Method and apparatus for generating large numbers of encryption keys
First Claim
1. A method of generating encryption keys, the method comprising:
- obtaining, by a computer processor environment, first information associated with a first key exchange session from a first group member;
generating, by the computer processor environment from the first information, a first set of keys for the first group member and first additional pseudo-random information not for use by the first group member;
obtaining, by the computer processor environment, second information associated with a second key exchange session from a second group member;
generating, by the computer processor environment from the second information, a second set of keys for the second group member and second pseudo-random information not for use by the second group member; and
combining, by the computer processor environment, the first additional pseudo-random information and second additional pseudo-random information with a fresh random secret to stretch the fresh random secret to enable additional encryption keys to be generated from the fresh random secret.
6 Assignments
0 Petitions
Accused Products
Abstract
Entropy obtained from a series of key generation exchanges may be combined with entropy from a strong entropy source to allow the strong entropy to be stretched to generate a larger number of keys for use on a communication network, without requiring additional information from the group members and without requiring the entropy source to be increased in size or in number. In one embodiment, nonces exchanged during an initial key exchange are used to generate additional key material that is then fed, together with a fresh random secret, to another pseudo-random function to generate an additional key stream. The fresh ransom secret may be generated at the GCKS from a physical entropy source or other entropy source, and may be changed at will by the GCKS to further increase the strength of the keys. The methods are particularly useful for group key management where a large number of keys are required to be generated in a short time frame.
54 Citations
18 Claims
-
1. A method of generating encryption keys, the method comprising:
-
obtaining, by a computer processor environment, first information associated with a first key exchange session from a first group member; generating, by the computer processor environment from the first information, a first set of keys for the first group member and first additional pseudo-random information not for use by the first group member; obtaining, by the computer processor environment, second information associated with a second key exchange session from a second group member; generating, by the computer processor environment from the second information, a second set of keys for the second group member and second pseudo-random information not for use by the second group member; and combining, by the computer processor environment, the first additional pseudo-random information and second additional pseudo-random information with a fresh random secret to stretch the fresh random secret to enable additional encryption keys to be generated from the fresh random secret. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A Group Controller Key Server (GCKS), comprising:
-
a tangible non-transitory computer readable storage medium containing program logic code stored thereon which, when loaded into a processor environment of the GCKS, causes the GCKS to implement a method of generating encryption keys, the method comprising; obtaining first information associated with a first key exchange session from a first group member; generating, from the first information, a first set of keys for the first group member and first additional pseudo-random information not for use by the first group member; obtaining second information associated with a second key exchange session from a second group member; generating, from the second information, a second set of keys for the second group member and second pseudo-random information not for use by the second group member; and combining the first additional pseudo-random information and second additional pseudo-random information with a fresh random secret to stretch the fresh random secret to enable additional encryption keys to be generated from the fresh random secret. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification