Access and storage of secure group communication cryptographic keys

US 6,256,733 B1
Filed: 06/30/1999
Issued: 07/03/2001
Est. Priority Date: 10/08/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for secure group communication comprising the steps of:

generating security credentials of a group to initiate a secured group communication;

storing the security credentials of the group in a location accessible for more than one member in the group; and

obtaining, on demand, by a member of the group, at least a portion of the stored security credentials of the group for at least one of a plurality of members of the group.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for secure group communication allows on-demand procurement of stored security credentials of a group. In one embodiment, this is done by having a processor store at least a portion of the security credentials of the group in a location accessible from more than one member of the group, such as in an encrypted form in a public directory. Security credentials include at least a cryptographic key use to secure information. Each member may have a dedicated entry containing a group security credential associated with that member. The information may also be stored in a variety of other ways including, for example, storing a composite set of encrypted group security credentials. A member accesses the stored group security credentials on an on-demand basis.

Citations

37 Claims

1. A method for secure group communication comprising the steps of:
- generating security credentials of a group to initiate a secured group communication;
  
  storing the security credentials of the group in a location accessible for more than one member in the group; and
  
  obtaining, on demand, by a member of the group, at least a portion of the stored security credentials of the group for at least one of a plurality of members of the group.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein the step of storing the security credential includes independently storing at least a part of the security credentials of the group, separately from individual member security credentials.
  - 3. The method of claim 2 including the step of maintaining a history of the stored security credential of the group separately from cryptographic key histories associated with the individual member security credentials.
  - 4. The method of claim 2 wherein the individual member security credentials include at least one private decryption key of a public/private key pair stored in a separate file from the at least part of the security credentials of the group.
  - 5. The method of claim 1 including the steps of
- 6. The method of claim 5 wherein the step of encrypting the group credentials on a per member basis includes the step of wrapping at least a portion of the generated security credentials of the group separately using a public key of each of a plurality of members.
- 7. The method of claim 6 wherein the security credentials of the group include a private group decryption key and wherein the step of encrypting includes encrypting the private group decryption key using a symmetric key prior to wrapping using the public key of each of the plurality of members.
- 8. The method of claim 1 including the step of authenticating a member requesting to obtain, on demand, the stored security credentials of the group prior to releasing the stored security credentials of the group.
- 9. The method of claim 1 including the step of encrypting the security credentials of the group using cryptographic keys associated with all members of the group to produce a composite set of encrypted group security credentials for all members and storing the composite set in a repository accessible by the members.
- 10. The method of claim 9 including the step of retrieving, for a member, the composite set of encrypted group security credentials from the repository.
- 11. The method of claim 1 including the step of controlling deletion of the security credentials of the group, for at least one member, in response to determining that the member has been deleted from the group.
- 12. The method of claim 11 including the step of generating deletion command data for the at least one member to effect deletion of a security credential for the group by the at least one member.
- 13. The method of claim 11 including the step of polling, by a member, for at least a portion of group security credentials to determine that the member has been deleted from the group.

14. An apparatus for providing secure group communication comprising:
- means for generating security credentials of a group to initiate a secured group communication;
  
  means for storing the security credentials of the group in a location accessible for more than one member in the group; and
  
  means for obtaining, on demand by a member of the group, the stored security credentials of the group for at least one of a plurality of members of the group.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The apparatus of claim 14 wherein the means for storing the security credential stores at least a part of the security credentials of the group on a per group basis, separately from individual member security credentials to provide storage as independent group member credentials.
  - 16. The apparatus of claim 15 including means for maintaining a history of the stored security credentials of the group separately from cryptographic key histories associated with the individual member security credentials.
  - 17. The apparatus of claim 15 wherein the individual member security credentials include at least one private decryption key of a public/private key pair stored in a separate file from the at least part of the security credentials of the group.
  - 18. The apparatus of claim 14 including means for encrypting on a per member basis, at least a portion of the security credentials of the group to generate per member encrypted group credentials;
    - and for storing the per member encrypted group credentials on a per member basis in a repository accessible by each member.
  - 19. The apparatus of claim 18 wherein the means for encrypting the group credentials on a per member basis wraps at least a portion of the generated security credentials of the group separately using a public key of each of a plurality of members.
  - 20. The apparatus of claim 19 wherein the security credentials of the group include a private group decryption key and wherein the means for encrypting encrypts the private group decryption key using a symmetric key prior to wrapping using the public key of each of the plurality of members.
  - 21. The apparatus of claim 14 including means for authenticating a member requesting to obtain, on demand, the stored security credentials of the group prior to releasing the stored security credentials of the group.
  - 22. The apparatus of claim 14 including means for encrypting the security credentials of the group using cryptographic keys associated with all members of the group to produce a composite set of encrypted group security credentials for all members and storing the composite set in a repository accessible by the members.
  - 23. The apparatus of claim 22 including means for retrieving, for a member, the composite set of encrypted group security credentials from the repository.
  - 24. The apparatus of claim 14 including means for controlling deletion of the security credentials of the group, for at least one member, in response to determining that the member has been deleted from the group.
  - 25. The apparatus of claim 24 including means for generating deletion command data for the at least one member to effect deletion of a security credential for the group by the at least one member.

