medium of claim 58 wherein the step of the key holder providing the authentication-H comprises the step of:

60. A computer-readable medium embodying instructions for causing a device to perform a distribution of a secret key K from a key holder to a group member, said distribution comprising the steps of:
- the group member encrypting a code R_mto form an encrypted code R_me;
  
  the group member providing the encrypted code R_meto the key holder for decrypting to the code R_mfor input with the secret key K to a reversible function to generate a code R_hfor encryption to a code R_he;
  
  the group member providing an authentication-M to the key holder for verification;
  
  the group member decrypting the encrypted code R_heprovided by the key holder to acquire the code R_h;
  
  the group member verifying an authentication-H provided by the key holder; and
  
  the group member deriving the secret key K having the code R_hand the code R_mas inputs to the reversible function.
- View Dependent Claims (61)
- - 61. The computer-readable medium of claim 60 wherein the step of the group member providing the authentication-M comprises the step of:

62. A computer system for distributing a secret key K from a key holder to a group member, comprising:
- means for the key holder to decrypt an encrypted code R_meprovided by the group member to acquire a code R_m;
  
  means for the key holder to verify an authentication-M provided by the group member;
  
  means for the key holder to use the secret key K and the code R_mas inputs to a reversible function to generate a code R_h;
  
  means for the key holder to encrypt the code R_hto form an encrypted code R_he;
  
  means for the key holder to provide an authentication-H to the group member for verification; and
  
  means for the key holder to provide the encrypted code R_heto the group member for decrypting to the code R_hfor input with the code R_mto the reversible function for deriving the secret key K.
- View Dependent Claims (63)
- - 63. The computer system of claim 62 wherein means for the key holder to provide the authentication-H comprises:

64. A computer system for distributing a secret key K from a key holder to a group member, comprising:
- means for the group member to encrypt a code R_mto form an encrypted code R_me;
  
  means for the group member to provide the encrypted code R_meto the key holder for decrypting to the code R_mfor input with the secret key K to a reversible function to generate a code R_hfor encryption to a code R_he;
  
  means for the group member to provide an authentication-M to the key holder for verification;
  
  means for the group member to decrypt the encrypted code R_heprovided by the key holder to acquire the code R_h;
  
  means for the group member to verify an authentication-H provided by the key holder; and
  
  means for the group member to derive the secret key K having the code R_hand the code R_mas inputs to the reversible function.
- View Dependent Claims (65)
- - 65. The computer system of claim 64 wherein means for the group member to provide the authentication-M comprises:

66. A computer-readable medium embodying instructions for causing a device to perform a distribution of a secret key K from a key holder to a group member, the distribution comprising the steps of:
- the key holder decrypting an encrypted code R_meprovided by the group member to acquire a code R_m;
  
  the key holder verifying an authentication-M and a signature S_mprovided by the group member and formed by the group member signing the authentication-M;
  
  the key holder using the secret key K and the code R_mas inputs to a reversible function to generate a code R_h;
  
  the key holder providing an authentication-H to the group member for verification; and
  
  the key holder providing the code R_hto the group member for input with the code R_mto the reversible function for deriving the secret key.
- View Dependent Claims (67)
- - 67. The computer-readable medium of claim 66 wherein the step of the key holder providing said authentication-H comprises the step of:

68. A computer-readable medium embodying instructions for causing a device to perform a distribution of a secret key K from a key holder to a group member, the distribution comprising the steps of:
- the group member encrypting a code R_mto form an encrypted code R_me;
  
  the group member signing an authentication-M to form a signature S_m;
  
  the group member providing the signature S_mto the key holder for verification;
  
  the group member providing the encrypted code R_meto the key holder for decrypting to the code R_mfor input with the secret key K to a reversible function to generate a code R_hfor providing to the group member;
  
  the group member verifying an authentication-H provided by the key holder; and
  
  the group member deriving said secret key K having the code R_hand the code R_mas inputs to the reversible function.

69. A computer system for distributing a secret key K from a key holder to a group member, comprising:
- means for the key holder to decrypt an encrypted code R_meprovided by the group member to acquire a code R_m;
  
  means for the key holder to verify an authentication-M and a signature S_mprovided by the group member and formed by the group member signing the authentication-M;
  
  means for the key holder to use the secret key K and the code R_mas inputs to a reversible function to generate a code R_h;
  
  means for the key holder to provide an authentication-H to the group member for verification; and
  
  means for the key holder to provide the code R_hto the group member for input with the code R_mto the reversible function for deriving the secret key K.
- View Dependent Claims (70)
- - 70. The computer system of claim 69 wherein means for the key holder to provide said authentication-H comprises:

71. A computer system for distributing a secret key K from a key holder to a group member, comprising:
- means for the group member to encrypt a code R_mn to form an encrypted code R_me;
  
  means for the group member to sign an authentication-M to form a signature S_m;
  
  means for the group member to provide the signature S_mand the authentication-M to the key holder for verification;
  
  means for the group member to provide the encrypted code R_meto the key holder for decrypting to the code R_mfor input with the secret key K to a reversible function to generate a code R_hfor providing to the group member;
  
  means for the group member to verify an authentication-H provided by the key holder; and
  
  means for the group member to derive the secret key K having said number R_hand said R_mas inputs to the reversible function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Harkins, Dan
Primary Examiner(s)
Swann, Tod
Assistant Examiner(s)
Darrow, Justin T.

Application Number

US09/498,696
Time in Patent Office

428 Days
Field of Search

380/279, 380/281, 380/282, 380/286, 713/162, 713/170, 713/171, 713/176, 713/178
US Class Current

380/281
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/065   for group communications cr...

H04L 63/0823   using certificates cryptogr...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0833   involving conference or gro...

H04L 9/3247   involving digital signatures

Group key distribution

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

80 Citations

71 Claims

Specification

Solutions

Use Cases

Quick Links

Group key distribution

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

71 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links