FACILITATING GROUP ACCESS CONTROL TO DATA OBJECTS IN PEER-TO-PEER OVERLAY NETWORKS
First Claim
1. A group administrator peer node, comprising:
- a communications interface adapted to facilitate communication on a peer-to-peer overlay network;
a storage medium including a private key and public key pair associated with the group administrator peer node; and
a processing circuit coupled to the communications interface and the storage medium, the processing circuit adapted to;
create a peer group, the group defining one or more peer nodes as members of the group; and
assign a peer-specific certificate to a group member peer node that is a member of the group, the peer-specific certificate adapted to authenticate membership in the group to other peer nodes in the peer-to-peer overlay network and including a group identity, an identity of the group member peer node, an identity of an issuing apparatus and a signature by a private key of the issuing apparatus over one or more components of the peer-specific certificate.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatuses are provided for facilitating group access controls in peer-to-peer or other similar overlay networks. A group administrator may create a group in the overlay network and may assign peer-specific certificates to each member of the group for indicating membership in the group. A group member peer node can access data objects in the overlay network using its respective peer-specific certificate to authenticate itself as a group member. The authentication is performed by another peer node in the network. The validating peer node can authenticate that the group member is the rightful possessor of the peer-specific certificate using a public key associated with the peer node to which the peer-specific certificate was issued. The validating peer node can also validate that the peer-specific certificate was properly issued to the group member using a public key of the apparatus that issued the peer-specific certificate.
85 Citations
41 Claims
-
1. A group administrator peer node, comprising:
-
a communications interface adapted to facilitate communication on a peer-to-peer overlay network; a storage medium including a private key and public key pair associated with the group administrator peer node; and a processing circuit coupled to the communications interface and the storage medium, the processing circuit adapted to; create a peer group, the group defining one or more peer nodes as members of the group; and assign a peer-specific certificate to a group member peer node that is a member of the group, the peer-specific certificate adapted to authenticate membership in the group to other peer nodes in the peer-to-peer overlay network and including a group identity, an identity of the group member peer node, an identity of an issuing apparatus and a signature by a private key of the issuing apparatus over one or more components of the peer-specific certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method operational in a group administrator peer node, comprising:
-
obtaining a public and private key pair associated with the group administrator peer node; creating a peer group in a peer-to-peer overlay network, the group defining one or more peer nodes that are members of the group; and assigning a peer-specific certificate to a group member peer node that is a member of the group, the peer-specific certificate adapted to authenticate membership in the group to other peer nodes in the peer-to-peer overlay network and including a group identity, an identity of the group member peer node, an identity of an issuing apparatus and a signature by a private key of the issuing apparatus over one or more components of the peer-specific certificate. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A group administrator peer node, comprising:
-
means for obtaining a public and private key pair associated with the group administrator peer node; means for creating a peer group in a peer-to-peer overlay network, the group defining one or more peer nodes that are members of the group; and means for assigning a peer-specific certificate to a group member peer node that is a member of the group, the peer-specific certificate adapted to authenticate membership in the group to other peer nodes in the peer-to-peer overlay network and including a group identity, an identity of the group member peer node, an identity of an issuing apparatus and a signature by a private key of the issuing apparatus over one or more components of the peer-specific certificate. - View Dependent Claims (17)
-
-
18. A processor-readable medium comprising instructions operational on a group administrator peer node, which when executed by a processor causes the processor to:
-
obtain a public and private key pair associated with the group administrator peer node; create a peer group in a peer-to-peer overlay network, the group defining one or more peer nodes that are members of the group; and assign a peer-specific certificate to a group member peer node that is a member of the group, the peer-specific certificate adapted to authenticate membership in the group to other peer nodes in the peer-to-peer overlay network and including a group identity, an identity of the group member peer node, an identity of an issuing apparatus and a signature by a private key of the issuing apparatus over one or more components of the peer-specific certificate. - View Dependent Claims (19)
-
-
20. A group member peer node, comprising:
-
a communications interface adapted to facilitate communication on a peer-to-peer overlay network; a storage medium including a private key and a public key pair associated with the group member peer node; and a processing circuit coupled to the communications interface and the storage medium, the processing circuit adapted to; receive via the communications interface a peer-specific group certificate issued to the group member peer node from a group administrator peer node, the peer-specific group certificate including a group identity, an identity of the group member peer node, an identity of the group administrator peer node and a signature by a private key of the group administrator peer node over one or more components of the peer-specific group certificate; send via the communications interface the peer-specific group certificate to a validating peer node to authenticate the group member peer node as a group member, wherein the peer-specific group certificate is adapted to be authenticated by the validating peer node; and send via the communications interface authentication data to the validating peer node, the authentication data being signed using the private key associated with the group member peer node. - View Dependent Claims (21, 22, 23)
-
-
24. A method operational in a group member peer node, comprising:
-
obtaining a public and private key pair associated with the group member peer node; receiving a peer-specific group certificate issued to the group member peer node from a group administrator peer node, the peer-specific group certificate including a group identity, an identity of the group member peer node, an identity of the group administrator peer node and a signature by a private key of the group administrator peer node over one or more components of the peer-specific group certificate; sending the peer-specific group certificate to a validating peer node to authenticate the group member peer node as a group member, wherein the peer-specific group certificate is adapted to be authenticated by the validating peer node; and sending authentication data to the validating peer node, the authentication data being signed using the private key associated with the group member peer node. - View Dependent Claims (25, 26, 27)
-
-
28. A group member peer node, comprising:
-
means for obtaining a public and private key pair associated with the group member peer node; means for receiving a peer-specific group certificate issued to the group member peer node from a group administrator peer node, the peer-specific group certificate including a group identity, an identity of the group member peer node, an identity of the group administrator peer node and a signature by a private key of the group administrator peer node over one or more components of the peer-specific group certificate; means for sending the peer-specific group certificate to a validating peer node to authenticate the group member peer node as a group member, wherein the peer-specific group certificate is adapted to be authenticated by the validating peer node; and means for sending authentication data to the validating peer node, the authentication data being signed using the private key of the group member peer node.
-
-
29. A processor-readable medium comprising instructions operational on a group member peer node, which when executed by a processor causes the processor to:
-
obtain a public and private key pair associated with the group member peer node; receive a peer-specific group certificate issued to the group member peer node from a group administrator peer node, the peer-specific group certificate including a group identity, an identity of the group member peer node, an identity of the group administrator peer node and a signature by a private key of the group administrator peer node over one or more components of the peer-specific group certificate; send the peer-specific group certificate to a validating peer node to authenticate the group member peer node as a group member, wherein the peer-specific group certificate is adapted to be authenticated by the validating peer node; and send authentication data to the validating peer node, the authentication data being signed using the private key of the group member peer node.
-
-
30. A validating peer node, comprising:
-
a communications interface adapted to facilitate communication on a peer-to-peer overlay network; a processing circuit coupled to the communications interface, the processing circuit adapted to; receive via the communications interface a peer-specific group certificate from a group member peer node seeking authentication as a member of a group, the peer-specific group certificate including a group identity, an identity of the group member peer node, an identity of a group administrator peer node and a signature by a private key of the group administrator peer node over one or more components of the peer-specific group certificate; obtain a group token from the peer-to-peer overlay network, the group token including a signature by the private key of the group administrator peer node, wherein the group token is stored in the peer-to-peer overlay network as a data object identified by the group identity; verify the signature of the group token using a public key associated with the group administrator peer node to validate that the group administrator peer node was authorized to issue the peer-specific group certificate; and verify the peer-specific group certificate using the public key associated with the group administrator peer node. - View Dependent Claims (31, 32, 33)
-
-
34. A method operational in a validating peer node, comprising:
-
receiving a peer-specific group certificate from a group member peer node seeking authentication as a member of a group, the peer-specific group certificate including a group identity, an identity of the group member peer node, an identity of a group administrator peer node and a signature by a private key of the group administrator peer node over one or more components of the peer-specific group certificate; obtaining a group token from the peer-to-peer overlay network, the group token including a signature by the private key of the group administrator peer node, wherein the group token is stored in the peer-to-peer overlay network as a data object identified by the group identity; verifying the signature of the group token using a public key associated with the group administrator peer node to validate that the group administrator peer node was authorized to issue the peer-specific group certificate; and verifying the peer-specific group certificate using the public key associated with the group administrator peer node. - View Dependent Claims (35, 36, 37)
-
-
38. A validating peer node, comprising:
-
means for receiving a peer-specific group certificate from a group member peer node seeking authentication as a member of a group, the peer-specific group certificate including a group identity, an identity of the group member peer node, an identity of a group administrator peer node and a signature by a private key of the group administrator peer node over one or more components of the peer-specific group certificate; means for obtaining a group token from the peer-to-peer overlay network, the group token including a signature by the private key of the group administrator peer node, wherein the group token is stored in the peer-to-peer overlay network as a data object identified by the group identity; means for verifying the signature of the group token using a public key associated with the group administrator peer node to validate that the group administrator peer node was authorized to issue the peer-specific group certificate; and means for verifying the peer-specific group certificate using the public key associated with the group administrator peer node. - View Dependent Claims (39)
-
-
40. A processor-readable medium comprising instructions operational on a validating peer node, which when executed by a processor causes the processor to:
-
receive a peer-specific group certificate from a group member peer node seeking authentication as a member of a group, the peer-specific group certificate including a group identity, an identity of the group member peer node, an identity of a group administrator peer node and a signature by a private key of the group administrator peer node over one or more components of the peer-specific group certificate; obtain a group token from the peer-to-peer overlay network, the group token including a signature by the private key of the group administrator peer node, wherein the group token is stored in the peer-to-peer overlay network as a data object identified by the group identity; verify the signature of the group token using a public key associated with the group administrator peer node to validate that the group administrator peer node was authorized to issue the peer-specific group certificate; and verify the peer-specific group certificate using the public key associated with the group administrator peer node. - View Dependent Claims (41)
-
Specification