Hacker News new | past | comments | ask | show | jobs | submit login

You can do neat things with key hierarchies to avoid this.

Group all your customers into leaves of a binary tree. 100 million customers is a tree ~27 levels deep.

Issue every customer a private key on a smartcard. Also generate keys for each node in the tree, and have the smartcard also preloaded with the keys from that customer to the root. (ie. 26 extra keys on the card - easy to store).

Now, whenever a customer leaks their key, you cut that customer out of the tree and regenerate all nodes up to the root. You transmit over the air, every few minutes, all the modified keys. Each new key is transmitted multiple times encrypted with the children of that node.

Now every legit keyholder either has the master key, or some set of keys that can decrypt the master key (as a combination of the keys on the card and the keys transmitted over the air). Any banned cardholders do not.

Using this method, even banning hundreds of keys, there won't be more than tens of thousands of keys that need to be transmitted over the air, even though you might have 100 million cardholders. That's very transmittable every few minutes, meaning that honest cardholders won't have to wait more than a few minutes for service, even if their tree-neighbour is a hax0r.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: