WO2008026184A3 - Method of key management - Google Patents

Method of key management Download PDF

Info

Publication number
WO2008026184A3
WO2008026184A3 PCT/IB2007/053498 IB2007053498W WO2008026184A3 WO 2008026184 A3 WO2008026184 A3 WO 2008026184A3 IB 2007053498 W IB2007053498 W IB 2007053498W WO 2008026184 A3 WO2008026184 A3 WO 2008026184A3
Authority
WO
WIPO (PCT)
Prior art keywords
leaf node
group
key
party
private key
Prior art date
Application number
PCT/IB2007/053498
Other languages
French (fr)
Other versions
WO2008026184A2 (en
Inventor
Anna K Zych
Jeroen M Doumen
Willem Jonker
Pieter H Hartel
Milan Petkovic
Original Assignee
Koninkl Philips Electronics Nv
Anna K Zych
Jeroen M Doumen
Willem Jonker
Pieter H Hartel
Milan Petkovic
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninkl Philips Electronics Nv, Anna K Zych, Jeroen M Doumen, Willem Jonker, Pieter H Hartel, Milan Petkovic filed Critical Koninkl Philips Electronics Nv
Publication of WO2008026184A2 publication Critical patent/WO2008026184A2/en
Publication of WO2008026184A3 publication Critical patent/WO2008026184A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

A method of key management for group-based controlled access to encrypted data, in which a decryption key for the encrypted data can be obtained by a party if the party is a member of at least one group which is authorized to access the data, the groups being organized in a hierarchical tree in which each non-leaf node represents a group and each leaf node represents a member of all groups represented by nodes hierarchically superior to the leaf node in question, characterized in that the leaf nodes are each assigned a respective arbitrarily chosen private key and corresponding public key, in that the private key associated with a particular non-leaf node is obtained by executing a key agreement protocol using a private key associated with a first child of the particular non- leaf node and a public key associated with a second child of the particular non-leaf node, and in that the private key for a group associated with a particular node is obtained by recursively obtaining the group private keys of the nodes on a path from the leaf node corresponding to the party in question and the node corresponding to the authorized group.
PCT/IB2007/053498 2006-08-31 2007-08-30 Method of key management WO2008026184A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP06119878.4 2006-08-31
EP06119878 2006-08-31

Publications (2)

Publication Number Publication Date
WO2008026184A2 WO2008026184A2 (en) 2008-03-06
WO2008026184A3 true WO2008026184A3 (en) 2008-06-26

Family

ID=39136356

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2007/053498 WO2008026184A2 (en) 2006-08-31 2007-08-30 Method of key management

Country Status (1)

Country Link
WO (1) WO2008026184A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109995786B (en) * 2019-04-08 2020-11-13 北京深思数盾科技股份有限公司 Method and device for authorizing data in organization

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102009001719B4 (en) 2009-03-20 2011-02-10 Compugroup Holding Ag Method for generating asymmetric cryptographic key pairs
CN110213228B (en) * 2019-04-25 2021-09-07 平安科技(深圳)有限公司 Method, device, storage medium and computer equipment for authenticating communication
CN117195300B (en) * 2023-09-20 2024-03-29 全拓科技(杭州)股份有限公司 Big data safety protection method, device and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19847941A1 (en) * 1998-10-09 2000-04-13 Deutsche Telekom Ag Common cryptographic key establishment method for subscribers involves successively combining two known secret values into a new common value throughout using Diffie-Hellmann technique
US20040146015A1 (en) * 2003-01-27 2004-07-29 Cross David B. Deriving a symmetric key from an asymmetric key for file encryption or decryption
EP1505594A2 (en) * 2003-07-31 2005-02-09 Sony United Kingdom Limited Access control for digital content
US20060015514A1 (en) * 2004-06-03 2006-01-19 Canon Kabushiki Kaisha Information processing method and information processing apparatus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19847941A1 (en) * 1998-10-09 2000-04-13 Deutsche Telekom Ag Common cryptographic key establishment method for subscribers involves successively combining two known secret values into a new common value throughout using Diffie-Hellmann technique
US20040146015A1 (en) * 2003-01-27 2004-07-29 Cross David B. Deriving a symmetric key from an asymmetric key for file encryption or decryption
EP1505594A2 (en) * 2003-07-31 2005-02-09 Sony United Kingdom Limited Access control for digital content
US20060015514A1 (en) * 2004-06-03 2006-01-19 Canon Kabushiki Kaisha Information processing method and information processing apparatus

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109995786B (en) * 2019-04-08 2020-11-13 北京深思数盾科技股份有限公司 Method and device for authorizing data in organization

Also Published As

Publication number Publication date
WO2008026184A2 (en) 2008-03-06

Similar Documents

Publication Publication Date Title
WO2007149850A3 (en) Hierarchical deterministic pairwise key predistribution scheme
Acín et al. Device-independent security of quantum cryptography against collective attacks
Torkaman et al. Innovative approach to improve hybrid cryptography by using DNA steganography
WO2008121157A3 (en) Cryptographic key management system facilitating secure access of data portions to corresponding groups of users
TW202019120A (en) Service data encryption method and device based on block chain
WO2007009066A3 (en) Secure key management for scalable codestreams
Zhou et al. Privacy enhanced data outsourcing in the cloud
WO2007094751A3 (en) System and method for a variable key ladder
Li et al. Privacy-preserving data utilization in hybrid clouds
WO2005122630A3 (en) Arrangement in a network node for secure storage and retrieval of encoded data distributed among multiple network nodes
Liu et al. Practical ciphertext-policy attribute-based encryption: traitor tracing, revocation, and large universe
WO2004102918A3 (en) Key agreement and transport protocol
CN108038184A (en) A kind of date storage method and system based on block chain, a kind of intelligent block chain
EA201100887A1 (en) METHOD OF FORMATION OF A DIGITAL / CALCULAR KEY
Huang et al. EABDS: Attribute‐Based Secure Data Sharing with Efficient Revocation in Cloud Computing
Mor et al. Toward a global data infrastructure
ATE422131T1 (en) NETWORK INFORMATION ON A PEER-TO-PEER NETWORK
WO2008026184A3 (en) Method of key management
EP1353470A3 (en) Method for deployment of a workable public key infrastructure
Jost et al. Overcoming impossibility results in composable security using interval-wise guarantees
Xu et al. Revocable policy-based chameleon hash
CN105915333B (en) A kind of efficient key distribution method based on encryption attribute
WO2019215262A3 (en) Method for securing a data exchange in a distributed infrastructure
Maldonado-Ruiz et al. 3BI-ECC: a decentralized identity framework based on blockchain technology and elliptic curve cryptography
Alwen et al. Grafting key trees: efficient key management for overlapping groups

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07826209

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 07826209

Country of ref document: EP

Kind code of ref document: A2