US20100054464A1 - Process for establishing a common cryptographic key for n subscribers - Google Patents

Process for establishing a common cryptographic key for n subscribers Download PDF

Info

Publication number
US20100054464A1
US20100054464A1 US12/582,651 US58265109A US2010054464A1 US 20100054464 A1 US20100054464 A1 US 20100054464A1 US 58265109 A US58265109 A US 58265109A US 2010054464 A1 US2010054464 A1 US 2010054464A1
Authority
US
United States
Prior art keywords
subscribers
tree
leaves
key
common
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/582,651
Inventor
Joerg Schwenk
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to US12/582,651 priority Critical patent/US20100054464A1/en
Publication of US20100054464A1 publication Critical patent/US20100054464A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • H04L9/0836Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure

Definitions

  • the process according to the present invention is used to generate and establish a common cryptographic key for n subscribers in order to guarantee the secrecy of messages which are to be transmitted exclusively to the n subscribers via insecure communication channels.
  • the mechanisms of encryption and authentication are used to protect the confidentiality and integrity of communication between two or more persons. However, such mechanisms require the existence of shared information at all subscribers. This shared information is referred to as a cryptographic key.
  • a conventional process for establishing a common key via insecure communication channels is the process of Diffie and Hellman (DH process; see W. Diffie and M. Hellman, New Directions in Cryptography, IEEE Transactions on Information Theory, IT-22(6):644-654, November 1976).
  • the basis of the Diffie-Hellmann key exchange is the fact that it is virtually impossible to calculate logarithms modulo a large prime number p.
  • DH key exchange can also be implemented using other mathematical structures, e.g., using finite bodies GF(2n) or elliptic curves. Such alternatives make it possible to improve performance. However, this process is only suitable for agreeing upon a key between two subscribers.
  • each of the three subscribers is able to calculate the secret key g abc mod p.
  • Each subscriber knows the unhidden node keys on the path from his/her node up to the root and the hidden node keys for the nodes which are siblings for his/her path to the root, and otherwise no other hidden or unhidden keys.
  • the feasibility of this process is based on the fact that the group manager knows all the leaf keys.
  • Another conventional cryptographic process is referred to as the (n,t) threshold process.
  • an (n,t) threshold process it is possible to break a key k down into t parts (called shadows), such that said key k can be reconstructed from any n of the t shadows (see Beutelspacher, Schwenk, Wolfenstetter: Moderne Aid der Kryptographie (2nd edition), Vieweg Verlag, Wiesbaden 1998).
  • the present invention can provide the establishment of a common group key between a central station and a group of n subscribers.
  • the present invention can also provide that, even after the group key has been established, subscribers can be removed from or added to the key directory without great effort.
  • a process in which a group key is established with the aid of a tree structure.
  • the number of subscribers n involved in the key agreement is represented as a binary tree having n leaves.
  • the number of leaves is identical with the number of subscribers included in the process. This means that a number of n leaves of a binary tree of depth ⁇ log 2 n ⁇ is allocated to a number of n subscribers.
  • FIG. 1 shows a tree structure for three subscribers according to an embodiment of the present invention
  • FIG. 2 shows a tree structure for a key agreement for four subscribers A, B, C and D according to an embodiment of the present invention
  • FIG. 3 shows a tree structure of a key agreement for five subscribers A, B, C, D and E according to an embodiment of the present invention
  • FIG. 4 shows extending the tree structure by one subscriber for a further embodiment of the present invention according to FIG. 2 ;
  • FIG. 5 shows the removal/deletion of a subscriber from the tree structure for a further embodiment of the present invention according to FIG. 2 .
  • FIG. 1 shows the operating principle of the process according to the present invention with reference to the tree structure of a key agreement for three subscribers A, B, C.
  • subscribers A, B and C proceed as follows:
  • subscribers A, B, C and D proceed as follows:
  • subscribers A, B, C, D and E proceed as follows:
  • the addition of a new subscriber is explained in greater detail with reference to a tree structure having four subscribers according to FIG. 4 .
  • the starting situation is a tree structure according to FIG. 2 , to which a new subscriber is to be added at leaf B.
  • new secrets are established as far as the root of the tree only in those nodes K which lie within the framework of the tree structure on the path from new leaves B 1 and B 2 to the root of the tree K w . In this specific case, they are nodes K 1 , K 2 and K w .
  • the depth of the tree is increased through this operation by 1 (see previous example). If the number of subscribers is not a power of two, then, through skillful selection of the leaf to be divided, it is possible to avoid an increase of the depth, as shown by the following example:
  • subscribers A and B need not carry out a new key exchange. Generally, it is only necessary to newly agree upon the secrets which lie in the associated tree on the path from the leaf of the new subscriber to root K w .
  • the exclusion or deletion of a subscriber is explained in greater detail with reference to a tree structure having four subscribers according to FIG. 5 .
  • the starting situation is a tree structure according to FIG. 2 , from which subscriber B is to be removed.
  • the process can be further developed in many ways: For example, it is possible to use other groups for forming the discrete exponential function x ⁇ g x .

Abstract

A process is described which can be used to generate a cryptographic key for a group of subscribers whose number is subject to change. The process can further provide that even after the group key has been established, subscribers can be removed from or added to the key directory without great effort.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • The present application is a continuation of U.S. patent application Ser. No. 09/807,181, having a filing date of Jun. 15, 2001 and issuing as U.S. Pat. No. 7,606,369, which was the national stage of PCT/EP99/07051, filed on Sep. 22, 1999, which claimed priority to German Patent Application No. DE 19847941.7, each of which is expressly incorporated herein in its entirety by reference thereto.
    • FIELD OF THE INVENTION
  • The process according to the present invention is used to generate and establish a common cryptographic key for n subscribers in order to guarantee the secrecy of messages which are to be transmitted exclusively to the n subscribers via insecure communication channels.
    • BACKGROUND INFORMATION
  • The mechanisms of encryption and authentication are used to protect the confidentiality and integrity of communication between two or more persons. However, such mechanisms require the existence of shared information at all subscribers. This shared information is referred to as a cryptographic key.
  • A conventional process for establishing a common key via insecure communication channels is the process of Diffie and Hellman (DH process; see W. Diffie and M. Hellman, New Directions in Cryptography, IEEE Transactions on Information Theory, IT-22(6):644-654, November 1976).
  • The basis of the Diffie-Hellmann key exchange (DH76) is the fact that it is virtually impossible to calculate logarithms modulo a large prime number p. This fact is utilized by Alice and Bob in the example shown below, in that they each secretly choose a number x and y, respectively, smaller than p (and relatively prime to p−1). They then send each other (consecutively or simultaneously) the x-th (and y-th) power of a publicly known number α. From the received powers, they are able to calculate a common key K:=αxy by renewed raising to the power with x and y, respectively. An attacker who sees only αx and αy is unable to calculate K therefrom. (The only presently known method of doing so would involve first calculating the logarithm, e.g., of αx to the base α modulo p, and then raising αy to that power.)
  • Example of Diffie-Hellmann key exchange
    Figure US20100054464A1-20100304-C00001
  • The problem with the DH key exchange described in the example is that Alice does not know whether she is actually communicating with Bob or with an impostor. In IPSec, this problem is solved by the use of public key certificates in which the identity of a subscriber is linked to a public key by a trustworthy authority. The identity of a conversation partner is thereby verifiable.
  • DH key exchange can also be implemented using other mathematical structures, e.g., using finite bodies GF(2n) or elliptic curves. Such alternatives make it possible to improve performance. However, this process is only suitable for agreeing upon a key between two subscribers.
  • Various attempts have been made to extend the DH process to three or more subscribers (DH groups). (An overview of the state of the art is given by M. Steiner, G. Tsudik, M. Waidner, Diffie-Hellman Key Distribution Extended to Group Communication, Proc. 3rd ACM Conference on Computer and Communications Security, March 1996, New Delhi, India.)
  • An extension of the DH process to three subscribers A, B and C is described, for example, by the following table. (Calculation in each case mod p):
  • A → B B → C C → A
    1st round ga gb gc
    2nd round gca gab gbc
  • After carrying out these two rounds, each of the three subscribers is able to calculate the secret key gabc mod p.
  • In all these extensions, at least one of the following three problems occurs:
      • The subscribers must be arranged in a certain manner, for instance in a circle in the above example.
      • The subscribers have no influence vis-à-vis the central station on the choice of key.
      • The number of rounds is dependent on the number of subscribers.
  • A further process for the common establishment of a key is described in German Patent Application No. 195 38 385.0. In this process, however, the central station must know the secret keys of the subscribers.
  • In the IEEE Transaction On Software Engineering, an article dated May 20, 1998, pages 1 through 13, entitled “Key Establishment in Large Dynamic Groups Using One-Way Function Trees” by David A. McGrew and Alan T. Sherman, introduces a process for establishing a common cryptographic key. This process is based on a tree structure. In that case, a group manager manages a binary tree, each node x of it being linked to two cryptographic keys, a node key kx and a hidden node key k′x≈g(kx). The hidden node key is calculated from the node key with the aid of a one-way function. Each subscriber knows the unhidden node keys on the path from his/her node up to the root and the hidden node keys for the nodes which are siblings for his/her path to the root, and otherwise no other hidden or unhidden keys. The feasibility of this process is based on the fact that the group manager knows all the leaf keys.
  • Burmester, Desmedt, A secure and efficient conference key distribution system, Proc. EUROCRYPT'94, Springer LNCS, Berlin 1994 describes a design in which two rounds are required to generate the key, it being necessary in the second round for the central station to send n messages of length p=approx. 1000 bits for n subscribers.
  • Another conventional cryptographic process is referred to as the (n,t) threshold process. With an (n,t) threshold process, it is possible to break a key k down into t parts (called shadows), such that said key k can be reconstructed from any n of the t shadows (see Beutelspacher, Schwenk, Wolfenstetter: Moderne Verfahren der Kryptographie (2nd edition), Vieweg Verlag, Wiesbaden 1998).
    • SUMMARY OF THE INVENTION
  • The present invention can provide the establishment of a common group key between a central station and a group of n subscribers. The present invention can also provide that, even after the group key has been established, subscribers can be removed from or added to the key directory without great effort.
  • In accordance with the present invention, a process is provided in which a group key is established with the aid of a tree structure. To that end, the number of subscribers n involved in the key agreement is represented as a binary tree having n leaves. For each natural number n, there are one or more representations of this type. The number of leaves is identical with the number of subscribers included in the process. This means that a number of n leaves of a binary tree of depth φlog2nκ is allocated to a number of n subscribers.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 shows a tree structure for three subscribers according to an embodiment of the present invention;
