System and method for secure group communications
First Claim
1. A system for secure group communications, the system comprising:
- a communication network;
a policy server coupled to the communication network, the policy server having a secure interface, and a security policy; and
a plurality of group nodes operatively coupled to the secure interface of the policy server through the communication network, wherein the group nodes include a copy of the security policy, wherein the group nodes include a common set of encryption keys, and wherein one group node is configured to use the security policy and the encryption keys to securely communicate with another group node.
15 Assignments
0 Petitions
Accused Products
Abstract
A system and method for secure group communications is provided. One embodiment provides a method for implementing a virtual private group network. The method includes creating a virtual private group definition on a policy server, establishing a plurality of secure connections between the policy server and a plurality of group nodes, sending a copy of the virtual private group definition from the policy server to the group nodes, sending a shared traffic encryption key from the policy server to each of the group nodes, and sharing secure communication information among the group nodes using the shared traffic encryption key, wherein each group node is included in the virtual private group definition.
194 Citations
40 Claims
-
1. A system for secure group communications, the system comprising:
-
a communication network;
a policy server coupled to the communication network, the policy server having a secure interface, and a security policy; and
a plurality of group nodes operatively coupled to the secure interface of the policy server through the communication network, wherein the group nodes include a copy of the security policy, wherein the group nodes include a common set of encryption keys, and wherein one group node is configured to use the security policy and the encryption keys to securely communicate with another group node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A virtual private group communication system, comprising:
-
a communication network;
a policy server coupled to the communication network, the policy server having a plurality of key distribution keys; and
a virtual private group having a plurality of virtual private group nodes that are operatively coupled to the policy server through the communication network, wherein each virtual private group node has a key distribution key and a shared traffic encryption key, and wherein the virtual private group nodes are adapted to send secure data to the other virtual private group nodes by using the shared traffic encryption keys. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for secure communications, the system comprising:
-
a network;
a policy server system coupled to the network, the policy server system having a security policy database and a filter rule database; and
a group of nodes each coupled to the network, wherein the policy server system is configured to use the security policy database and the filter rule database to create security policy rules, wherein the policy server system is configured to transmit the security policy rules to the nodes of the group, wherein the nodes of the group are configured to use a common set of encryption keys, and wherein the nodes of the group are configured to communicate securely with one another by using the security policy rules and the common set of encryption keys to encrypt or decrypt data that is transmitted across the network. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A system for secure communications between members of a virtual private group, the system comprising:
-
a communications network;
policy management means, coupled to the communications network, for managing the virtual private group and for managing a set of node security keys associated with the virtual private group; and
group communication means, coupled to the communication network, for storing the set of node security keys and for encrypting data between members of the virtual private group by using the node security keys.
-
-
23. A method for implementing a virtual private group network, the method comprising:
-
creating a virtual private group definition on a policy server;
establishing a plurality of secure connections between the policy server and a plurality of group nodes;
sending a copy of the virtual private group definition from the policy server to the group nodes;
sending a shared traffic encryption key from the policy server to each of the group nodes; and
sharing secure communication information among the group nodes using the shared traffic encryption key, wherein each group node is included in the virtual private group definition. - View Dependent Claims (24, 25, 26)
-
-
27. A method for centralized management of a virtual private group, the method comprising:
-
creating a virtual private group membership list on a policy server;
adding a plurality of group members to the membership list, including a first, a second, and a third group member;
establishing a plurality of secure connections between the policy server and the group members;
sending group member data from the policy server to each of the group members, including sending a traffic encryption key list from the policy server to each of the group members, the traffic encryption key list having a plurality of traffic encryption keys;
sending secure communication information from one group member to another group member by using one of the traffic encryption keys from the traffic encryption key list; and
updating the group member data. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34)
-
-
35. A computer-readable medium having a group security policy data structure stored thereon, the group security policy data structure comprising:
-
a plurality of node entries;
a plurality of priority identifiers; and
a plurality of virtual private group definitions, wherein each virtual private group definition includes a plurality of the node entries, and wherein each virtual private group definition includes one of the priority identifiers. - View Dependent Claims (36, 37, 38, 39)
-
-
40. A computer-readable medium having computer-executable instructions thereon for performing a method, the method comprising:
-
managing a plurality of group definitions on a policy server, each group definition including a plurality of group member entries;
establishing a plurality of secure connections between the policy server and a plurality of group members;
creating a plurality of customized group member policies based on the group member entries in the group definitions;
securely sending a group membership key from the policy server to each of the group members;
securely sending one or more traffic encryption keys from the policy server to each of the group members; and
securely sending the customized group member policies from the policy server to each of the corresponding group members.
-
Specification