Abstract: A computer-implemented method for encryption and decryption using a quantum computational model is disclosed. Such a method includes providing a model of a lattice having a system of non-abelian anyons disposed thereon. From the lattice model, a first quantum state associated with the lattice is determined. Movement of non-abelian anyons within the lattice is modeled to model formation of first and second quantum braids in the space-time of the lattice. The first quantum braid corresponds to first text. The second quantum braid corresponds to second text. A second quantum state associated with the lattice is determined from the lattice model after formation of the first and second quantum braids has been modeled. The second quantum state corresponds to second text that is different from the first text.

Abstract: Systems and methods for decryption and encryption for data being archived at archive storage systems. The system includes an archive storage coupled to host and client computers and optionally to a network attached storage. The data arriving at the archive storage may contain encrypted data. The encrypted data may be decrypted at the archive storage, at the host computer or at the network attached storage coupled to the archive storage. Indexing information is added to the decrypted data. The data is subsequently re-encrypted before being archived. Encryption key information may be obtained from a key manager or an encryption key may be generated by a host computer or a client computer.

Abstract: A decryption system is provided. The decryption system includes a first RFID tag, a second code providing apparatus and a decryption module. The first RFID tag is for storing an encrypted data generated by encrypting an original data according to a first code. The second code providing apparatus is for providing a second code. The decryption module includes an RFID reader and a computing unit. The RFID reader reads the encrypted data from the first RFID tag. The computing unit receives the second code from the second code providing apparatus without utilizing the Internet, and decrypts the encrypted data according to the second code to obtain the original data.

Abstract: A method (300) of performing photon detector autocalibration in quantum key distribution (QKD) system (200) is disclosed. The method (300) includes a first act (302) of performing a detector gate scan to establish the optimum arrival time of a detector gate pulse (S3) that corresponds with a maximum number of photon counts (NMAX) from a single-photon detector (216) in the QKD system (200). Once the optimal detector gate pulse arrival time is determined, then in an act (306), the detector gate scan is terminated and in an act (308) a detector gate dither process is initiated. The detector gate dither act (308) involves varying the arrival time (T) of the detector gate pulse (S3) around the optimal value of the arrival time established during the detector gate scan process. The detector gate dither provides minor adjustments to the arrival time to ensure that the detector (216) produces maximum number of photon counts (NMAX).

Abstract: A method for delivering a key is disclosed. The method includes encrypting a first key using a second uniquely derived key to form an encrypted first key, and providing the encrypted first key to a transaction device. The transaction device contains the second uniquely derived key.

Abstract: Systems and methods for transmitting quantum and classical signals over an optical network are disclosed, wherein the quantum signal wavelength either falls within the classical signal wavelength band, or is very close to one of the classical signal wavelengths. The system includes a deep-notch optical filter with a blocking bandwidth that includes the quantum signal wavelength but not any of the classical signal wavelengths. The deep-notch optical filtering is applied to the classical signals prior to their being multiplexed with the quantum signals to prevent noise generated by the classical signals from adversely affecting transmission of quantum signals in the transmission optical fiber. Narrow-band filtering is also applied to the quantum signals prior to their detection in order to substantially exclude spurious non-quantum-signal wavelengths that arise from non-linear effects in the optical fiber.

Abstract: Digital rights management (DRM) can be effectively implemented through use of an anchor point and binding records in a user domain and backed up through use of an escrow anchor point and an escrow binding record in an anchor point based digital rights management system. An escrow binding record provides additional functionality and reliability to a DRM system by allowing a user to use of digital content even after an access device has been lost or compromised.

Abstract: To provide a content distribution system which can prevent use of content which has been temporarily stored after the valid period. A content distribution system (1) including a license server (101) which issues a license, a content server (102) which transmits the content, a terminal device (103) which controls use of the content based on the issued license. The terminal device (103) does not allow the use of the received encrypted content when it is judged that the encrypted content received from the content server (102) is not the content received in real time.

Abstract: A ciphering processing section that applies a deciphering process to ciphered packet data based on a deciphering key held by key holding part and a count value sequentially updated by counting part. The ciphering processing section further comprises success/failure determining part that determines success/failure of the deciphering process and query part that queries an opposing wireless communication device about a resynchronization count value when a failure of the deciphering process is determined and that receives the resynchronization count value from the opposing wireless communication device. The counting part sequentially updates the count value with the received resynchronization count value as an initial value. The ciphering processing section executes a deciphering process of packet data using the sequentially updated count value.

Abstract: An apparatus and method for controlling a packet transfer period of key resynchronization information in an encryption communication system are provided. The encryption communication apparatus includes a receiving means that computes a packet loss ratio and a network transfer delay time through a received packet when the packet is received and generates network status report information for a packet size and a packet transfer period of key resynchronization information using the packet loss ratio and the network transfer delay time, and a transmitting means that transmits a packet of the key resynchronization information in the transfer period by controlling the packet size and the packet transfer period of the key resynchronization information according to the network status report information received from the receiving means when data is input.

Abstract: The present subject matter is directed to an apparatus and methodology for recording, at a central data center, telephone conversations originating from remote locations. The present subject matter has particular utility to the penal (corrections) environment in that it discloses a methodology for recording and storing voice and related data at a central data center remote from either the origination or destination locations of a telephone call placed by an inmate in a prison or other facility. The disclosed technology permits storage of both voice and call related data at a remote facility in such a manner that the data is searchably accessible by authorized personnel at other remote locations by way of network or Internet connection to the central data center.

Abstract: One and the other communication terminals for performing wireless communication are connected by a cable. The one communication terminal performs control so that an encryption key is transmitted from the one communication terminal to the other communication terminal by wireless during a period in which the potential of the cable is active. The other communication terminal stores the encryption key received from the one communication terminal within the period in which the potential of the cable is active, as a valid key, for use in subsequent encryption processing.

Abstract: An image processing method includes the steps of: dividing digital content into run-lengths each including one or more consecutive pixels having an identical color; and embedding digital watermark information in the run-lengths while saving topology (first topology preservation law).

Abstract: A cryptographic management apparatus includes a storage unit which stores cryptographic key information containing a cryptographic key and cryptographic process condition information containing the cryptographic key information, a cryptographic process information input unit which receives an input of the object information and cryptographic key search request information, a cryptographic key information acquisition unit which acquires the cryptographic key information from the storage unit based on the search request information, a cryptographic module evaluation description information acquisition unit which acquires evaluation description information of the cryptographic module corresponding to the cryptographic key information, a cryptographic process ID creation unit which attaches an identifier of the cryptographic process condition information to the object information based on the cryptographic key information and the cryptographic module corresponding to the evaluation description information, and an

Abstract: Provided is a method for updating a group key in a highly secure manner and at high speed. A method includes: a step of making subscriber terminals (20) perform a part of decryption of an encrypted group key used to decrypt the information before distribution of the group key; a step of distributing the group key and individual decryption information used to perform a part of remaining decryption other than the part of decryption of the group key and corresponding to terminal devices to the subscriber terminals (20); and a step of making the subscriber terminals (20) perform decryption of the group key using the decryption information being distributed and results obtained by implementing a part of decryption of the group key, the part of decryption previously being performed.

Abstract: The present invention provides an apparatus for securely acquire a circuit configuration information set corresponding to a new cryptosystem without increasing the number of reconfigurable circuits. A content playback apparatus 100 includes an FPGA 122 that is reconfigurable. The content playback apparatus 100 stores a decryption circuit program that shows the structure of a decryption circuit that executes decryption in accordance with a prescribed cryptosystem. The FPGA is reconfigured in accordance with the program to configure the decryption circuit. The playback apparatus 100 acquires, from outside, an encrypted file that has been generated by encrypting a file including a decryption circuit program corresponding to the new cryptosystem in accordance with the prescribed cryptosystem, and decrypts the encrypted file by the decryption circuit.

Abstract: The present invention relates to a wireless communication technology field. A method for determining a mobile IP key of a mobile terminal is provided, which includes: receiving a mobile IP registration request message of a mobile terminal, in which the mobile IP registration request message includes a key material field; and reporting material information for determining a key according to the key material field. A method for determining a mobile IP key of a mobile terminal, a mobile IP agent device, a system for obtaining a mobile IP type, and a mobile terminal are also provided. With the technical solutions provided in the present invention, the mobile IP keys and/or the mobile IP type of the mobile terminal can be correctly determined, thus achieving a fast and correct access of the mobile terminal.

Abstract: A method for secure cryptographic communication comprises transmitting information that identifies a group key from a first device to a second device. The method further comprises, in the first device, using the group key to encrypt an input vector, transmitting the encrypted input vector, encrypting privacy-sensitive information using a device key, an encryption algorithm, and the input vector, and transmitting the encrypted privacy-sensitive information to the second device.

