Combination-based broadcast encryption method

US 8,200,963 B2
Filed: 12/20/2005
Issued: 06/12/2012
Est. Priority Date: 12/31/2004
Status: Active Grant

First Claim

Patent Images

1. A broadcast encryption method comprising:

generating, by a server, a base group of unique base values, each of the base values generated from a unique combination of integers among a plurality of different integers having values greater than 1, and assigning a first base value among the unique base values to a first user and a second base value among the unique base values to a second user;

generating first secret information and second secret information for the first user and the second user through calculations with key value information allocated to a corresponding user by using the first base value and the second base value as a base, respectively, and sending the secret information to the first user and the second user;

generating an inverse-base parameter value through calculations with an integer used to produce the base group and key value information of the first user and the second user, and sending the produced inverse-base parameter value and key value information to the first user and the second user; and

deriving a first group key and a second group key based on the key value information and the first secret information and the second secret information, respectively, encrypting a session key with the derived first group key and second group key and sending the encrypted session key encrypted with the derived first group key and the encrypted session key encrypted with the derived second group key to the first user and the second user, respectively.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A combination-based broadcast encryption method includes: assigning by a server a base group of different combinations to each user; producing and sending secret information for each user by using as a base the base group allocated to each user; producing and sending an inverse-base parameter value through calculations with integers used to produce the base group and key value information of one or more privileged users; and deriving a group key by using the key value information of the privileged users, encrypting a session key by using the derived group key, and sending the encrypted session key to each user. Accordingly, each user is assigned a different base through a combination, thereby having security against collusion attacks.

Citations

50 Claims

1. A broadcast encryption method comprising:
- generating, by a server, a base group of unique base values, each of the base values generated from a unique combination of integers among a plurality of different integers having values greater than 1, and assigning a first base value among the unique base values to a first user and a second base value among the unique base values to a second user;
  
  generating first secret information and second secret information for the first user and the second user through calculations with key value information allocated to a corresponding user by using the first base value and the second base value as a base, respectively, and sending the secret information to the first user and the second user;
  
  generating an inverse-base parameter value through calculations with an integer used to produce the base group and key value information of the first user and the second user, and sending the produced inverse-base parameter value and key value information to the first user and the second user; and
  
  deriving a first group key and a second group key based on the key value information and the first secret information and the second secret information, respectively, encrypting a session key with the derived first group key and second group key and sending the encrypted session key encrypted with the derived first group key and the encrypted session key encrypted with the derived second group key to the first user and the second user, respectively.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as claimed in claim 1, wherein the integers are coprimes.
  - 3. The method as claimed in claim 1, wherein the inverse-base parameter value is generated with a random number.
  - 4. The method as claimed in claim 3, wherein the random number is used for the deriving the first group key.
  - 5. The method as claimed in claim 3, wherein the at least one random number is sent to the first user and the second user.
  - 6. The method as claimed in claim 1, wherein the first secret information is generated with a first random value and the second secret information is generated with a second random value.
  - 7. The method as claimed in claim 1, wherein the base of the first secret information for the first user contains the first base value and a common integer commonly used for the first user and the second user, and the first group key is derived to have the base of the common integer.
  - 8. The method as claimed in claim 1, further comprising sending, to each user, information for generating a corresponding base value.
  - 9. The method as claimed in claim 1, further comprising sending information of a key value allocated to a user every time a broadcast message is sent.

10. A broadcast encryption method comprising:
- grouping, by a server, into a first group of users and a second group of users that receive a broadcast message, and assigning a first key value to a first user of the first group and a first user of the second group and second key value to a second user of the first group and a second user of the second group;
  
  generating a base group of unique base values for the first group and the second group, each of the base values generated from a unique combination of integers among a plurality of different integers having values greater than 1, and assigning a first base value among the unique base values to the first user of the first group and the first user of the second group and a second base value among the unique base values to the second user of the second group;
  
  generating first secret information for the first user of the first group and the first user of the second group and second secret information for the second user of the first group and the first user of the second group through calculations with key value information allocated to a corresponding user by using the first base value and the second base value as a base, and sending the secret information to the first user of the first group, the first user of the second group, the second user of the first group, and the second user of the second group;
  
  generating a first inverse-base parameter value through calculations with a first integer used to produce the first base group, a second inverse-base parameter value through calculations with a second integer used to produce the second base group, first key value information of the first user of the first group and the first user of the second group, and second key value information of the second user of the first group and the second user of the second group, sending the first inverse-base parameter value and the first key information to the first user of the first group and the first user of the second group, and sending the second inverse-base parameter value and the second key value information to the second user of the first group and the second user of the second group; and
  
