Method and apparatus for verifying data timeliness with time-based derived cryptographic keys
First Claim
Patent Images
1. A computer-implemented method of verifying data timeliness with time-based derived cryptographic keys, the method comprising:
- receiving a master key;
receiving an identity of a current time interval;
wherein the master key and the identity of the current time interval are received from a key server;
deriving a first interval key based on both the master key and a first time interval; and
decrypting first data that was encrypted with the first interval keywherein the first time interval is determined based on a first time and the identity of the current time interval;
during a first interval of time, encrypting, with the first interval key, all data that is to be communicated to a particular group of recipients during the first interval of time;
deriving a second interval key based on both the master key and a second time that differs from the first time; and
during a second interval of time that occurs after the first interval of time, encrypting, with the second interval key, all data that is to be communicated to the particular group of recipients during the second interval of time.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of verifying data timeliness with time-based derived cryptographic keys is disclosed. A master key is received. Based on both the master key and a current time, an interval key is derived. Data, which was encrypted with the interval key, is decrypted with the interval key.
-
Citations
28 Claims
-
1. A computer-implemented method of verifying data timeliness with time-based derived cryptographic keys, the method comprising:
-
receiving a master key; receiving an identity of a current time interval; wherein the master key and the identity of the current time interval are received from a key server; deriving a first interval key based on both the master key and a first time interval; and decrypting first data that was encrypted with the first interval key wherein the first time interval is determined based on a first time and the identity of the current time interval; during a first interval of time, encrypting, with the first interval key, all data that is to be communicated to a particular group of recipients during the first interval of time; deriving a second interval key based on both the master key and a second time that differs from the first time; and during a second interval of time that occurs after the first interval of time, encrypting, with the second interval key, all data that is to be communicated to the particular group of recipients during the second interval of time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented method of verifying data timeliness with time-based derived cryptographic keys, the method comprising:
-
receiving a master key from a key server; receiving, from the key server, an identity of a current time interval; receiving, from the key server, an indication of an amount of time remaining in the current time interval; setting a counter based on the identity of the current time interval; incrementing the counter upon determining that the difference between a current time and a time at which the indication was received is greater than or equal to the amount; deriving an interval key based on both the master key and the incremented counter; receiving, from a first sender that differs from the key server, first data that was encrypted with the interval key; and decrypting the first data with the interval key. - View Dependent Claims (12, 13)
-
-
14. A computer-implemented method of verifying data timeliness with time-based derived cryptographic keys, the method comprising:
-
receiving, through a network, a master key from a key server that sent the master key according to the Group Domain of Interpretation (GDOI) protocol in response to receiving a request to join a group; receiving, through the network, from the key server, an identity of a current time interval that is known to each member of the group; receiving, through the network, from the key server, an indication of an amount of time remaining in the current time interval; setting a counter based on the identity of the current time interval; receiving, through the network, from a first member of the group, a multicasted Encapsulating Security Protocol (ESP) packet that contains first data that the first member encrypted with a first interval key that the first member derived based on the master key, the identity, and an Internet Protocol (IP) address of the first member; deriving the first interval key based on the master key, the counter, and the IP address of the first member; and decrypting the first data with the first interval key. - View Dependent Claims (15)
-
-
16. A volatile or non-volatile computer-readable medium carrying one or more sequences of instructions for verifying data timeliness with time-based derived cryptographic keys, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
receiving a master key; receiving an identity of a current time interval; wherein the master key and the identity of the current time interval are received from a key server; deriving an interval key based on both the master key and a time interval; and decrypting data that was encrypted with the interval key; wherein the first time interval is determined based on a first time and the identity of the current time interval; during a first interval of time, encrypting, with the first interval key, all data that is to be communicated to a particular group of recipients during the first interval of time; deriving a second interval key based on both the master key and a second time that differs from the first time; and during a second interval of time that occurs after the first interval of time, encrypting, with the second interval key, all data that is to be communicated to the particular group of recipients during the second interval of time.
-
-
17. An apparatus for verifying data timeliness with time-based derived cryptographic keys, comprising:
-
means for receiving a master key; means for receiving an identity of a current time interval; wherein the master key and the identity of the current time interval are received from a key server; means for deriving a first interval key based on both the master key and a first time interval; and means for decrypting first data that was encrypted with the first interval key; wherein the first time interval is determined based on a first time and the identity of the current time interval; means for encrypting, during a first interval of time, with the first interval key, all data that is to be communicated to a particular group of recipients during the first interval of time; means for deriving a second interval key based on both the master key and a second time that differs from the first time; and means for encrypting, during a second interval of time that occurs after the first interval of time, with the second interval key, all data that is to be communicated to the particular group of recipients during the second interval of time. - View Dependent Claims (28)
-
-
18. An apparatus for verifying data timeliness with time-based derived cryptographic keys, comprising:
-
a network interface that is coupled to a data network for receiving one or more packet flows therefrom; a processor; and one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of; receiving a master key; receiving an identity of a current time interval; wherein the master key and the identity of the current time interval are received from a key server; deriving a first interval key based on both the master key and a first time interval; and decrypting first data that was encrypted with the first interval key; wherein the first time interval is determined based on a first time and the identity of the current time interval; during a first interval of time, encrypting, with the first interval key, all data that is to be communicated to a particular group of recipients during the first interval of time; deriving a second interval key based on both the master key and a second time that differs from the first time; and during a second interval of time that occurs after the first interval of time, encrypting, with the second interval key, all data that is to be communicated to the particular group of recipients during the second interval of time. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
-
Specification