Dynamic group creation for managed key servers

US 8,750,507 B2
Filed: 01/25/2010
Issued: 06/10/2014
Est. Priority Date: 01/25/2010
Status: Active Grant

First Claim

Patent Images

1. A method performed at a key server comprising:

receiving a request for creation of a dynamic group that enables group members to participate in a secure group communication session, wherein the request includes timing information indicating when the dynamic group is to exist;

creating the dynamic group, including;

generating a lifetime attribute of the dynamic group based on the received timing information, wherein the lifetime attribute indicates the time period of when the dynamic group is to exist, andgenerating a unique group identifier (ID) associated with the dynamic group for distribution to the group members;

supplying keys for the secure group communication session in response to one or more requests containing the unique group ID identifying the dynamic group for use by the group members to encrypt and decrypt traffic that is sent during the secure group communication session; and

deleting the dynamic group in response to determining from the lifetime attribute that the secure group communication session has expired.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique for dynamically creating and deleting groups to support secure group communication sessions is provided herein. A request for creation of a dynamic group that enables group members to participate in a secure group communication session is received by a network authentication device such as a key server. Creation of the dynamic group includes generating a lifetime attribute indicating when the dynamic group is to exist based on timing information provided in the request, along with security policies required for generating the keys, and generating a unique group ID associated with the dynamic group for distribution to the group members. The keys for the secure group communication session are supplied, along with security policies, in response to a request containing the unique group ID identifying the dynamic group. The dynamic group is deleted in response to determining from the lifetime attribute that the secure group communication session has expired.

Citations

20 Claims

1. A method performed at a key server comprising:
- receiving a request for creation of a dynamic group that enables group members to participate in a secure group communication session, wherein the request includes timing information indicating when the dynamic group is to exist;
  
  creating the dynamic group, including;
  
  generating a lifetime attribute of the dynamic group based on the received timing information, wherein the lifetime attribute indicates the time period of when the dynamic group is to exist, andgenerating a unique group identifier (ID) associated with the dynamic group for distribution to the group members;
  
  supplying keys for the secure group communication session in response to one or more requests containing the unique group ID identifying the dynamic group for use by the group members to encrypt and decrypt traffic that is sent during the secure group communication session; and
  
  deleting the dynamic group in response to determining from the lifetime attribute that the secure group communication session has expired.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein supplying the keys includes supplying the keys to at least one group member configured to run an on-demand application to implement the secure group communication session.
  - 3. The method of claim 1, wherein supplying the keys includes supplying the keys to a pseudo group member configured to run an on-demand application to implement the secure group communication session among the group members.
  - 4. The method of claim 1, further comprising:
    - receiving an extension request to extend a period of the secure group communication session; and
      
      adjusting the lifetime attribute of the dynamic group in accordance with the extension request to modify an expiration time of the secure group communication session.
  - 5. The method of claim 1, further comprising:
    - generating a delete notification for distribution to the group members in response to deleting the dynamic group.
  - 6. The method of claim 1, wherein a group keying protocol is used to supply the keys.
  - 7. The method of claim 1, wherein the lifetime attribute of the dynamic group specifies a start time and either a duration or an expiration time associated with the secure group communication session.
  - 8. The method of claim 1, further comprising:
    - rekeying the dynamic group by generating new keys for distribution to the group members during the secure group communication session.

9. An apparatus comprising:
- a network interface unit configured to communicate messages over a network;
  
  a processor configured to be coupled to the network interface unit, wherein the processor is configured to;
  
  receive a request for creation of a dynamic group that enables group members to participate in a secure group communication session, wherein the request includes timing information indicating when the dynamic group is to exist;
  
  create the dynamic group, including;
  
  generate a lifetime attribute of the dynamic group indicating the time period of when the dynamic group is to exist, andgenerate a unique group identifier (ID) associated with the dynamic group for distribution to the group members;
  
  supply keys for the secure group communication session in response to one or more requests containing the unique group ID identifying the dynamic group for use by the group members to encrypt and decrypt traffic that is sent during the secure group communication session; and
  
  delete the dynamic group in response to determining from the lifetime attribute that the secure group communication session has expired.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The apparatus of claim 9, wherein the processor is configured to supply the keys to at least one group member configured to run an on-demand application to implement the secure group communication session.
  - 11. The apparatus of claim 9, wherein the processor is configured to supply the keys to a pseudo group member configured to run an on-demand application to implement the secure group communication session among the group members.
  - 12. The apparatus of claim 9, wherein the processor is further configured to:
    - receive an extension request to extend a period of the secure group communication session; and
      
      adjust the lifetime attribute of the dynamic group in accordance with the extension request to modify an expiration time of the secure group communication session.
  - 13. The apparatus of claim 9, wherein the processor is further configured to:
    - generate a delete notification for distribution to the group members in response to deleting the dynamic group.
  - 14. The apparatus of claim 9, wherein the processor is configured to supply the keys using a group keying protocol.

15. A non-transitory processor readable medium storing instructions that, when executed by a processor at a key server, cause the processor to:
- receive a request for creation of a dynamic group that enables group members to participate in a secure group communication session, wherein the request includes timing information indicating when the dynamic group is to exist;
  
  create the dynamic group, including;
  
  generate a lifetime attribute of the dynamic group indicating the time period of when the dynamic group is to exist, andgenerate a unique group identifier (ID) associated with the dynamic group for distribution to the group members;
  
  supply keys for the secure group communication session in response to one or more requests containing the unique group ID identifying the dynamic group for use by the group members to encrypt and decrypt traffic that is sent during the secure group communication session; and
  
  delete the dynamic group in response to determining from the lifetime attribute that the secure group communication session has expired.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory processor readable medium of claim 15, wherein the instructions that cause the processor to supply the keys comprise instructions that cause the processor to supply the keys to at least one group member configured to run an on-demand application to implement the secure group communication session.
  - 17. The non-transitory processor readable medium of claim 15, wherein the instructions that cause the processor to supply the keys comprise instructions that cause the processor to supply the keys to a pseudo group member configured to run an on-demand application to implement the secure group communication session among the group members.
  - 18. The non-transitory processor readable medium of claim 15, further storing instructions that, when executed by the processor, further cause the processor to:
    - receive an extension request to extend a period of the secure group communication session; and
      
      adjust the lifetime attribute of the dynamic group in accordance with the extension request to modify an expiration time of the secure group communication session.
  - 19. The non-transitory processor readable medium of claim 15, further storing instructions that, when executed by the processor, further cause the processor to:
    - generate a delete notification for distribution to the group members in response to deleting the dynamic group.
  - 20. The non-transitory processor readable medium of claim 15, wherein the instructions that cause the processor to supply the keys comprise instructions that cause the processor to supply the keys using a group keying protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Roosta, Tanya, Kamarthy, Kavitha, Ranjit, Dinesh
Primary Examiner(s)
Kyle, Tamara T

Application Number

US12/692,812
Publication Number

US 20110182426A1
Time in Patent Office

1,597 Days
Field of Search

380/279, 380/255
US Class Current

380/255
CPC Class Codes

H04L 63/065   for group communications cr...

H04L 63/104   Grouping of entities

H04L 9/0833   involving conference or gro...

Dynamic group creation for managed key servers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic group creation for managed key servers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links