Multiparty conference authentication

US 6,851,053 B1
Filed: 03/01/2000
Issued: 02/01/2005
Est. Priority Date: 03/02/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for accepting a new node to join a secured conference controlled by a top provider, comprising:

transmitting, by the new node to a first node, a request to join the conference and a certificate specifying an identity of the new node, said first node being connected to the top provider and participating in the conference, said new node being not directly connected to the top provider for transport-layer authentication;

authenticating, by the first node, the new node on a transport level;

forming, by the first node, a secured link with the new node if the new node is successfully authenticated on the transport level;

transmitting, by the first node on an application level, the request and certification of the new node to an application layer of the top provider over a secured link formed between the top provider and the first node;

verifying, by the top provider on an application level, the identity of the new node based on the certificate of the new node; and

informing, by the top provider, a second node connected to the top provider and already participating in the conference that the new node is to join the conference, and making the certificate of the new node available to the second node.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for controlling admission of new nodes to a secured conference combines transport layer security mechanism and application layer certificate exchange. A new node that is not directly connected to the top provider of the conference sends a request to join the conference and a certification identifying itself to a first conference node connected to the top provider. The first node performs transport level authentication of the new node, and then forwards the request and certificate of the new node on an application level to the top provider. The top provider verifies the identity of the new node based on the certificate. If the new node is allowed to join the conference, the top provider updates a list of conference participants and makes the certificate of the new node available to other conference nodes so that they can also verify the identity of the new node.

Citations

23 Claims

1. A method for accepting a new node to join a secured conference controlled by a top provider, comprising:
- transmitting, by the new node to a first node, a request to join the conference and a certificate specifying an identity of the new node, said first node being connected to the top provider and participating in the conference, said new node being not directly connected to the top provider for transport-layer authentication;
  
  authenticating, by the first node, the new node on a transport level;
  
  forming, by the first node, a secured link with the new node if the new node is successfully authenticated on the transport level;
  
  transmitting, by the first node on an application level, the request and certification of the new node to an application layer of the top provider over a secured link formed between the top provider and the first node;
  
  verifying, by the top provider on an application level, the identity of the new node based on the certificate of the new node; and
  
  informing, by the top provider, a second node connected to the top provider and already participating in the conference that the new node is to join the conference, and making the certificate of the new node available to the second node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method as in claim 1, further including the step of indicating by the second node to the top provider that the new node should be denied admission to the conference.
  - 3. A method as in claim 1, further including the step of determining by the first node whether to transmit the request of the new node to the top provider after the new node is authenticated by the first node on the transport level.
  - 4. A method as in claim 1, further including the step of providing a shared key to the new node for data encryption during the conference.
  - 5. A method as in claim 1, wherein the step of informing includes updating a list of conference participants to include the new node as a conference participant, said list of conference participants being accessible to the second node.
  - 6. A method as in claim 1, wherein the step of making available includes placing the certificate of the new node in a database of the top provider accessible by the second node.
  - 7. A method as in claim 1, wherein the step of making available includes placing a reference to the certificate of the new node in a database of the top provider accessible by the second node.
  - 8. A method as in claim 7, wherein the step of verifying includes determining by the top provider whether to allow the new node to join the conference.
  - 9. A method as in claim 1, further including the step of verifying by the second node the identity of the new node based on the certificate of the new node made available by the top provider.
  - 10. A method as in claim 9, further including the step of determining by the second node whether to leave the conference based on the identify of the new node.

11. A computer-readable medium having computer-executable instructions for performing steps for accepting a new node to join a secured conference controlled by a top provider, comprising:
- transmitting, by the new node to a first node, a request to join the conference and a certificate specifying an identity of the new node, said first node being connected to the top provider and participating in the conference, said new node being not directly connected to the top provider for transport-layer authentication;
  
  authenticating, by the first node, the new node on a transport level;
  
  forming, by the first node, a secured link with the new node if the new node is successfully authenticated on the transport level;
  
  transmitting, by the first node on an application level, the request and certification of the new node to an application layer of the top provider over a secured link formed between the top provider and the first node;
  
  verifying, by the top provider on an application level, the identity of the new node based on the certificate of the new node; and
  
  informing, by the top provider, a second node connected to the top provider and already participating in the conference that the new node is to join the conference and making the certificate of the new node available to the second node.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. A computer readable medium as in claim 11, including further computer-executable instructions for the second node to perform the step of indicating to the top provider that the new node should be denied admission to the conference.
  - 13. A computer-readable medium as in claim 11, further including computer-executable instructions for the first node to perform the step of determining whether to transmit the request of the new node to the top provider after the new node is authenticated by the first node on the transport level.
  - 14. A computer-readable medium as in claim 11, further including computer-executable instructions for performing the step of providing a shared key to the new node for data encryption during the conference.
  - 15. A computer readable medium as in claim 11, wherein the step of informing includes updating a list of conference participants to include the new node as a conference participant, said list of conference participants being accessible to the second node.
  - 16. A computer readable medium as in claim 11, wherein the step of making available includes placing the certificate of the new node in a database of the top provider accessible by the second node.
  - 17. A computer readable medium as in claim 11, wherein the step of making available includes placing a reference to the certificate of the new node in a database of the top provider accessible by the second node.
  - 18. A computer readable medium as in claim 17, wherein the step of verifying includes determining by the top provider whether to allow the new node to join the conference.
  - 19. A computer readable medium as in claim 11, including further computer-executable instructions for the second node to perform the step of verifying the identity of the new node based on the certificate of the new node made available by the top provider.
  - 20. A computer readable medium as in claim 19, including further computer-executable instructions for the second node to perform the step of determining whether to leave the conference based on the identify of the new node.

21. A computer-readable medium having computer-executable instructions for performing steps by a first node participating in a secured conference controlled by a top provider for accepting a new node to join the secured conference, comprising:
- receiving from the new node a request to join the conference and a certificate specifying an identity of the new node, said new node being not directly connected to the top provider for transport-level authentication;
  
  authenticating the new node on a transport level;
  
  forming a secured link with the new node if the new node is successfully authenticated on the transport level;
  
  transmitting, on an application level, the request and certification of the new node to the top provider over a secured link formed between the top provider and the first node; and
  
  receiving a response on an application level from the top provider to permit the new node to join the secured conference.
- View Dependent Claims (22, 23)
- - 22. A computer-readable medium as in claim 21, further including computer-executable instructions for the first node to perform the step of determining whether to transmit the request of the new node to the top provider after the new node is authenticated by the first node on the transport level.
  - 23. A computer-readable medium as in claim 21, including further computer-executable instructions for the first node to perform the step of providing a shared key to the new node for data encryption during the conference.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Liles, Jane R., Giloi, Claus T.
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
Lipman, Jacob

Application Number

US09/515,767
Time in Patent Office

1,798 Days
Field of Search

709/229, 709/204, 380/277, 370/261, 713/156, 713/168
US Class Current

713/168
CPC Class Codes

H04L 12/1818   Conference organisation arr...

H04L 63/0823   using certificates cryptogr...

H04L 63/104   Grouping of entities

H04L 63/166   at the transport layer

H04L 63/168   above the transport layer

Multiparty conference authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Multiparty conference authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links