| 摘要 |
<p>A method and apparatus for achieving perfect forward security for closed user groups having X nodes is disclosed. A first data processing device node I (22) is coupled to a private network which is in turn coupled to the Intemet (20). A second data processing device node J (30) is coupled to the same, or to a different network, which is also coupled to the Internet (20), such that node I (22) communicates with node J (30) using the Internet protocol. A unique secret value and a public value to each of the X nodes is provided. A context variable Ni is also provided to each of the X nodes. Each of the X nodes obtain a certificate for other (X-1) nodes and obtains the other (X-1) nodes' public value ( mu <j> mod p) from the certificate. Each node in a closed user group precomputes all shared secrets (e.g., mu <(2> <N)ij mod p) for each closed group node. Each node then deletes its secret (i, j, ..., etc.). As the value of N is incremented, each node may compute ÄKijÜN for any value of N without the need to recalculate the shared secret. Upon receipt of a data packet in the context Ni (for a datagram transmitted, for example, by node I), a receiving node J computes ÄKijÜNi and decrypts the data packet using ÄKijÜN. Since it is not necessary to compute the implicit shared secret between the nodes in the closed user group, perfect forward secrecy is achieved since a cracker's discovery of the value of ÄKijÜNi, and thereby the value for a particular N of mu <(2> <N)ij mod p, will not assist in decrypting packets encrypted in contexts earlier than Ni. <IMAGE></p> |
