Processing method for key exchange among broadcast or multicast groups that provides a more efficient substitute for Diffie-Hellman key exchange
First Claim
1. A method for establishing a secure communication session among a first node of a network and one or more other nodes using a group shared secret key, each of the nodes having a private key value associated therewith, the method comprising the computer-implemented steps of:
- communicating a first public key value of the first node to a second node;
creating and storing an initial shared secret key for the first node and second node based on a first private key value and a second public key value that is received from the second node;
creating and storing information at the first node that associates the first node with a first network communication entity by generating a collective public key value that is shared by the first node and a second node and based on the first private key value and a second private key value that is derived by the first node from the second public key value;
receiving a third public key value from a third node that seeks to join the first network communication entity;
creating a second shared secret key value based on the collective public key value and the third public key value; and
joining the first node to a second network communication entity that includes the first network communication entity and the third node and that uses secure communication with messages that are encrypted using the second shared secret key value;
wherein the first node, second node, and third node are separate nodes.
1 Assignment
0 Petitions
Accused Products
Abstract
An approach for arriving at a shared secret key in a multicast or broadcast group environment is disclosed. The key exchange protocol permits nodes within a multicast or broadcast group to compute a shared secret key in a binary fashion, whereby a shared secret key is generated for a pair of nodes at a time. Once the shared secret key is computed by the pair, the nodes within the pair is viewed as a single entity by a node that is to be joined. This process is iteratively performed until all the nodes within the multicast group attain a common shared secret key. Under this approach, the number of messages exchanged between the nodes for establishing the secured channel is significantly reduced.
-
Citations
34 Claims
-
1. A method for establishing a secure communication session among a first node of a network and one or more other nodes using a group shared secret key, each of the nodes having a private key value associated therewith, the method comprising the computer-implemented steps of:
-
communicating a first public key value of the first node to a second node; creating and storing an initial shared secret key for the first node and second node based on a first private key value and a second public key value that is received from the second node; creating and storing information at the first node that associates the first node with a first network communication entity by generating a collective public key value that is shared by the first node and a second node and based on the first private key value and a second private key value that is derived by the first node from the second public key value; receiving a third public key value from a third node that seeks to join the first network communication entity; creating a second shared secret key value based on the collective public key value and the third public key value; and joining the first node to a second network communication entity that includes the first network communication entity and the third node and that uses secure communication with messages that are encrypted using the second shared secret key value; wherein the first node, second node, and third node are separate nodes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-readable storage medium carrying one or more sequences of one or more instructions for establishing a secure communication session among a first node of a network and one or more other nodes using a group shared secret key, each of the nodes having a private key value associated therewith, the one or more sequences of one or more instructions including instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of:
-
communicating a first public key value of the first node to a second node; creating and storing an initial shared secret key for the first node and second node based on a first private key value and a second public key value that is received from the second node; creating and storing information at the first node that associates the first node with a first network communication entity by generating a collective public key value that is shared by the first node and a second node and based on the first private key value and a second private key value that is derived by the first node from the second public key value; receiving a third public key value from a third node that seeks to join the first network communication entity; creating a second shared secret key value based on the collective public key value and the third public key value; and joining the first node to a second network communication entity that includes the first network communication entity and the third node and that uses secure communication with messages that are encrypted using the second shared secret key value; wherein the first node, second node, and third node are separate nodes.
-
-
13. A multicast communication server for establishing a secure communication session among a first node of a network and one or more other nodes using a group shared secret key, each of the nodes having a private key value associated therewith, comprising:
-
means for communicating a first public key value of the first node to a second node; means for creating and storing an initial shared secret key for the first node and second node based on a first private key value and a second public key value that is received from the second node; means for creating and storing information at the first node that associates the first node with a first network communication entity by generating a collective public key value that is shared by the first node and a second node and based on the first private key value and a second private key value that is derived by the first node from the second public key value; means for receiving a third public key value from a third node that seeks to join the first network communication entity; means for creating a second shared secret key value based on the collective public key value and the third public key value; means for joining the first node to a second network communication entity that includes the first network communication entity and the third node and that uses secure communication with messages that are encrypted using the second shared secret key value; wherein the first node, second node, and third node are separate nodes. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. An apparatus for establishing a secure communication session among a first node of a network and one or more other nodes using a group shared secret key, each of the nodes having a private key value associated therewith, comprising:
-
one or more processors; a computer-readable storage medium carrying one or more sequences of one or more instructions, the one or more sequences of one or more instructions including instructions which, when executed by the one or more processors, cause the one or more processors to perform the steps of; communicating a first public key value of the first node to a second node; creating and storing an initial shared secret key for the first node and second node based on a first private key value and a second public key value that is received from the second node; creating and storing information at the first node that associates the first node with a first network communication entity by generating a collective public key value that is shared by the first node and a second node and based on the first private key value and a second private key value that is derived by the first node from the second public key value; receiving a third public key value from a third node that seeks to join the first network communication entity; creating a second shared secret key value based on the collective public key value and the third public key value; joining the first node to a second network communication entity that includes the first network communication entity and the third node and that uses secure communication with messages that are encrypted using the second shared secret key value; wherein the first node, second node, and third node are separate nodes. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
Specification