Abstract: The system tokenizes values stored by records' fields, creates trie from tokenized values, each branch labeled with tokenized value, each node storing count indicating number of records associated with tokenized value sequence beginning from trie root. The system tokenizes value stored by record field, identifies nodes, beginning from trie root, corresponding to token value sequence associated with tokenized value, until node is identified that stores count that is less than node threshold. The system identifies branch sequence comprising each identified node as record's key, and associates key with node storing count less than node threshold, and record with key. The system tokenizes prospective value stored by prospective record's field, identifies nodes, beginning from trie root, corresponding to another token value sequence associated with tokenized prospective value, until another node is identified that stores another count that is less than node threshold.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technologies, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method of providing a profile package by a profile server and the profile server includes generating a profile package, dividing the profile package in a unit installable in a UICC of an electronic device, reconfiguring the divided profile information in an encryptable unit, and transmitting the reconfigured profile information to the electronic device. Further, provided is an operating method and apparatus of an electronic device communicating with the profile server.

Abstract: A system, apparatus, and methods are provided for facilitating payment for a third party's use of an application by a current user. The current user, or payor, initiates the process within the application by selecting one or more recipients. The system that hosts the application then determines which of the third parties are eligible. A target recipient may be ineligible because her application subscription never expires, because it doesn't expire within a threshold period of time, or for some other reason. The system identifies the target recipients that are eligible, and the payor may configure the gift payment (e.g., by choosing a duration of the subscription). The payor then chooses a method of electronic payment and, depending on the method selected, may redeem a coupon with the application host system, or the process may complete automatically. The payor and/or the recipient(s) may be notified of successful activation of the subscription(s).

Abstract: Provided is a method for group sending message in instant communication, including following steps: acquiring a request for group sending message, accessing a first contact list, and then acquiring information of multiple contacts selected from said first contact list; acquiring inputted message to be group sent; and sending said inputted message to a respective receiving terminal of each of said contacts by sending said inputted message to a respective receiving terminal corresponding to each of the contact identifications. By implementing the technical scheme of the present disclosure, the user's time in operating is reduced, the efficiency of group sending message is improved, especially when the method is applied in a mobile terminal, the duration time of the mobile terminal is prolonged, and the security of group sending message is improved. The disclosure also provides a terminal and a computer storage medium for group sending message in instant communication.

Abstract: A master apparatus generates a frame encryption key by using a session ID unique to communication with a slave apparatus, and an apparatus common key common to the master apparatus and the slave apparatus, encrypts data of an encryption part of an action frame by using the frame encryption key, and transmits, by broadcast, the action frame including the encryption part. Upon receiving the action frame, the slave apparatus transmits a participation request to the master apparatus, and participates in the network of the master apparatus. Then, the master apparatus and the slave apparatus execute a communication application.

Abstract: Implementations of the present disclosure include initializing a nonce table comprising a plurality of nonce slots, each nonce slot being associated with a nonce index and a status, and storing a respective nonce value; receiving a request for a nonce value from an application, and in response, requesting a nonce value from the nonce table; receiving a nonce value in response to the request, a status of a nonce slot corresponding to the nonce value being set to occupied; and in response to a transaction using the nonce value being one of successful and failed, executing one of: releasing the nonce value within the nonce slot and setting the status to unoccupied, if the transaction is successful, and setting the status to unoccupied, if the transaction failed.

Abstract: A router node for a network is described. The router node comprises: a transceiver; an interface operably coupled to the transceiver; and a signal processor operably coupled to the transceiver and configured to support a consensus protocol. The signal processor is operably coupled to a cache and configured to receive and distribute resource records to other nodes in the network via the interface and store the resource records in the cache.

Abstract: Methods of communicatively connecting first and second endpoints are disclosed. One method includes transmitting from a first endpoint to a second endpoint a connection request, the connection request including an IP address of the second endpoint. The method further includes, based at least in part on the IP address of the second endpoint, selecting IPsec from among a plurality of available security protocols to first attempt to use in forming a tunnel between the first and second endpoints, and forming the tunnel between the first and second endpoints based on the connection request.

Abstract: According to an embodiment, a management apparatus manages pieces of information held by a plurality of devices. The apparatus includes storage, one or more processors, and a transmitter. The storage stores therein the pieces of information held by the devices. The processors generate a list of inspection values indicating the pieces of information stored in the storage. The processors generate determination information for determining, in a state where the list is concealed, whether a provided value is included in the list. The transmitter transmits the determination information to the respective devices.

Abstract: Embodiments of the present invention provide a system for a managing entity to automatically provide alerts based on tail event analysis. The system may receive input data in real time from vendor data feeds, social media data feeds, and a tail event ledger. The system may then automatically populate surveys, transmit the surveys to responders, and receive survey results from the responders. The survey results may be transmitted to specialists that return a predicted tail event outcome. This predicted tail event outcome is then automatically transmitted to partners, or decision makers, that provide action steps for responding to the predicted tail event outcome. The system may then continuously monitor the input data, identify an indicator of an occurrence of the tail event, and then automatically transmit the action steps to appropriate parties.

Abstract: The present disclosure relates to a communication method and system for converging a 5th-Generation (5G) communication system for supporting higher data rates beyond a 4th-Generation (4G) system with a technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the 5G communication technology and the IoT-related technologies, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. A method of providing a profile package by a profile server and the profile server includes generating a profile package, dividing the profile package in a unit installable in a UICC of an electronic device, reconfiguring the divided profile information in an encryptable unit, and transmitting the reconfigured profile information to the electronic device. Further, provided is an operating method and apparatus of an electronic device communicating with the profile server.

Abstract: A communication apparatus includes a transmission unit that, when providing communication parameters for communication in a wireless network, transmits an authentication request message for requesting authentication by unicast in a case where a transmission destination of the authentication request message is identified and transmits the authentication request message by broadcast in a case where a transmission destination of the authentication request message is not identified, a reception unit that receives a response message responding to the authentication request message from another communication apparatus, and a provision unit that provides the another communication apparatus with the communication parameters upon receipt of the response message.

Abstract: In an example, there is disclosed a computing apparatus, comprising: a trusted execution environment (TEE); and a security engine operable to: identify a key negotiation for an encrypted connection between a first device and a second device; request a service appliance key for the key negotiation; receive the service appliance key; and perform a service appliance function on traffic between the first device and the second device. There is also disclosed a method of providing the security engine, and a computer-readable medium having stored thereon executable instructions for providing the security engine.

Abstract: A computer system for authenticating and managing network traffic may comprise a network link providing a connection to a network, an authentication, authorization, and accounting (AAA) server configured to provide AAA management for the network link, an access controller configured to communicate with the AAA server and to control access to the network link, and a subnetwork of client devices connected to an intermediate relay node. The client devices may be configured to communicate with the access controller and the network link through the intermediate relay node. Also methods and processes by which an intermediate relay node and an access controller may operate in the network for authentication of client devices and routing of network traffic.

Abstract: A method by a management server is described. The method includes receiving a credentials request from a requesting management node. The credentials request includes a public key of the requesting management node. The method also includes determining whether the management server has credentials encrypted for the requesting management node in a local cache. The credentials are encrypted using the public key of the requesting management node and cannot be decrypted by the management server. The method further includes sending the encrypted credentials to the requesting management node when the management server has the encrypted credentials. The requesting management node can decrypt the encrypted credentials using a private key.

Abstract: Examples may include techniques for securely receiving critical communication content associated with a critical communication service. Examples may include a network providing the critical communication being capable of establishing a secure connection to remote user equipment (UE) through a relay UE in order for the remote UE to securely receive critical communication content from the network. The critical communication service may include a mission critical push to talk (MCPTT) service.

Abstract: A topology aware distributed storage system includes a plurality of storage nodes, at least one client node, and a storage manager and metadata store. A user-defined storage policy specifies where data is stored within a topological hierarchy of nodes within the network. A hierarchical ring topology including a hierarchical structure of rings representing an organizational structure of nodes is computed and flattened into a single global ring divided into segments corresponding to a unique range of integers and associated with a replica set responsible for storing a key corresponding to one of the integers. A hash function is performed on a user key received from the client node, and the hashed key is looked up on the flattened global ring stored on each storage node to identify the replica set responsible for storing data corresponding to the hashed key.

