187 results about "Rekeying" patented technology

A method and apparatus is provided for consolidating cryptographic key updates, the consolidated update information enabling, for example, a returning member of a secure group who has been offline, to recover the current group key, at least in most cases. The unconsolidated key updates each comprise an encrypted key, corresponding to a node of a key hierarchy, that has been encrypted using a key which is a descendant of that node. The key updates are used to maintain a key tree with nodes in this tree corresponding to nodes in the key hierarchy. Each node of the key tree is used to store, for each encrypting key used in respect of the encrypted key associated with the node, the most up-to-date version of the encrypted key with any earlier versions being discarded. The key tree, or a subset of the tree, is then provided to group members.

The invention generally relates to management of cryptographic key generations in an information environment comprising a key-producing side generating and distributing key information to a key-consuming side. A basic concept of the invention is to define, by means of a predetermined one-way key derivation function, a relationship between generations of keys such that earlier generations of keys efficiently may be derived from later ones but not the other way around. A basic idea according to the invention is therefore to replace, at key update, key information of an older key generation by the key information of the new key generation on the key-consuming side. Whenever necessary, the key-consuming side iteratively applies the predetermined one-way key derivation function to derive key information of at least one older key generation from the key information of the new key generation. In this way, storage requirements on the key-consuming side can be significantly reduced.

A method of inter-area rekeying of encryption keys in secure mobile muiticast communications, in which a Domain Group Controller Key Server (Domain GCKS) distributes Traffic Encryption Keys (TEK) to a plurality of local Group Controller Key Servers (local GCKS), and said local Group Controller Key Servers forward said Traffic Encryption Keys, encrypted using Key Encryption Keys (KEK_i, KEK_j) that are specific to the respective local Group Controller Key Server (local GCKS_i, GCKS_j), to group members, said local Group Controller Key Servers (GCKS_i, GCKS_j) constituting Extra Key Owner Lists (EKOL_i, EKOL_j) for group key management areas (area_i, area_j) that distinguish group members (MM_i, MM_j) possessing Key Encryption Keys (KEK_i, KEK_j) and situated in the corresponding group key management area (area_i, area_j) from group members (MM_ij) possessing Key Encryption Keys (KEK_i) that were situated in the corresponding group key management area (area_i) but are visiting another area (area_j).

The invention provides a method for improving the security of a mobile terminal in a WLAN environment by installing two shared secrets instead of one shared secret, the initial session key, on both the wireless user machine and the WLAN access point during the user authentication phase. One of the shared secrets is used as the initial session key and the other is used as a secure seed. Since the initial authentication is secure, these two keys are not known to a would be hacker. Although the initial session key may eventually be cracked by the would be hacker, the secure seed remains secure as it is not used in any insecure communication.

A method for key management and assignment in MBMS service, the method includes following steps: the group key locates in the root node on the highest layer, which only has child nodes and doesn't have parent nodes; private keys corresponding to users locate in leaf nodes; the described intermediate node that owns both one parent node and one or more child nodes holds it own key. This invention deploys the method of combining point-to-point mode and point-to-multipoint mode during the process of key update; compared with the key update method only deploying point-to-point mode, this method can reduce the times necessary for information transmission, reduce the system load as well as the time needed for one key update process. Compared with the key update method only deploying point-to-multipoint mode, this solves the security problem of key exposure.

Systems and methods for easily and at high speed re-encrypting data recorded on a magnetic recording medium when the data is encrypted using an encryption key and the encryption key is changed. A track where effective user data is not recorded is set as a first reserved track, then data is read out from the first updating source track and decrypted using a first encryption key KEY 1, which is reencrypted using a second encryption key KEY 2 and recorded in the first reserved track, next, the first updating source track is set as a second reserved track, and a second updating source track is set, and the encryption key is updated by repeating these steps until all tracks to be subjected to the key updating processing have been subjected to the key updating processing.

Processing within a multiprocessor computer system is facilitated by: deciding by a processor, pursuant to processing of a request to update a previous storage key to a new storage key, whether to purge the previous storage key from, or update the previous storage key in, local processor cache of the multiprocessor computer system. The deciding includes comparing a bit value(s) of one or more required components of the previous storage key to respective predefined allowed stale value(s) for the required component(s), and leaving the previous storage key in local processor cache if the bit value(s) of the required component(s) in the previous storage key equals the respective predefined allowed stale value(s) for the required component(s). By selectively leaving the previous storage key in local processor cache, interprocessor communication pursuant to processing of the request to update the previous storage key to the new storage key is minimized.

