Method and apparatus for generating large numbers of encryption keys

US 8,594,323 B2
Filed: 09/21/2004
Issued: 11/26/2013
Est. Priority Date: 09/21/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method of generating encryption keys, the method comprising:

obtaining, by a computer processor environment, first information associated with a first key exchange session from a first group member;

generating, by the computer processor environment from the first information, a first set of keys for the first group member and first additional pseudo-random information not for use by the first group member;

obtaining, by the computer processor environment, second information associated with a second key exchange session from a second group member;

generating, by the computer processor environment from the second information, a second set of keys for the second group member and second pseudo-random information not for use by the second group member; and

combining, by the computer processor environment, the first additional pseudo-random information and second additional pseudo-random information with a fresh random secret to stretch the fresh random secret to enable additional encryption keys to be generated from the fresh random secret.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Entropy obtained from a series of key generation exchanges may be combined with entropy from a strong entropy source to allow the strong entropy to be stretched to generate a larger number of keys for use on a communication network, without requiring additional information from the group members and without requiring the entropy source to be increased in size or in number. In one embodiment, nonces exchanged during an initial key exchange are used to generate additional key material that is then fed, together with a fresh random secret, to another pseudo-random function to generate an additional key stream. The fresh ransom secret may be generated at the GCKS from a physical entropy source or other entropy source, and may be changed at will by the GCKS to further increase the strength of the keys. The methods are particularly useful for group key management where a large number of keys are required to be generated in a short time frame.

54 Citations

View as Search Results

18 Claims

1. A method of generating encryption keys, the method comprising:
- obtaining, by a computer processor environment, first information associated with a first key exchange session from a first group member;
  
  generating, by the computer processor environment from the first information, a first set of keys for the first group member and first additional pseudo-random information not for use by the first group member;
  
  obtaining, by the computer processor environment, second information associated with a second key exchange session from a second group member;
  
  generating, by the computer processor environment from the second information, a second set of keys for the second group member and second pseudo-random information not for use by the second group member; and
  
  combining, by the computer processor environment, the first additional pseudo-random information and second additional pseudo-random information with a fresh random secret to stretch the fresh random secret to enable additional encryption keys to be generated from the fresh random secret.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the first additional pseudo-random information not for use by the first group member is obtained in connection with participating in a first key exchange procedure with the first group member, said first key exchange procedure comprising exchanging first nonces and Diffie-Hellman values, generating a first seedkey from the first nonces and Diffie-Hellman values, and using the first seedkey to generate the first set of keys for the first group member and first additional pseudo-random information not for use by the first group member.
  - 3. The method of claim 2, wherein the first seedkey is used as input to a first pseudo-random function to generate a first stream of pseudo-random information, a first portion of said first stream of pseudo-random information being used to form the first set of encryption keys and a second portion of said first stream of pseudo-random information being used to form the first additional pseudo-random information not for use by the first group member.
  - 4. The method of claim 3, wherein the second additional pseudo-random information not for use by the second group member is obtained in connection with participating in a second key exchange procedure with the second group member, said second key exchange procedure comprising exchanging second nonces and Diffie-Hellman values, generating a second seedkey from the second nonces and Diffie-Hellman values, and using the second seedkey to generate the second set of keys for the second group member and second additional pseudo-random information not for use by the second group member.
  - 5. The method of claim 4, wherein the second seedkey is used as input to the first pseudo-random function to generate a second stream of pseudo-random information, a first portion of said second stream of pseudo-random information being used to form the second set of encryption keys and a second portion of said second stream of pseudo-random information being used to form the second additional pseudo-random information not for use by the first group member.
  - 6. The method of claim 5, wherein combining the first additional pseudo-random information and second additional pseudo-random information with the fresh random secret is performed using a second pseudo-random function, the second pseudo-random function being different than the first pseudo-random function.
  - 7. The method of claim 1, further comprising:
    - obtaining additional information associated with other key exchange sessions from other group members; and
      
      generating, from the additional information, sets of keys for the other group members and additional pseudo-random information not for use by the other group members; and
      
      wherein combining the first additional pseudo-random information and second additional pseudo-random information further comprises combining the first and second additional pseudo-random information with the additional pseudo-random information not for use by the other group members with the fresh random secret to stretch the fresh random secret to enable additional encryption keys to be generated from the fresh random secret.
  - 8. The method of claim 1, further comprising changing the fresh random secret from a first fresh random secret to a second fresh random secret.
  - 9. The method of claim 8, wherein the second fresh random secret is generated by a physical entropy source.

10. A Group Controller Key Server (GCKS), comprising:
- a tangible non-transitory computer readable storage medium containing program logic code stored thereon which, when loaded into a processor environment of the GCKS, causes the GCKS to implement a method of generating encryption keys, the method comprising;
  
  obtaining first information associated with a first key exchange session from a first group member;
  
  generating, from the first information, a first set of keys for the first group member and first additional pseudo-random information not for use by the first group member;
  
  obtaining second information associated with a second key exchange session from a second group member;
  
  generating, from the second information, a second set of keys for the second group member and second pseudo-random information not for use by the second group member; and
  
  combining the first additional pseudo-random information and second additional pseudo-random information with a fresh random secret to stretch the fresh random secret to enable additional encryption keys to be generated from the fresh random secret.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The GCKS of claim 10, wherein the first additional pseudo-random information not for use by the first group member is obtained in connection with participating in a first key exchange procedure with the first group member, said first key exchange procedure comprising exchanging first nonces and Diffie-Hellman values, generating a first seedkey from the first nonces and Diffie-Hellman values, and using the first seedkey to generate the first set of keys for the first group member and first additional pseudo-random information not for use by the first group member.
  - 12. The GCKS of claim 11, wherein the first seedkey is used as input to a first pseudo-random function to generate a first stream of pseudo-random information, a first portion of said first stream of pseudo-random information being used to form the first set of encryption keys and a second portion of said first stream of pseudo-random information being used to form the first additional pseudo-random information not for use by the first group member.
  - 13. The GCKS of claim 12, wherein the second additional pseudo-random information not for use by the second group member is obtained in connection with participating in a second key exchange procedure with the second group member, said second key exchange procedure comprising exchanging second nonces and Diffie-Hellman values, generating a second seedkey from the second nonces and Diffie-Hellman values, and using the second seedkey to generate the second set of keys for the second group member and second additional pseudo-random information not for use by the second group member.
  - 14. The GCKS of claim 13, wherein the second seedkey is used as input to the first pseudo-random function to generate a second stream of pseudo-random information, a first portion of said second stream of pseudo-random information being used to form the second set of encryption keys and a second portion of said second stream of pseudo-random information being used to form the second additional pseudo-random information not for use by the first group member.
  - 15. The GCKS of claim 14, wherein combining the first additional pseudo-random information and second additional pseudo-random information with the fresh random secret is performed using a second pseudo-random function, the second pseudo-random function being different than the first pseudo-random function.
  - 16. The GCKS of claim 10, wherein the method further comprises:
    - obtaining additional information associated with other key exchange sessions from other group members; and
      
      generating, from the additional information, sets of keys for the other group members and additional pseudo-random information not for use by the other group members; and
      
      wherein combining the first additional pseudo-random information and second additional pseudo-random information further comprises combining the first and second additional pseudo-random information with the additional pseudo-random information not for use by the other group members with the fresh random secret to stretch the fresh random secret to enable additional encryption keys to be generated from the fresh random secret.
  - 17. The GCKS of claim 10, wherein the method further comprises changing the fresh random secret from a first fresh random secret to a second fresh random secret.
  - 18. The GCKS of claim 17, wherein the second fresh random secret is generated by a physical entropy source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Clearinghouse LLC (RPX Corporation)
Original Assignee
Rockstar Consortium US LP (Rockstar Consortium Inc.)
Inventors
Dondeti, Lakshminath
Primary Examiner(s)
Yalew, Fikremariam A

Application Number

US10/946,322
Publication Number

US 20060062384A1
Time in Patent Office

3,353 Days
Field of Search

380/44, 380/47, 380/278, 380/283, 713/163, 713/171
US Class Current

380/44
CPC Class Codes

H04L 9/065   Encryption by serially and ...

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/0869   involving random numbers or...

Method and apparatus for generating large numbers of encryption keys

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for generating large numbers of encryption keys

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links