Peer to peer key synchronization
First Claim
1. A system for synchronizing objects over a network, comprising:
- a processor;
a memory coupled to the processor;
a sequence counter and a local peer counter maintained in the memory, the sequence counter configured to provide a sequence number to each object that is created or modified at the system, wherein the sequence counter is incremented and a new sequence number is generated when a new object is created or an existing object is modified, wherein the local peer counter indicates a number of objects received from a peer during previous synchronizations and wherein the local peer counter is configured to be sent to the peer so that the system can be updated and synchronized with the peer;
the processor configured to receive a peer counter from the peer, the received peer counter to indicate a number of the objects received by the peer during previous synchronizations, so that after completion of each previous synchronization the peer has all objects created or modified by the system up to a point in time associated with the previous synchronizations; and
the processor further configured to compare the sequence counter to the received peer counter, determine that the system and peer are synchronized if the sequence counter and the received peer counter are the same, and send one or more particular objects having sequence numbers that are greater than the received peer counter and corresponding to the objects created or modified by the system after the previous synchronizations to synchronize the system with the peer if the sequence counter and the received peer counter are not the same.
3 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and method for synchronizing objects, e, g., encryption key objects, between pairs of appliances, particularly lifetime key management (LKM) appliances. Each LKM has a local sequence counter where increasing sequence numbers are generated and applied to objects. A peer counter is used to indicate the sequence number of an object synchronized from a peer appliance. When two appliances are synchronized, only those new objects with sequence numbers at least equal to or higher than that within the other appliance are transferred. When synchronized to each other, each appliance will have an up-to-date stored set of objects for all of the appliances in the group. Each object has a unique identification number that are compared to eliminate duplicate objects. During synchronization, if unique identification numbers match between a newly received object and a previously stored key, version numbers may be used to determine which object the receiving appliance should store.
-
Citations
19 Claims
-
1. A system for synchronizing objects over a network, comprising:
-
a processor; a memory coupled to the processor; a sequence counter and a local peer counter maintained in the memory, the sequence counter configured to provide a sequence number to each object that is created or modified at the system, wherein the sequence counter is incremented and a new sequence number is generated when a new object is created or an existing object is modified, wherein the local peer counter indicates a number of objects received from a peer during previous synchronizations and wherein the local peer counter is configured to be sent to the peer so that the system can be updated and synchronized with the peer; the processor configured to receive a peer counter from the peer, the received peer counter to indicate a number of the objects received by the peer during previous synchronizations, so that after completion of each previous synchronization the peer has all objects created or modified by the system up to a point in time associated with the previous synchronizations; and the processor further configured to compare the sequence counter to the received peer counter, determine that the system and peer are synchronized if the sequence counter and the received peer counter are the same, and send one or more particular objects having sequence numbers that are greater than the received peer counter and corresponding to the objects created or modified by the system after the previous synchronizations to synchronize the system with the peer if the sequence counter and the received peer counter are not the same. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for synchronizing encryption keys between a lifetime key management (LKM) appliance and a peer, comprising:
-
a processor operatively connected to the LKM appliance and configured to execute a synchronizing process; the LKM appliance configured to be coupled to the peer using a communications link to receive the encryption keys transmitted from the peer; the LKM appliance further configured to maintain a local sequence counter to assign sequence numbers to one or more encryption keys created or modified on the LKM appliance, wherein the local sequence counter is incremented and a new sequence number is generated when a new encryption key is added or an existing encryption key is modified; the LKM appliance further configured to maintain a peer counter to indicate a number of encryption keys received from the peer during previous synchronizations, so that after completion of each previous synchronization the LMK appliance has all encryption keys created or modified by the peer up to a point in time associated with the previous synchronization; and the LKM appliance further configured to synchronize with the peer by sending the peer counter to the peer, the LKM appliance further configured to receive only the encryption keys, from the peer, having peer sequence numbers that are greater than the peer counter sent from the LKM appliance to the peer and that correspond to encryption keys created or modified by the peer after the previous synchronizations. - View Dependent Claims (10, 18)
-
-
11. A method for synchronizing objects, comprising:
-
maintaining, by a node having a processor, a node sequence counter that provides a sequence number to each node object that is created or modified, where the node sequence counter is incremented and a new node sequence number is included when a new node object is created and when an existing node object is modified at the node; maintaining, by the node, a first peer counter indicating a number of peer objects received by the node from a peer during previous synchronizations so that after completion of each previous synchronization the node has all the peer objects created or modified by the peer up to a point in time associated with the previous synchronization; sending the first peer counter from the node to the peer; and receiving, at the node, one or more peer objects stored on the peer, wherein each of the one or more peer objects stored on the peer has a peer sequence number that is greater than the first peer counter received by the peer from the node to synchronize the node and the peer, and wherein each of the one or more peer objects corresponds to the objects created or modified by the peer after the previous synchronizations. - View Dependent Claims (12, 13, 14, 15, 16, 17, 19)
-
Specification