Dynamic group creation for managed key servers
First Claim
1. A method performed at a key server comprising:
- receiving a request for creation of a dynamic group that enables group members to participate in a secure group communication session, wherein the request includes timing information indicating when the dynamic group is to exist;
creating the dynamic group, including;
generating a lifetime attribute of the dynamic group based on the received timing information, wherein the lifetime attribute indicates the time period of when the dynamic group is to exist, andgenerating a unique group identifier (ID) associated with the dynamic group for distribution to the group members;
supplying keys for the secure group communication session in response to one or more requests containing the unique group ID identifying the dynamic group for use by the group members to encrypt and decrypt traffic that is sent during the secure group communication session; and
deleting the dynamic group in response to determining from the lifetime attribute that the secure group communication session has expired.
1 Assignment
0 Petitions
Accused Products
Abstract
A technique for dynamically creating and deleting groups to support secure group communication sessions is provided herein. A request for creation of a dynamic group that enables group members to participate in a secure group communication session is received by a network authentication device such as a key server. Creation of the dynamic group includes generating a lifetime attribute indicating when the dynamic group is to exist based on timing information provided in the request, along with security policies required for generating the keys, and generating a unique group ID associated with the dynamic group for distribution to the group members. The keys for the secure group communication session are supplied, along with security policies, in response to a request containing the unique group ID identifying the dynamic group. The dynamic group is deleted in response to determining from the lifetime attribute that the secure group communication session has expired.
-
Citations
20 Claims
-
1. A method performed at a key server comprising:
-
receiving a request for creation of a dynamic group that enables group members to participate in a secure group communication session, wherein the request includes timing information indicating when the dynamic group is to exist; creating the dynamic group, including; generating a lifetime attribute of the dynamic group based on the received timing information, wherein the lifetime attribute indicates the time period of when the dynamic group is to exist, and generating a unique group identifier (ID) associated with the dynamic group for distribution to the group members; supplying keys for the secure group communication session in response to one or more requests containing the unique group ID identifying the dynamic group for use by the group members to encrypt and decrypt traffic that is sent during the secure group communication session; and deleting the dynamic group in response to determining from the lifetime attribute that the secure group communication session has expired. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
a network interface unit configured to communicate messages over a network; a processor configured to be coupled to the network interface unit, wherein the processor is configured to; receive a request for creation of a dynamic group that enables group members to participate in a secure group communication session, wherein the request includes timing information indicating when the dynamic group is to exist; create the dynamic group, including; generate a lifetime attribute of the dynamic group indicating the time period of when the dynamic group is to exist, and generate a unique group identifier (ID) associated with the dynamic group for distribution to the group members; supply keys for the secure group communication session in response to one or more requests containing the unique group ID identifying the dynamic group for use by the group members to encrypt and decrypt traffic that is sent during the secure group communication session; and delete the dynamic group in response to determining from the lifetime attribute that the secure group communication session has expired. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A non-transitory processor readable medium storing instructions that, when executed by a processor at a key server, cause the processor to:
-
receive a request for creation of a dynamic group that enables group members to participate in a secure group communication session, wherein the request includes timing information indicating when the dynamic group is to exist; create the dynamic group, including; generate a lifetime attribute of the dynamic group indicating the time period of when the dynamic group is to exist, and generate a unique group identifier (ID) associated with the dynamic group for distribution to the group members; supply keys for the secure group communication session in response to one or more requests containing the unique group ID identifying the dynamic group for use by the group members to encrypt and decrypt traffic that is sent during the secure group communication session; and delete the dynamic group in response to determining from the lifetime attribute that the secure group communication session has expired. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification