Decentralized systems methods and computer program products for sending secure messages among a group of nodes

US 6,363,154 B1
Filed: 10/28/1998
Issued: 03/26/2002
Est. Priority Date: 10/28/1998
Status: Expired due to Fees

First Claim

Patent Images

1. A method of sending secure messages among a group of nodes selected from a plurality of nodes that are connected to a communications network, the method comprising the steps of:

defining a random secret key at a first one of the group of nodes;

sending the random secret key from the first one of the group of nodes to remaining ones of the group of nodes;

generating a random number at a second one of the group of nodes;

performing a one way hash of the random number and the random secret key at the second one of the group of nodes to generate a working key;

encrypting a message at the second one of the group of nodes, using the working key; and

sending the encrypted message and the random number from the second one of the group of nodes to remaining ones of the group of nodes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure messages are sent among a group of nodes selected from a plurality of nodes that are connected to a communications network, by defining a random secret key at a first one of the group of nodes. The random secret key is sent from the first one of the group nodes to remaining ones of the group of nodes. A random number is generated at a second one of the group of nodes. A one-way hash of the random number and the random secret key is performed at the second one of the group of nodes to generate a working key. A message is encrypted at the second one of the group of nodes, using the working key. The encrypted message and the random number is sent from the second one of the group of nodes to remaining ones of the group of nodes. The encrypted message and the random number are received at the remaining ones of the group of nodes. Each of the remaining ones of the group of nodes performs a one-way hash of the random number and the random secret key, to regenerate the working key. The message is then decrypted using the regenerated working key. The secret key may be defined at any one of the group of nodes rather than a predefined, centralized key distribution center. Moreover, the random number may be generated at any one of the group of nodes that desires to communicate an encrypted message to remaining ones of the group of nodes. Decentralized group key management is thereby provided.

Citations

21 Claims

1. A method of sending secure messages among a group of nodes selected from a plurality of nodes that are connected to a communications network, the method comprising the steps of:
- defining a random secret key at a first one of the group of nodes;
  
  sending the random secret key from the first one of the group of nodes to remaining ones of the group of nodes;
  
  generating a random number at a second one of the group of nodes;
  
  performing a one way hash of the random number and the random secret key at the second one of the group of nodes to generate a working key;
  
  encrypting a message at the second one of the group of nodes, using the working key; and
  
  sending the encrypted message and the random number from the second one of the group of nodes to remaining ones of the group of nodes.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1 further comprising the following steps that are performed at the remaining ones of the group of nodes:
3. A method according to claim 1 wherein the following steps are performed at the second one of the group of nodes, between the steps of performing a one way hash and encrypting a message:
- generating a data encrypting key; and
  
  encrypting the data encrypting key with the working key;
  
  wherein the step of encrypting a message comprises the step of encrypting a message at the second one of the group of nodes, using the encrypted data encrypting key; and
  
  wherein the step of sending the encrypted message comprises the step of sending the encrypted message, the random number and the encrypted data encrypting key from the second one of the group of nodes to remaining ones of the group of nodes.
4. A method according to claim 3 further comprising the following steps that are performed at the remaining ones of the group of nodes:
- performing a one way hash of the random number and the random secret key to regenerate the working key;
  
  decrypting the encrypted data encrypting key using the regenerated working key; and
  
  decrypting the message using the decrypted encrypted data encrypting key.
5. A method according to claim 1:
- wherein the step of performing a one way hash comprises the step of performing a one way hash of the random number, the random secret key and control information at the second one of the group of nodes to generate a working key; and
  
  wherein the step of sending comprises the step of sending the encrypted message, the random number and the control information from the second one of the group of nodes to remaining ones of the group of nodes.
6. A method according to claim 1 wherein the following step is performed prior to the step of sending:
- generating a signature by encrypting a one way hash of the random number with a private key of the second one of the group of nodes; and
  
  wherein the step of sending comprises the step of sending the encrypted message, the random number and the signature from the second one of the group of nodes to remaining ones of the group of nodes.
7. A method according to claim 5 wherein the control information is at least one of an identification of the group of nodes, an identification of the second one of the group of nodes and an identification of permitted uses of the working key.

