CA2277633C - Split-key key-agreement protocol - Google Patents

Split-key key-agreement protocol Download PDF

Info

Publication number
CA2277633C
CA2277633C CA002277633A CA2277633A CA2277633C CA 2277633 C CA2277633 C CA 2277633C CA 002277633 A CA002277633 A CA 002277633A CA 2277633 A CA2277633 A CA 2277633A CA 2277633 C CA2277633 C CA 2277633C
Authority
CA
Canada
Prior art keywords
entity
key
intra
public key
long term
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CA002277633A
Other languages
French (fr)
Other versions
CA2277633A1 (en
Inventor
Scott A. Vanstone
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Certicom Corp
Original Assignee
Certicom Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Certicom Corp filed Critical Certicom Corp
Priority to CA002277633A priority Critical patent/CA2277633C/en
Priority to US09/619,633 priority patent/US6934392B1/en
Priority to DE60006147T priority patent/DE60006147T2/en
Priority to PCT/CA2000/000838 priority patent/WO2001006697A2/en
Priority to AU61437/00A priority patent/AU6143700A/en
Priority to EP00947716A priority patent/EP1226678B1/en
Publication of CA2277633A1 publication Critical patent/CA2277633A1/en
Priority to US11/155,899 priority patent/US7272226B2/en
Priority to US11/855,608 priority patent/US7840004B2/en
Application granted granted Critical
Publication of CA2277633C publication Critical patent/CA2277633C/en
Priority to US12/950,626 priority patent/US8170207B2/en
Priority to US13/451,467 priority patent/US8520847B2/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys

Abstract

This invention relates to a method for generating a shared secret value between entities (E) in a data communication system, one or more of the entities having a plurality of members (M ij) for participation in the communication system, each member having a long term private key (P rij) and a corresponding long term public key (P Uij). The method comprises the steps of generating a short term private (x ij) and a corresponding short term public key (X ij)for each of the members (M ij); exchanging short term public keys (X ij) of the members within an entity (i). For each member then computing an intra-entity shared key by mathematically combining the short term public keys (X ij) of each the members computing an intra-entity public key (s i) by mathematically combining its short-term private key (x ij), the long term private key (P rij) and the intra-entity shared key. Next for each entity combining intra-entity public keys (s i) to derive a group short-term Si public key; each entity transmitting its intra-entity shared key (X i) and its group short term public (S i) key to the other entities; and each entity computing a common shared key K by combining its group short term public key (S i), with the intra-entity shared key (~i), and a group short term public (~i) key received from the other entities.

Description

SPLIT-KEY KEY-AGREEMENT PROTOCOL

The present invention relates to the field of key agreement protocols in cryptographic systems.
BACKGROUND OF THE INVENTION
Traditionally, entities communicated on paper and were able to ensure privacy in many ways. With the transition from paper to electronic media however, brings the need for electronic privacy and authenticity. In cryptographic schemes, the entities use primitives, which are mathematical operations together with encoding and formatting techniques to provide security.
For each scheme the parties participating in the scheme normally agree upon or exchange certain information before executing the scheme function. The specific information that needs to be agreed upon is detailed for each scheme. Such agreement may be achieved by any means suitable for the application. It may be implicitly built into the system or explicitly achieved by some sort of exchange of information with or without involvement from other parties. In particular, parties often need to agree on parameters and obtain each other's public keys. For proper security, a party needs to be assured of the true owners of the keys and parameters and of their validity. Generation of parameters and keys needs to be performed properly and, in some cases, verification needs to be performed.

