Access and storage of secure group communication cryptographic keys
First Claim
1. A method for secure group communication comprising the steps of:
- generating security credentials of a group to initiate a secured group communication;
storing the security credentials of the group in a location accessible for more than one member in the group; and
obtaining, on demand, by a member of the group, at least a portion of the stored security credentials of the group for at least one of a plurality of members of the group.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for secure group communication allows on-demand procurement of stored security credentials of a group. In one embodiment, this is done by having a processor store at least a portion of the security credentials of the group in a location accessible from more than one member of the group, such as in an encrypted form in a public directory. Security credentials include at least a cryptographic key use to secure information. Each member may have a dedicated entry containing a group security credential associated with that member. The information may also be stored in a variety of other ways including, for example, storing a composite set of encrypted group security credentials. A member accesses the stored group security credentials on an on-demand basis.
-
Citations
37 Claims
-
1. A method for secure group communication comprising the steps of:
-
generating security credentials of a group to initiate a secured group communication;
storing the security credentials of the group in a location accessible for more than one member in the group; and
obtaining, on demand, by a member of the group, at least a portion of the stored security credentials of the group for at least one of a plurality of members of the group. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
encrypting on a per member basis, at least a portion of the security credentials of the group to generate per member encrypted group credentials; - and storing the per member encrypted group credentials on a per member basis in a repository accessible by each member.
-
6. The method of claim 5 wherein the step of encrypting the group credentials on a per member basis includes the step of wrapping at least a portion of the generated security credentials of the group separately using a public key of each of a plurality of members.
-
7. The method of claim 6 wherein the security credentials of the group include a private group decryption key and wherein the step of encrypting includes encrypting the private group decryption key using a symmetric key prior to wrapping using the public key of each of the plurality of members.
-
8. The method of claim 1 including the step of authenticating a member requesting to obtain, on demand, the stored security credentials of the group prior to releasing the stored security credentials of the group.
-
9. The method of claim 1 including the step of encrypting the security credentials of the group using cryptographic keys associated with all members of the group to produce a composite set of encrypted group security credentials for all members and storing the composite set in a repository accessible by the members.
-
10. The method of claim 9 including the step of retrieving, for a member, the composite set of encrypted group security credentials from the repository.
-
11. The method of claim 1 including the step of controlling deletion of the security credentials of the group, for at least one member, in response to determining that the member has been deleted from the group.
-
12. The method of claim 11 including the step of generating deletion command data for the at least one member to effect deletion of a security credential for the group by the at least one member.
-
13. The method of claim 11 including the step of polling, by a member, for at least a portion of group security credentials to determine that the member has been deleted from the group.
-
-
14. An apparatus for providing secure group communication comprising:
-
means for generating security credentials of a group to initiate a secured group communication;
means for storing the security credentials of the group in a location accessible for more than one member in the group; and
means for obtaining, on demand by a member of the group, the stored security credentials of the group for at least one of a plurality of members of the group. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A storage medium comprising memory containing executable instructions that when read by a processor, cause one or more processors to:
-
generate security credentials of a group to initiate a secured group communication;
store the security credentials of the group in a location accessible for more than one member in the group; and
obtain, on demand by a member of the group, the stored security credentials of the group for at least one of a plurality of members of the group. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
encrypt on a per member basis, at least a portion of the security credentials of the group to generate per member encrypted group credentials; and
store the per member encrypted group credentials on a per member basis in a repository accessible by each member.
-
-
31. The storage medium of claim 30 including memory containing executable instructions that when read by the one or more processors causes one or more processors to wrap at least a portion of the generated security credentials of the group separately using a public key of each of a plurality of members.
-
32. The storage medium of claim 31 wherein the security credentials of the group include a private group decryption key and including memory containing executable instructions that when read by the one or more processors causes one or more processors to encrypt the private group decryption key using a symmetric key prior to wrapping using the public key of each of the plurality of members.
-
33. The storage medium of claim 26 including memory containing executable instructions that when read by the one or more processors causes one or more processors to authenticate a member requesting to obtain, on demand, the stored security credentials of the group prior to releasing the stored security credentials of the group.
-
34. The storage medium of claim 26 including memory containing executable instructions that when read by the one or more processors causes one or more processors to encrypt the security credentials of the group using cryptographic keys associated with all members of the group to produce a composite set of encrypted group security credentials for all members and storing the composite set in a repository accessible by the members.
-
35. The storage medium of claim 34 including memory containing executable instructions that when read by the one or more processors causes one or more processors to retrieve, for a member, the composite set of encrypted group security credentials from the repository.
-
36. The storage medium of claim 26 including memory containing executable instructions that when read by the one or more processors causes one or more processors to control deletion of the security credential of the group, for at least one member, in response to determining that the member has been deleted from the group.
-
37. The storage medium of claim 36 including memory containing executable instructions that when read by the one or more processors causes one or more processors to generate deletion command data for the at least one member to effect deletion of a security credential for the group by the at least one member.
Specification