The invention provides a cloud storage data auditing method for preventing a secret key from being revealed. The method comprises the first step of system parameter generating, the second step of secret key updating and the third step of file uploading and auditing. According to the method, a physically safe safety device is introduced to help a user to periodically update the secret key, and therefore data auditing in other time periods is still safe even when an attacker attacks the user at one time period and obtains the user secret key at the time period.

After an encryption key creating unit creates/updates an encryption key, an encryption key update timing control unit monitors whether or not the elapsed time since this time has reached the shortest holding time or longest holding time. If the shortest holding time has elapsed, the encryption key update timing control unit monitors whether or not wireless communication is being executed by a wireless unit. If a state wherein no wireless communication is being executed is detected, the encryption key creating unit is caused to create/update an encryption key at this timing. When the longest holding time has elapsed while this state is not detected, the encryption key update timing control unit gives a wireless unit an instruction to temporarily interrupt the wireless communication, and causes the encryption key creating unit to create/update an encryption key during interruption of wireless communication.

Provided are a computer program product, system, and method embodiments for reverting from a new security association to a previous security association in response to an error during a rekey operation. An initiator maintains a first security association with the responder having a first key to use to encrypt and decrypt data transmitted with the responder. The initiator initiates a rekey operation to establish a second security association with the responder using a second key. The initiator detects a failure of the rekey operation after the responder started using the second key for transmissions. A revert message is sent to the responder to revert back to using the first security association and first key in response to detecting the failure of the rekey operation.

Receiving terminals joining a multicast group are divided into sub groups and rekeying is performed only on the sub group which one of the receiving terminals has left. An encryption key management system having an encryption method is provided in which a multicast server is connected via an IP network, a seed node carries out encryption multicast communications among receiving terminals by using an encryption key, the receiving terminals are properly divided into the sub groups, the single encryption key is used for data distribution of the multicast server, and the number of decoding keys is equal to the number of divided sub groups.

This invention is to provide a method for rekeying a rekeyable lock cylinder. The first step of entire rekeying process is to insert a first user key into a keyhole of a sliding block of a plug assembly and turn the first user key to rotate the plug assembly, then a thrust is added to the first user key to move the sliding block of the plug assembly, thereby disengaging a plurality of upper locking pieces and a plurality of lower locking pieces within a plurality of lower pin sets. Next, after pulling out the first user key from the keyhole, a second user key is inserted into the keyhole of the sliding block and turned to restore the sliding block as to reengage the upper locking pieces and the lower locking pieces. Finally, the second user key is pulled out to complete the entire rekeying process. Accordingly, the present invention may provide advantages of widely lowering rekeying cost and enhancing convenience in use, because lock replacement may be completed as soon as rekeying another user key only without replacing lock cylinder.

Provided are a computer program product, system, and method embodiments for reverting from a new security association to a previous security association in response to an error during a rekey operation. The responder maintains a first security association with the initiator having a first key to use to encrypt and decrypt messages transmitted with the initiator. The responder receives a message from the initiator for a rekey operation to establish a second security association with the initiator using a second key. The responder queues Input/Output (I/O) for transmission using the second key after completing the rekey operation. After activating the second security association, the responder receives a revert message from the initiator to revert back to using the first security association and first key in response to a failure of the rekey operation.

A method for use in a distribution system having a key management center, a distribution station and a reception terminal. The method updates a pair of distribution keys unique to the reception terminal, where the distribution public key is used to encrypt distribution data, and the distribution secret key is used to decrypt encrypted data. In the key updating method, the reception terminal acquires an update secret key prior to data distribution, and the key management center acquires an update public key making a pair with the update secret key, generates a new pair of distribution keys, encrypts a new distribution secret key by using the update public key, transmits an encrypted secret key to the reception terminal and updates to the new distribution public key. The reception terminal receives the encrypted secret key and restores the new distribution secret key by decrypting it using the update secret key and updates to the new distribution secret key.

A method and apparatus for transmitting encryption keys in a secure communication system is provided herein. During rekeying of a device, a key encryption key (KEK) is utilized to wrap (encrypt) the traffic encryption key (TEK) when the KEK is available to the device. If unavailable, the TEK will be wrapped using public key encryption with the recipient device's public key. The receiving device will then be able to unwrap the TEK using public key decryption with its own private key. Because TEKs are always transmitted in a secure manner, secure and efficient rekeying of devices on foreign networks can occur.