In general, the different types of schemes may be defined as follows. Key agreement schemes, in which two parties use their public, private key pairs and possibly other information, to agree on a shared secret key. A signature scheme with appendix is a scheme in which one party signs a message using its private key and any other party can verify the signature by examining the message, the signature, and the signer's cross corresponding public key. In signature schemes with message recovery, one party signs a message using its private key and any other party can verify the signature and recover the message by examining the signature and the signer's corresponding public key. Finally, in encryption schemes, any party can encrypt a message using the recipient's public key and only the recipient can decrypt the message using its corresponding private key.
An example of a key derivation scheme is the MQV (Menezes-Qu-Vanstone). In the MQV scheme, a shared secret value is derived from one party's two key pairs and another party's two public keys where all the keys have the same discrete log (DL) parameters. In this generalized MQV scheme, it is assumed that the shared secret value is that which is shared between two parties.

However, where each party or entity consists of a collection of parties say A={A1, A2...Aõ} and B={B1, B2, ...Bm} where m is not necessarily equal to n and at least one of m or n is at least two (that is, not both A and B consist of one individual). It is difficult to implement the generalized MQV scheme if these two entities wish to establish a common key in order to communicate privately.

SUMMARY OF THE INVENTION

Accordingly, the present invention seeks to provide a solution to the problem of establishing a common key for private communication between entities wherein the entities include a collection of sub entities.

An advantage of the present invention is that all members of each entity must participate in the scheme and no subcollection of either entity can impersonate its entire entity.
In accordance with this invention there is provided a method for generating a shared secret value between entities in a data communication system, one or more of the entities having a plurality of members for participation in the communication system, each member having a long term private key and a corresponding long term public key, the method comprising the steps of:

(a) generating a short term private and a corresponding short term public key for each of the members;

(b) exchanging short term public keys of the members within an entity;
(c) for each member:

(i) computing an intra-entity shared key by mathematically combining the short term public keys of each said member;
(ii) computing an intra-entity public key by mathematically combining its short-term private key, the long term private key and the first intra-entity key component;

(d) for each entity combining intra-entity public keys to derive a group short-term public key;
(e) each entity transmitting its intra-entity shared key and its group short term public key to the other entities; and (f) each entity computing a common shared key K by combining its group short term public key, the intra-entity shared key, and the short term public key of the other entities.

BRIEF DESCRIPTION OF THE DRAWINGS
These and other features of the preferred embodiments of the invention will become more apparent in the following detailed description in which reference is made to the appended drawings wherein:

Figure 1 is a schematic diagram of a communication system; and Figure 2 is a schematic diagram of a protocol according to an embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Referring to figure 1, a schematic diagram of a communication system is shown generally by numeral 10. The system 10 includes a first entity A (12) and a second entity B (14) that exchange data over a communication channel 16. Each of the entities A and B.include members & A2, and B1, B2, respectively. It is assumed the entities A and B include processors for performing cryptographic operations and the like. The members Al, A2 may for example represent a first group of users on a local area network (LAN) that wish to communicate securely with a second group of users B1i B2 on a second LAN or even on the same LAN.
In either case the computations may be performed for the entities A (12) and B (14) by for example a LAN
server or the like, provided that each member has its own secure boundary.

