Methods and apparatus for scalable distributed management of wireless virtual private networks

US 7,246,232 B2
Filed: 06/28/2002
Issued: 07/17/2007
Est. Priority Date: 05/31/2002
Status: Active Grant

First Claim

Patent Images

1. A mobile communication system, comprising a plurality of leader nodes, each leader having logic contributing to management of a VPN having a plurality of group members, wherein communication between group members are encrypted using a VPN group key, each leader node comprising:

authentication logic authenticating VPN group members;

acceptance logic coordinating acceptance of group members with other leader nodes; and

logic verifying authentication of a mobile station seeking group membership when said mobile station is authenticated by f+1 leader nodes, wherein f is the maximum tolerable number of fault leader nodes and 3f+1 is less than or equal to the total number of leader nodes, and at least 2f+1 leaders received a request to authenticate said mobile station seeking group membership.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An application of intrusion tolerant concepts to a software infrastructure for supporting secure group applications. This application is suited for use with network layer protocols such as TBRPF and is particularly adapted for wireless networks, and more specifically mobile ad hoc networks.

Citations

7 Claims

1. A mobile communication system, comprising a plurality of leader nodes, each leader having logic contributing to management of a VPN having a plurality of group members, wherein communication between group members are encrypted using a VPN group key, each leader node comprising:
- authentication logic authenticating VPN group members;
  
  acceptance logic coordinating acceptance of group members with other leader nodes; and
  
  logic verifying authentication of a mobile station seeking group membership when said mobile station is authenticated by f+1 leader nodes, wherein f is the maximum tolerable number of fault leader nodes and 3f+1 is less than or equal to the total number of leader nodes, and at least 2f+1 leaders received a request to authenticate said mobile station seeking group membership.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1 wherein each leader node further comprises:
    - a private key to sign communications and a corresponding public key, wherein each leader node knows the public key of each other leader node; and
      
      a secret used to generate shares of group keys, for which every group member has a corresponding verification.
  - 3. The system of claim 1 wherein each pair of leader nodes and group members share a secret key.
  - 4. The system of claim 1 wherein a leader, L, in response to a request by a mobile station A to become a group member, communicates with all other leaders after authentication of A, and, after receiving n−
    - f validations from distinct leaders, then L accepts A as a group member, where n is the total number of leaders and f is the maximum number of faulty leaders tolerable.
  - 5. The system of claim 1 wherein in response to a group member leaving the group, each leader communicates to each other leader a message indicating that the group member has left the group.
  - 6. the system of claim 1 wherein each leader nodes further comprises:
    - group key sharing logic, generating and distributing shares of the group key wherein each leader knows only a share of the group key, at least f+1 shares are required for a group member to reconstruct the group key, and new shares are generated and distributed by the leaders each time the group membership changes.
  - 7. The system of claim 6 wherein the new shares of the group key are generated online and without a dealer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Systems, Inc.
Original Assignee
SRI International, Inc.
Inventors
Dutertre, Bruno
Primary Examiner(s)
Moazzami, Nasser
Assistant Examiner(s)
YALEW, FIKREMARIAM A

Application Number

US10/186,811
Publication Number

US 20030226013A1
Time in Patent Office

1,845 Days
Field of Search

713/163, 713/201, 713/151, 726/15, 380/277
US Class Current

713/163
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0457   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/104   Grouping of entities

H04W 12/033   of the user plane, e.g. use...

H04W 12/041   Key generation or derivation

H04W 12/0433   Key management protocols

H04W 12/069   using certificates or pre-s...

H04W 40/02   Communication route or path...

H04W 84/18   Self-organising networks, e...

Methods and apparatus for scalable distributed management of wireless virtual private networks

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for scalable distributed management of wireless virtual private networks

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links