CPC H04L 9/3247 (2013.01) [H04L 9/0643 (2013.01); H04L 9/0822 (2013.01); H04L 9/0894 (2013.01); H04L 9/3236 (2013.01); H04L 9/0861 (2013.01)] | 21 Claims |
1. An apparatus, comprising a hardware processor to:
generate, in a group member device of a set of group member devices, a first set of cryptographic keys for attestation of the group member device in the set of group member devices and a set of leaf nodes in a sub-tree of a Merkle tree corresponding to the first set of cryptographic keys;
forward, from the group member device to a group manager, a request to join a group managed by the group manager;
receive, from the group manager, a challenge generated from a nonce;
sign the nonce using one of leaf nodes in the set of leaf nodes;
forward the set of leaf nodes from the group member device to the group manager;
receive, in the group member device, a subset of intermediate nodes in the Merkle tree, the intermediate nodes being common to all available authentications paths through the Merkel tree for signatures originating in the sub-tree; and
determine, in the group member device, a cryptographic key that defines an authentication path through the Merkle tree, the authentication path comprising one or more nodes from the set of leaf nodes and one or more nodes from the intermediate nodes received from the group manager.
|