System and method for transmitting and receiving secure data in a virtual private group
First Claim
1. A method for transmitting secure data from a first node to a second node, the method comprising:
- modifying the network stack below the application layer to include virtual private group functionality;
accessing a group membership table with a process functioning below the application layer in the network stack on the first node, the group membership table having group membership information for each group, including a first group, to which the first node belongs and group security information associated with each group, wherein the first group has two or more members;
checking the group membership table with a process functioning below the application layer in the network stack to determine if the second node is a member of the first group; and
if the second node is a member of the first group, encrypting a data packet using the group security information associated with the first group, processing the encrypted data packet, and transmitting the encrypted data packet from the first node to the second node.
15 Assignments
0 Petitions
Accused Products
Abstract
A novel system and method for transmitting and receiving secure data in a virtual private group (VPG). In one embodiment, a method for transmitting secure data from a first node to a second node includes accessing a group membership table on the first node, the group membership table having group membership information for each group, including a first group, to which the first node belongs and group security information associated with each group, wherein the first group has two or more members, and checking the group membership table to determine if the second node is a member of the first group. If the second node is a member of the first group, the method further includes encrypting a data packet using the group security information associated with the first group, processing the encrypted data packet, and transmitting the encrypted data packet from the first node to the second node.
63 Citations
35 Claims
-
1. A method for transmitting secure data from a first node to a second node, the method comprising:
-
modifying the network stack below the application layer to include virtual private group functionality; accessing a group membership table with a process functioning below the application layer in the network stack on the first node, the group membership table having group membership information for each group, including a first group, to which the first node belongs and group security information associated with each group, wherein the first group has two or more members; checking the group membership table with a process functioning below the application layer in the network stack to determine if the second node is a member of the first group; and if the second node is a member of the first group, encrypting a data packet using the group security information associated with the first group, processing the encrypted data packet, and transmitting the encrypted data packet from the first node to the second node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for transmitting secure data from a first node in a virtual private group to other nodes in the virtual private group, the method comprising:
-
modifying the network stack below the application layer to include virtual private group functionality; accessing a group membership table with a process functioning below the application layer in the network stack on the first node, the group membership table having group security information associated with the virtual private group; checking the group membership table with a process functioning below the application layer in the network stack to verify that the other nodes are members of the virtual private group; and upon such verification, encrypting data using the group security information associated with the virtual private group, processing the encrypted data packet, and transmitting the encrypted data packet from the first node to each of the other nodes in the virtual private group.
-
-
11. A method for receiving secure data on a first node that is sent from a second node, the method comprising:
-
modifying the network stack below the application layer to include virtual private group functionality; accessing a group membership table with a process functioning below the application layer in the network stack on the first node, the group membership table having group membership information for each group, including a first group, to which the first node belongs and group security information associated with each group, wherein the first group has two or more members; checking the group membership table with a process functioning below the application layer in the network stack to determine if the second node is a member of the first group; and if the second node is a member of the first group, validating an encrypted data packet that has been sent from the second node, decrypting the encrypted data packet using the group security information associated with the first group, and processing the decrypted data packet. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A node for transmitting secure data to a device, the node comprising:
-
a processor; a memory; and a computer-readable medium having computer-executable instructions stored thereon, the computer-executable instructions to be executed by the processor from the memory to; modify the network stack below the application layer to include virtual private group functionality; access a group membership table with a process functioning below the application layer in the network stack on the node, the group membership table having group membership information for each group, including a first group, to which the node belongs and group security information associated with each group, wherein the first group has two or more members; verify from the group membership table with a process functioning below the application layer in the network stack that the device is also a member of the first group; encrypt a data packet using the group security information associated with the first group; process the encrypted data packet; and transmit the encrypted data packet to the device. - View Dependent Claims (22, 23)
-
-
24. A node for transmitting secure data to a device, the node comprising:
-
a processing unit; and a network interface device coupled to the processing unit, the network interface device having a processor, a memory, and a computer-readable medium containing computer-executable instructions stored thereon, the computer-executable instructions to be executed by the processor from the memory to; modify the network stack below the application layer to include virtual private group functionality; access a group membership table with a process functioning below the application layer in the network stack on the node, the group membership table having group membership information for each group, including a first group, to which the node belongs and group security information associated with each group, wherein the first group has two or more members; verify from the group membership table with a process functioning below the application layer in the network stack that the device is also a member of the first group; encrypt a data packet using the group security information associated with the first group; process the encrypted data packet; and transmit the encrypted data packet to the device. - View Dependent Claims (25, 26)
-
-
27. A node for receiving secure data from a device, the node comprising:
-
a processor; a memory; and a computer-readable medium having computer-executable instructions stored thereon, the computer-executable instructions to be executed by the processor from the memory to; modify the network stack below the application layer to include virtual private group functionality; access a group membership table with a process functioning below the application layer in the network stack on the node, the group membership table having group membership information for each group, including a first group, to which the node belongs and group security information associated with each group, wherein the first group has two or more members; verify from the group membership table with a process functioning below the application layer in the network stack that the device is also a member of the first group; validate an encrypted data packet that has been sent from the device; decrypt the encrypted data packet using the group security information associated with the first group; and process the decrypted data packet. - View Dependent Claims (28, 29)
-
-
30. A node for receiving secure data from a device, the node comprising:
-
a processing unit; and a network interface device coupled to the processing unit, the network interface device having a processor, a memory, and a computer-readable medium containing computer-executable instructions stored thereon, the computer-executable instructions to be executed by the processor from the memory to; modify the network stack below the application layer to include virtual private group functionality; access a group membership table with a process functioning below the application layer in the network stack on the node, the group membership table having group membership information for each group, including a first group, to which the node belongs and group security information associated with each group, wherein the first group has two or more members; verify from the group membership table with a process functioning below the application layer in the network stack that the device is also a member of the first group; validate an encrypted data packet that has been sent from the device; decrypt the encrypted data packet using the group security information associated with the first group; and process the decrypted data packet. - View Dependent Claims (31, 32)
-
-
33. A system for secure group communications, ;
- the system comprising;
a policy server; a first communication network connected to a public communications network by a first firewall; a second communication network connected to the public communications network by a second firewall; a first virtual private group member node including a network interface device connected to the first communication network; a second virtual private group member node including a network interface device connected to the second communication network; wherein the first and second virtual private group member node'"'"'s network interface device includes a processor, a memory, a network stack modified below the application layer to include virtual private group functionality, and a computer-readable medium having computer-executable instructions stored thereon, the computer-executable instructions to be executed by the processor form the memory on the first virtual private group member node to; receive from the policy server a group membership table, the group membership table having group membership information for each group, including a first group, to which the first virtual private group member node belongs and group security information associated with each group, wherein the first group has two or more members; access the group membership table with a process functioning below the application layer in the network stack on the first virtual private group member node; verify from the group membership table with a process functioning below the application layer in the network stack that the second virtual private group member node is also a member of the first group; encrypt a data packet using the group security information associated with the first group; process the encrypted data packet; and transmit the encrypted data packet to the second virtual private group member node. - View Dependent Claims (34, 35)
- the system comprising;
Specification