26. A storage medium comprising memory containing executable instructions that when read by a processor, cause one or more processors to:
- generate security credentials of a group to initiate a secured group communication;
  
  store the security credentials of the group in a location accessible for more than one member in the group; and
  
  obtain, on demand by a member of the group, the stored security credentials of the group for at least one of a plurality of members of the group.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 27. The storage medium of claim 26 including memory containing executable instructions that when read by the one or more processors causing one or more processors to store at least a part of the security credentials of the group on a per group basis, separately from individual member security credentials to provide storage as independent group member credentials.
  - 28. The storage medium of claim 27 memory containing executable instructions that when read by the one or more processors causes one or more processors to maintain a history of the stored security credentials of the group separately from cryptographic key histories associated with the individual member security credentials.
  - 29. The storage medium of claim 27 wherein the individual member security credentials include at least one private decryption key of a public/private key pair stored in a separate file from the at least part of the security credentials of the group.
  - 30. The storage medium of claim 26 including memory containing executable instructions that when read by the one or more processors causes one or more processors to:
31. The storage medium of claim 30 including memory containing executable instructions that when read by the one or more processors causes one or more processors to wrap at least a portion of the generated security credentials of the group separately using a public key of each of a plurality of members.
32. The storage medium of claim 31 wherein the security credentials of the group include a private group decryption key and including memory containing executable instructions that when read by the one or more processors causes one or more processors to encrypt the private group decryption key using a symmetric key prior to wrapping using the public key of each of the plurality of members.
33. The storage medium of claim 26 including memory containing executable instructions that when read by the one or more processors causes one or more processors to authenticate a member requesting to obtain, on demand, the stored security credentials of the group prior to releasing the stored security credentials of the group.
34. The storage medium of claim 26 including memory containing executable instructions that when read by the one or more processors causes one or more processors to encrypt the security credentials of the group using cryptographic keys associated with all members of the group to produce a composite set of encrypted group security credentials for all members and storing the composite set in a repository accessible by the members.
35. The storage medium of claim 34 including memory containing executable instructions that when read by the one or more processors causes one or more processors to retrieve, for a member, the composite set of encrypted group security credentials from the repository.
36. The storage medium of claim 26 including memory containing executable instructions that when read by the one or more processors causes one or more processors to control deletion of the security credential of the group, for at least one member, in response to determining that the member has been deleted from the group.
37. The storage medium of claim 36 including memory containing executable instructions that when read by the one or more processors causes one or more processors to generate deletion command data for the at least one member to effect deletion of a security credential for the group by the at least one member.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entrust Incorporated (Entrust Corp.), Entrust Technologies Limited
Original Assignee
Entrust Technologies Limited
Inventors
Thakkar, Dhanya, Langford, Glenn C., Montcalm, Jacques
Primary Examiner(s)
Swann, Tod
Assistant Examiner(s)
Darrow, Justin T.

Application Number

US09/343,761
Time in Patent Office

734 Days
Field of Search

713/155, 713/156, 713/158, 713/175, 380/277, 380/278, 380/279, 380/281, 380/286
US Class Current

713/156
CPC Class Codes

H04L 2463/102   applying security measure f...

H04L 63/0428   wherein the data content is...

H04L 63/065   for group communications cr...

H04L 63/104   Grouping of entities

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0833   involving conference or gro...

H04L 9/0897   involving additional device...

Access and storage of secure group communication cryptographic keys

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Access and storage of secure group communication cryptographic keys

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links