Abstract: A method and apparatus for secure assertion of a user identifier alias. The method comprises receiving at an application server from a first device a first user identifier, a first device identifier and a first authentication key associated with the first device; receiving at the application server from the first device a second user identifier, the first device identifier and a second authentication key associated with the first device; comparing the first authentication key to the second authentication key; and storing the second user identifier at the application server as an alias of the first user identifier if the first authentication key matches the second authentication key.

Abstract: A method of autocalibrating a quantum key distribution (QKD) system (200) is disclosed. The QKD system includes a laser ((202) that generates photon signals in response to a laser gating signal (S0) from a controller (248). The method includes first performing a laser gate scan (304) to establish the optimum arrival time (TMAX) of the laser gating signal corresponding to an optimum—e.g., a maximum number of photon counts (NMAX)—from a single-photon detector (SPD) unit (216) in the QKD system when exchanging photon signals between encoding stations (Alice and Bob) of the QKD system. Once the optimal laser gating signal arrival time (TMAX) is determined, the laser gate scan is terminated and a laser gate dither process (308) is initiated. The laser dither involves varying the arrival time (T) of the laser gating signal around the optimum value of the arrival time TMAX. The laser gate dither provides minor adjustments to the laser gating signal arrival time to ensure that the SPD unit produces an optimum (e.g.

Abstract: A method for minimizing overhead occurring caused by control information for encryption performed to protect MBMS data for an MBMS service in a mobile communication system. This method is implemented by distinguishing a case in which control information used for encryption is updated from another case in which the control information used for encryption is not updated, and transmitting different control information according to the distinguishment result. That is, when the control information used for encryption is not updated, only minimized control information is transmitted, and when the control information for encryption is updated, the entire updated control information is transmitted. Accordingly, the amount of control information transmitted along with MBMS data is minimized, contributing to an increase in the amount of MBMS data transmitted per unit time.

Abstract: A method includes receiving an authentication request from a mobile station (401) and determining whether to forward the request to an authentication agent. When it is determined to forward the request, the request is forwarded to the authentication agent (107). A random number and a random seed are received from the authentication agent (107). The random number and the random seed are forwarded to the mobile station (401). A response to the random number and the random seed from the mobile station (401) is received and forwarded to the authentication agent (107). The authentication agent (107) compares the response with an expected response. When the authentication agent (107) authenticates the mobile station (401), a derived cipher key is received from the authentication agent (107).

Abstract: Provided is a health care system including a key management server that receives from a server a request for a decryption key, with first identification information identifying a measuring apparatus, second identification information identifying vital sign data, and third identification information identifying the server. The key management server generates the decryption key using the first identification information, and stores fourth identification information identifying a server predetermined as a destination of the decryption key, and fifth identification information indicating the category of the vital sign data in correspondence with the fourth identification information. The key management server transmits the decryption key to the server, when the received third identification information matches the fourth identification information, and the received second identification information matches the fifth identification information.

Abstract: Apparatus and methods for performing quantum computations are disclosed. Such quantum computational systems may include quantum computers, quantum cryptography systems, quantum information processing systems, quantum storage media, and special purpose quantum simulators.

Abstract: The present invention relates to sharing of content between multiple users. A data player(10) decodes pre-stored audio data therein using a decoding function, and a converter converts the decoded digital data to analog to a headphone set in communication with the data player. When another user places his or her headphone set (2,4) close to the data player(10), the data player(10) confirms whether it has right to receive transmission from the data player, and after successful verification, reproduced data from the data player can be shared by the users.

Abstract: A method for time stamping a digital document employs a two-part time stamp receipt. The first part of the time stamp receipt includes identifying data associated with a document and a nonce. The second part of the time stamp receipt includes a time indication and the nonce. The nonce serves as a link between the first and second parts.

Abstract: A small-scale wireless communication system offering advanced security level. An encryption key memory of an access point stores an encryption key list of a plurality of different encryption keys. A change information transmitter periodically transmits change information to a terminal by radio, the change information requesting the change of encryption key. An encryption key selector selects an encryption key from the encryption key list under a rule when the change information transmitter transmits the change information. A terminal-side encryption key memory of the terminal stores a terminal-side encryption key list which is the same as the encryption key list. A change information receiver receives the change information from the access point. Upon reception of the change information, a terminal-side encryption key selector selects an encryption key from the terminal-side encryption key list under a rule which is the same as the rule which the encryption key selector used to select the encryption key.