Accordingly, the present protocol ensures that all members of each entity must participate in the scheme and no sub-collection of either entity can impersonate its entire entity.
Furthermore, it is assumed that each entity and it's associated members A;, B;
have been initialized with the same system parameters. The system parameters for this protocol are an elliptic curve point P, which is the generating point of an elliptic curve over F2' of order x.
Additionally, each.of the members is initialized with respective public and private key pairs.
That is, the members A; have long term private and public key pairs (a;, a;P) and the members B;
have long term private and public key pairs (bi, b;P), respectively.
The private key of the entity A is then (a, + a2) and its corresponding public key is (al +
a2) P. Similarly, for entity B its private key is (b, + b2) and its corresponding public key is (bl +
b2) P. These public keys are published by the entities.
Now assuming entities A (12) and B (14) wish to agree upon a common key, which may then be used for subsequent cryptographic communications between the activities.
Referring thus to figure 2, a schematic diagram of an embodiment of the protocol according to the present invention is shown generally by numera140. The member At generates a random value xl ( its short term private key, also known as ephemeral or session key) and computes a corresponding value xtP( its short term public key), similarly, member A2 generates a random value x2 and computes a corresponding value x2P. Preferably 0< a; < n-1 and 0 < x; <
n-1. Next, the members A2 and A, exchange their session public keys xjP and xZP. This may be termed a first intra-entity key exchange.
Next, member At computes r = x1P + x2P and similarly, entity A2 computes r =
x2P + xjP.
Thus, establishing an intra-entity shared key.
Next, each member Al computes its short term intra-entity public key sl using its short term private key and long term private key combined with a function f of the intra-entity public key, that is sl = xl + at f(r) (mod n), where f is typically a hash function such as SHA-1 and n is the order of the curve. Similarly, member A2 computes its intra-entity public key s2 = xZ + a2 f (r) (mod n.).
The entity A transmits the intra-entity shared key r to the entity B. The entity A also computes an entity or group short term public key, which is derived from a summing of the intra-entity public key of each member s= st + S2 = xI+ x2 +(al + a2) f(r) mod n.
Entity A then also transmits the group short-term public key s to the entity B.
The entity B similarly computes the analogous information using its own public and private keys using the same computations performed by entity A. Thus, B
computes a intra-entity shared key r using the short term public keys of each of the members.
Next, each of the members in B compute their own intra-entity public key t; = y; + bi f( r) mod n. The entity B

then sends r to the entity A and computes the group short-term public key t =
t, + t2 which is transmitted to the entity A.
The entity A then computes a value K which is the shared key between the entities A and B by computing K = s (r+(bP) f( r)) = s(t)P. The entity B also computes K
using t, r, and aP(or s), K = t(s)P.

Consequently, if a member of the entity A, either A, or A2, is not present in the scheme then the group short term public key, s, changes, as does the value for K.
Therefore, communication with entity B would not be successful without establishing a new session.
Similarly, if either B 1 or B2 is not present in the scheme then the group short term public key, t, changes, altering the value of K. In this case, communication with A would not be successful without establishing a new session.
Although the above scheme has been described with respect to the elliptic curve systems which is an additive group, it may analogously be used in multiplicative groups. Furthermore the above protocol although exemplified with two members per entity, may be generalized where each party or entity consists of a collection of members say A={Al, AZ...An}
and B={Bt, B2, .. .Bm} where m is not necessarily equal to n and at least one of m or n is at least two (that is, not both A and B consist of one individual). The notation may be generalized as follows:
Ei - entity i Mij - member j of entity i Pr;j - long term private key of member (ij) Pu;j - long term public key of member (ij) Pu; - long term public key of entity (i) X;j - short term private key of member (ij) Xij - short term public key of member (ij) X; - intra-entity shared key of entity i si - intra-entity public key of entity i S; - group or entity short term public key of entity i Pui - long term public key received from the other entities Xi - intra-entity shared key received from the other entities Si - group or entity short term public key received from the other entities Although the invention has been described with reference to certain specific embodiments, various modifications thereof will be apparent to those skilled in the art without departing from the spirit and scope of the invention as outlined in the claims appended hereto.

Claims (40)

1. A method for generating a shared secret value between entities (A, B) in a data communication system, one or more of said entities having a plurality of members (A i, B i) for participation in said communication system, each member having a long term private key and a corresponding long term public key said method comprising the steps of:
(a) generating an entity long term public key for each entity by combining the long term public keys of each members of the entity.
(b) generating a short term private and a corresponding short term public key for each of the members;
(c) making said short term public keys available to members within an entity;
(d) for each member:
i. computing an intra-entity shared key by mathematically combining said short term public keys of each said member;
ii. computing an intra-entity public key by mathematically combining its short-term private key, the long term private key and said intra-entity shared key;
(e) for each entity combining intra-entity public keys to derive a group short-term public key;

