GROUP KEY MANAGEMENT RE-REGISTRATION METHOD

US 20100142711A1
Filed: 12/09/2008
Published: 06/10/2010
Est. Priority Date: 12/09/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

at a key server;

receiving a registration request from a network element to join a group of network elements managed by the key server;

generating and storing a group member registration state comprising information identifying the network element belonging to the group of network elements;

generating a token using information from the group member registration state, wherein the token identifies the network element belonging to the group of network elements;

deleting the group member registration state for the network element at the key server;

generating an encrypted token by encrypting the token using a secret key that is local to the key server;

sending the encrypted token to the network element;

receiving a re-registration request from the network element to rejoin the group of network elements, wherein the re-registration request comprises the encrypted token;

generating a decrypted token by decrypting the encrypted token using the secret key;

using data from the decrypted token, recovering and storing the group member registration state, comprising information identifying the network element belonging to the group of network elements; and

re-registering the network element using the information from the group member registration state.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an embodiment, a fast group key management re-registration is described. One computer-implemented method comprises, at a key server: receiving a registration request from a network element to join a group of network elements managed by the key server; generating and storing a group member registration state comprising information identifying the network element within the group of network elements; generating a token using information from the group member registration state, wherein the token identifies the network element within the group; deleting the group member registration state for the network element at the key server; generating an encrypted token by encrypting the token using a secret key that is local to the key server; sending the encrypted token to the network element; receiving the encrypted token along with a re-registration request from the network element to re-join the group of network elements; and re-registering the network element using the encrypted token.

56 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- at a key server;
  
  receiving a registration request from a network element to join a group of network elements managed by the key server;
  
  generating and storing a group member registration state comprising information identifying the network element belonging to the group of network elements;
  
  generating a token using information from the group member registration state, wherein the token identifies the network element belonging to the group of network elements;
  
  deleting the group member registration state for the network element at the key server;
  
  generating an encrypted token by encrypting the token using a secret key that is local to the key server;
  
  sending the encrypted token to the network element;
  
  receiving a re-registration request from the network element to rejoin the group of network elements, wherein the re-registration request comprises the encrypted token;
  
  generating a decrypted token by decrypting the encrypted token using the secret key;
  
  using data from the decrypted token, recovering and storing the group member registration state, comprising information identifying the network element belonging to the group of network elements; and
  
  re-registering the network element using the information from the group member registration state.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - generating a new token using information from the group member registration state, wherein the new token identifies the network element that has been re-registered;
      
      deleting the group member registration state for the network element that has been re-registered;
      
      generating an encrypted new token by encrypting the new token using the secret key that is local to the key server; and
      
      sending the encrypted new token to the network element that has been re-registered.
  - 3. The method of claim 1, wherein communications between the network element and the key server are implemented using a Group Domain Of Interpretation (GDOI) protocol.
  - 4. The method of claim 1, wherein the token further comprises data identifying a communication session between the network element and the key server.
  - 5. The method of claim 1, wherein the sending the encrypted token to the network element further comprises sending a time stamp associated with a moment in time when the token was generated.
  - 6. The method of claim 1, wherein the sending the encrypted token to the network element further comprises encapsulating the encrypted token into an IKE NOTIFY message.
  - 7. The method of claim 1, wherein the encrypted token is treated by the network element as an opaque blob.
  - 8. The method of claim 1, wherein the secret key that is local to the key server is also shared by at least one other key server.

9. A computer-implemented method comprising:
- at a network element;
  
  sending a registration request to a key server to join a group of network elements managed by the key server;
  
  receiving a token generated by the key server, wherein the token identifies the network element belonging to the group of network elements;
  
  generating a group member registration state comprising information identifying the network element belonging to the group of network elements;
  
  storing the token in the group member registration state; and
  
  sending a re-registration request along with the token to the key server to re-join the group of network elements managed by the key server.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, further comprising:
    - awaiting receiving of a new token from the key server as a confirmation that the network element is re-registered with the group managed by the key server.
  - 11. The method of claim 9, wherein communications between the network element and the key server are implemented using a Group Domain Of Interpretation (GDOI) protocol.
  - 12. The method of claim 9, wherein the token further comprises data identifying a communication session between the network element and the key server.
  - 13. The method of claim 9, wherein the token is sent encapsulated in an IKE NOTIFY message.
  - 14. The method of claim 9, wherein the network element treats the token as an opaque blob.

15. A computer-readable storage medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform:
- at a key server;
  
  receiving a registration request from a network element to join a group of network elements managed by the key server;
  
  generating and storing a group member registration state comprising information identifying the network element belonging to the group of network elements;
  
  generating a token using information from the group member registration state, wherein the token identifies the network element belonging to the group of network element;
  
  deleting the group member registration state for the network element at the key server;
  
  generating an encrypted token by encrypting the token with a secret key that is local to the key server;
  
  sending the encrypted token to the network element;
  
  receiving a re-registration request from the network element to rejoin the group of network elements, wherein the re-registration request comprises the encrypted token;
  
  generating a decrypted token by decrypting the encrypted token using the secret key;
  
  using data from the decrypted token, recovering and storing the group member registration state, comprising information identifying the network element belonging to the group of network elements; and
  
  re-registering the network element using the information from the group member registration state.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable storage medium of claim 15, further comprising instructions which when executed cause:
    - generating a new token using information from the group member registration state;
      
      deleting the group member registration state for the network element that has been re-registered;
      
      generating an encrypted new token by encrypting the new token using the secret key that is local to the key server; and
      
      sending the encrypted new token to the network element that has been re-registered.
  - 17. The computer-readable storage medium of claim 15, wherein communications between the network element and the key server are implemented using a Group Domain Of Interpretation (GDOI) protocol.
  - 18. The computer-readable storage medium of claim 15, wherein the token further comprises data identifying a communication session between the network element and the key server.
  - 19. The computer-readable storage medium of claim 15, wherein the sending the encrypted token to the network element further comprises sending a time stamp associated with a moment in time when the token was generated.
  - 20. The computer-readable storage medium of claim 15, wherein the sending the encrypted token to the network element further comprises encapsulating the encrypted token into an IKE NOTIFY message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Weis, Brian, McGrew, David

Granted Patent

US 8,204,228 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/277
CPC Class Codes

H04L 9/0833   involving conference or gro...

H04L 9/0877   using additional device, e....

H04L 9/3213   using tickets or tokens, e....

GROUP KEY MANAGEMENT RE-REGISTRATION METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

56 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

GROUP KEY MANAGEMENT RE-REGISTRATION METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links