SECURE PROTOCOL FOR PEER-TO-PEER NETWORK

US 20120155643A1
Filed: 12/16/2010
Published: 06/21/2012
Est. Priority Date: 12/16/2010
Status: Active Grant

First Claim

Patent Images

1. A method of operating a wireless computing device configured as a controlling device in a peer-to-peer group, the method comprising:

performing a key generation process with a first device, whereby a first master key is provided to the first device;

performing a key generation process with a second device, whereby a second master key is provided to the second device, the second master key being different than the first master key;

forming a peer-to-peer group including the first wireless device and the second wireless device as clients, the forming comprising;

authenticating the first wireless device based on the first master key;

generating a first transient key based on the first master key;

authenticating the second wireless device based on the second master key; and

generating a second transient key based on the second master key;

exchanging data with the first wireless device and the second wireless device as part of the peer-to-peer group, the exchanging comprising;

encrypting data sent to the first wireless device with the first transient key; and

encrypting data sent to the second wireless device with the second transient key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A wireless computing device operating as a controller of a peer-to-peer group configured to generate unique master keys for each device joining the group. The wireless computing device may use the unique master keys to selectively remove remote devices from the group such that the remote device cannot later rejoin the group. Other remote devices, each possessing a master key that remains valid, can disconnect from the group and later reconnect to the group without express user action. To support such behavior, the wireless device may provide a user interface through which a user may manage connected remote devices by providing commands to selectively disconnect or remove remote devices from the group.

84 Citations

View as Search Results

20 Claims

1. A method of operating a wireless computing device configured as a controlling device in a peer-to-peer group, the method comprising:
- performing a key generation process with a first device, whereby a first master key is provided to the first device;
  
  performing a key generation process with a second device, whereby a second master key is provided to the second device, the second master key being different than the first master key;
  
  forming a peer-to-peer group including the first wireless device and the second wireless device as clients, the forming comprising;
  
  authenticating the first wireless device based on the first master key;
  
  generating a first transient key based on the first master key;
  
  authenticating the second wireless device based on the second master key; and
  
  generating a second transient key based on the second master key;
  
  exchanging data with the first wireless device and the second wireless device as part of the peer-to-peer group, the exchanging comprising;
  
  encrypting data sent to the first wireless device with the first transient key; and
  
  encrypting data sent to the second wireless device with the second transient key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 12)
- - 2. The method of claim 1, further comprising:
    - invalidating the first master key and the first transient key, whereby the first wireless device is removed from the peer-to-peer group.
  - 3. The method of claim 2, further comprising:
    - after invalidating the first master key and the first transient key, exchanging data with the second wireless device as part of the peer-to-peer group.
  - 4. The method of claim 1, further comprising:
    - performing a group owner negotiation with at least the first wireless device, whereby the wireless computing device is selected as a group owner.
  - 5. The method of claim 2, wherein:
    - the method further comprises storing the first master key and the second master key in a key store; and
      
      invalidating the first master key comprises deleting the first master key from the key store.
  - 6. The method of claim 2, wherein:
    - the method further comprises receiving user input to remove the first wireless device from the peer-to-peer group;
      
      invalidating the first master key is performed in response to the user input.
  - 7. The method of claim 1, further comprising:
    - at a first time, disconnecting the second wireless device from the peer-to-peer group; and
      
      at a second time, reconnecting the second wireless device to the group, the reconnecting comprising;
      
      authenticating the second wireless device based on the second master key; and
      
      generating a further transient key based on the second master key.
  - 12. The computing device of claim 1, wherein:
    - the radio operates in a frequency band above 2 GHz and below 6 GHz.

8. A computing device comprising:
- a radio;
  
  at least one processor;
  
  computer storage medium comprising computer-executable components for execution on the at least on processor, the computer-executable components comprising;
  
  a peer-to-peer control component configured to interact with one or more remote devices to provide a group in accordance with a peer-to-peer protocol;
  
  a key generator, the key generator configured to interact with each of a plurality of remote devices to generate a unique master key for each of the plurality of remote devices;
  
  an authentication component, the authentication component configured to;
  
  determine whether a remote device attempting to join a peer-to-peer group controlled by the peer-to-peer control component has a valid master key, andwhen the remote device has a valid master key, interact with the remote device to generate a transient key for the remote device based on the valid master key.
- View Dependent Claims (9, 10, 11)
- - 9. The computing device of claim 8, wherein:
    - the computing device further comprises a data store for storing master keys generated by the key generator;
      
      the authentication component determines whether a remote device attempting to join a peer-to-peer group controlled by the peer-to-peer control component has a valid master key by processing a message received from the remote device with a key in the data store.
  - 10. The computing device of claim 9, wherein:
    - the computer executable components further comprise a component to remove a key from the data store in response to a user input to remove a remote device from a peer-to-peer group.
  - 11. The computing device of claim 10, wherein:
    - the authentication component is configured to determine whether a remote device attempting to join the peer-to-peer group has a valid master key by performing a handshake in accordance with a WPA2 protocol.

13. At least one computer readable storage medium comprising computer executable instructions that, when executed by a processor, perform a method comprising:
- performing a key generation process with each of a plurality of remote devices to provide a unique master key to each of the plurality of remote devices;
  
  storing the unique master key for each of the plurality of remote devices;
  
  forming a peer-to-peer group including at least a subset of the plurality of remote devices, the forming comprising, for each remote device in the subset;
  
  authenticating the device based on a stored master key; and
  
  generating a transient key based on the stored master key;
  
  exchanging data with the remote devices in the peer-to-peer group, the exchanging comprising, for one or more remote devices in the group;
  
  encrypting data sent to the remote device with a transient key generated for the remote device.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The at least one computer readable storage medium of claim 13, wherein the method further comprises:
    - removing a remote device from the peer-to-peer group, the removing comprising;
      
      invalidating a master key stored for the remote device.
  - 15. The at least one computer readable storage medium of claim 14, wherein the removing is performed in response to user input.
  - 16. The at least one computer readable storage medium of claim 15, wherein the method further comprises:
    - disconnecting a remote device from the peer-to-peer group, the disconnecting comprising;
      
      invalidating a transient key generated for the remote device.
  - 17. The at least one computer readable storage medium of claim 15, wherein the method further comprises:
    - rendering a user interface comprising;
      
      a display area through which the user may indicate a remote device connected in the peer-to-peer group;
      
      a first command selectable by the user to disconnect an indicated remote device from the peer-to-peer group; and
      
      a second command selectable by the user to remove an indicated remote device from the peer-to-peer group.
  - 18. The at least one computer readable storage medium of claim 16, wherein:
    - the computer executable instructions for forming a peer-to-peer group;
      
      admit to the peer-to-peer group a disconnected remote device; and
      
      deny access to the peer-to-peer group to a removed remote device.
  - 19. The at least one computer readable storage medium of claim 16, wherein:
    - storing the unique master key for each of the plurality of remote devices comprises storing each master key in a key store in connection with data describing the remote device.
  - 20. The at least one computer readable storage medium of claim 19, wherein:
    - the computer-executable instructions further comprise computer executable instructions for rendering a user interface for receiving commands to manage a peer-to-peer group, the user interface comprising;
      
      a display area presenting icons representing devices in the peer-to-peer group, the computer-executable instructions generating each icon based on data describing a remote device in the key store; and
      
      a command menu presenting a first command to disconnect a device from the peer-to-peer group and a second command to remove a device from the peer-to-peer group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Hassan, Amer A., Desai, Mitesh K., Gupta, Yatharth, Filgueiras, Henrique

Granted Patent

US 8,948,382 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/270
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/065   for group communications cr...

H04L 63/083   using passwords cryptograph...

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/1046   Joining mechanisms

H04L 67/1093   Some peer nodes performing ...

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

H04L 9/321   involving a third party or ...

H04L 9/3242   involving keyed hash functi...

H04W 12/041   Key generation or derivation

H04W 12/062   Pre-authentication

H04W 84/18   Self-organising networks, e...

SECURE PROTOCOL FOR PEER-TO-PEER NETWORK

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

84 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

SECURE PROTOCOL FOR PEER-TO-PEER NETWORK

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others