Showing papers on "Revocation published in 1999"

A Quick Group Key Distribution Scheme with Entity Revocation

Abstract: This paper proposes a group key distribution scheme with an “entity revocation”, which renews a group key of all the entities except one (or more) specific entity (ies). In broadcast systems such as Pay-TV, Internet multicast and mobile telecommunication for a group, a manager should revoke a dishonest entity or an unauthorized terminal as soon as possible to protect the secrecy of the group communication. However, it takes a long time for the “entity revocation” on a large group, if the manager distributes a group key to each entity except the revoked one. A recently published paper proposed a group key distribution scheme in which the amount of transmission and the delay do not rely on the number of entities of the group, using a type of secret sharing technique. This paper devises a novel key distribution scheme with “entity revocation” that makes frequent key distribution a practical reality. This scheme uses a technique similar to “threshold cryptosystems” and the one-pass Diffie-Hellman key exchange scheme.

A model of certificate revocation

Abstract: This paper presents a model for the distribution of revocation information using certificate revocation lists (CRLs). This model is used to highlight inefficiencies in the "traditional" method of distributing certificate status information using CRLs. Two alternative CRL-based revocation distribution mechanisms, over-issued CRLs and segmented CRLs, are then presented. The original model is then expanded to encompass each of the alternative mechanisms and these expanded models are used to demonstrate the advantages of the alternative mechanisms to the "traditional" method. Finally the paper offers some suggestions for choosing the best CRL-based revocation distribution mechanism for any particular environment.

Authentication system and process

Abstract: An authentication system and process are provided. One aspect of the process of the present invention includes authorizing a first on-line revocation server (OLRS, 206a) to provide information concerning certificates issued by a cerficate authority (CA, 204a) that have been revoked. If the first OLRS is compromised, a second OLRS (206b) is authorized to provide certificate revocation information, but certificates issued by the CA remain valid unless indicated by the second OLRS to be revoked.

Fast checking of individual certificate revocation on small systems

Abstract: High-security network transactions require the checking of the revocation status of public key certificates. On mobile systems this may lead to excessive delays and unacceptable performance. This paper examines small system requirements and options, with a view to improving performance. It is shown that the use of keyed hash functions (message authentication codes) with a pre-registration option reduces network latency and allows stateless servers.

Method for secured access to data in a network

Abstract: The invention relates to a method which ensures respect for data protection rights, especially as regards personal data which are available in a network with distributed memories. According to said method access rights to the data available in the network are distributed to owners, with the possibility of revocation, and the data are stored in the network only after authorization has been given by the owner holding the rights to the data. When certain data are requested only the references of those data records for which the requestor holds the access rights can be given. Data which are available but for which there are no access rights cannot be recognized. Should someone wish to access data the access rights can again be verified before access to said data is authorized.

Storage medium and contents protecting method using the medium

Abstract: PROBLEM TO BE SOLVED: To protect contents by making illegal electronic equipment ineffective when a storage medium is mounted on the electronic equipment represented by revocation information and used by previously registering the revocation information in a specific storage area of the storage medium. SOLUTION: In a read-only open ROM area 132 secured on a PM (storage medium) 13, a revocation list RL by which a PD (recording and reproducing device) to be made ineffective for contents protection can be decided is previously registered and when the PM 13 is mounted on an LCM (contents use management system) or the PD and used, a controller 130 provided on the PM 13 receives information. representing the LCM or PD from the equipment, refers to the revocation list RL with the information, and determines whether or not the equipment is made ineffective according to the reference result.

A quick group key distribution scheme with entity revocation

Abstract: This paper proposes a group key distribution scheme with an entity revocation, which renews a group key of all the entities except one (or more) specific entity (ies). In broadcast systems such as Pay-TV, Internet multicast and mobile telecommunication for a group, a manager should revoke a dishonest entity or an unauthorized terminal as soon as possible to protect the secrecy of the group communication. However, it takes a long time for the entity revocation on a large group, if the manager distributes a group key to each entity except the revoked one. A recently published paper proposed a group key distribution scheme in which the amount of transmission and the delay do not rely on the number of entities of the group, using a type of secret sharing technique. This paper devises a novel key distribution scheme with entity revocation that makes frequent key distribution a practical reality. This scheme uses a technique similar to threshold cryptosystems and the one-pass Diffie-Hellman key exchange scheme.

Offline verification of integrated circuit card using hashed revocation list

Abstract: A system that performs offline verification of integrated circuit (IC) devices (such as smart cards, electronic wallets, PC cards and the like) includes an issuing unit and multiple point-of-transaction units. The issuing unit maintains a database that stores a recovation list of ID codes of bad IC devices that have been revoked. The issuing unit partitions the ID codes on the revocation list into multiple buckets and derives a revocation vector into the buckets. The issuing unit occasionally downloads the recovation vector to multiple point-of-transaction units, such as merchant computers, standalone kiosks, vending machines, and the like. During a transaction, a point-of-transaction unit verifies a tendered IC device in an offline procedure. The point-of-transaction unit takes the ID code of the tendered IC device, partitions it, and compares the result to the revocation vector to determine whether the ID code partitions into a non-empty bucket. If so, the ID code of the tendered IC device might be on the revocation list and the point-of-transaction unit initiates an online authentication process to further verify the IC device. Otherwise, if the ID code partitions to an empty bucket, the IC device is not on the revocation list and the transaction may proceed.

An information theoretic approach to secure multicast key management

Abstract: New results are presented for recently proposed rooted tree based secure multicast key revocation schemes by studying the information theoretic properties of member revocation events. It is shown that the optimal average number of keys per person is given by the entropy of the member revocation event and the currently available solutions correspond to the worst case or the maximum entropy scenario. It is shown that the previously proposed key assignment (Caronni et al., 1998) corresponds to optimal source coding and is susceptible to attack by compromise or collusion of multiple members.