Password-authenticated groups
First Claim
1. A method for authorizing the granting of authority to a computing node to participate in a group of computing nodes utilizing a shared group password, the method comprising:
- transmitting an invitation to join the group to a tentative group member node, the invitation comprising data that may be utilized by the tentative group member node to locate and establish a connection to a member node of the group who is authorized to grant group membership authority to others;
transmitting a group password to the tentative group member node;
establishing a connection with the tentative group member node;
receiving a hash of the group password from the tentative group member node, the hash of the group password comprising a hash of a hash of the group password and session data unique to the connection with the tentative group member node;
comparing the hash of the group password received from the tentative group member node to a previously stored hash of the group password; and
in response to determining that the hash received from the tentative group member node matches the previously stored hash, granting authority to the tentative group member node to be a member of the group, wherein a group membership credential is utilized to validate the members of the group, and wherein granting group membership authority to the tentative group member node comprisesreceiving an identity certificate from the tentative group member node,utilizing the identity certificate to generate a group membership credential for the tentative group member node, andtransmitting the group membership credential to the tentative group member node prior to receiving the hash of the group password from the tentative group member node, whereby the tentative group member node can utilize the group membership credential for the member node to confirm that the member node is a member of the group.
2 Assignments
0 Petitions
Accused Products
Abstract
A system, apparatus, method, and computer-readable medium are provided for authorizing a computing node to participate in a group of computing nodes utilizing a shared group password. According to one method described herein, an invitation to join a group is transmitted to a tentative group member node. The invitation is used to establish a connection with a group member node of the group. The tentative group member node generates a hash of a group password and transmits the hash to the group member node. When the group member node receives the hash, the group member node compares the received value to a previously stored hash of the group password. If the previously stored value is identical to the value received from the tentative group member node, then the tentative group member node is authorized as a new member of the group. Otherwise the tentative group member node is not permitted to become a member of the group.
-
Citations
9 Claims
-
1. A method for authorizing the granting of authority to a computing node to participate in a group of computing nodes utilizing a shared group password, the method comprising:
-
transmitting an invitation to join the group to a tentative group member node, the invitation comprising data that may be utilized by the tentative group member node to locate and establish a connection to a member node of the group who is authorized to grant group membership authority to others; transmitting a group password to the tentative group member node; establishing a connection with the tentative group member node; receiving a hash of the group password from the tentative group member node, the hash of the group password comprising a hash of a hash of the group password and session data unique to the connection with the tentative group member node; comparing the hash of the group password received from the tentative group member node to a previously stored hash of the group password; and in response to determining that the hash received from the tentative group member node matches the previously stored hash, granting authority to the tentative group member node to be a member of the group, wherein a group membership credential is utilized to validate the members of the group, and wherein granting group membership authority to the tentative group member node comprises receiving an identity certificate from the tentative group member node, utilizing the identity certificate to generate a group membership credential for the tentative group member node, and transmitting the group membership credential to the tentative group member node prior to receiving the hash of the group password from the tentative group member node, whereby the tentative group member node can utilize the group membership credential for the member node to confirm that the member node is a member of the group. - View Dependent Claims (2, 3)
-
-
4. A method for authorizing the granting of authority to a computing node to participate in a group of computing nodes utilizing a shared group password, the method comprising:
-
receiving an invitation to join the group, the invitation comprising data that may be utilized by a tentative group member node to locate and establish a connection to a member node of the group authorized to grant group membership authority; utilizing the data contained in the invitation to establish a connection with the member node; generating a hash of the group password; receiving a group membership credential and one or more group properties from the member node, the group properties including the hash of the password; determining based on the group membership credential whether the member node is a member of the group; in response to determining that the member node is a member of the group, transmitting the hash to the member node over the connection, whereby the member node can utilize the hash of the password to verify that the tentative group member node is authorized to become a new member of the group; transmitting an identity certificate to the member node for use in creating the group membership credential for the tentative group member node; and receiving authorization from the member node to become a new member in the group, wherein receiving authorization from the member node to become a new member of the group comprises receiving a group membership credential from the member node. - View Dependent Claims (5, 6)
-
-
7. A computer readable storage medium having computer-executable instructions stored thereon, wherein the medium is not a signal, which when the instructions are executed by a computer, will cause the computer to:
-
receive an invitation to join a group, the invitation comprising data that may be utilized by a tentative group member node to locate and establish a connection to a member node of the group authorized to grant group membership authority; utilize the data contained in the invitation to establish a connection with the member node; generate a hash of the group password; receive a group membership credential and one or more group properties from the member node, the group properties including the hash of the password; determine based on the group membership credential whether the member node is a member of the group; in response to determining that the member node is a member of the group, to transmit the hash to the member node over the connection, whereby the member node can utilize the hash of the password to verify that the tentative group member node is authorized to become a new member of the group; transmit an identity certificate to the member node for use in creating the group membership credential for the tentative group member node; and
toreceive authorization from the member node to become a new member in the group, wherein receiving authorization from the member node to become a new member of the group comprises receiving a group membership credential from the member node. - View Dependent Claims (8, 9)
-
Specification