1. Field of the Invention
The present invention relates to a terminal device, a group management server, and a network communication system that can generate or update encryption keys used to encrypt and/or decrypt information on networks such as multicast networks, as well as to a method for generating an encryption key.
2. Description of the Prior Art
As the digitization has spread in information processing and communication technologies, various electronic devices are connected to various networks and the information exchange is becoming increasingly high-speed and large-volume. Transmitting and receiving information via network communications has various advantages such as immediacy or simplicity in information exchange. However, this causes some problems such as fraudulent use or interception of information. Recently, there is an increasing need for protecting information confidentiality as a method to solve these problems. In addition, with advancement of network technologies, there is another increasing need for unicast communications such as one-to-one communications, but also multicast communications that transmit information only to the registered members as well as broadband communications that transmit information to the general public. A method for protecting information confidentiality in such multicast communications involves distributing encryption/decryption keys for encrypting/decrypting information to the members authorized to transmit and receive information that in turn encrypt/decrypt information with the encryption/decryption keys for transmission and reception of information, thereby preventing third parties from fraudulently using or intercepting such information.
On the other hand, in multicast communications, when a member is deleted from a group, it is necessary to revoke a formerly used group encryption key and generate a new group encryption key that is to be distributed to and used by the other members in the group, in order to prevent information subsequently transmitted and received in the group from being decrypted and viewed by the deleted member. At this moment, such down time will occur that encrypted communications cannot be established in the group until the new group encryption key is distributed. Thus, one of the challenges in multicast communications is to minimize such down time.
There has been proposed a prior art technology that addresses the above-mentioned challenge, as disclosed in Japanese Patent Laid-Open No. 2005-159780. This technology provides encrypted communications in such multicast communications utilizing a sub-group encryption key that is temporarily used by the remaining members so that possible down time until distribution of a new group encryption key may be eliminated in deleting members. The “sub-group encryption key” refers to a key excluding a specific node. When the number of members is N (N is any natural number), one node retains N−1 sub-group encryption keys. Upon receipt of a member deletion request, a key management server needs to generate a new group encryption key and a sub-group encryption key and distribute them to each node.
However, although the above prior art technology may eliminate the down time in deleting members, it would require a significant amount of communications in updating a group encryption key, since the key management server must distribute a new group encryption key and a sub-group encryption key to each node. Therefore, the prior art technology is not appropriate for circumstances with a limited communication bandwidth.
An object of the invention is to solve the above-mentioned problems and challenges, and in particular, to update a group encryption key with little communication in multicast by updating at each node a group encryption key for use in protecting information confidentiality (which is shared among the group), as well as to eliminate any down time that would otherwise occur in updating keys.
Besides, main stakeholders associated with the invention are members, which are defined as follows:                members: nodes that are authorized to join/leave a group and that use their terminals to encrypt/decrypt information.        