Group admission control apparatus and methods

US 20040096063A1
Filed: 11/19/2002
Published: 05/20/2004
Est. Priority Date: 11/19/2002
Status: Active Grant

First Claim

Patent Images

1. A method for admission control for a group, comprising the steps of:

possessing a key; and

providing proof of possession of said key to verify membership of said group.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention uses a group key management scheme for admission control while enabling various conventional approaches toward establishing peer-to-peer security. Various embodiments of the invention can provide peer-to-peer confidentiality and authenticity, such that other parties, such as group members, can not understand communications not intended for them. A group key may be used in combination with known unicast security protocols to establish, implicitly or explicitly, proof of group membership together with bi-lateral secure communication.

Citations

45 Claims

1. A method for admission control for a group, comprising the steps of:
- possessing a key; and
  
  providing proof of possession of said key to verify membership of said group.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein said step of providing proof includes showing said key.
  - 3. The method of claim 1, wherein said step of providing proof includes receiving a challenge and replying to said challenge.
  - 4. The method of claim 3, wherein said replying to said challenge is performed by modifying data by the use of a one-way function having said key as an input.
  - 5. The method of claim 1, further comprising the step of:
    - updating said key upon the departure of a member from said group.
  - 6. The method of claim 1, wherein said step of providing proof of possession is performed anonymously.

7. A method for admission control for a group, comprising the steps of:
- possessing a key; and
  
  showing said key as proof of membership of said group.

8. A method for admission control for a group having a group key, comprising the steps of:
- sending a first key to a first party;
  
  sending a second key to said first party; and
  
  sending said first key to a plurality of members of said group;
  
  wherein said first key is an update of said group key and said second key is unique to said first party.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, further comprising the step of challenging said first party by requesting an encrypted reply reflective of said first key.
  - 10. The method of claim 8, wherein said first key is updated at least once during a predetermined time interval.
  - 11. The method of claim 8, wherein said first key is mixed with a key used for encryption of messages.

12. A method for admission control for a group having a group key, comprising the steps of:
- sending a first key to a first party; and
  
  sending a second key to said first party;
  
  wherein said first key is a hashed key of said group key and said second key is unique to said first party.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, further comprising the step of challenging said first party by requesting an encrypted reply reflective of said first key.
  - 14. The method of claim 12, further comprising the step of updating said first key at least once during a predetermined time interval.
  - 15. The method of claim 12, wherein said first key is mixed with a key used for encryption of messages.

16. An electronic device having an admission control facility for controlling access to a group using a group key, said admission control facility comprising:
- means for receiving a request from a first party for admission to said group; and
  
  means for sending a first key and a second key, wherein said first key is an update of said group key and is sent to a plurality of members of said group and wherein said second key is unique to said first party and is sent exclusively to said first party.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
- - 17. The electronic device of claim 16, wherein said first key is updated upon addition of at least one member to said group.
  - 18. The electronic device of claim 16, wherein said first key is updated upon removal of at least one member from said group.
  - 19. The electronic device of claim 16, wherein said means for sending sends said first key at least once during a predetermined time interval to said members of said group.
  - 20. The electronic device of claim 16, wherein said first key is updated at least once during a predetermined time interval.
  - 21. The electronic device of claim 16, further comprising a second party adapted to challenge said first party by requesting an encrypted reply reflective of said first key.
  - 22. The electronic device of claim 16 wherein the admission control facility is a server.
  - 23. The electronic device of claim 16 wherein the admission control facility is a web server.
  - 24. The electronic device of claim 16 wherein the admission control facility is an intermediary between a client and a server.

25. An electronic device, comprising:
- an admission control facility for controlling access to a group using a group key, said admission control facility comprising;
  
  means for receiving a request from a first party for admission to said group; and
  
  means for sending a first key and a second key, wherein said first key is a hashed key of said group key and is sent to said first party and wherein said second key is unique to said first party and is sent exclusively to said first party.
- View Dependent Claims (26, 27, 28)
- - 26. The electronic device of claim 25, wherein said wherein said first key is updated upon removal of at least one member from said group.
  - 27. The electronic device of claim 25, wherein said means for sending sends said first key at least once during a predetermined time interval to said members of said group.
  - 28. The electronic device of claim 25, wherein said first key is updated at least once during a predetermined time interval.

29. An electronic device, comprising:
- an admission control facility for controlling access to a group using a group key, said admission control facility comprising;
  
  a receiver adapted to receive a request from a first party for admission to said group; and
  
  a sender adapted to send a first key and a second key, wherein said first key is an update of said group key and is sent to a plurality of members of said group and wherein said second key is unique to said first party and is sent exclusively to said first party.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37)
- - 30. The electronic device of claim 29, wherein said first key is updated upon addition of at least one member to said group.
  - 31. The electronic device of claim 29, wherein said first key is updated upon removal of at least one member from said group.
  - 32. The electronic device of claim 29, wherein said sender is adapted to send said first key at least once during a predetermined time interval to said members of said group.
  - 33. The electronic device of claim 29, wherein said first key is updated at least once during a predetermined time interval.
  - 34. The electronic device of claim 29, further comprising a second party adapted to challenge said first party by requesting an encrypted reply reflective of said first key.
  - 35. The electronic device of claim 29 wherein the admission control facility is a server.
  - 36. The electronic device of claim 29 wherein the admission control facility is a web server.
  - 37. The electronic device of claim 29 wherein the admission control facility is an intermediary between a client and a server.

38. An electronic device, comprising:
- an admission control facility for controlling access to a group using a group key, said admission control facility comprising;
  
  a receiver adapted to receive a request from a first party for admission to said group; and
  
  a sender adapted to send a first key and a second key, wherein said first key is a hashed key of said group key and is sent to said first party and wherein said second key is unique to said first party and is sent exclusively to said first party.
- View Dependent Claims (39, 40, 41)
- - 39. The electronic device of claim 38, wherein said wherein said first key is updated upon removal of at least one member from said group.
  - 40. The electronic device of claim 38, wherein said means for sending sends said first key at least once during a predetermined time interval to said members of said group.
  - 41. The electronic device of claim 38, wherein said first key is updated at least once during a predetermined time interval.

42. An electronic device holding computer-executable instructions for performing a method, comprising the steps of:
- sending a first key to a first party;
  
  sending a second key to said first party; and
  
  sending said first key to a plurality of members of said group;
  
  wherein said first key is an update of said group key and said second key is unique to said first party.

43. An electronic device holding computer-executable instructions for performing a method, comprising the steps of:
- sending a first key to a first party; and
  
  sending a second key to said first party;
  
  wherein said first key is a hashed key of said group key and said second key is unique to said first party.

44. A storage medium holding computer-executable instructions for performing a method, comprising the steps of:
- sending a first key to a first party;
  
  sending a second key to said first party; and
  
  sending said first key to a plurality of members of said group;
  
  wherein said first key is an update of said group key and said second key is unique to said first party.

45. A storage medium holding computer-executable instructions for performing a method, comprising the steps of:
- sending a first key to a first party; and
  
  sending a second key to said first party;
  
  wherein said first key is a hashed key of said group key and said second key is unique to said first party.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Carroni, Germano, Scott, Glenn C.

Granted Patent

US 7,751,569 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/279
CPC Class Codes

H04L 2209/42   Anonymization, e.g. involvi...

H04L 2209/60   Digital content management,...

H04L 9/0833   involving conference or gro...

H04L 9/0891   Revocation or update of sec...

Group admission control apparatus and methods

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

Group admission control apparatus and methods

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links