Simplified management of group secrets by group members

摘要

A method for key management is disclosed, wherein in adding a new device to a device group, the device group including a plurality of devices, wherein each device in the device group possesses device keys of all other devices in the device group for encryption of messages, except its own device key and wherein the device group includes a group manager device that possesses all device keys of the devices in the device group, the method includes, establishing a secure connection between the new device and the group manager device in the device group; sending, by the group manager device in the device group, the device keys of all devices in the device group to the new device; generating and distributing, a device key of the new device to all other devices in the device group. This approach is also generalized to k-resilient schemes.

主权项

1. A method of managing membership of a device group, the device group comprising a plurality of devices, wherein each device in the device group possesses device keys of all other devices in the device group, except its own device key, the method comprising:
electing one of the device group members as a group manager device, the group manager device possessing all device keys of the devices in the device group, including its own device key; proving, by the group manager, its group manager identity to another device in the device group by encrypting and sending a message using all device keys that the other device possesses, and in case of adding a new device to the device group: establishing a secure connection between the new device and the group manager device; sending, by the group manager device, the device keys of all devices in the device group to the new device; generating and distributing, by one of the devices in the device group, a device key of the new device to all other devices in the device group, and in case of removing a device from the device group: generating and distributing, by any combination of devices remaining in the device group, new device keys for the devices remaining in the device group, such that each of the devices other than the group manager device does not generate its own new device key and does not receive its own new device key.