Key management method
First Claim
Patent Images
1. A key management method to prevent illegal eavesdropping in a network system, comprising:
- dividing session keys of the network system into a plurality of family subkeys and a plurality of communication subkeys;
providing a plurality of trusted-key centers for respectively preserving a part of the family subkeys and one of the communication subkeys, and generating a one-way hash value involving the preserved communication subkey and an open information;
each of the trusted-key centers passing the hash value to an eavesdropper according to an authority certificate;
each of the trusted-key centers interchanging the preserved family subkeys according to the authority certificate to obtain a session key which is passed to the eavesdropper; and
the eavesdropper combining all the hash values from the trusted-key centers to obtain a communication key which is accompanied with the session key to eavesdrop an authorized communication.
5 Assignments
0 Petitions
Accused Products
Abstract
A key management method to prevent illegal eavesdropping in a network system. Keys of the network system are divided into several family subkeys and several communication subkeys. A plurality of trusted-key centers are provided for respectively preserving a part of the family subkeys and one of the communication subkeys, and generating a one-way hash value involving the preserved communication subkey and an open information. Each of the trusted-key centers passes the hash value to an eavesdropper according to an authority certificate. Each of the trusted-key centers interchanges the preserved family subkeys according to the authority certificate to obtain a session key which is passed to the eavesdropper. The eavesdropper combines all the hash values from the trusted-key centers to obtain a corresponding communication key which is accompanied by the session key to eavesdrop an authorized communication.
-
Citations
14 Claims
-
1. A key management method to prevent illegal eavesdropping in a network system, comprising:
-
dividing session keys of the network system into a plurality of family subkeys and a plurality of communication subkeys;
providing a plurality of trusted-key centers for respectively preserving a part of the family subkeys and one of the communication subkeys, and generating a one-way hash value involving the preserved communication subkey and an open information;
each of the trusted-key centers passing the hash value to an eavesdropper according to an authority certificate;
each of the trusted-key centers interchanging the preserved family subkeys according to the authority certificate to obtain a session key which is passed to the eavesdropper; and
the eavesdropper combining all the hash values from the trusted-key centers to obtain a communication key which is accompanied with the session key to eavesdrop an authorized communication. - View Dependent Claims (2, 3, 4)
-
-
5. A method of encrypting a communication comprising the steps of:
-
encrypting an origination communication message using a session key to obtain a first encryption of the message;
encrypting the first encryption using a communication key to obtain a second encryption of the first encryption;
transferring the second encryption to a receiving end;
reversing the second and first encryption steps to obtain the origination communication message; and
providing a plurality of trusted-key centers, wherein each of said plurality of trusted-key centers maintains a distinct part of at least the session key, a network key or the communication key. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
encrypting the second encryption using the network key to obtain a third encryption of the second encryption, transferring the second encryption to the receiving end, and reversing the third, second and first encryption steps to obtain the origination communication message. -
7. The method of encrypting a communication according to claim 6, further including the step of allowing an eavesdropper to obtain the origination communication message.
-
8. The method of encrypting a communication according to claim 7, wherein the step of allowing an eavesdropper to obtain the origination commination message includes the step of decrypting any one of at least the first, second or third encryption.
-
9. The method of encrypting a communication according to claim 5, further including the step of allowing an eavesdropper to obtain the origination communication message.
-
10. The method of encrypting a communication according to claim 9, further including the step limiting the eavesdropper access to the origination communication messaged based on a duration of time.
-
11. The method of encrypting a communication according to claim 9, further including the step of allowing encryption of a plurality of origination messages using at least one of the session, network or communication keys.
-
12. The method of encrypting a communication according to claim 11, further including the step of eavesdropping at least one of the plurality of messages.
-
13. The method of encrypting a communication according to claim 12, wherein the step of eavesdropping allows eavesdropping of at least one of the plurality of messages, or a number of the plurality of messages for a predetermined time duration.
-
14. The method of encrypting a communication according to claim 6, wherein the step of reversing includes the steps of,
decrypting the third encryption using the network key to obtain the second encryption, decrypting the second encryption using the communication key to obtain the first encryption, and decrypting the first encryption using the session key to obtain the origination message.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeA10 Networks Incorporated
-
Original AssigneeIndustrial Technology Research Institute
-
InventorsChao, Cheng-Tsung, Hsu, Chi-Kuo, Farn, Kwo-Jean, Song, Chen-Hwa
-
Primary Examiner(s)Peeso, Thomas R.
-
Application NumberUS09/373,081Time in Patent Office1,574 DaysField of Search380/277, 380/278, 380/283, 713/156, 713/168, 713/169, 713/171US Class Current380/277CPC Class CodesH04L 63/061 for key exchange, e.g. in p...H04L 63/1475 Passive attacks, e.g. eaves...H04L 9/0833 involving conference or gro...