  deriving a first group key based on the first key value information and the first secret information and the second group key based on the second key value information and the second secret information, encrypting a first session key with the first group key and a second session key with the second group key, sending the first session key to the first user of the first group and the first user of the second group, and sending the second session key to the second user of the first group and the second user of the second group.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 11. The method as claimed in claim 10, wherein a first random number is assigned to the first group and a second random number is assigned to the second group, and the first random number is used in calculating the first secret information and the second random number is used in calculating the second secret information.
  - 12. The method as claimed in claim 11, wherein the first random number is used in generating the first inverse-base parameter value and the second random number is used in generating the second inverse-base parameter value.
  - 13. The method as claimed in claim 11, wherein the first group key is generated with the first random number and the second group key is generated with the second random number.
  - 14. The method as claimed in claim 10, wherein integers are coprimes.
  - 15. The method as claimed in claim 10, wherein the first inverse-base parameter value is generated with a first random number and the second inverse-base parameter value is generated with a second random number.
  - 16. The method as claimed in claim 15, wherein the first random number is used for the deriving the first group key and the second random number is used for deriving the second group key.
  - 17. The method as claimed in claim 15, wherein the first random number and server random number are sent to the first user of the first group and the first user of the second group and the second random number and the server random number are sent to the second user of the first group and the second user of the second group.
  - 18. The method as claimed in claim 10, wherein the server produces a server random number which is used for the generating the first secret information and the second secret information.
  - 19. The method as claimed in claim 10, wherein the base of the first secret information contains a base first group value and a common integer commonly used for the first user of the first group and the second user of the first group, and the first group key is derived based on the common integer.
  - 20. The method as claimed in claim 10, wherein the server sends, to each user, the information for producing a corresponding base value.
  - 21. The method as claimed in claim 10, wherein the server separately calculates an exponent part and a base part in the generating the first and second inverse-base parameter value, and separately sends the exponent part and base part of the first and second inverse-base parameter value.
  - 22. The method as claimed in claim 10, wherein each group of users is grouped to a plurality of sub-groups, a key value is assigned to users of each sub-group, and secret information for each user is generated through calculations with key value information assigned to users of each sub-group.
  - 23. The method as claimed in claim 10, wherein, if there are no unauthorized users in the first group, a separate key value assigned to the first group is established as the group key for the first group.
  - 24. The method as claimed in claim 10, wherein the server sends the key value information assigned to the users every time the server sends the broadcast message.

25. A broadcast encryption method comprising:
- receiving by a first user first secret information generated for the first user through calculations with first key value information allocated to the first user and receiving by a second user second secret information generated for the second user through calculations with second key value information allocated to the second user;
  
  receiving by the first user an inverse-base parameter value and the first key value information, and receiving by the second user the inverse-base parameter value and the second key value information;
  
  generating a first group key and a second group key by using the first secret information and second secret information, respectively; and
  
  decrypting, by a processor of the first user and the second user, a session key received from the server by using the first group key and the second group key, respectively,wherein the first secret information and the second secret information are generated from a base group of unique base values, each of the base values of the base group generated from a unique combination of integers among a plurality of different integers having values greater than 1, that includes a first base value assigned to the first user and a second base value assigned to the second user, andwherein the inverse-base parameter value is generated through calculations with integers used to generate the base group and the key value information of the first user and the second user.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33)
- - 26. The method as claimed in claim 25, wherein the integers are coprimes.
  - 27. The method as claimed in claim 26, wherein the inverse-base parameter value is calculated with a random number.
  - 28. The method as claimed in claim 27, wherein the random number is used for the deriving the first group key.
  - 29. The method as claimed in claim 25, wherein a server produces the random number.
  - 30. The method as claimed in claim 29, wherein the random number is received from the server.
  - 31. The method as claimed in claim 25, wherein the base of the first secret information for the first user contains the first base value and a common integer commonly used for the first user and the second user, and the first group key is derived by using the common integer as a base.
  - 32. The method as claimed in claim 25, wherein each user receives, from the server, information for generating a corresponding base group value.
  - 33. The method as claimed in claim 25, wherein the information of the key value assigned to each user is received from the server every time the broadcast message is sent.

34. A broadcast encryption method comprising:
- receiving by first of a first group of users and a first user of a second group of users from a server first secret information generated for the first user of the first group and the first user of the second group through calculations with first key value information, and receiving by a second user of the first group of users and a second user of the second group of users from the server second secret information generated for the second user of the first group and the second user of the second group through calculations with second key value information;
  
  receiving by the first user of the first group and the first user of the second group from the server a first inverse-base parameter value and the first key value information, and receiving by the second user of the first group and the second user of the second group a second inverse-base parameter value and the second key value information;
  
  generating a first group key and a second group key for each group based on the first secret information and second secret information, respectively; and
  
  decrypting, by a processor of the first user of the first group and the first user of the second group, a first session key received from the server based on the first group key, and decrypting by a processor of the second user of the second group and the second user of the second group, a second session key received from the server based on the second group key,wherein a first key value is assigned to the first user of the first group and the first user of the second group and a second key value is assigned to the second user of the first group and the second user of the second group,wherein the first secret information and the second secret information are generated from a base group of unique base values, each of the base values of the base group are generated for each group from unique combinations of integers among a plurality of different integers having values greater than 1, that includes a first base value assigned to the first user of the first group and the second user of the first group and a second base value assigned to the first user of the second group and the second user of the second group, andwherein the inverse-base parameter value is generated through calculations with the integers used to generate the base group and the first and second key value information.
- View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
- - 35. The method as claimed in claim 34, wherein a random number is assigned to each group, and the random number is used in the generating the secret information of each user to be sent to the users of each group.
  - 36. The method as claimed in claim 35, wherein the group key for each group is generated with a random number assigned to the corresponding group.
  - 37. The method as claimed in claim 35, wherein the server produces a random number.
  - 38. The method as claimed in claim 37, wherein the random number is received by each user from the server.
  - 39. The method as claimed in claim 35, wherein the base of the first secret information contains the first base value and a common integer commonly used for the first user of the first group and the second user of the first group, and the first group key is derived based on the common integer.
  - 40. The method as claimed in claim 35, wherein users of each group receive from the server information for producing the corresponding base group.
  - 41. The method as claimed in claim 35, wherein an exponent part and a base part are separately calculated in the generating the first inverse-base parameter value and the second inverse-base parameter value, and the exponent part and base part are received from the server.
  - 42. The method as claimed in claim 35, wherein each group is grouped to a plurality of sub-groups, a key value is assigned to corresponding users of each sub-group, and secret information for each user is generated through calculations with key value information assigned to the corresponding users of each sub-group.
  - 43. The method as claimed in claim 35, wherein, if there are no unauthorized users in the first group, a separate key value assigned to the first group is established as the group key for the first group.
  - 44. The method as claimed in claim 35, wherein the key value information assigned to the users is received from the server every time the server sends the broadcast message.
  - 45. The method as claimed in claim 34, wherein a random number assigned to a corresponding group is used in the generating the inverse-base parameter value.
  - 46. The method as claimed in claim 34, wherein integers are coprimes.
  - 47. The method as claimed in claim 34, wherein the first inverse-base parameter value is calculated with a random number.
  - 48. The method as claimed in claim 47, wherein the random number is used the deriving the first group key.

49. A broadcast encryption method comprising:
- generating, by a server, a first base value as a first product of a first prime integer and a common prime integer and a second base value as a product of a second prime integer and the common prime integer;
  
  allocating a first random integer to a first user and allocating a second random integer to a second user;
  
  generating first secret key information of the first user from the first base value exponentially modified by the first random integer and generating second secret key information of the second user from the second base value exponentially modified by the second random value;
  
  transmitting the first secret key information to the first user and transmitting the second secret key information to the second user;
  
  generating a first inverse-base parameter from the first base value and the first random integer and generating a second inverse-base parameter from the second base value and the second random integer;
  
  transmitting the first inverse-base parameter to the first user and transmitting the second inverse-base parameter to the second user;
  
  encrypting a session key based on the first secret key information and encrypting the session key based on the second secret key information; and
  
  transmitting the encrypted session key to the first user and the second user.

50. A broadcast encryption method comprising:
- generating, by a server, secret key information K_ijof n users of a group L of the n users; and
  
  transmitting, by the server, the secret key information K_ijto the n users for calculating a group key value by eliminating a base group from the secret information K_ij,wherein K_ij≡
  
  (O_σ_ij(1). . . O_σ_ij(d)O)^zxⁱ^y(mod N),wherein O_σ_ij(1), . . . , O_σ_ij(d) is the base group produced from a combination of different prime integers, O is a prime integers different from the different prime integers, σ
  
  _ijis an index of O, x_iis a random number that identifies the group L, z is a random integer, y_jis a distinct prime integer among the different integers, N is an RSA composite, d is a positive integer satisfying

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Jin, Weon-il, Kim, Dae-youb, Kim, Hwan-joon, Park, Sung-joon
Primary Examiner(s)
LOUIE, OSCAR A

Application Number

US11/311,256
Publication Number

US 20070140483A1
Time in Patent Office

2,366 Days
Field of Search

None
US Class Current

713/163
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 2209/601   Broadcast encryption

H04L 9/0822   using key encryption key

H04L 9/0833   involving conference or gro...

Combination-based broadcast encryption method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

Combination-based broadcast encryption method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links