  • FIG. 2 shows a tree structure for a key agreement for four subscribers A, B, C and D according to an embodiment of the present invention;
  • FIG. 3 shows a tree structure of a key agreement for five subscribers A, B, C, D and E according to an embodiment of the present invention;
  • FIG. 4 shows extending the tree structure by one subscriber for a further embodiment of the present invention according to FIG. 2; and
  • FIG. 5 shows the removal/deletion of a subscriber from the tree structure for a further embodiment of the present invention according to FIG. 2.
    •  DETAILED DESCRIPTION
  • FIG. 1 shows the operating principle of the process according to the present invention with reference to the tree structure of a key agreement for three subscribers A, B, C.
  • In order to establish a common key, subscribers A, B and C proceed as follows:
      • Subscribers A and B carry out a DH process with randomly generated numbers a and b. They obtain the common key k1=gab mod p, which is allocated to the common node K1.
      • Subscribers A and B on the one side, and subscriber C on the other side carry out a second DH process which is based on common key k1 of subscribers A and B and on a randomly generated number c of subscriber C. The result is common key k=gkl·c mod p, which is allocated to the root of tree Kw.
  • In the following, an example of a key agreement for four subscribers A, B, C and D is described with reference to FIG. 2:
  • In order to establish a common key for four subscribers (FIG. 2), subscribers A, B, C and D proceed as follows:
      • Subscribers A and B carry out a DH process with randomly generated numbers a and b. They obtain the common key k1=gab mod p.
      • Subscribers C and D carry out a DH process with randomly selected numbers c and d. They obtain the common key k2=gcd mod p.
      • Subscribers A and B on the one side, and subscribers C and D on the other side jointly carry out a second DH process in which subscribers A and B include key k1 and subscribers C and D include key k2. The result is common key kw=gk1·k2 mod p, which is allocated to the root of tree Kw.
  • In the following, an example of a key agreement for five subscribers A, B, C, D and E is described with reference to FIG. 3:
  • In order to establish a common key, subscribers A, B, C, D and E proceed as follows:
      • Subscribers A and B carry out a DH process with randomly selected numbers a and b. They obtain the common key k1=gab mod p.
      • Subscribers C and D carry out a DH process with randomly selected numbers c and d. They obtain the common key k2=gcd mod p.
      • Subscribers A and B on the one side, and subscribers C and D on the other side jointly carry out a second DH process in which subscribers A and B include the common key k1 and subscribers C and D include the common key K2. The result is a common key k3=gk1·k2 mod p for subscribers A, B, C and D.
      • Subscribers A, B, C and D on the one side, and subscriber E on the other side carry out a third DH process in which common key k3 of subscribers A, B, C and D and a random number e generated for subscriber E are included. The result is common key kw=gk3·e mod p, which is allocated to the root of the tree Kw.
  • Owing to the structure of the process according to the present invention, it is possible to include new subscribers or to exclude individual subscribers without having to carry out the entire process again for each subscriber.
  • The addition of a new subscriber is explained in greater detail with reference to a tree structure having four subscribers according to FIG. 4. The starting situation is a tree structure according to FIG. 2, to which a new subscriber is to be added at leaf B.
  • When a new subscriber is added to an already existing tree structure which possesses a common secret, in order to establish a new common key for n+1 subscribers, two new leaves B1 and B2 are added at a suitable location of the binary tree (leaf B given). The new tree then has n+1 leaves and is of depth φlog2(n+1)κ. The subscriber previously assigned to leaf B is assigned to one of the new leaves B1. The new subscriber is assigned to the other leaf B2 still free. The previous leaf B becomes a node K1 for leaves B1 and B2. Starting from new leaves B1 and B2, new secrets are established as far as the root of the tree only in those nodes K which lie within the framework of the tree structure on the path from new leaves B1 and B2 to the root of the tree Kw. In this specific case, they are nodes K1, K2 and Kw.
  • If the number of subscribers is a power of two, the depth of the tree is increased through this operation by 1 (see previous example). If the number of subscribers is not a power of two, then, through skillful selection of the leaf to be divided, it is possible to avoid an increase of the depth, as shown by the following example:
  • In order, for example, to add a fourth subscriber to three subscribers, one proceeds as follows (starting from the situation according to FIG. 1):
      • Subscriber C carries out a DH process with newly added subscriber D using randomly generated numbers c′ and d (c′ should differ from the previously selected c, but this need not be the case). The result is k2′=gc′d mod p.
      • Subscriber A and subscriber B on the one side, and subscribers C and D on the other side carry out a DH process using the values k1 and k2′. The result is k=gk1·k2′mod p.
  • With such a configuration, subscribers A and B need not carry out a new key exchange. Generally, it is only necessary to newly agree upon the secrets which lie in the associated tree on the path from the leaf of the new subscriber to root Kw.
  • The exclusion or deletion of a subscriber is explained in greater detail with reference to a tree structure having four subscribers according to FIG. 5. The starting situation is a tree structure according to FIG. 2, from which subscriber B is to be removed.
  • When a subscriber B is excluded or deleted from an already existing tree structure which has a common secret, then, as indicated in FIG. 5, both the leaf of subscriber B who is to be removed and the leaf of subscriber A, assigned to the same common node K1, are removed. Common node K1 becomes new leaf A′ of subscriber A remaining in the tree structure. Starting from the leaves of the tree and going as far as root Kw, new secrets are established only in those nodes K which are directly affected by new leaf A′ within the framework of the tree structure in the direction of root Kw. In this specific case, this is only root node Kw. Given such a configuration, subscribers C and D need not carry out a new key exchange. Generally, in this case it is also only necessary to newly agree upon those secrets which lie in the associated tree on the path from the leaf of the partner of the removed subscriber to the root.
  • The process can be further developed in many ways: For example, it is possible to use other groups for forming the discrete exponential function x ωgx.
  • When a subscriber is added or removed, it is possible, for example, to agree not to use the old secrets, but rather the result of a (possibly randomized) one-way function for the required new implementations of the DH process.

Claims (3)

1-3. (canceled)
4. A process for establishing a common cryptographic key for n subscribers using the Diffie-Hellman process, comprising:
assigning the n subscribers respective leaves of a binary-structured tree which has a root, n leaves, is of depth [log2n] and has treenodes;
for each one of the n subscribers, generating a respective secret, the respective secret being assigned to the one of the n leaves to which the one of the n subscribers is assigned; and
establishing secrets consecutively in a direction of the root of the tree for all k nodes of the tree starting from the n leaves of the tree across an entire hierarchy of the tree, wherein two already known secrets are combined using the Diffie-Hellman process to form a new common secret, the new common secret being allocated to a common node so that a common cryptographic key for all n subscribers is allocated to a last one of tree nodes, the last one of the tree nodes being the root of the tree.
5. The process as recited in claim 4, further comprising:
excluding a selected one of the n subscribers from the tree, the excluding steps including:
removing a first one of the n leaves of the tree to which the selected one of the n subscribers is assigned;
removing a second one of the n leaves, the second one of the n leaves sharing a common node with the first one of the n leaves, the common node with the first one of the n leaves becoming a new leaf assigned to the one of the n subscribers to which the second one of the n leaves is assigned; and
starting from the new leaf of the tree in a direction of the root of the tree, establishing new secrets only in those of the tree nodes which lie within a framework of the tree on a path from the new leaf to the tree root.
US12/582,651 1998-10-09 2009-10-20 Process for establishing a common cryptographic key for n subscribers Abandoned US20100054464A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/582,651 US20100054464A1 (en) 1998-10-09 2009-10-20 Process for establishing a common cryptographic key for n subscribers