Abstract: Embodiments of the present application provide an encryption method, a decryption method, and a related apparatus. The encryption method includes: generating a keystream, where the keystream is used to encrypt a part of data to be encrypted in an initial layer-3 message, and the part of data to be encrypted includes small data; generating, by performing an exclusive OR operation on the keystream and the initial layer-3 message, an initial layer-3 message in which the part of data is encrypted; and sending the initial layer-3 message in which the part of data is encrypted, where the initial layer-3 message includes an added encryption indication, and the encryption indication is used to indicate that the part of data to be encrypted in the initial layer-3 message is encrypted.

Abstract: A first virtual machine is established in a virtual private service chain to provide a first network service to virtual private service chain traffic. A second virtual machine is also established the virtual private service chain to provide a second network service to the virtual private service chain traffic. The virtual private service chain traffic is encrypted for transmission within the virtual private service chain from the first virtual machine to the second virtual machine, wherein the encryption uses a key shared by the first and second virtual machines.

Abstract: A communication and security device for a portable computer is disclosed including a housing, a connector provided on the housing for physical connection to the portable computer, a computer interface coupled to the connector for communicating data with the portable computer, a wireless modem coupled to the computer interface for communicating data between the portable computer and a remote device via a wireless network, a controller configured to control access to the data storage based on an identifier in a security message received via the wireless network.

Abstract: A method is provided that is implemented by a network device to simplify a topology graph of a network to generate a multicast distribution tree, the method to reduce the complexity of the topology graph while enabling a creation of the multicast distribution tree such that the computational complexity of generating the multicast distribution tree is reduced, the method including computing a shortest path to all nodes of the topology graph rooted at a source node S, determining a metric for each adjacency on each shortest path of the topology graph for the multicast group G, construct an (S, G) graph with only source node S, leaves and candidate replication points, and prune the (S, G) graph using a set of pruning processes to fully resolve the multicast distribution tree, where full resolution can be determined, and the first set of pruning processes if successful are known to produce a minimum cost tree.

Abstract: An optical line terminal (OLT) including a processor coupled to a transmitter. The processor is configured to send a first encrypted fiber to coax unit (FCU) message containing an optical domain multicast key to an FCU via an optical network. The optical domain multicast key is associated with encryption in an optical domain associated with the optical network. The processor is also configured to send a second encrypted FCU message containing an electrical domain multicast key to the FCU, and to send an encrypted coax network unit (CNU) message containing the electrical domain multicast key to a CNU via the FCU and a coaxial network. The electrical domain multicast key is associated with encryption in an electrical domain associated with the coaxial network. The first and second encrypted FCU messages and the encrypted CNU message may be operations, administration and maintenance (OAM) messages.

Abstract: Embodiments herein include, for example, a method, comprising: generating a shared symmetric key to begin a communication session among a group of users by a first user; distributing, by the first user, the generated shared symmetric key to each user in the group of users; communicating within the communication session among a group of users, where each user encrypts a message to the group of users to be distributed through the communication session using the generated shared symmetric key, and each user decrypts a message received from the communication session using the generated shared symmetric key.

Abstract: A board portal system provides the ability to manage multiple boards, where each of the boards may be a separate legal entity. The board portal may provide the ability to establish links between the multiple boards and create parent-child relationships with subsidiary boards. With the board portal, users can create content and make it viewable and accessible across multiple boards that related through a parent-child relationship. At the same time, the board portal maintains a requisite level of separation between the related boards in the portal using encryption and/or other separation techniques. As a result, the board portal facilitates flexible workflow patterns and communication processes based on the proper hierarchical structure that exists between the parent organization and its subsidiaries.

Abstract: An example method for to multicast traffic distribution in a multi-pod network environment is provided and includes provisioning a block of multicast group addresses for broadcast, unknown unicast and multicast (BUM) traffic distribution between pods in the multi-pod network, calculating a hash corresponding to a bridge domain (BD) extending across a plurality of pods in the multi-pod network, the hash being identically calculated at each one of the plurality of pod, indexing with the hash into the block of multicast group addresses designated for inter-pod BUM traffic to derive a global multicast group identical for the broadcast domain across the plurality of pods, and associating a local multicast group at the translator with the derived global multicast group.

Abstract: Site based clustered APB security systems and methods are provided. Some systems can include a first plurality of access controllers located at a first site, a second plurality of access controllers located at a second site, and a host system supporting each of the first and second plurality of access controllers. A triggering event at a first of the first plurality of access controllers can cause the first of the first plurality of access controllers to transmit a triggering signal to the host system. Responsive thereto, the host system can identify the remaining access controllers in the first plurality of access controllers, transmit a status update to the remaining access controllers in the first plurality of access controllers, and avoid transmitting the status update to the second plurality of access controllers.

Abstract: A system that communicates across a network is described. During operation, the system receives a subscription request from a subscriber requesting to subscribe to receive information published to a service name. The system applies a function to the service name to generate a value that maps to a root-node associated with the service name. The system forwards the subscription request through the network to the root-node and logs information associated with the subscription request in a subscription table at the root-node, so that the root-node can forward messages that are subsequently published to the service name to the subscriber. Upon receiving a publication request from a publisher requesting to publish a message to the service name, the system first determines the root-node from the service name. The system forwards the publication request to the root-node to be forwarded to one or more subscribers for the service name.

Abstract: In one embodiment, a tunnel to be affected by configuration of a service in a network is identified and key information for the identified tunnel is obtained from a corresponding router. The tunnel is assigned to a key group based on the key information, and provisioning information associated with the tunnel on the router is updated based on the assigned key group in conjunction with configuration of the service. The updating of the provisioning information may comprise altering the key information on the router to include a key associated with the assigned key group. Also, one or more keys not associated with the assigned key group may be deleted from the router and from a management entity of the network.

Abstract: A system, apparatus, and methods are provided for facilitating payment for a third party's use of an application by a current user. The current user, or payor, initiates the process within the application by selecting one or more recipients. The system that hosts the application then determines which of the third parties are eligible. A target recipient may be ineligible because her application subscription never expires, because it doesn't expire within a threshold period of time, or for some other reason. The system identifies the target recipients that are eligible, and the payor may configure the gift payment (e.g., by choosing a duration of the subscription). The payor then chooses a method of electronic payment and, depending on the method selected, may redeem a coupon with the application host system, or the process may complete automatically. The payor and/or the recipient(s) may be notified of successful activation of the subscription(s).

Abstract: An information processing terminal is connected to an external server via the information sharing system (WEB) so as to implement Twitter, social networking services, and text posting services. The information processing terminal is used to receive a desired content (e.g. a television broadcast content), to browse the posted information posted on the WEB from the external server, to select at least one classified information (e.g. hash tags) used to classify the posted information from among a plurality of classified information, to obtain at least one classified information with reference to the external server, and to simultaneously display at least one classified information linked with the desired content. The information processing terminal simultaneously displays a content display screen used to display the desired content and a posting service display screen used to display a plurality of posted information browsed from the external server.

Abstract: Some embodiments provide an elastic architecture for providing a service in a computing system. To perform a service on the data messages, the service architecture uses a service node (SN) group that includes one primary service node (PSN) and zero or more secondary service nodes (SSNs). The service can be performed on a data message by either the PSN or one of the SSN. However, in addition to performing the service, the PSN also performs a load balancing operation that assesses the load on each service node (i.e., on the PSN or each SSN), and based on this assessment, has the data messages distributed to the service node(s) in its SN group. Based on the assessed load, the PSN in some embodiments also has one or more SSNs added to or removed from its SN group. To add or remove an SSN to or from the service node group, the PSN in some embodiments directs a set of controllers to add (e.g., instantiate or allocate) or remove the SSN to or from the SN group.

Abstract: A method performed by a network node. The method includes detecting a loss of connection at an incoming interface to an upstream neighbor of the network node, where the network node is in a multicast communication network that includes a multicast tree to provide connectivity from a common source node to one or more multicast recipient nodes. The multicast communication network further includes a set of one or more secondary paths to provide redundancy to the multicast tree, and sending a notification packet downstream toward the one or more multicast recipient nodes when the network node cannot re-route the multicast data traffic to allow the multicast data traffic to be received by the multicast recipient nodes, wherein the notification packet causes one or more downstream nodes to switch multicast reception to one or more of the set of one or more secondary paths to re-route the multicast data traffic.

Abstract: Disclosed herein are techniques for use in user authentication. In one embodiment, the technique comprises collecting information in connection with a plurality of authentication methods. The technique also comprises determining a score for each authentication method based on the collected information. The technique further comprises selecting an authentication method from the plurality of authentication methods based on the determined score.

