Method and apparatus for encrypted unicast group communication
First Claim
1. A method for managing encrypted unicast group communication among network devices according to a common security association for network traffic from a sender to each of the network devices, the method comprising the computer-implemented steps of:
- receiving a request for an encrypted communication among a plurality of network devices;
wherein the request is received at a sender, operating as a communications hub, coupled to a plurality of the network devices, and from which traffic is sent on a plurality of separate unicast paths to respective network devices among the plurality of network devices;
providing a common decryption key to each of the network devices;
providing a common security parameters index to each of the network devices for locating, in respective databases associated with each of the network devices, security association information that is associated with the common security association;
encrypting information according to the common security association;
wherein the common security association, the common decryption key and the common security parameters index are common to each of the network devices participating in the unicast group communication and wherein the common decryption key comprises a shared private key; and
unicasting the encrypted information from the sender to each of the network devices using the plurality of separate unicast paths.
1 Assignment
0 Petitions
Accused Products
Abstract
A process for managing encrypted group communication according to a single security association (SA) for network traffic from a sender includes receiving a request for an encrypted communication among a plurality of network devices. A common decryption key and a common security parameters index (SPI) are provided to each of the network devices participating in the communication. The common security parameters index facilitates locating, in respective databases associated with each of the network devices, security association information that is associated with the common security association. Information is encrypted based on the common security association, and unicasted to each of the network devices. In an embodiment, the common security parameters index provided to each network device is established by the sender. For example, the SPI is established by a conference server and sent to each device participating in a voice conference.
23 Citations
66 Claims
-
1. A method for managing encrypted unicast group communication among network devices according to a common security association for network traffic from a sender to each of the network devices, the method comprising the computer-implemented steps of:
-
receiving a request for an encrypted communication among a plurality of network devices; wherein the request is received at a sender, operating as a communications hub, coupled to a plurality of the network devices, and from which traffic is sent on a plurality of separate unicast paths to respective network devices among the plurality of network devices; providing a common decryption key to each of the network devices; providing a common security parameters index to each of the network devices for locating, in respective databases associated with each of the network devices, security association information that is associated with the common security association; encrypting information according to the common security association; wherein the common security association, the common decryption key and the common security parameters index are common to each of the network devices participating in the unicast group communication and wherein the common decryption key comprises a shared private key; and unicasting the encrypted information from the sender to each of the network devices using the plurality of separate unicast paths. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for participating in an encrypted unicast group communication among network devices according to a common security association for network traffic from a sender to the network devices, the method comprising the computer-implemented steps of:
-
receiving a decryption key that is provided to each of the network devices; wherein the network devices are coupled to a sender, operating as a communications hub, and from which the decryption key and other traffic is received on a plurality of separate unicast paths by respective ones of the network devices; receiving a security parameters index that is provided to each of the network devices, wherein the security parameters index is for locating, in a respective database associated with each of the network devices, security association information that is associated with the common security association; receiving encrypted information from the sender that is based on the common security association; locating the security association information in a database based on the security parameters index; wherein the common security association, the decryption key and the security parameters index are common to each of the network devices participating in the unicast group communication and wherein the decryption key comprises a shared private key; and decrypting the encrypted information using the decryption key and based on the security association information. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer-readable medium carrying one or more sequences of instructions for managing encrypted unicast group communication among network devices according to a common security association for network traffic from a sender to each of the network devices, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
receiving a request for an encrypted communication among a plurality of network devices; wherein the request is received at a sender, operating as a communications hub, coupled to a plurality of the network devices, and from which traffic is sent on a plurality of separate unicast paths to respective network devices among the plurality of network devices; providing a common decryption key to each of the network devices; providing a common security parameters index to each of the network devices for locating, in respective databases associated with each of the network devices, security association information that is associated with the common security association; encrypting information according to the common security association; wherein the common security association, the common decryption key and the common security parameters index are common to each of the network devices participating in the unicast group communication and wherein the common decryption key comprises a shared private key; and unicasting the encrypted information from the sender to each of the network devices using the plurality of separate unicast paths. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A computer-readable medium carrying one or more sequences of instructions for participating in an encrypted unicast group communication among network devices according to a common security association for network traffic from a sender to the network devices, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