Abstract: A trusted authority delegates authority to a device. This delegation of authority is effected by providing a yet-to-be completed chain of public/private cryptographic key pairs linked in a subversion-resistant manner. The chain terminates with a penultimate key pair formed by public/private data, and a link towards an end key pair to be formed by an encryption/decryption key pair of an Identifier-Based Encryption, IBE, scheme. The private data is securely stored in the device for access only by an authorized key-generation process that forms the link to the end key pair and is arranged to provide the IBE decryption key generated using the private data and encryption key. This key generation/provision is normally only effected if at least one condition, for example specified in the encryption key, is satisfied. Such a condition may be one tested against data provided by the trusted authority and stored in the device.

Abstract: An information processing apparatus is provided including a memory configured to store content data and corresponding content management information. The content management information defines a rule set relative to reproduction of the content data. The content data and management data are embodied in a first format. A processor is configured to convert the first format of the content management information into a second format, different from the first format. A transmitter is provided to transmit the second format of the content management information to another information processing apparatus.

Abstract: Apparatus, and an associated method, for communicating a signaling message, such as a message signaling unit, in secure form, even upon a communication path of an untrusted security level. The signaling message is applied to a signal transfer point. An encryption selector selects whether to encrypt the signaling message and, if so, which parts of the message to encrypt. If a portion of the signaling message encrypts the selected portion and causes the signaling message to be communicated upon a communication path to a destination. Once delivered to a trusted signal transfer point, the selected portion of the signaling message is decrypted, and the signaling message is delivered to the ultimate destination.

Abstract: A multiplexing technique for optical communications used to create a pseudo-random communications signal in the optical domain such that only the sender and/or receiver can decode the signal. The multiplexing technique may include one or more information-bearing optical signals combined with one or more dynamic pseudo-randomly-generated optical signals to create a combined dynamic subcarrier multiplexed privacy-protected output signal. The information-bearing signal is protocol-independent and can be of mixed type, such as RF, analog, and/or digital. Only the receiver of the privacy-protected signal may decode the pseudo-random signal so as to disclose the information-bearing signal. The present invention may use dynamic subcarrier multiplexing selection based on standard digital encryption and the use of optical range time to ensure synchronization.

Abstract: Published resources are made available in an encrypted form, using corresponding resource keys, published through resource key files, with the publications effectively restricted to authorized peer systems only by encrypting the resource keys in a manner only the authorized peer systems are able to recover them. In one embodiment, the resource keys are encrypted using encryption public keys of the authorized peer systems or the groups to which the authorized peer system are members. In one embodiment, the encryption public keys of individual or groups of authorized peer systems are published for resource publishing peer systems through client and group key files respectively. Group encryption private keys are made available to the group members through published group key files. Further, advanced features including but not limited to resource key file inheritance, password protected publication, obfuscated publication, content signing, secured access via gateways, and secured resource search are supported.

Abstract: In an image processing system according to the present invention, a first device encrypts image data generated by reading an image in a document, stores a decryption key for decrypting the image data, and transmits the image data to a data storing device. A second device receives the image data from the data storing device, sends a request for the decryption key to the first device and receives the decryption key, decrypts the image data with the decryption key, and performs print processing on the image data. Thus, users can easily perform print processing without the need to remember authentication and printer information.

Abstract: Systems and method of enhancing the security of a QKD system having operably coupled QKD stations (Alice, Bob) using correlated photon pulses (P1, P2) are disclosed. The method includes generating the correlated photon pulses at Alice and detecting one of the pulses (P2) to determine the number of photons in the other pulse (P1). Pulse P1 is then randomly modulated to form a modulated pulse P1?, which is transmitted to Bob. Bob then randomly modulates pulses P1? to form twice-modulated pulses P1?. Bob then detects pulses P1? at select timing slots that correspond to the expected arrival times of pulses P1?, as well as to the number of photons in pulse P1 (and thus in P1?). Bob then communicates with Alice to determine the number N1 of single-photon pulses P1? detected and the number N2 of multi-photon pulses P1? detected. A security parameter (SP) is defined based on the probabilities of detecting single-photon and multi-photon pulses.