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
DE19847941A DE19847941A1 (en) 1998-10-09 1998-10-09 Common cryptographic key establishment method for subscribers involves successively combining two known secret values into a new common value throughout using Diffie-Hellmann technique
DE19847941.7 1998-10-09
PCT/EP1999/007051 WO2000022775A1 (en) 1998-10-09 1999-09-22 Method for establishing a common cryptographic key for n subscribers
US80718101A 2001-06-15 2001-06-15
US12/582,651 US20100054464A1 (en) 1998-10-09 2009-10-20 Process for establishing a common cryptographic key for n subscribers

Related Parent Applications (2)

Application Number Title Priority Date Filing Date
PCT/EP1999/007051 Continuation WO2000022775A1 (en) 1998-10-09 1999-09-22 Method for establishing a common cryptographic key for n subscribers
US80718101A Continuation 1998-10-09 2001-06-15

Publications (1)

Publication Number Publication Date
US20100054464A1 true US20100054464A1 (en) 2010-03-04

Family

ID=7884814

Family Applications (2)

Application Number Title Priority Date Filing Date
US09/807,181 Expired - Fee Related US7606369B1 (en) 1998-10-09 1999-09-22 Process for establishing a common cryptographic key for N subscribers
US12/582,651 Abandoned US20100054464A1 (en) 1998-10-09 2009-10-20 Process for establishing a common cryptographic key for n subscribers

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US09/807,181 Expired - Fee Related US7606369B1 (en) 1998-10-09 1999-09-22 Process for establishing a common cryptographic key for N subscribers

Country Status (7)

Country Link
US (2) US7606369B1 (en)
EP (1) EP1119942B1 (en)
JP (1) JP2002527992A (en)
AT (1) ATE247349T1 (en)
DE (2) DE19847941A1 (en)
HU (1) HU223920B1 (en)
WO (1) WO2000022775A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11411744B2 (en) 2017-05-25 2022-08-09 Nec Network And Sensor Systems, Ltd. Encryption communication method, information processing apparatus, and program

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4622064B2 (en) 2000-04-06 2011-02-02 ソニー株式会社 Information recording apparatus, information reproducing apparatus, information recording method, information reproducing method, information recording medium, and program providing medium
EP1623527A1 (en) * 2003-05-13 2006-02-08 Telecom Italia S.p.A. A process for secure communication over a wireless network, related network and computer program product
JP2006135840A (en) * 2004-11-09 2006-05-25 Sony Corp Key sharing state shifting method and system, and information storage medium
JP2006262230A (en) * 2005-03-18 2006-09-28 Sony Corp Information processing system, information analyzing device and method, information processor and method, and program
WO2008026184A2 (en) * 2006-08-31 2008-03-06 Koninklijke Philips Electronics N.V. Method of key management
FR2922392B1 (en) * 2007-10-12 2011-03-04 Thales Sa DEVICE AND METHOD FOR HANDLING EXCHANGE FLOWS OF PUBLIC (OR NON-SENSITIVE) VALUES FOR CREATING COMMON SECRET KEYS BETWEEN SEVERAL ZONES.
KR101133262B1 (en) * 2010-04-08 2012-04-05 충남대학교산학협력단 A hybrid key management method for robust SCADA systems and the session key generating method thereof
US20150036820A1 (en) * 2013-07-30 2015-02-05 Gideon Samid Probability Durable Entropic Advantage
JP6871200B2 (en) * 2018-06-27 2021-05-12 Kddi株式会社 Key agreement system and key generator
CN112422276B (en) * 2020-11-04 2022-03-25 郑州信大捷安信息技术股份有限公司 Method and system for realizing multi-party key agreement

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6049878A (en) * 1998-01-20 2000-04-11 Sun Microsystems, Inc. Efficient, secure multicasting with global knowledge

