Video surveillance systems using out of band key exchange
US-12177293-B2 · Dec 24, 2024 · US
Management of group secrets by group members
US9948455B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9948455-B2 |
| Application number | US-201214344684-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 14, 2012 |
| Priority date | Sep 20, 2011 |
| Publication date | Apr 17, 2018 |
| Grant date | Apr 17, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method of adding a new device ( 221 ) to a device group ( 210 ), the device group ( 210, 220 ) including a plurality of devices, wherein each device in the device group possesses a device group key and device keys of all other devices in the device group for encryption of messages, except its own device key. The method includes: establishing a secure connection between the new device ( 221 ) and a first device ( 211 ) in the device group ( 210 ); sending, by the first device ( 211 ) in the device group ( 210 ), the device group key and device keys of all other devices ( 212, 213, . . . , 21 N) in the device group ( 210 ) to the new device ( 221 ); distributing, by one of the other devices ( 212, 213, . . . , 21 N) in the device group ( 210 ), the device key of the first device ( 211 ) in the device group ( 210 ) to the new device ( 221 ); generating and distributing, by one of the devices ( 211, 212, 213, . . . , 21 N) in the device group ( 210 ), a device key of the new device ( 221 ) to all other devices ( 211, 212, 213, . . . , 21 N) in the device group ( 210 ). This approach is also generalized to k-resilient schemes.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method of adding a new device to a device group comprising a plurality of devices, the method comprising: establishing a secure connection between the new device and a first device in the device group; sending, from the first device in the device group to the new device, a device group key to encrypt or decrypt messages sent or received to or from the device group; sending, from the first device in the device group to the new device, device keys of all other devices in the device group to encrypt or decrypt messages sent or received to or from a respective device in the device group; sending, from one of the other devices in the device group to the new device, the device key of the first device to encrypt or decrypt messages sent or received to or from the first device; encrypting, by the first device using the device group key, a device key associated with the new device to encrypt or decrypt messages sent or received to or from the new device; and generating and distributing, from the first device to all other devices in the device group except to the new device, the device key associated with the new device. 2. The method according to claim 1 , further comprising generating, by all the devices in the device group, a new device group key to encrypt or decrypt messages sent or received to or from the device group. 3. The method according to claim 1 , further comprising for each device in the device group, re-keying all device keys contained in each device. 4. The method according to claim 2 , wherein the generating of the new device group key further comprises performing a one-way function on the device group key. 5. The method according to claim 3 , wherein the re-keying further comprises performing a one-way function on the device keys. 6. A method of managing a membership of a device group, the device group comprising a plurality of devices, the method comprising: when adding a new device to the device group: establishing a secure connection between the new device and a first device in the device group; sending, from the first device in the device group to the new device, a device group key to encrypt or decrypt messages sent or received to or from the device group; sending, from the first device in the device group to the new device, device keys of all other devices in the device group to encrypt or decrypt messages sent or received to or from a respective device in the device group; sending, from one of the other devices in the device group to the new device, the device key of the first device to encrypt or decrypt messages sent or received to or from the first device in the device group; encrypting, by the first device using the device group key, a device key associated with the new device to encrypt or decrypt messages sent or received to or from the new device; and generating and distributing, from the first device to all other devices in the device group except to the new device, the device key associated with the new device; when removing a device from the device group: generating and distributing, by a first device remaining in the device group, new device keys to encrypt or decrypt messages sent or received to or from a respective device remaining in the device group, such that each remaining device only receives new device keys belonging to other remaining devices in the group; generating and distributing, from one of the other remaining devices in the device group to all other remaining devices in the device group except to the first device, a new device key of the first device remaining in the device group to encrypt or decrypt messages sent or received to or from the first device remaining in the device group; and generating and distributing, by one of the other devices remaining in the device group, a new device group key to all other devices remaining in the device group. 7. The method according to claim 6 , further comprising: when adding a new device to the device group, generating a new device group key by all the devices in the device group by performing a one-way function on the device group key; and when removing a device from the device group, generating the new device group key randomly. 8. The method according to claim 6 , further comprising: when adding a new device to the device group, for each device in the device group, re-keying all device keys contained by each device; and when removing a device from the device group, generating the new device keys randomly. 9. The method according to claim 6 , wherein: when removing a device from the device group, the new device key of the first device remaining in the device group is distributed after having been encrypted with an old device key of the first device and the device key of the device being removed. 10. The method according to claim 6 , wherein: when removing a device from the device group, each of the new device keys for each of the other devices remaining in the device group are distributed after having been encrypted with the device key of the device being removed from the device group and with an old device key. 11. The method according to claim 6 , wherein: when removing a device from the device group, the new device group key is distributed after having been encrypted with the device key of the device being removed from the device group. 12. A method of managing a membership of a device group, the device group comprising multiple devices, wherein each device in the device group possesses key material for encrypting messages to the device group or to a subset of the device group, the method comprising: when adding a new device to the subset of the device group: establishing secure connections between the new device and the devices in the device group; sending, by the devices in the device group, the key material to the new device; generating, by the devices in the device group, new key material to encrypt messages that are to be decrypted by all devices in said subset of the device group and by the new device being added to the subset; and distributing re-keyed material to the devices in the device group except the subset of the device group; and when removing a device from the subset of the device group: generating, by the devices remaining in the device group, new key material to encrypt messages that are to be decrypted by all devices in each subset of the device group that does not include the device to be removed; and distributing said key material to all devices in each subset of the device group that does not include the device to be removed. 13. The method according to claim 12 , further comprising when adding a new device to the device group, each device in the device group, rekeying said key material with a one-way function.
Assignees
Inventors
Classifications
for group communications (cryptographic mechanisms or cryptographic arrangements for key management involving conference or group key H04L9/0833) · CPC title
Key scheduling, i.e. generating round keys or sub-keys for block encryption · CPC title
Discovery or management of network topologies · CPC title
- H04L9/0838Primary
Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these (network architectures or network communication protocols for key exchange in a packet data network H04L63/061) · CPC title
- H04L9/0816Primary
Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9948455B2 cover?
- A method of adding a new device ( 221 ) to a device group ( 210 ), the device group ( 210, 220 ) including a plurality of devices, wherein each device in the device group possesses a device group key and device keys of all other devices in the device group for encryption of messages, except its own device key. The method includes: establishing a secure connection between the new device ( 221 ) …
- Who is the assignee on this patent?
- Bernsen Johannes Arnoldus Cornelis, Koninklijke Philips Nv
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0838. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 17 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).