80 results about "Group key management" patented technology

Apparatuses, systems, and methods for optimal group key (OGK) management that may achieve non-colluding and / or the storage-communication optimality are disclosed. In some embodiments, a group controller (GC) is responsible for key generation and distribution and the group data are encrypted by a group key. When joining the group, in some embodiments, each group member (GM) is assigned a unique n-bit ID and a set of secrets, in which each bit is one-to-one mapped to a unique secret. Whenever GMs are revoked from the group, in some embodiments, the GC will multicast an encrypted key-update message. Only the remaining GMs may be able to recover the message and update GK as well as their private keys. The disclosed OGK scheme can achieve storage-communication optimality with constant message size and immune to collusion attack and also may outperform existing group key management schemes in terms of communication and storage efficiency.

The invention discloses a method for authenticating legal neighbor in group key management, which is characterized in that a member on local network requiring automatic group-key management service stores group-sharing keys and group-sharing algorithm. The method comprises the following steps: an authenticating member receives a first authentication value transmitted by an authenticated member and self authentication information of the authenticated member; the first authentication value can be acquired according to the group-sharing algorithm in a way that the authenticated member uses the group-sharing keys and the self authentication information of the authenticated member; the authenticating member uses the self authentication information of the authenticated member and combines the group-sharing keys to calculate a second authentication value according to the group-sharing algorithm; the authenticating member authenticates the authenticated member as a legal neighbor, while the first authentication value and the second authentication value is the same after comparison. The invention also discloses a device for authenticating the legal neighbor in the group key management. By applying the method and the device, entity authentication is not restricted on execution modes, and has better flexibility by adopting various execution modes.

The utility model discloses a method that can realize multiparty communication security. The method is an improvement to the transport layer security protocol or the datagram transport layer security protocol, which aims to solve the disadvantages of bad portability and low deployment of the present multicast security protocol family and avoid the disadvantages of high input and big risk brought by developing a new technical proposal. The method comprises that: step a: identity authentication is performed to a group control key management server and a member equipment by running the transport layer security protocol or the datagram transport layer security protocol, and an initial session is created by negotiation; step b: the group control key management server and the member equipment distribute a group session and a key updating session to other group member equipments by running a group key management sub-protocol; step c: when the group control key management server detected a key updating event, the group control key management server and the member equipment update the key by running the group key management sub-protocol. The utility model also discloses a multiparty communication security system and equipment.

Entropy obtained from a series of key generation exchanges may be combined with entropy from a strong entropy source to allow the strong entropy to be stretched to generate a larger number of keys for use on a communication network, without requiring additional information from the group members and without requiring the entropy source to be increased in size or in number. In one embodiment, nonces exchanged during an initial key exchange are used to generate additional key material that is then fed, together with a fresh random secret, to another pseudo-random function to generate an additional key stream. The fresh ransom secret may be generated at the GCKS from a physical entropy source or other entropy source, and may be changed at will by the GCKS to further increase the strength of the keys. The methods are particularly useful for group key management where a large number of keys are required to be generated in a short time frame.