| 发明名称 |
Management of group secrets by group members |
| 摘要 |
A method of adding a new device (121) to a device group (110), wherein the device group comprises at least one device (111) that hosts a trusted module (151), the method including: generating keys of the trusted modules (151, 153) and devices (111, 112, 113, . . . , 11N) in the device group and a key of the new device (121); distributing the generated keys to the trusted modules (151, 153) in the device group (110); distributing the generated keys to the devices in the device group, such that each device in the device group receives the key of the new device, the keys of the trusted modules and of all other devices in the device group, except for its own key; establishing a secure authenticated channel (130) between the trusted module (151) and the new device (121); and sending to the new device (121) the generated keys except for the key of the new device. |
| 申请公布号 |
US9240980(B2) |
申请公布日期 |
2016.01.19 |
| 申请号 |
US201214345833 |
申请日期 |
2012.09.14 |
| 申请人 |
KONINKLIJKE PHILIPS N.V. |
发明人 |
Bernsen Johannes Arnoldus Cornelis;Staring Antonius Adriaan Maria |
| 分类号 |
H04L9/32;H04L29/06;H04L9/08 |
主分类号 |
H04L9/32 |
| 代理机构 |
|
代理人 |
Liberchuk Larry |
| 主权项 |
1. A method of adding a new device to a device group, wherein the device group comprises at least one device that hosts a trusted module, wherein each device and each trusted module hosted by a device in the device group possesses device keys for encryption of messages, the method comprising:
generating device keys of one or more trusted modules in the device group, device keys of one or more devices in the device group and a device key of the new device; distributing the generated device keys to each of the one or more trusted modules in the device group; distributing the generated device keys to each of the one or more devices in the device group, such that each device in the device group receives the device key of the new device, the device keys of the one or more trusted modules in the device group, and the device keys of other devices in the device group, except for its own device key; establishing a secure authenticated channel between a trusted module of the one or more trusted modules and the new device; and sending to the new device the generated device keys, except for the device key of the new device itself. |
| 地址 |
Eindhoven NL |