8. A group of nodes selected from a plurality of nodes that are connected to a communications network, the group of nodes sending secure messages to one another, each node in the group of nodes comprising:
- means for defining a random secret key;
  
  means for sending the random secret key to the group of nodes;
  
  means for generating a random number;
  
  means for performing a one way hash of the random number and the random secret key to generate a working key;
  
  means for encrypting a message using the working key; and
  
  means for sending the encrypted message and the random number to the group of nodes.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A group of nodes according to claim 8, wherein each node further comprises:
10. A group of nodes according to claim 8, wherein each node further comprises:
- means for generating a data encrypting key; and
  
  means for encrypting the data encrypting key with the working key;
  
  wherein the means for encrypting a message comprises means for encrypting a message using the data encrypting key; and
  
  wherein the means for sending the encrypted message comprises means for sending the encrypted message, the random number and the encrypted data encrypting key to the group of nodes.
11. A group of nodes according to claim 10, wherein each node further comprises:
- means for decrypting the encrypted data encrypting key using the regenerated working key; and
  
  means for decrypting the message using the decrypted data encrypting key.
12. A group of nodes according to claim 8:
- wherein the means for performing a one way hash comprises means for performing a one way hash of the random number, the random secret key and control information at the second one of the group of nodes to generate a working key; and
  
  wherein the means for sending comprises means for sending the encrypted message, the random number and the control information to the group of nodes.
13. A group of nodes according to claim 8, wherein each node further comprises:
- means for generating a signature by encrypting a one way hash of the random number with a private key of the node; and
  
  wherein the means for sending comprises means for sending the encrypted message, the random number and the signature to the group of nodes.
14. A group of nodes according to claim 12 wherein the control information is at least one of an identification of the group of nodes, an identification of the node and an identification of permitted uses of the working key.

15. A computer program product that sends secure messages to a group of nodes selected from a plurality of nodes that are connected to a communications network, the computer program product comprising a computer-readable storage medium having computer-readable program code means embodied in the medium, the computer-readable program code means comprising:
- computer-readable program code means for defining a random secret key;
  
  computer-readable program code means for sending the random secret key to the group of nodes, computer-readable program code means for generating a random number;
  
  computer-readable program code means for performing a one way hash of the random number and the random secret key to generate a working key;
  
  computer-readable program code means for encrypting a message using the working key; and
  
  computer-readable program code means for sending the encrypted message and the random number to the group of nodes.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. A computer program product according to claim 15 further comprising:
17. A computer program product according to claim 15 further comprising:
- computer-readable program code means for generating a data encrypting key; and
  
  computer-readable program code means for encrypting the data encrypting key with the working key;
  
  wherein the computer-readable program code means for encrypting a message comprises computer-readable program code means for encrypting a message using the encrypted data encrypting key; and
  
  wherein the computer-readable program code means for sending the encrypted message comprises computer-readable program code means for sending the encrypted message, the random number and the encrypted data encrypting key to the group of nodes.
18. A computer program product according to claim, 17 further comprising:
- computer-readable program code means for decrypting the encrypted data encrypting key using the regenerated working key; and
  
  computer-readable program code means for decrypting the message using the decrypted encrypted data encrypting key.
19. A computer program product according to claim 15:
- wherein the computer-readable program code means for performing a one way hash comprises computer-readable program code means for performing a one way hash of the random number, the random secret key and control information at the second one of the group of nodes to generate a working key; and
  
  wherein the computer-readable program code means for sending comprises computer-readable program code means for sending the encrypted message, the random number and the control information to the group of nodes.
20. A computer program product according to claim 15 further comprising:
- computer-readable program code means for generating a signature by encrypting a one way hash of the random number with a private key of the node; and
  
  wherein the computer-readable program code means for sending comprises computer-readable program code means for sending the encrypted message, the random number and the signature to the group of nodes.
21. A computer program product according to claim 19 wherein the control information is at least one of an identification of the group of nodes, an identification of the node and an identification of permitted uses of the working key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Peyravian, Mohammad, Zunic, Nevenko, Matyas, Stephen Michael Jr.
Primary Examiner(s)
Decady, Albert
Assistant Examiner(s)
Smithers, Matthew

Application Number

US09/181,631
Time in Patent Office

1,245 Days
Field of Search

713/151, 713/171, 713/180, 380/44, 380/47, 380/273, 380/283, 380/284, 380/285, 705/71
US Class Current

380/283
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/065   for group communications cr...

H04L 63/0823   using certificates cryptogr...

H04L 9/0822   using key encryption key

H04L 9/0827   involving distinctive inter...

H04L 9/0869   involving random numbers or...

Decentralized systems methods and computer program products for sending secure messages among a group of nodes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Decentralized systems methods and computer program products for sending secure messages among a group of nodes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links