79 results about "Group key management" patented technology

According to one embodiment, techniques are provided to enable secure communication among devices in a mesh network using a group temporal key. An authenticator device associated with a mesh network stores a pairwise master key for each of a plurality of devices in a mesh network upon authentication of the respective devices. Using the pairwise master key, the authenticator device initiates a handshake procedure with a particular device in the mesh network to mutually derive a pairwise temporal key from the pairwise master key. The authenticator device encrypts and signs a group temporal key using the pairwise temporal key for the particular device and sends the group temporal key encrypted and signed with the pairwise temporal key to the particular device.

A method for distributing composite cipher key control message includes setting up distribution tree of composite cipher key control message in composite cipher key management unit, down-sending composite cipher key control message to sub-node by root-node according to distribution tree, carrying out relevant retransmission or local treatment on received composite cipher key control message by sub-node. The system and device used for realizing said method are also disclosed.

A method for realizing multi-party communication security includes: performing identification authentication and negotiating to create an initiation session through running the transport layer security protocol or datagram transport layer security protocol by a Group Control and Keying Server and a group member device; distributing a group session and a rekeying session to the group member device through running a group key management sub-protocol on the Group Control and Keying Server and the group member devices; rekeying through running the group key management sub-protocol on the Group Control and Keying Server and the group member devices, when a rekeying event is detected by the Group Control and Keying Server. A relevant multi-party communication security system and a device are further provided in the present invention.

Apparatuses, systems, and methods for optimal group key (OGK) management that may achieve non-colluding and / or the storage-communication optimality are disclosed. In some embodiments, a group controller (GC) is responsible for key generation and distribution and the group data are encrypted by a group key. When joining the group, in some embodiments, each group member (GM) is assigned a unique n-bit ID and a set of secrets, in which each bit is one-to-one mapped to a unique secret. Whenever GMs are revoked from the group, in some embodiments, the GC will multicast an encrypted key-update message. Only the remaining GMs may be able to recover the message and update GK as well as their private keys. The disclosed OGK scheme can achieve storage-communication optimality with constant message size and immune to collusion attack and also may outperform existing group key management schemes in terms of communication and storage efficiency.

The invention discloses a method for authenticating legal neighbor in group key management, which is characterized in that a member on local network requiring automatic group-key management service stores group-sharing keys and group-sharing algorithm. The method comprises the following steps: an authenticating member receives a first authentication value transmitted by an authenticated member and self authentication information of the authenticated member; the first authentication value can be acquired according to the group-sharing algorithm in a way that the authenticated member uses the group-sharing keys and the self authentication information of the authenticated member; the authenticating member uses the self authentication information of the authenticated member and combines the group-sharing keys to calculate a second authentication value according to the group-sharing algorithm; the authenticating member authenticates the authenticated member as a legal neighbor, while the first authentication value and the second authentication value is the same after comparison. The invention also discloses a device for authenticating the legal neighbor in the group key management. By applying the method and the device, entity authentication is not restricted on execution modes, and has better flexibility by adopting various execution modes.

Implantable and / or wearable medical data acquisition devices (30) associated with an individual, each having NFC communication capability, collect medical data. Each device has a unique identifier. The medical data are read from the devices via a secure link by an NFC reader or transceiver in a wireless communication system mobile station (10) having a unique identifier. The medical data are selectively transmitted via a secure link from the mobile station to a Presence and Group Management (PGM) server (32, 34) configured to manage data services for medical groups. Secure access to the medical data by medical professionals is restricted accordingto a policy system (36). Encryption keys are managed on a group basis by a group key management server (32), assigning the medical data acquisition devices (30) and mobile station (10) to groups based ontheir unique identifiers. The PGM server (32, 34) may send alerts and / or information to the user via the mobile station (10).

The utility model discloses a method that can realize multiparty communication security. The method is an improvement to the transport layer security protocol or the datagram transport layer security protocol, which aims to solve the disadvantages of bad portability and low deployment of the present multicast security protocol family and avoid the disadvantages of high input and big risk brought by developing a new technical proposal. The method comprises that: step a: identity authentication is performed to a group control key management server and a member equipment by running the transport layer security protocol or the datagram transport layer security protocol, and an initial session is created by negotiation; step b: the group control key management server and the member equipment distribute a group session and a key updating session to other group member equipments by running a group key management sub-protocol; step c: when the group control key management server detected a key updating event, the group control key management server and the member equipment update the key by running the group key management sub-protocol. The utility model also discloses a multiparty communication security system and equipment.

Entropy obtained from a series of key generation exchanges may be combined with entropy from a strong entropy source to allow the strong entropy to be stretched to generate a larger number of keys for use on a communication network, without requiring additional information from the group members and without requiring the entropy source to be increased in size or in number. In one embodiment, nonces exchanged during an initial key exchange are used to generate additional key material that is then fed, together with a fresh random secret, to another pseudo-random function to generate an additional key stream. The fresh ransom secret may be generated at the GCKS from a physical entropy source or other entropy source, and may be changed at will by the GCKS to further increase the strength of the keys. The methods are particularly useful for group key management where a large number of keys are required to be generated in a short time frame.

A method for distributing encryption keys for use in communication systems such as trunked radio communication systems. Group traffic keys are encrypted at a key administrator and passed to a distribution facility for storage and distribution. The distribution facility passes the encrypted group traffic key to communication devices where the group traffic keys are decrypted and used to encrypt / decrypt traffic.

The invention discloses a method for realizing the registration of new members in group encryption key management, wherein an agent is deployed on a local network needing automatic group encryption key management service; the method also comprises the following steps: the agent receives an original registration request message sent by a new member of the local network; the original registration request message and the marker information of the new member are encapsulated in the request message and sent to a group controller and an encryption key management server GCKS; and the agent receives a response message returned by the GCKS, extracts the marker information of the new member and the original response message carried with a request processing result from the response message, and sends the original response message to the new member according to the marker information of the new member. The invention also discloses a device and a system for realizing the registration of the new members in the group encryption key management. The method, the device and the system are applied to realize automatic registration of the new members in the group encryption key management.

Method and device for authenticating a legal neighbor in group key management (GKM) are disclosed. The method includes: members on a local network that needs the automatic GKM service store a group shared key and a group authentication algorithm; an authenticating member receives a first authentication value and authentication information of an authenticated member sent from the authenticated member, where the first authentication value is calculated by the authenticated member by using the group shared key and the authentication information of the authenticated member according to the group authentication algorithm; the authenticating member calculates a second authentication value by using the authentication information of the authenticated member and the group shared key according to the group authentication algorithm; the authenticating member authenticates the authenticated member as a legal neighbor when confirming that the first authentication value is the same as the second authentication value.

The invention relates to a dynamic secure multicast system architecture in large-scale network environment, which is characterized in that a new set of dynamic secure multicast system architecture is designed; the dynamic secure multicast system architecture divides whole multicast into different areas, only updates the encryption key of a group after the members of each group are changed, avoids system expense brought by the update of the encryption key of whole group caused by frequent changes of group members, realizes the flexible extension mechanism with respect to the encryption key management and data distribution of each subarea, realizes the safe certification mechanism based on Kerberos, so as to carry out management of multicast from the viewpoints of controlling safety and data safety. According to the characteristics and requirements of IPv6 protocol, a set of relatively complete group encryption key management mechanism is realized to be applicable to the requirement for safety and practicability of most multicasts in China Education and Research NET of second generation (CERNET2) and similar network environments.