TOP > 外国特許検索 > Communication method and communication system using decentralized key management scheme

Communication method and communication system using decentralized key management scheme コモンズ

外国特許コード F140007857
整理番号 348-PCT-076-US
掲載日 2014年4月8日
出願国 アメリカ合衆国
出願番号 62869204
公報番号 20080165974
公報番号 8249258
出願日 平成16年12月28日(2004.12.28)
公報発行日 平成20年7月10日(2008.7.10)
公報発行日 平成24年8月21日(2012.8.21)
国際出願番号 JP2004019633
国際公開番号 WO2005122464
国際出願日 平成16年12月28日(2004.12.28)
国際公開日 平成17年12月22日(2005.12.22)
優先権データ
  • 特願2004-168682 (2004.6.7) JP
  • 2004WO-JP19633 (2004.12.28) WO
発明の名称 (英語) Communication method and communication system using decentralized key management scheme コモンズ
発明の概要(英語) (US8249258)
A decentralized key management scheme that implements key management of a tree structure comprised of only group members without using a key management server is proposed, and communication method and system that can contribute to secure group communications is provided.
Each member constituting a group updates tree structure data of the entire group when a new member joins, respectively 70, and selects a captain in each subtree 71.
Rather than the key management server, the captain generates a new key and shares it with other captains or the joining member 72, and distributes the new key to the members of the subtree 73, thereby enabling all the group members to update to the new key.
A captain is also selected when a member leaves, and sharing and distribution of a new key by the captain is performed.
特許請求の範囲(英語) [claim1]
1. A communications method comprising: organizing a group to which a plurality of members can join or leave, a group key for use in encryption or authentication of communication data is not only shared in the group, but also assigned to a most significant root, a subgroup key is assigned to nodes that are branching points of branches, each member is assigned to a leaf at the end of a least significant subtree, and each member communicates by retaining the group key and all subgroup keys from the group key to itself, wherein each member belonging to the group stores in advance tree structure data of the entire group, the group key, and all the subgroup keys,
when each member detects that a new member joins,
a tree structure data updating step in which each member causes tree structure data updating means to assign a joining member to a leaf of the tree structure according to a predetermined rule, and to update the tree structure data stored by each member;
a captainship determination step in which each member causes captainship determination means to determine whether or not the member will be a captain of a subtree according to a predetermined rule from new tree structure data;
a new key generation and distribution step in which the captain causes new key generation and distribution means to generate and distribute new keys at least among respective members of its subtree, wherein the captain is a member assigned to a leaf and the captain generates and distributes a subgroup key to each member of the subgroup; and
wherein, in the captainship determination step, a predetermined rule for determining whether to be a captain or not selects a captain candidate member in a subtree from members of leaves of a branch opposite to a branch where a joining member lies, when viewed from the high level of the subtree.
[claim2]
2. The communication method using the decentralized key management scheme according to claim 1, wherein the new key generation and distribution step in the communication method includes: a new key sharing step in which the joining member and each captain cause the new key sharing means to communicate generation information of a new group key or subgroup keys, and generate and share a new key; and
a new key distribution step in which each captain causes the new key distribution means to encrypt the new key with the prior group key or subgroup keys, and distribute the key (s) to each member of the subtree.
[claim3]
3. The communication method using the decentralized key management scheme according to claim 1, wherein the new key generation and distribution step in the communication method includes: a new key sharing step in which not only a joining member and a least significant captain share a new key, but also lower captains sequentially share a new key with a captain at one level higher in the hierarchy; and
a new key distribution step in which each captain causes the new key distribution means not only to encrypt the new key with the corresponding prior group key or subgroup keys and distribute the key(s) to each member of the subtree, but also to encrypt a new key of one level higher in the hierarchy with the new key of the subtree to which the captain belongs and to transmit the encrypted key to the joining member sequentially from the lower captains.
[claim4]
4. The communication method using the decentralized key management scheme according to any of claims 1 to 3, wherein, in the tree structure data updating step, a predetermined rule for assigning a joining member to a leaf assigns it as the leftmost leaf in the least significant node at the rightmost in the entire tree structure, or as the rightmost leaf in the least significant node at the leftmost.
[claim5]
5. The communication method using the decentralized key management scheme according to any of claims 1 to 3, wherein the tree structure is a two-part tree.
[claim6]
6. A communications method comprising: organizing a group to which a plurality of members can join or leave, a group key for use in encryption or authentication of communication data is not only shared in the group, but also assigned to a most significant root, a subgroup key is assigned to nodes that are branching points of branches, each member is assigned to a leaf at the end of a least significant subtree, and each member communicates by retaining the group key and all subgroup keys from the group key to itself, wherein each member belonging to the group stores in advance tree structure data of the entire group, the group key, and all the subgroup keys,
when each member detects that a member leaves,
a captainship determination step in which each member causes captainship determination means to determine whether or not the member will be a captain in a subtree from the tree structure data excluding the leaving member according to a predetermined rule;
a new key generation and distribution step in which the captain causes new key generation and distribution means to generate and distribute new keys among at least its subtree members and other captains, wherein the captain is a member assigned to a leaf and the captain generates and distributes a subgroup key to each member of the subgroup, wherein, during captainship determination, a predetermined rule for determining whether to be a captain or not selects a captain candidate member in a subtree from members of leaves of a branch opposite to a branch where a joining member lies, when viewed from the high level of the subtree; and
a tree structure data updating step in which each member causes tree structure data updating means to re-assign members of the subtree to which the leaving member belongs and updates the tree structure data stored in the member according to a predetermined rule.
[claim7]
7. The communication method using the decentralized key management scheme according to claim 6, wherein the new key generation and distribution step in the communication method includes:
a new key sharing step in which captains in the least significant subtree where the member has left and all other captains in the subtree to which the leaving member belong cause new key sharing means to communicate generation information on a new group key or subgroup keys and generate and share the new key; and
a new key distribution step in which not only each captain causes new key distribution means to encrypt the generated new key with the prior subgroup key of one level lower in the hierarchy and to distribute it to each member of the subtree, but also the captain in the least significant subtree where the member has left causes the new key distribution means to encrypt the missing new key with the prior subgroup key of the subtree, and to distribute it to each member of the subtree.
[claim8]
8. The communication method using the decentralized key management scheme according to claim 6, wherein the new key generation and distribution step in the communication method includes: a new key sharing step in which starting with captains of the least significant subtree where the member has left, the lower captain sequentially shares the new key with the captain of one level higher in the hierarchy; and
a new key distribution step in which each captain not only causes new key distribution means to distribute a new key to each member of its subtree, but also the captain of the subtree where the member has left causes the new key distribution means to encode a missing new key with the prior subgroup key of that subtree and distribute it to each member of the subtree.
[claim9]
9. The communication method using the decentralized key management scheme according to claim 6, wherein the tree structure is a two-part tree.
[claim10]
10. A communications method comprising: organizing a group to which a plurality of members can join or leave, a group key for use in encryption or authentication of communication data is not only shared in the group, but also assigned to a most significant root, a subgroup key is assigned to nodes that are branching points of branches, each member is assigned to a leaf at the end of a least significant subtree, and each member communicates by retaining the group key and all subgroup keys from the group key to itself, wherein a terminal unit that is each member comprises: storage means for storing tree structure data of an entire group, a group key, and all subgroup keys;
joining/leaving detection means for detecting when a new member joins the group or when member of the group leaves the group;
tree structure data updating means for either assigning a joining member to a leaf of a tree structure according to a predetermined rule and updating tree structure data stored therein, or re-assigning members of the subtree to which a leaving member belong as a leaf according to a predetermined rule and updating tree structure data stored therein;
captainship determination means for determining, from the tree structure data, whether or not the member will be a captain of the subtree according to a predetermined rule;
new key generation and distribution means for generating and distributing a new key at least among members of its subtree, when it becomes a captain, wherein the captain is a member assigned to a leaf and the captain generates and distributes a subgroup key to each member of the subgroup; and
wherein, in the captainship determination step, a predetermined rule for determining whether to be a captain or not selects a captain candidate member in a subtree from members of leaves of a branch opposite to a branch where a joining member lies, when viewed from the high level of the subtree.
[claim11]
11. The communication system using a decentralized key management scheme according to claim 10, wherein the new key generation and distribution means in the communication system includes: new key sharing means for communicating generation information of a new group key or subgroup keys among the joining member and captains, and generating and sharing a new key; and new key distribution means for encrypting the new key with corresponding prior group key or subgroup key, and distributing it to each member of the subtree.
[claim12]
12. The communication system using a decentralized key management scheme according to claim 10, wherein the new key generation and distribution means in the communication system includes:
new key sharing means in which not only the joining member and the least significant captain share a new key, but also lower captains sequentially share the new key with the captain of one level higher in the hierarchy; and
new key distribution means for, when a member is a captain, not only encrypting a new key with the corresponding prior group key or subgroup keys and distributing it to each member of the subtree, but also starting with the lower captains, sequentially encrypting a new key of one level higher in the hierarchy with the new key of the subtree to which the captain belongs and transmit it to the joining member.
[claim13]
13. The communication system using a decentralized key management scheme according to claim 10, wherein the new key generation and distribution means of a terminal unit in the communication system includes:
new key sharing means in which the captain of the least significant subtree where the member has left and all other captains of the subtree to which the leaving member belongs communicate generation information on a new group key and subgroup keys, and generate and share a new key; and
new key distribution means for, when a member is a captain, not only encrypting the generated new key with the prior subgroup keys at one level lower in the hierarchy and distributing it to each member of the subtree, but also causing the captain of the least significant subtree where the member has left to encrypt the missing new key with the prior subgroup keys of that subtree and distribute it to each member of the subtree.
[claim14]
14. The communication system using a decentralized key management scheme according to claim 10, wherein the new key generation and distribution means of the terminal unit in the communication system includes:
new key sharing means in which starting with the captains of the least significant subtree where the member has left, the lower captains sequentially share a new key with the captain of one level higher in the hierarchy; and
new key distribution means for, when a member is a captain, not only causing the new key distribution means to distribute the new key to each member of its subtree, but also causing the captain of the subtree where the member has left to encrypt the missing new key with the prior subgroup key of that subtree and distribute it to each member of the subtree.
[claim15]
15. The communication system using a decentralized key management scheme according to any of claims 10 to 14, wherein the predetermined rule for assigning a joining member to be used in the tree structure data updating means to a leaf assigns as the leftmost leaf in the least significant node at the rightmost in the entire tree structure, or as the rightmost leaf in the least significant node at the leftmost.
[claim16]
16. The communication system using a decentralized key management scheme according to any of claims 10 to 14, wherein the tree structure is a two-part tree.
  • 発明者/出願人(英語)
  • INOUE DAISUKE
  • KURODA MASAHIRO
  • NATIONAL INSTITUTE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY
国際特許分類(IPC)
米国特許分類/主・副
  • 380/281
  • 455/433
  • 455/455
  • 705/51
  • 705/52
  • 705/53
  • 705/54
  • 709/229
※ 詳細内容の開示にあたっては、別途、JSTと秘密保持契約を締結していただくことが必要となります。

PAGE TOP

close
close
close
close
close
close