Abstract: A computing system, method, and computer program product provide cryptographic isolation between a client device and a server computer for providing a network service to the client device. The computing system stores encrypted user authentication data of the client device and its user, and encrypted service authorization data of the server computer in such a way that neither the client device nor the server computer can obtain information about the other. Upon subsequent receipt in the computing system of purported user authentication data and a request to access the network service, the computing system encrypts the purported authentication data and compares it against the stored, encrypted data. Only when these encrypted data match is the computing system able to decrypt the service authorization data and provide it to the server computer to gain access to the network service.

Abstract: Systems and techniques for key management in mobile ad hoc networks are described. Pseudonyms are defined for group members of mobile ad hoc networks such that a pseudonym in a message can be deterministically identified with the sending device only by the sending device and the message recipient. Key management for a group is performed by a group manager, and key management may include key renewal and revocation. Key renewal is performed by a group manager, with the group manager using a set of couple pseudonyms, including a couple pseudonym between the manger and each group member. Key renewal employs a renewal key used to encrypt the updated group key, and the group manager updates the group key be transmitting a message to each group member in proximity, with the message being identified using the couple pseudonym of the manager and the group member.

Abstract: A local router stores a content distribution map that specifies a plurality of permitted multicast groups. The local router receives communications from user devices on an access-network side of the local router. Those received communications identify multicast groups for which user devices wish to receive data. The local router ascertains if those identified multicast groups are permitted multicast groups specified by the stored content distribution map. For multicast groups ascertained to be permitted multicast groups, the local router sends communications across a network-side interface requesting membership in those multicast groups. The local router may then receive data for those multicast groups and forward that data to user devices. For multicast groups identified in user device communications ascertained not to be permitted multicast groups, the local router sends no communications across the network-side interface requesting membership.

Abstract: A method includes receiving a request to initiate secure communications from a first client and authenticating the first client. The authenticating includes communicating with a second client using a second communication channel, and receiving a response from the first client, the response being transmitted over a first communication channel. The method also includes receiving a first set of message data from the first client, the first set of message data being transmitted over the first communication channel, and receiving a second set of message data from the second client, the second set of message data being transmitted over the second communication channel. The method additionally includes constructing the message using the first set of message data and the second set of message data.

Abstract: The described embodiments include a message server that is configured to send, to multiple receiving electronic devices, corresponding messages that each include a payload acquired from a single request message received from a client electronic device. In these embodiments, the request message received from the client electronic device includes a push token for each of the receiving electronic devices and the payload. Upon receiving the request message, the message server generates, for a receiving electronic device associated with each push token, a message that includes the payload. The message server then sends each message to the corresponding receiving electronic device. In this way, the message server “fans out,” to the multiple receiving electronic devices, corresponding messages that each include the payload from the single request message.

Abstract: A authenticating system and process for authenticating user devices to a access a media service where access to certain portions of the media service may be limited according to a gateway or other device used by a user device to facilitate interfacing a user with the media service. The authentication may be achieved without directly assessing a trustworthiness of the user devices, and optionally, without requiring a user thereof to complete a sign-on operation.

Abstract: Embodiments of the present invention provide methods and systems for leadership allocation in a distributed computer system. In certain embodiments of the present invention, a leader-election-service process runs within each node of a distributed computer system, together cooperatively providing a distributed-leader-election service. The distributed-leader-election service employs a distributed consensus service to manage distributed state information related to roles and leadership allocation within a distributed computer system. Client processes within each node interface with the leader-election-service process of the node in order to assume leadership of particular roles within the distributed computer system. Leadership-allocation management is thus centralized, within each node. In alternative embodiments, the distributed-leader-election service may be implemented as a collection of library routines that run in the context of client processes.

Abstract: A system, method, and apparatus for a synchronized wireless data concentrator are provided for facilitating a precisely synchronized system of nodes in a wireless sensor network for airborne data systems. The wireless data concentrator contains a plurality of IEEE 802.15.4 radio/micro-processor subsystems, which are connected to a local host microprocessor, which is in turn connected to an aircraft data network. The airplane data network also contains a precision clock source and a plurality of specialized network switches, which have a low-jitter data-path routing capability.

Abstract: A computer system for authenticating and managing network traffic may comprise a network link providing a connection to a network, an authentication, authorization, and accounting (AAA) server configured to provide AAA management for the network link, an access controller configured to communicate with the AAA server and to control access to the network link, and a subnetwork of client devices connected to an intermediate relay node. The client devices may be configured to communicate with the access controller and the network link through the intermediate relay node. Also methods and processes by which an intermediate relay node and an access controller may operate in the network for authentication of client devices and routing of network traffic.

Abstract: A control system has a plurality of spatially distributed stations. At least some of the stations have input connectors for connecting sensors or output connectors for connecting actuators. The stations are connected from station to station to form a series of stations. The series has a first station, at least one second station and a last station. The first station and every second station have a successor in the series. Every second station and the last station have a predecessor in the series. In order to transmit data in this control system, the first station generates a number of separate data telegrams which is equal to the number of second stations plus the last station. Each data telegram is addressed to precisely one of the stations. The first station sends the data telegrams on by one at defined time intervals to its successor, wherein the data telegrams are addressed in reverse order of the stations.

Abstract: Exemplary embodiments provide various techniques for managing groups of authenticated entities. In one exemplary computer-implemented method, an entity accesses a group roster that includes a first group identifier identifying a first group, a first group digital certificate associated with the first group, and a first entity identifier identifying the entity being a member of the first group. The entity also receives a request to update the group roster. Here, the request includes a second group identifier identifying a second group and a second group digital certificate associated with the second group. In response to the request, the entity replaces the first group identifier in the group roster with the second group identifier. Additionally, in response to the request, the entity replaces the first group digital certificate with the second group digital certificate. The replacements change a membership of the entity from the first group to the second group.

Abstract: In one embodiment, a method includes discovering at a first edge device in a first network that a multicast source has moved from the first network to a second network, the first edge device in communication through a core network with a plurality of edge devices belonging to a multicast group comprising the multicast source, transmitting from the first edge device to a second edge device in the second network, a join request for the multicast group comprising the multicast source at the second network, receiving multicast traffic for the multicast group at the first edge device on a transient multicast tree extending from the second edge device to the plurality of edge devices, and forwarding the multicast traffic to the plurality of edge devices. An apparatus and logic are also disclosed herein.

Abstract: An example controller comprises a management module to (i) establish a secure channel with a network infrastructure device; (ii) provide a multicast group address to the network infrastructure device via the secure channel; (iii) detect a network event; end (iv) generate an update to provide to the network infrastructure device via a multicast message with the destination address set to the multicast group address.

Abstract: Network flow records from various administrative domains are provided to a network monitoring entity. The network monitoring entity analyzes the network flow records in a way to locate a source of malicious network flow.

Abstract: To activate a pre-provisioned mobile device on a network, an initial data communication for device activation is allowed between the device and an self-activation portal. At this point, the network prevents other more regular communication of the mobile device via the network. The portal automatically collects identification information from the mobile device and collects information from the user to activate the device on a network service account. The portal causes a provisioning system to provision data to network elements to activate device service in the network. After provisioning is complete, a notification is sent to the mobile device; and after device communication is completed a record that controlled routing to the portal before activation is deleted. The mobile device then communicates via the network to obtain data for storage in the device, to complete activation and permit normal operation of the mobile device via the network.

Abstract: A data transmission method is applied in a virtual private network (VPN) and includes: querying, by an initiating client, a VPN server for external network Internet Protocol (IP) addresses of the initiating client and a responding client; performing, by the initiating client, key negotiation with the responding client through the VPN server; after the key negotiation is completed, writing, by the initiating client, the external network IP address of the initiating client into a source address field of a to-be-sent User Datagram Protocol (UDP) packet, writing the external network IP address of the responding client into a destination address field of the to-be-sent UDP packet, and encrypting the to-be-sent UDP packet according to a key obtained through the negotiation; and sending, by the initiating client, an encrypted UDP packet to the responding client, and performing packet interaction with the responding client directly.

Abstract: Provided is a method for managing a group key in a key distribution center. The method includes: receiving a key request from a mobile device; generating a private key for the mobile device using information about a withdrawal time included in the key request; generating a public key and a verification key for the mobile device; and transmitting at least one key including the generated key to the mobile device.