Methods, systems, and apparatuses for optimal group key management for secure multicast communication
First Claim
1. A method for group key management of group members in a multicast system, each of the group members having a unique ID, comprising:
- determining a group master key and a group public parameter;
processing a join request from a new group member, comprising;
assigning an available unique ID with a corresponding bit-assignment to the new group member;
generating, with a processing device, a set of private keys for the new group member, the set of private keys based on the group master key and the bit-assignment corresponding to the available unique ID such that each private key of the set of private keys is mapped to a bit of the bit-assignment;
multicasting a random group key to the group members; and
communicating the random group key and the set of private keys to the new group member; and
transmitting an encrypted message to a subset of the group members comprising;
determining a set of bit assignments for the subset of group members based on the unique IDs of the group members in the subset of group members;
encrypting a message based on the master key, the group public parameter, and the set of bit assignments for the subset of group members; and
multicasting the encrypted message to the group members.
2 Assignments
0 Petitions
Accused Products
Abstract
Apparatuses, systems, and methods for optimal group key (OGK) management that may achieve non-colluding and/or the storage-communication optimality are disclosed. In some embodiments, a group controller (GC) is responsible for key generation and distribution and the group data are encrypted by a group key. When joining the group, in some embodiments, each group member (GM) is assigned a unique n-bit ID and a set of secrets, in which each bit is one-to-one mapped to a unique secret. Whenever GMs are revoked from the group, in some embodiments, the GC will multicast an encrypted key-update message. Only the remaining GMs may be able to recover the message and update GK as well as their private keys. The disclosed OGK scheme can achieve storage-communication optimality with constant message size and immune to collusion attack and also may outperform existing group key management schemes in terms of communication and storage efficiency.
-
Citations
9 Claims
-
1. A method for group key management of group members in a multicast system, each of the group members having a unique ID, comprising:
-
determining a group master key and a group public parameter; processing a join request from a new group member, comprising; assigning an available unique ID with a corresponding bit-assignment to the new group member; generating, with a processing device, a set of private keys for the new group member, the set of private keys based on the group master key and the bit-assignment corresponding to the available unique ID such that each private key of the set of private keys is mapped to a bit of the bit-assignment; multicasting a random group key to the group members; and communicating the random group key and the set of private keys to the new group member; and transmitting an encrypted message to a subset of the group members comprising; determining a set of bit assignments for the subset of group members based on the unique IDs of the group members in the subset of group members; encrypting a message based on the master key, the group public parameter, and the set of bit assignments for the subset of group members; and multicasting the encrypted message to the group members. - View Dependent Claims (2, 3)
-
-
4. A system for group key management comprising:
-
a group controller and group members, the group controller and group members communicatively coupled through a network, and each group member comprising a unique ID; the group controller having a group controller server comprising logic circuitry configured to; determine a group master key and a group public parameter; process a join request from a new group member, comprising; assigning an available unique ID with a corresponding bit-assignment to the new group member; generating, with a processing device, a set of private key for the new group member, the set of private keys based on the group master key and the bit-assignment corresponding to the available unique ID such that each private key of the set of private keys is mapped to a bit of the bit-assignment; multicasting a new group key to the group members; communicating the new group key and the set of private keys to the new group member; transmit an encrypted message to a subset of the group members comprising; determining a set of bit assignments for the subset of group members based on the unique IDs of the group members in the subset of group members; encrypting a message based on the master key, the group public parameter, and the set of bit assignments for the subset of group members; multicasting the encrypted message to the group members; and the group members each having a group member server configured to; join a group, comprising; transmit a join request to the group controller; and receive a private key and a group key from the group controller; and receive an encrypted message, comprising; determine encryption eligibility; and decrypt the encrypted message based on the private key. - View Dependent Claims (5, 6, 7, 8, 9)
-
Specification