Establishing a new shared secret key over a broadcast channel for a multicast group based on an old shared secret key
First Claim
1. A method for providing shared secret keys for communicating through a secure channel between members of a dynamically changing multicast group connected over an insecure network, the method comprising the computer-implemented steps of:
- computing a first shared secret key for establishing a first multicast group that includes a set of one or more first members;
generating a first multicast group exchange key based on the first shared secret key;
receiving a first user exchange key from a first user requesting entry into the first multicast group;
computing a second secret key k1 based on the first user exchange key and the first shared secret key according to the relation k1=(Y′
k mod (n)), wherein Y′
represents the first user exchange key, k represents the first shared secret key, and n is a prime number selected by themembers of the multicast group and previously used to generate the first shared secret key k;
sending the first multicast group exchange key to the first user, wherein the first multicast group exchange key allows the first user to generate the second shared secret key; and
establishing a second multicast group whose members include the first user and the set of one or more first members of the first multicast group, wherein the second shared secret key provides a first secure channel for communicating between members of the second multicast group over the insecure network.
1 Assignment
0 Petitions
Accused Products
Abstract
An optimized approach for arriving at a shared secret key in a dynamically changing multicast or broadcast group environment is disclosed. In one aspect of the invention, a method is provided for communicating through a secure channel between members of a dynamically changing multicast group connected over an insecure network. The method provides that a first shared secret key for establishing a first multicast group is computed that includes a set of one or more first members. Based on the first shared secret key, a first multicast group exchange key is also generated. Upon receiving a first user exchange key from a first user requesting entry into the first multicast group, a second secret key, based on the first user exchange key and the first shared secret key is computed. The first multicast group exchange key is sent to the first user and used by the first user to generate the same second shared secret key. Through the use of the second shared secret key a second multicast group is established whose members include the first user and the set of one or more first members of the first multicast group as the second shared secret key provides a first secure channel for communicating between members of the second multicast group over the insecure network.
-
Citations
53 Claims
-
1. A method for providing shared secret keys for communicating through a secure channel between members of a dynamically changing multicast group connected over an insecure network, the method comprising the computer-implemented steps of:
-
computing a first shared secret key for establishing a first multicast group that includes a set of one or more first members;
generating a first multicast group exchange key based on the first shared secret key;
receiving a first user exchange key from a first user requesting entry into the first multicast group;
computing a second secret key k1 based on the first user exchange key and the first shared secret key according to the relation k1=(Y′
k mod (n)), wherein Y′
represents the first user exchange key, k represents the first shared secret key, and n is a prime number selected by themembers of the multicast group and previously used to generate the first shared secret key k;
sending the first multicast group exchange key to the first user, wherein the first multicast group exchange key allows the first user to generate the second shared secret key; and
establishing a second multicast group whose members include the first user and the set of one or more first members of the first multicast group, wherein the second shared secret key provides a first secure channel for communicating between members of the second multicast group over the insecure network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 34, 35, 36)
-
-
10. A computer-readable medium carrying one or more sequences of one or more instructions for communicating through a secure channel between members of a dynamically changing multicast group connected over an insecure network, and which instructions, when executed by one or more processors, cause the one or more processors to perform the steps of:
-
computing a first shared secret key for establishing a first multicast group that includes a set of one or more first members;
generating a first multicast group exchange key based on the first shared secret key;
receiving a first user exchange key from a first user requesting entry into the first multicast group;
computing a second secret key k1 based on the first user exchange key and the first shared secret key according to the relation k1=(Y′
k mod (n)), wherein Y′
represents the first user exchange key, k represents the first shared secret key, and n is a prime number selected by the members of the multicast group and previously used to generate the first shared secret key k;
sending the first multicast group exchange key to the first user, wherein the first multicast group exchange key allows the first user to generate the second shared secret key; and
establishing a second multicast group whose members include the first user and the set of one or more first members of the first multicast group, wherein the second shared secret key provides a first secure channel for communicating between members of the second multicast group over the insecure network. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 37, 38, 39)
-
-
19. A network device configured for communicating through a secure channel between members of a dynamically changing multicast group connected over an insecure network, comprising:
-
a network interface;
a processor coupled to the network interface and receiving information from the network interface;
a computer-readable medium accessible by the processor and comprising one or more sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
computing a first shared secret key for establishing a first multicast group that includes a set of one or more first members;
generating a first multicast group exchange key based on the first shared secret key;
receiving a first user exchange key from a first user requesting entry into the first multicast group;
computing a second secret key k1 based on the first user exchange key and the first shared secret key according to the relation k1=(Y′
k mod (n)), wherein Y′
represents the first user exchange key, k represents the first shared secret key, and n is a prime number selected by the members of the multicast group and previously used to generate the first shared secret key k;
sending the first multicast group exchange key to the first user, wherein the first multicast group exchange key allows the first user to generate the second shared secret key; and
establishing a second multicast group whose members include the first user and the set of one or more first members of the first multicast group, wherein the second shared secret key provides a first secure channel for communicating between members of the second multicast group over the insecure network. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 40, 41, 42)
-
-
28. A network device configured for communicating through a secure channel between members of a dynamically changing multicast group connected over an insecure network, comprising:
-
means for computing a first shared secret key for establishing a first multicast group that includes a set of one or more first members;
means for generating a first multicast group exchange key based on the first shared secret key;
means for receiving a first user exchange key from a first user requesting entry into the first multicast group;
means for computing a second secret key k1 based on the first user exchange key and the first shared secret key according to the relation k1=(Y′
k mod (n)), wherein Y′
represents the first user exchange key, k represents the first shared secret key, and n is a prime number selected by the members of the multicast group and previously used to generate the first shared secret key k;
means for sending the first multicast group exchange key to the first user, wherein the first multicast group exchange key allows the first user to generate the second shared secret key; and
means for establishing a second multicast group whose members include the first user and the set of one or more first members of the first multicast group, wherein the second shared secret key provides a first secure channel for communicating between members of the second multicast group over the insecure network. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
-
-
29. A method for generating a shared secret key for use by a first member, a second member, and a third member who joins the first member and the second member for secure communication as a multicast group over an insecure network, the method comprising the computer-implemented steps of:
-
generating a first multicast group exchange key K′
based on a first shared secret key “
k”
that is used by a first multicast group that includes the first member and the second member, wherein k=(gx mod (n)), “
x”
is a private non-zero random integer, “
g”
is a public non-zero integer, and “
n”
is a pre-determined public prime integer, and wherein K′
=(gk mod (n));
receiving a first user exchange key from the third member as part of a request by the third member to enter the first multicast group;
sending the first multicast group exchange key to the first member, wherein the first multicast group exchange key allows the first member to generate a second secret key k1 based on the first user exchange key and the first shared secret key according to the relation k1=(Y′
k mod (n)), wherein Y′
represents the first user exchange key, k represents the first shared secret key, and n is a prime number selected by the members of the multicast group and previously used to generate the first shared secret key k; and
establishing secure communication in a second multicast group whose members include the first member, the second member and the third member, and based on the second shared secret key. - View Dependent Claims (30, 31, 32, 33)
-
Specification