receiving a decryption key that is provided to each of the network devices; wherein the network devices are coupled to a sender, operating as a communications hub, and from which the decryption key and other traffic is received on a plurality of separate unicast paths by respective ones of the network devices; receiving a security parameters index that is provided to each of the network devices, wherein the security parameters index is for locating, in a respective database associated with each of the network devices, security association information that is associated with the common security association; receiving encrypted information from the sender that is based on the common security association; locating the security association information in a database based on the security parameters index; wherein the common security association, the decryption key and the security parameters index are common to each of the network devices participating in the unicast group communication and wherein the decryption key comprises a shared private key; and decrypting the encrypted information using the decryption key and based on the security association information. - View Dependent Claims (38, 39, 40)
-
-
41. An apparatus for managing encrypted unicast group communication among network devices according to a common security association for network traffic from a sender to each of the network devices, the apparatus comprising:
-
means for receiving a request for an encrypted communication among a plurality of network devices; wherein the request is received at a sender, operating as a communications hub, coupled to a plurality of the network devices, and from which traffic is sent on a plurality of separate unicast paths to respective network devices among the plurality of network devices; means for providing a common decryption key to each of the network devices; means for providing a common security parameters index to each of the network devices for locating, in respective databases associated with each of the network devices, security association information that is associated with the common security association; means for encrypting information according to the common security association; wherein the common security association, the common decryption key and the common security parameters index are common to each of the network devices participating in the unicast group communication and wherein the common decryption key comprises a shared private key; and means for unicasting the encrypted information from the sender to each of the network devices using the plurality of separate unicast paths. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50)
-
-
51. An apparatus for participating in an encrypted unicast group communication among network devices according to a common security association for network traffic from a sender to the network devices, the apparatus comprising:
-
means for receiving a decryption key that is provided to each of the network devices; wherein the network devices are coupled to a sender, operating as a communications hub, and from which the decryption key and other traffic is received on a plurality of separate unicast paths by respective ones of the network devices; means for receiving a security parameters index that is provided to each of the network devices, wherein the security parameters index is for locating, in a respective database associated with each of the network devices, security association information that is associated with the common security association; means for receiving encrypted information from the sender that is based on the common security association; means for locating the security association information in a database based on the security parameters index; wherein the common security association, the decryption key and the security parameters index are common to each of the network devices participating in the unicast group communication and wherein the decryption key comprises a shared private key; and means for decrypting the encrypted information using the decryption key and based on the security association information. - View Dependent Claims (52, 53)
-
-
54. A device that can manage encrypted unicast group communication among network devices according to a common security association for network traffic from a sender to each of the network devices, the device comprising:
-
a network interface; a processor coupled to the network interface and receiving network messages from the network through the network interface; a computer-readable medium comprising one or more stored sequences which, when executed by the processor, cause the processor to carry out the steps of; receiving a request for an encrypted communication among a plurality of network devices; wherein the request is received at the device, operating as a communications hub, coupled to a plurality of the network devices, and from which traffic is sent on a plurality of separate unicast paths to respective network devices among the plurality of network devices; providing a common decryption key to each of the network devices; providing a common security parameters index to each of the network devices for locating, in respective databases associated with each of the network devices, security association information that is associated with the common security association; encrypting information according to the common security association; wherein the common security association, the common decryption key and the common security parameters index are common to each of the network devices participating in the unicast group communication and wherein the common decryption key comprises a shared private key; and unicasting the encrypted information from the device to each of the network devices using the plurality of separate unicast paths. - View Dependent Claims (55, 56, 57, 58, 59, 60, 61, 62, 63)
-
-
64. A device that can participate in an encrypted unicast group communication among network devices according to a common security association for network traffic from a sender to the network devices, the device comprising:
-
a network interface; a processor coupled to the network interface and receiving network messages from the network through the network interface; a computer-readable medium comprising one or more stored sequences which, when executed by the processor, cause the processor to carry out the steps of; receiving a decryption key that is provided to each of the network devices; wherein the network devices are coupled to a sender, operating as a communications hub, and from which the decryption key and other traffic is received on a plurality of separate unicast paths by respective ones of the network devices; receiving a security parameters index that is provided to each of the network devices, wherein the security parameters index is for locating, in a respective database associated with each of the network devices, security association information that is associated with the common security association; receiving encrypted information from the sender that is based on the common security association; wherein the common security association, the decryption key and the security parameters index are common to each of the network devices participating in the unicast group communication and wherein the decryption key comprises a shared private key; locating the security association information in a database based on the security parameters index; and decrypting the encrypted information using the decryption key and based on the security association information. - View Dependent Claims (65, 66)
-
Specification