(f) each entity making its intra-entity shared key and its entity long term public key available to said other entities; and (g) each entity computing a common shared key K by combining its group short term public key, with the intra-entity shared key, and an entity long term public key received from the other entity.
2. The method as defined in claim 1, said long term public key being derived from a generator point P and respective ones of said long term private keys.
3. The method as defined in claim 2, said step (b) including each member selecting a random integer x i and multiplying said point P by a respective random integer x i to obtain x iP, the short term public key.
4. The method as defined in claim 3, said intra-entity-shared key being computed by summing said short term public keys.
5. The method as defined in claim 4, said intra-entity public key s i being derived by computing s i = x i + a i f(.SIGMA. x i P), where f is a hash function and a i is a respective private key.
6. The method as defined in claim 5, said group short term public key being derived by computing .SIGMA. s i.
7. The method as defined in claim 1, said long term public keys being derived from a generator g and respective ones of said long term private keys.
8. The method as defined in claim 7, said step (a) including the step of each member selecting a random integer (x ij) and exponentiating a function h(g) including said generator to a power g(x ij) to obtain the short term public key X ij = h(g) g(x ij).
9. The method as defined in claim 8, said intra-entity shared key (X i) being computed by each entity multiplying each of its short-term public keys X ij together.
10. The method as defined in any one of claims 1 to 9, including the step of exchanging the entity long term public key between entities.
11. A computer readable medium carrying computer readable instructions for executing the method as defined in any one of claims 1 to 10.
12. A system for generating a shared secret value between entities (A, B) in a data communication system, said system comprising at least one of said entities having a plurality of members (A i, B i), each member having a long term private key and a corresponding long term public key, said at least one of said entities comprising a cryptographic processor configured to execute computer readable instructions for:
(a) generating an entity long term public key by combining the long term public keys of said members of the entity;
(b) generating a short term private and a corresponding short term public key for each of the members;
(c) making said short term public keys available to members within an entity;
(d) for each member:
i. computing an intra-entity shared key by mathematically combining said short term public keys of each said member;
ii. computing an intra-entity public key by mathematically combining its short-term private key, the long term private key and said intra-entity shared key;
(e) combining said intra-entity public keys of said members to derive a group short-term public key;
(f) making said intra-entity shared key and said entity long term public key available to an other entity; and (g) computing a common shared key K by combining said group short term public key with said intra-entity shared key and an entity long term public key obtained from said other entity.
13. The system as defined in claim 12, said long term public key being derived from a generator point P and respective ones of said long term private keys.
14. The system as defined in claim 13, said instruction (b) comprising having each member select a random integer x i and multiplying said point P by a respective random integer x i to obtain x iP, the short term public key.
15. The system as defined in claim 14, said intra-entity-shared key being computed by summing said short term public keys.
16. The system as defined in claim 15, said intra-entity public key s i being derived by computing s i = x i + a i f(.SIGMA. x iP), where f is a hash function and a i is a respective private key.
17. The system as defined in claim 16, said group short term public key being derived by computing .SIGMA. s i.
18. The system as defined in claim 12, said long term public keys being derived from a generator g and respective ones of said long term private keys.
19. The system as defined in claim 18, said instruction (a) comprising having each member select a random integer (x ij) and exponentiate a function h(g) including said generator to a power g(x ij) to obtain the short term public key X ij = h(g) g(x ij).
20. The system as defined in claim 19, said intra-entity shared key (X i) being computed by each entity multiplying each of its short-term public keys X ij together.
21. The system as defined in any one of claims 12 to 20, wherein said cryptographic processor is configured for exchanging the entity long term public key between entities.
22. A method of a first entity generating a group short term public key for use in establishing a shared secret value with a second entity in a data communication system, said first entity having a plurality of members for participation in said communication system, each of said plurality of members having a long term private key and a corresponding long term public key, said method comprising said first entity:
a) generating a short term private key and a corresponding short term public key for each of said plurality of members;

b) exchanging short term public keys of said plurality of members within said one entity;

c) for each of said plurality of members:
i) computing an intra-entity shared key by mathematically combining said short term public keys of each of said plurality of members; and ii) computing a respective intra-entity public key by mathematically combining its short term private key, its long term private key and said intra-entity shared key; and d) combining said intra-entity public keys of said plurality of members to derive said group short term public key.
23. The method according to claim 22 further comprising the step of said first entity transmitting said intra-entity shared key and an entity long term public key of said first entity to said second entity and receiving from said second entity a respective intra-entity shared key and an entity long term public key of said second entity derived thereby.
24. The method according to claim 23 further comprising the step of said first entity computing a shared key K by combining its group short term public key, the intra-entity shared key of said second entity, and said entity long term public key of said second entity.
25. The method according to claim 22, said long term public key being derived from a generator point P and respective ones of said long term private keys.
26. The method according to claim 25 wherein said step a) comprises each member selecting a random integer x i and multiplying said point P by a respective random integer x i to obtain x i P, said short term public key.
27. The method according to claim 22, said intra-entity shared key being computed by summing said short term public keys.
28. The method according to claim 26, said intra-entity public key represented as s i, being derived by computing s i = x i + a i f(.SIGMA. x i P) , where a i represents said long term private key and f is a hash function.
29. The method according to claim 28, said group short term public key being derived by computing .SIGMA.s i.
30. The method according to claim 22, said long term public keys being derived from a generator g and respective ones of said long term private keys.
31. A computer readable medium carrying computer readable instructions for executing the method as defined in any one of claims 22 to 30.
32. A first entity in a data communication system having a plurality of members for participation in said data communication system, each said plurality of members having a long term private key and a corresponding long term public key, said first entity comprising a cryptographic processor configured for generating a group short term public key for use in establishing a shared secret value with a second entity in said data communication system by executing computer readable instructions for:
a) generating a short term private key and a corresponding short term public key for each of said plurality of members;
b) exchanging short term public keys of said plurality of members within said one entity;
c) for each of said plurality of members:
i) computing an intra-entity shared key by mathematically combining said short term public keys of each of said plurality of members; and ii) computing a respective intra-entity public key by mathematically combining its short term private key, its long term private key and said intra-entity shared key; and d) combining said intra-entity public keys of said plurality of members to derive said group short term public key.
33. The first entity according to according to claim 32 wherein said cryptographic process is further configured for having said first entity transmit said intra-entity shared key and an entity long term public key of said first entity to said second entity and receive from said second entity a respective intra-entity shared key and an entity long term public key of said second entity derived thereby.
34. The first entity according to claim 33 wherein said cryptographic processor is further configured for having said first entity compute a shared key K by combining its group short term public key, the intra-entity shared key of said second entity, and said entity long term public key of said second entity.
35. The first entity according to claim 32, said long term public key being derived from a generator point P and respective ones of said long term private keys.
36. The first entity according to claim 35 wherein said instruction a) comprises having each member select a random integer x i and multiply said point P by a respective random integer x i to obtain x i P, said short term public key.
37. The first entity according to claim 32, said intra-entity shared key being computed by summing said short term public keys.
38. The first entity according to claim 35, said intra-entity public key represented as s i, being derived by computing s i = x i + a i f(.SIGMA.x i P) , where a i represents said long term private key and f is a hash function.
39. The first entity according to claim 38, said group short term public key being derived by computing .SIGMA.s i.
40. The first entity according to claim 32, said long term public keys being derived from a generator g and respective ones of said long term private keys.
CA002277633A 1999-07-19 1999-07-19 Split-key key-agreement protocol Expired - Lifetime CA2277633C (en)

Priority Applications (10)

Application Number Priority Date Filing Date Title
CA002277633A CA2277633C (en) 1999-07-19 1999-07-19 Split-key key-agreement protocol
DE60006147T DE60006147T2 (en) 1999-07-19 2000-07-19 Key approval protocol with separate keys
PCT/CA2000/000838 WO2001006697A2 (en) 1999-07-19 2000-07-19 Split-key key-agreement protocol
AU61437/00A AU6143700A (en) 1999-07-19 2000-07-19 Split-key key-agreement protocol
EP00947716A EP1226678B1 (en) 1999-07-19 2000-07-19 Split-key key-agreement protocol
US09/619,633 US6934392B1 (en) 1999-07-19 2000-07-19 Split-key key-agreement protocol
US11/155,899 US7272226B2 (en) 1999-07-19 2005-06-20 Split-key key-agreement protocol
US11/855,608 US7840004B2 (en) 1999-07-19 2007-09-14 Split-key key-agreement protocol
US12/950,626 US8170207B2 (en) 1999-07-19 2010-11-19 Split-key key-agreement protocol
US13/451,467 US8520847B2 (en) 1999-07-19 2012-04-19 Split-key key-agreement protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CA002277633A CA2277633C (en) 1999-07-19 1999-07-19 Split-key key-agreement protocol

Publications (2)

Publication Number Publication Date
CA2277633A1 CA2277633A1 (en) 2001-01-19
CA2277633C true CA2277633C (en) 2009-10-20

Family

ID=4163763

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002277633A Expired - Lifetime CA2277633C (en) 1999-07-19 1999-07-19 Split-key key-agreement protocol

Country Status (6)

Country Link
US (5) US6934392B1 (en)
EP (1) EP1226678B1 (en)
AU (1) AU6143700A (en)
CA (1) CA2277633C (en)
DE (1) DE60006147T2 (en)
WO (1) WO2001006697A2 (en)

Families Citing this family (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2277633C (en) 1999-07-19 2009-10-20 Certicom Corp. Split-key key-agreement protocol
US7421082B2 (en) * 2000-12-28 2008-09-02 Sony Corporation Data delivery method and data delivery system using sets of passkeys generated by dividing an encryption key
DE10137152A1 (en) * 2001-07-30 2003-02-27 Scm Microsystems Gmbh Procedure for the transmission of confidential data
DE10141396A1 (en) * 2001-08-23 2003-03-13 Deutsche Telekom Ag Method for generating an asymmetric cryptographic group key
GB0124686D0 (en) 2001-10-15 2001-12-05 Hewlett Packard Co A scheme for splitting trusted authorities based on the shamir's secret sharing
GB0124670D0 (en) * 2001-10-15 2001-12-05 Hewlett Packard Co Method and apparatus for encrypting data
GB0124681D0 (en) 2001-10-15 2001-12-05 Hewlett Packard Co Method and apparatus for encrypting data
EP1500289B1 (en) 2002-01-16 2009-08-19 Broca Communications Limited Secure messaging via a mobile communications network
KR100398161B1 (en) * 2002-02-26 2003-09-26 한국정보보호진흥원 Password-based protocol secure against server's dictionary attack
US7457964B2 (en) * 2004-02-04 2008-11-25 Microsoft Corporation Trusted path for transmitting content thereon
US7646872B2 (en) * 2004-04-02 2010-01-12 Research In Motion Limited Systems and methods to securely generate shared keys
AU2005228061A1 (en) 2004-04-02 2005-10-13 Research In Motion Limited Deploying and provisioning wireless handheld devices
WO2006020426A2 (en) * 2004-07-29 2006-02-23 Infoassure, Inc. Cryptographic key construct
CA2594670C (en) 2005-01-21 2014-12-23 Certicom Corp. Elliptic curve random number generation
US7636794B2 (en) * 2005-10-31 2009-12-22 Microsoft Corporation Distributed sensing techniques for mobile devices
US8102863B1 (en) 2006-06-27 2012-01-24 Qurio Holdings, Inc. High-speed WAN to wireless LAN gateway
US8615778B1 (en) 2006-09-28 2013-12-24 Qurio Holdings, Inc. Personalized broadcast system
US7983440B1 (en) 2006-11-02 2011-07-19 Qurio Holdings, Inc. Selection of I-frames for client-side watermarking
US7738676B1 (en) 2006-11-02 2010-06-15 Qurio Holdings, Inc. Client-side watermarking using hybrid I-frames
US7802306B1 (en) 2006-11-30 2010-09-21 Qurio Holdings, Inc. Multiple watermarks for digital rights management (DRM) and content tracking
US8000474B1 (en) 2006-12-15 2011-08-16 Quiro Holdings, Inc. Client-side protection of broadcast or multicast content for non-real-time playback
US8391479B2 (en) * 2007-03-07 2013-03-05 Research In Motion Limited Combining interleaving with fixed-sequence windowing in an elliptic curve scalar multiplication
US8135947B1 (en) 2007-03-21 2012-03-13 Qurio Holdings, Inc. Interconnect device to enable compliance with rights management restrictions
US9191605B1 (en) 2007-03-26 2015-11-17 Qurio Holdings, Inc. Remote monitoring of media content that is associated with rights management restrictions
US7895442B1 (en) 2007-06-18 2011-02-22 Qurio Holdings, Inc. Interconnect device to enable compliance with rights management restrictions
WO2009019932A1 (en) * 2007-08-09 2009-02-12 Nec Corporation Key exchange device
US8321682B1 (en) * 2008-01-24 2012-11-27 Jpmorgan Chase Bank, N.A. System and method for generating and managing administrator passwords
US8892881B2 (en) * 2009-03-03 2014-11-18 The Governing Council Of The University Of Toronto Split key secure access system
US8527766B2 (en) * 2009-12-30 2013-09-03 Microsoft Corporation Reducing leakage of information from cryptographic systems
US8517550B2 (en) 2010-02-15 2013-08-27 Abl Ip Holding Llc Phosphor-centric control of color of light
US8681992B2 (en) * 2012-02-13 2014-03-25 Alephcloud Systems, Inc. Monitoring and controlling access to electronic content
US9197422B2 (en) * 2013-01-24 2015-11-24 Raytheon Company System and method for differential encryption
US9412031B2 (en) * 2013-10-16 2016-08-09 Xerox Corporation Delayed vehicle identification for privacy enforcement
US9779284B2 (en) * 2013-12-17 2017-10-03 Conduent Business Services, Llc Privacy-preserving evidence in ALPR applications
CN106470104B (en) 2015-08-20 2020-02-07 阿里巴巴集团控股有限公司 Method, device, terminal equipment and system for generating shared key
EP3364596A1 (en) * 2017-02-15 2018-08-22 Koninklijke Philips N.V. Key exchange devices and method
EP3402118A1 (en) * 2017-05-10 2018-11-14 Koninklijke Philips N.V. Key agreement devices and method
US11418364B2 (en) 2017-06-07 2022-08-16 Combined Conditional Access Development And Support, Llc Determining a session key using session data
US11405191B2 (en) * 2020-05-13 2022-08-02 Apple Inc. Guaranteed encryptor authenticity

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5491750A (en) 1993-12-30 1996-02-13 International Business Machines Corporation Method and apparatus for three-party entity authentication and key distribution using message authentication codes
US5491749A (en) 1993-12-30 1996-02-13 International Business Machines Corporation Method and apparatus for entity authentication and key distribution secure against off-line adversarial attacks
US5761305A (en) 1995-04-21 1998-06-02 Certicom Corporation Key agreement and transport protocol with implicit signatures
US6487661B2 (en) * 1995-04-21 2002-11-26 Certicom Corp. Key agreement and transport protocol
JPH1115373A (en) * 1997-06-20 1999-01-22 Fuji Xerox Co Ltd Open key coding system
US6336188B2 (en) * 1998-05-01 2002-01-01 Certicom Corp. Authenticated key agreement protocol
CA2241705C (en) 1998-06-26 2006-06-20 Certicom Corp. A method for preventing key-share attacks
US6584566B1 (en) * 1998-08-27 2003-06-24 Nortel Networks Limited Distributed group key management for multicast security
US6256733B1 (en) * 1998-10-08 2001-07-03 Entrust Technologies Limited Access and storage of secure group communication cryptographic keys
CA2277633C (en) 1999-07-19 2009-10-20 Certicom Corp. Split-key key-agreement protocol
ATE467973T1 (en) 2001-04-12 2010-05-15 Research In Motion Ltd SYSTEM AND METHOD FOR DYNAMICALLY PUSHING INFORMATION TO WIRELESS DATA TRANSMISSION DEVICES
US7181015B2 (en) * 2001-07-31 2007-02-20 Mcafee, Inc. Method and apparatus for cryptographic key establishment using an identity based symmetric keying technique
CA2369540C (en) * 2001-12-31 2013-10-01 Certicom Corp. Method and apparatus for computing a shared secret key
US20040073795A1 (en) * 2002-10-10 2004-04-15 Jablon David P. Systems and methods for password-based connection
US7328282B2 (en) * 2003-10-23 2008-02-05 International Business Machines Corporation Aspect oriented web service invocation
AU2005228061A1 (en) * 2004-04-02 2005-10-13 Research In Motion Limited Deploying and provisioning wireless handheld devices

Also Published As

Publication number Publication date
US20120257745A1 (en) 2012-10-11
EP1226678B1 (en) 2003-10-22
EP1226678A2 (en) 2002-07-31
US8170207B2 (en) 2012-05-01
AU6143700A (en) 2001-02-05
US7272226B2 (en) 2007-09-18
US6934392B1 (en) 2005-08-23
US8520847B2 (en) 2013-08-27
DE60006147D1 (en) 2003-11-27
US7840004B2 (en) 2010-11-23
DE60006147T2 (en) 2004-08-26
WO2001006697A3 (en) 2001-05-10
WO2001006697A2 (en) 2001-01-25
CA2277633A1 (en) 2001-01-19
US20110064226A1 (en) 2011-03-17
US20080056499A1 (en) 2008-03-06
US20060123235A1 (en) 2006-06-08

Similar Documents

Publication Publication Date Title
CA2277633C (en) Split-key key-agreement protocol
EP0873617B1 (en) Key agreement and transport protocol with implicit signatures
US5889865A (en) Key agreement and transport protocol with implicit signatures
US6483921B1 (en) Method and apparatus for regenerating secret keys in Diffie-Hellman communication sessions
US8209533B2 (en) Key agreement and transport protocol
CA2525894C (en) Key agreement and transport protocol
Mandt et al. Certificateless authenticated two-party key agreement protocols
CA2054037C (en) Cryptographic system allowing encrypted communication between users with a secure mutual cipher key determined without user interaction
US9571274B2 (en) Key agreement protocol
EP1496644A2 (en) Method for signature and session key generation
CN1937496A (en) Extensible false name certificate system and method
US20160352689A1 (en) Key agreement protocol
US7444514B2 (en) Group key exchanges with failures
EP2493112B1 (en) Accelerated key agreement with assisted computations
WO2016187690A1 (en) Key agreement protocol
Meng et al. A secure and efficient on-line/off-line group key distribution protocol
EP1768300B1 (en) Key agreement and transport protocol with implicit signatures
Verma et al. A Paring-Free ID-Based Authenticated Key Agreement Protocol for IoT Environment
Tso et al. ID-based key agreement for dynamic peer groups in mobile computing environments
Wu et al. Self-Certified Approach for Authenticated Key Agreement
CA2892787A1 (en) Key agreement protocol

Legal Events

Date Code Title Description
EEER Examination request