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4309569A (en) * 1979-09-05 1982-01-05 The Board Of Trustees Of The Leland Stanford Junior University Method of providing digital signatures
US4661658A (en) * 1985-02-12 1987-04-28 International Business Machines Corporation Offline PIN validation with DES
US4914569A (en) * 1987-10-30 1990-04-03 International Business Machines Corporation Method for concurrent record access, insertion, deletion and alteration using an index tree
JPH0389737A (en) * 1989-08-25 1991-04-15 Motorola Inc Hierarchical key management system
US5315658B1 (en) * 1992-04-20 1995-09-12 Silvio Micali Fair cryptosystems and methods of use
JPH05327748A (en) * 1992-05-27 1993-12-10 Fujitsu Ltd Multi-address communication system
JP3493688B2 (en) * 1993-06-25 2004-02-03 ソニー株式会社 Communication apparatus and method, communication management apparatus and method, and public key encryption processing system and method
IL106796A (en) * 1993-08-25 1997-11-20 Algorithmic Res Ltd Broadcast encryption
DE19511298B4 (en) * 1995-03-28 2005-08-18 Deutsche Telekom Ag Procedure for issuing and revoking the authorization to receive broadcasts and decoders
DE19538385A1 (en) 1995-10-14 1997-04-17 Deutsche Telekom Ag Procedure for establishing a common key for authorized persons by a central office
DE19649292A1 (en) * 1996-11-28 1998-06-04 Deutsche Telekom Ag Access protection method for pay television
US6041122A (en) * 1998-02-27 2000-03-21 Intel Corporation Method and apparatus for hiding crytographic keys utilizing autocorrelation timing encoding and computation

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6049878A (en) * 1998-01-20 2000-04-11 Sun Microsystems, Inc. Efficient, secure multicasting with global knowledge

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11411744B2 (en) 2017-05-25 2022-08-09 Nec Network And Sensor Systems, Ltd. Encryption communication method, information processing apparatus, and program

Also Published As

Publication number Publication date
WO2000022775A1 (en) 2000-04-20
HU223920B1 (en) 2005-03-29
JP2002527992A (en) 2002-08-27
HUP0104054A2 (en) 2002-03-28
HUP0104054A3 (en) 2003-05-28
DE19847941A1 (en) 2000-04-13
ATE247349T1 (en) 2003-08-15
EP1119942B1 (en) 2003-08-13
EP1119942A1 (en) 2001-08-01
DE59906607D1 (en) 2003-09-18
US7606369B1 (en) 2009-10-20

Similar Documents

Publication Publication Date Title
US20100054464A1 (en) Process for establishing a common cryptographic key for n subscribers
JP7301039B2 (en) Threshold digital signature method and system
Nyberg et al. Message recovery for signature schemes based on the discrete logarithm problem
US8170207B2 (en) Split-key key-agreement protocol
US6487661B2 (en) Key agreement and transport protocol
JP4384728B2 (en) Key agreement and transport protocols using intrinsic signatures
TWI821248B (en) Computer implemented method and system for transferring control of a digital asset
US6987855B1 (en) Operational optimization of a shared secret Diffie-Hellman key exchange among broadcast or multicast groups
US20080095371A1 (en) Ends-Messaging Protocol That Recovers And Has Backward Security
TWI813616B (en) Computer implemented method and system for obtaining digitally signed data
US7778423B2 (en) Method for establishing a common key for a group of at least three subscribers
Mokhtarnameh et al. An enhanced certificateless authenticated key agreement protocol
Chang et al. The design of a conference key distribution system
Nathani et al. A Dynamic ID Based Authenticated Group Key Agreement Protocol from Pairing.
WO2000019652A1 (en) Distributed shared key generation and management using fractional keys
US7035405B1 (en) Method for establishing a common key between a central station and a group of subscribers
KR100588302B1 (en) Method Generating Session Key For Group Communication In Mobile Environment
JP2831685B2 (en) Encryption communication method
Shao et al. Distributed assignment of cryptographic keys for access control in a hierarchy
JP2808651B2 (en) Encryption communication method
Safavi-Naini et al. Hybrid Encryption in Correlated Randomness Model
Yang et al. Efficient certificateless threshold signatures without random oracles
CN114462065A (en) Method for realizing data encryption sharing based on block chain and chameleon Hash algorithm
KR20220142254A (en) Multi-signature wallet system in blockchain using the bloom filter
JP2565893B2 (en) Shared key generation method

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION