METHOD AND ARRANGEMENT FOR ENABLING ENCRYPTED COMMUNICATION
TECHNICAL FIELD The invention relates generally to encrypted communication and more specifically to a method and an arrangement for key distribution to enable encrypted communication between local units having their own public keys in a communication network that also comprises a central unit having a secret master key.
BACKGROUND OF THE INVENTION
To enable secure communication within arbitrary groups of local units in such a communication network, the central unit has to certify the respective local unit, and each local unit of the group should be able to check that the other units in fact belong to the group in question, i.e. that they have been certified by the central unit.
Today, a group of local units can be certified e.g. by means of different types of certificates based on so called public key cryptography.
To enable secure communication between local units certified by the central unit is complicated in that someone within the group has to generate a secret session key which, then, is to be encrypted with the public keys of the other local units of the group, and, then finally, sent out to the respective group member. Thereafter, the communication can start.
SUMMARY OF THE INVENTION
The object of the invention is to enable each local unit in a group of local units that are to participate in an encrypted communication, to check that any other local unit in fact belongs to the group, and to enable encrypted communications within arbitrary groups of local units.
This is attained in accordance with the invention in that session keys are calculated in each local unit based on the public keys from the other local units and a functional value calculated by the central unit, and that encrypted communication is en- abled only between local units having calculated identical session keys.
By means of any known symmetric encryption algorithm, these session keys are then used to encrypt data to be exchanged between the local units.
By means of the invention, the calculation work is distributed between the local units instead of being concentrated to the unit initiating the communication.
BRIEF DESCRIPTION OF THE DRAWING
The invention will be described more in detail below with reference to the appended drawing on which Fig. 1 schematically illustrates a first stage of the method according to the invention in a communication network, and Fig. 2 illustrates a second stage of the method according to the invention in part of the communication network in Fig. 1.
DESCRIPTION OF THE INVENTION
Fig. 1 schematically illustrates a communication network comprising a central unit CU and a plurality of local units LUl, LU2, LU3 ... LUN.
Encrypted communication is to be established between any number of local units in the network.
The central unit CU has a secret master key MK and each local unit LUl, LU2, LU3 ... LUN has its own open or public key PKl, PK2, PK3 ... PKN as schematically indicated on the drawing.
In accordance with the invention, in advance of any communication between any number of the local units LUl, LU2, LU3 ... LUN, the local units transfer their respective public keys PKl, PK2, PK3 ... PKN to the central unit CU, e.g. upon re- quest by the central unit CU, as illustrated by means of arrows from the respective local unit to the central unit CU in Fig. 1.
In accordance with the invention, upon receipt of the respective public keys PKl, PK2, PK3 ... PKN from the local units, the central unit CU calculates, for each local unit LUl, LU2. LU3 ... LUN, an individual functional value FV1, FV2, FV3 ... FVN from the master key MK and the respective public key PKl, PK2, PK3 ... PKN received from the respective local unit LUl, LU2, LU3 ... LUN.
According to the invention, the functional values are calculated by means of a func- tion H(x, y) of such a nature that, on the one hand, H(H(x, y), z) = H(H(x, z), y) and, on the other hand, it is computationally infeasible to calculate x with a knowledge of values of y and values of H(x, y).
Using the master key MK as the first argument in the above function, the functional values FV1, FV2, FV3 ... FVN calculated for the local units LUl, LU2, LU3 ... LUN in Fig. 1 will be H(MK, PKl), H(MK, PK2), H(MK, PK3) ... H(MK, PKN).
The central unit CU is adapted to transfer the respective individual functional value FV1, FV2, FV3 ... FVN to the respective local unit LUl, LU2, LU3 ... LUN as il- lustrated in Fig. 1 by means of arrows directed from the central unit CU to the respective local unit LUl, LU2, LU3 ... LUN.
The transfer of the functional values FV1, FV2, FV3 ... FVN to the local units LUl, LU2, LU3 ... LUN takes place in a secure manner, e.g. via secure links (not shown).
Hereby, the preparations for enabling encrypted communication between any number of local units are terminated.
With reference to Fig. 2, an embodiment will be described in which it is supposed that the local unit LUl in Fig. 1 desires encrypted communications with the local units LU2 and LU3 in Fig. 1, and that also the communication between the local units LU2 and LU3 should be encrypted.
In accordance with the invention, each local unit that is to communicate encrypted with any other local unit has to exchange public keys with that other local unit.
In the embodiment in Fig. 2, as mentioned above, it is supposed that the encrypted communication is initiated by the local unit LUl.
Thus, the local unit LUl sends one message to the local unit LU2 and one message to the local unit LU3 informing them of its desire for an encrypted communication between the three local units, and requesting them to transfer their respective public keys PK2 and PK3.
Based on these messages, the local unit LU2 requests the local units LUl and LU3 to transfer their public keys PKl and PK3, respectively, and the local unit LU3 requests the local units LUl and LU2 to transfer their respective public keys PKl and PK2.
This is schematically illustrated in Fig. 2 by means of arrows in both directions between the local units LUl, LU2, LU3.
In case the local units in question have been involved in a mutual encrypted communication earlier, the respective public keys can already be stored in the respective local unit and do not have to be transferred again.
In accordance with the invention, based on its own individual functional value FV1, FV2, FV3 received from the central unit CU, and the respective public key received from the other local units, each local unit LUl, LU2, LU3 calculates session keys by applying the above function H(x, y) in sequence.
Thus, the session key calculated by the local unit LUl will be H(H(FV1 , PK2),
PK3). Inserting FV1 as calculated above by the central unit CU, the session key calculated by the local unit LUl will be H(H(H(MK, PKl), PK2), PK3). The session key calculated by the local unit LU2 will be H(H(FV2, PKl), PK3) or H(H(H(MK, PK2), PKl), PK3) with FV2 inserted as above, and the session key calculated by the local unit LU3 will be H(H(FV3, PKl), PK2) or H(H(H(MK, PK3), PKl), PK2) with FV3 inserted as above.
As apparent, due to the symmetry of the function H(x, y), the session keys calculated by the respective local units are identical which is a prerequisite condition for an encrypted communication to be enabled between the local units in question according to the invention.
By means of the invention, it will be possible to establish encrypted communications in a simpler manner.