Abstract: A digital rights management (DRM) node module for use in a node of a public data includes a node data module that stores DRM data associated with a plurality of digital files, the DRM data including a plurality of DRM identifiers. A packet monitoring module receives the plurality of DRM identifiers from the node data module, that receives packets containing incoming content and compares the incoming content to the DRM identifier, and generates event data when the incoming content matches at least one of the DRM identifiers. A node reporting module receives the event data, and generates node report data based on the event data.

Abstract: This invention involves tracking and backing all the information that a user generates on its computer devices (including embedded devices) in real time. The local user server records all user actions and gestures (via various means that include TV cameras). All of this information (user actions and saved files in a computer) is then sent to a remote server via the Internet. This remote server has a virtual map of all the embedded devices on a computer that the person uses. The remote server immediately starts to interpret the user's actions (including user gestures). In one implementation, the invention stores user actions that are related to data generation (e.g. actions that called some links where data is stored, or executed some programs that generated data). In another variant, the remote server generates and downloads the same files that are downloaded on the local user computer devices.

Abstract: The disclosure encrypts and decrypts data using public key infrastructure with and allows an authorized third party to access and decrypt the encrypted data as required without requiring private key escrow. The disclosure utilizes a user private key, a user public key, a master private key, a master public key, and a session key generated by the system. The data is encrypted utilizing the session key. The session key is encrypted once utilizing the user public key and again utilizing the master public key. The encrypted data and the encrypted session keys are included in a data packet that is transmitted from one data processing system to another. The session key is decrypted utilizing the user private key. The data is decrypted utilizing the session key. When the authorized third party requires access to the data on the destination processing system, the session key is decrypted with the master private key and the data is decrypted with the session key.

Abstract: A rolling code transmitter is useful in a security system for providing secure encrypted RF transmission comprising an interleaved trinary bit fixed code and rolling code. To provide even greater security, the transmitter is limited in the number of times it may perform a resynchronization procedure. A receiver demodulates the encrypted RF transmission and recovers the fixed code and rolling code. Upon comparison of the fixed and rolling codes with stored codes and determining that the signal has emanated from an authorized transmitter, a signal is generated to actuate an electric motor to open or close a movable barrier.

Abstract: The present invention provides for trusted side-band communications between components in a computer system, so that use of the system bus may be avoided. Two components may be connected by means other than a bus (e.g., an infrared port, a wire, an unused pin, etc.), whereby these components may communicate without the use of the system bus. The non-bus communication channel may be referred to as “side-band.” The side-band channel may be used to communicate information that might identify the user's hardware (e.g., a public key) or other information that the user may not want to be easily intercepted by the public at large. Communication over the side-band channel may also be used to verify that the participants in a communication are within a defined positional relationship to each other.

Abstract: A time stamping protocol has two stages referred to as the ticketing stage and the certification stage. During the ticketing stage, the document or other identifying data is sent to the TSA. The TSA generates a “ticket” based on the document or other identifying data and a time indication derived from a trusted clock. The ticket, which serves as an unsigned time stamp receipt, is transmitted back to the document originator. During the certification stage, the holder of the ticket requests a certified time stamp receipt by presenting the ticket to the TSA. The TSA verifies the ticket and generates a signed time stamp receipt, called the ticket stub, which is then transmitted back to the document originator. The ticket stub serves as a “universal time-stamp” that the holder of the ticket stub can use to prove the date of the document.

Abstract: A system and method protects security of data. The data is packaged together with one or more permissions that designate what actions are allowed with respect to the data. The package can be opened when there is approval for doing so and the allowed permissions are maintained. The data is stored within a vault and there are a number of available security procedures that prevent the unauthorized access of the data.

Abstract: A user apparatus cannot acquire as many distribution keys Ki, . . . as a threshold value, to restore a content encryption key KM, unless it decrypts as many encrypted sub-content items as the threshold value after it has played back a sub-content item SC1. The user apparatus monitors the state in which the sub-content is being played back. It outputs a warning when the sub-content is in fast-forwarding state or skipping state. If the playback state is not returned to one before the fast forwarding or skipping, in spite of the warning, the user apparatus will erase the distribution keys acquired in the fast-forwarding state or skipping state.

Abstract: The invention relates to a method, a system, an electronic device and a computer program for providing at least one content stream to an electronic device applying Digital Rights Management (DRM). In the method a master integrity key is obtained in a streaming node. An encrypted master integrity key is obtained in an electronic device. The encrypted master integrity key is decrypted in the electronic device. At least one session integrity key is formed in the streaming node and in the electronic device using at least the master integrity key and the integrity of at least one content stream is protected between the streaming node and the electronic device using the at least one session integrity key.

Abstract: A method for encrypting/decrypting a message includes the initial step of generating keys by the sub-steps of generating a public key; generating a decryption key; and generating a derivation key. For a first entity, the message is encrypted using the public key and a cipher. For a second entity, the cipher is decrypted to find the message. A trapdoor associated with said message is generated. The trapdoor corresponds to a derivative of the derivation key specific to the message. A test cipher is tested, using the trapdoor associated with the message, to determine if the test cipher is an encryption of the message using the public key.

Abstract: A communication apparatus stores, in a memory, secret data shared with a first terminal, transmits a first connection request message to the first terminal, receives (a) a transfer instruction message which is transmitted from the first terminal in response to the first connection request message, includes address information of a second terminal, and instructs transfer of a connection request to the second terminal, and (b) an encrypted message which is encrypted by using a public key of the second terminal or a shared key shared between the first terminal and the second terminal, transmits the encrypted message together with a second connection request message whose destination is the address information, receives a response message to the second connection request message and a decryption result of the encrypted message, and starts, when the decryption result equals the secret data, a communication with the second terminal.

Abstract: When decrypting an image of a part of a document that is encrypted and therefore illegible, a user uses a decryption apparatus 15 to read the document as an electronic image and also to receive a user authentication by accessing a key management server 11. Then, the user transmits a management number obtained from the image to the key management server 11 from the decryption apparatus 15. The key management server 11 extracts position information of the portion of the document that is encrypted and a decryption key for decrypting this portion from a key management database 13 and transmits the decryption key to the decryption apparatus 15. The decryption apparatus 15 processes the electronic image by using the position information and decryption key received from the key management server 11 so as to decrypt the encrypted part so that it is legible.

Abstract: Described is a solution for maintaining the security of encrypted data despite a compromised private key by using a re-encryption process that does not require decryption of the encrypted data. The compromised private key is re-encrypted using a new public key as is the encrypted symmetric key which the compromised private key can decrypt. When a decrypted version of the encrypted data is requested, the private key corresponding to the new public key decrypts both the encrypted version of the compromised private key and the re-encrypted version of the symmetric key resulting in the unencrypted compromised private key and the previously encrypted version of the symmetric key, which when decrypted using the compromised private key decrypts the encrypted data. The unencrypted symmetric key can then be encrypted using the new public key any encrypted compromised private key can be deleted.

Abstract: A secure approach for sending a original message from a sender to a receiver. The sender may encrypt the original message by performing an XOR (or XNOR) operation of the original message and a first random message (same size as original message) on a bit by basis to generate a second message. The receiver may also perform an XOR of the second message with a locally generated second random message. The resulting message is sent to the sender system. The sender system may again perform XOR operation of the received message and the first random message, and send the resulting message to receiver. The receiver may perform XOR operation on the received output to generate the original message sent by the sender. Other technologies such as digital signatures and key pairs (public key infrastructure) may be used in each communication between the sender and receiver to further enhance security.

Abstract: The CPU 11 of the personal computer 1 controls the CPU 32 of the adaptor 26 made of a semiconductor ID to compute a hash value of a content-managing music data base recorded in the HDD 21 and store it into the nonvolatile memory 34. When playing back a content recorded in the HDD 21, the CPU 11 computes the hash value of the music data base recorded in the HDD 21, compares it with hash values stored cumulatively in the nonvolatile memory 34, and controls the playback of the content from the HDD 21 based on the result of the comparison.

Abstract: An approach for establishing secure multicast communication among multiple members that participate in a multicast group is disclosed. In one feature, multiple multicast proxy service nodes (MPSNs) are defined and control when members join or leave the multicast group. The MPSNs are logically represented by a first binary tree in which each node of the first binary tree is associated with a domain of a directory service and one or more of the MPSNs. A second binary tree is created that has leaf nodes representing each member. The second binary tree is stored in a domain of the directory service with a root node that represents one or more of the MPSNs. The members can each establish multicast communication and serve as a key distribution center. When a member joins the multicast group, a new group session key is determined by replicating a branch of the second binary tree.