Facilitating group access control to data objects in peer-to-peer overlay networks
First Claim
1. A group administrator peer node, comprising:
- a communications interface adapted to facilitate communication on a peer-to-peer overlay network;
a storage medium including a private key and public key pair associated with the group administrator peer node; and
a processing circuit coupled to the communications interface and the storage medium, the processing circuit adapted to;
create a peer group, the group defining one or more peer nodes as members of the group;
assign a peer-specific certificate to a group member peer node that is a member of the group, the peer-specific certificate adapted to authenticate membership in the group to other peer nodes in the peer-to-peer overlay network and including a group identity, an identity of the group member peer node, a public key associated with the group member peer node, an identity of an issuing apparatus and a signature by a private key of the issuing apparatus over one or more components of the peer-specific certificate; and
obtain a group token adapted to authenticate to other peer nodes in the peer-to-peer overlay network that the group administrator peer node is authorized to issue the peer-specific group certificate to the group member peer node.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatuses are provided for facilitating group access controls in peer-to-peer or other similar overlay networks. A group administrator may create a group in the overlay network and may assign peer-specific certificates to each member of the group for indicating membership in the group. A group member peer node can access data objects in the overlay network using its respective peer-specific certificate to authenticate itself as a group member. The authentication is performed by another peer node in the network. The validating peer node can authenticate that the group member is the rightful possessor of the peer-specific certificate using a public key associated with the peer node to which the peer-specific certificate was issued. The validating peer node can also validate that the peer-specific certificate was properly issued to the group member using a public key of the apparatus that issued the peer-specific certificate.
-
Citations
39 Claims
-
1. A group administrator peer node, comprising:
-
a communications interface adapted to facilitate communication on a peer-to-peer overlay network; a storage medium including a private key and public key pair associated with the group administrator peer node; and a processing circuit coupled to the communications interface and the storage medium, the processing circuit adapted to; create a peer group, the group defining one or more peer nodes as members of the group; assign a peer-specific certificate to a group member peer node that is a member of the group, the peer-specific certificate adapted to authenticate membership in the group to other peer nodes in the peer-to-peer overlay network and including a group identity, an identity of the group member peer node, a public key associated with the group member peer node, an identity of an issuing apparatus and a signature by a private key of the issuing apparatus over one or more components of the peer-specific certificate; and obtain a group token adapted to authenticate to other peer nodes in the peer-to-peer overlay network that the group administrator peer node is authorized to issue the peer-specific group certificate to the group member peer node. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method operational in a group administrator peer node, comprising:
-
obtaining a public and private key pair associated with the group administrator peer node; creating a peer group in a peer-to-peer overlay network, the group defining one or more peer nodes that are members of the group; assigning a peer-specific certificate to a group member peer node that is a member of the group, the peer-specific certificate adapted to authenticate membership in the group to other peer nodes in the peer-to-peer overlay network and including a group identity, an identity of the group member peer node, a public key associated with the group member peer node, an identity of an issuing apparatus and a signature by a private key of the issuing apparatus over one or more components of the peer-specific certificate; and obtaining a group token adapted to authenticate to other peer nodes in the peer-to-peer overlay network that the group administrator peer node is authorized to issue the peer-specific group certificate to the group member peer node. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A group administrator peer node, comprising:
-
means for obtaining a public and private key pair associated with the group administrator peer node; means for creating a peer group in a peer-to-peer overlay network, the group defining one or more peer nodes that are members of the group; means for assigning a peer-specific certificate to a group member peer node that is a member of the group, the peer-specific certificate adapted to authenticate membership in the group to other peer nodes in the peer-to-peer overlay network and including a group identity, an identity of the group member peer node, a public key associated with the group member peer node, an identity of an issuing apparatus and a signature by a private key of the issuing apparatus over one or more components of the peer-specific certificate; and means for obtaining a group token adapted to authenticate to other peer nodes in the peer-to-peer overlay network that the group administrator peer node is authorized to issue the peer-specific group certificate to the group member peer node. - View Dependent Claims (15)
-
-
16. A processor-readable non-transitory medium comprising instructions operational on a group administrator peer node, which when executed by a processor causes the processor to:
-
obtain a public and private key pair associated with the group administrator peer node; create a peer group in a peer-to-peer overlay network, the group defining one or more peer nodes that are members of the group; assign a peer-specific certificate to a group member peer node that is a member of the group, the peer-specific certificate adapted to authenticate membership in the group to other peer nodes in the peer-to-peer overlay network and including a group identity, an identity of the group member peer node, a public key associated with the group member peer node, an identity of an issuing apparatus and a signature by a private key of the issuing apparatus over one or more components of the peer-specific certificate; obtain a group token adapted to authenticate to other peer nodes in the peer-to-peer overlay network that the group administrator peer node is authorized to issue the peer-specific group certificate to the group member peer node. - View Dependent Claims (17)
-
-
18. A group member peer node, comprising:
-
a communications interface adapted to facilitate communication on a peer-to-peer overlay network; a storage medium including a private key and a public key pair associated with the group member peer node; and a processing circuit coupled to the communications interface and the storage medium, the processing circuit adapted to; receive via the communications interface a peer-specific group certificate issued to the group member peer node from a group administrator peer node, the peer-specific group certificate including a group identity, an identity of the group member peer node, an identity of the group administrator peer node and a signature by a private key of the group administrator peer node over one or more components of the peer-specific group certificate, the peer-specific group certificate including information identifying a group token adapted to authenticate that the group administrator peer node was authorized to issue the peer-specific group certificate; send via the communications interface the peer-specific group certificate to a validating peer node to authenticate the group member peer node as a group member, wherein the peer-specific group certificate is adapted to be authenticated by the validating peer node; and send via the communications interface authentication data to the validating peer node, the authentication data being signed using the private key associated with the group member peer node. - View Dependent Claims (19, 20, 21)
-
-
22. A method operational in a group member peer node, comprising:
-
obtaining a public and private key pair associated with the group member peer node; receiving a peer-specific group certificate issued to the group member peer node from a group administrator peer node, the peer-specific group certificate including a group identity, an identity of the group member peer node, an identity of the group administrator peer node and a signature by a private key of the group administrator peer node over one or more components of the peer-specific group certificate, the peer-specific group certificate including information identifying a group token adapted to authenticate that the group administrator peer node was authorized to issue the peer-specific group certificate; sending the peer-specific group certificate to a validating peer node to authenticate the group member peer node as a group member, wherein the peer-specific group certificate is adapted to be authenticated by the validating peer node; and sending authentication data to the validating peer node, the authentication data being signed using the private key associated with the group member peer node. - View Dependent Claims (23, 24, 25)
-
-
26. A group member peer node, comprising:
-
means for obtaining a public and private key pair associated with the group member peer node; means for receiving a peer-specific group certificate issued to the group member peer node from a group administrator peer node, the peer-specific group certificate including a group identity, an identity of the group member peer node, an identity of the group administrator peer node and a signature by a private key of the group administrator peer node over one or more components of the peer-specific group certificate, the peer-specific group certificate including information identifying a group token adapted to authenticate that the group administrator peer node was authorized to issue the peer-specific group certificate; means for sending the peer-specific group certificate to a validating peer node to authenticate the group member peer node as a group member, wherein the peer-specific group certificate is adapted to be authenticated by the validating peer node; and means for sending authentication data to the validating peer node, the authentication data being signed using the private key of the group member peer node.
-
-
27. A processor-readable non-transitory medium comprising instructions operational on a group member peer node, which when executed by a processor causes the processor to:
-
obtain a public and private key pair associated with the group member peer node; receive a peer-specific group certificate issued to the group member peer node from a group administrator peer node, the peer-specific group certificate including a group identity, an identity of the group member peer node, an identity of the group administrator peer node and a signature by a private key of the group administrator peer node over one or more components of the peer-specific group certificate, the peer-specific group certificate including information identifying a group token adapted to authenticate that the group administrator peer node was authorized to issue the peer-specific group certificate; send the peer-specific group certificate to a validating peer node to authenticate the group member peer node as a group member, wherein the peer-specific group certificate is adapted to be authenticated by the validating peer node; and send authentication data to the validating peer node, the authentication data being signed using the private key of the group member peer node.
-
-
28. A validating peer node, comprising:
-
a communications interface adapted to facilitate communication on a peer-to-peer overlay network; a processing circuit coupled to the communications interface, the processing circuit adapted to; receive via the communications interface a peer-specific group certificate from a group member peer node seeking authentication as a member of a group, the peer-specific group certificate including a group identity, an identity of the group member peer node, an identity of a group administrator peer node and a signature by a private key of the group administrator peer node over one or more components of the peer-specific group certificate; obtain a group token from the peer-to-peer overlay network, the group token including a signature by the private key of the group administrator peer node, wherein the group token is stored in the peer-to-peer overlay network as a data object identified by the group identity; verify the signature of the group token using a public key associated with the group administrator peer node to validate that the group administrator peer node was authorized to issue the peer-specific group certificate; and verify the peer-specific group certificate using the public key associated with the group administrator peer node. - View Dependent Claims (29, 30, 31)
-
-
32. A method operational in a validating peer node, comprising:
-
receiving a peer-specific group certificate from a group member peer node seeking authentication as a member of a group, the peer-specific group certificate including a group identity, an identity of the group member peer node, an identity of a group administrator peer node and a signature by a private key of the group administrator peer node over one or more components of the peer-specific group certificate; obtaining a group token from the peer-to-peer overlay network, the group token including a signature by the private key of the group administrator peer node, wherein the group token is stored in the peer-to-peer overlay network as a data object identified by the group identity; verifying the signature of the group token using a public key associated with the group administrator peer node to validate that the group administrator peer node was authorized to issue the peer-specific group certificate; and verifying the peer-specific group certificate using the public key associated with the group administrator peer node. - View Dependent Claims (33, 34, 35)
-
-
36. A validating peer node, comprising:
-
means for receiving a peer-specific group certificate from a group member peer node seeking authentication as a member of a group, the peer-specific group certificate including a group identity, an identity of the group member peer node, an identity of a group administrator peer node and a signature by a private key of the group administrator peer node over one or more components of the peer-specific group certificate; means for obtaining a group token from the peer-to-peer overlay network, the group token including a signature by the private key of the group administrator peer node, wherein the group token is stored in the peer-to-peer overlay network as a data object identified by the group identity; means for verifying the signature of the group token using a public key associated with the group administrator peer node to validate that the group administrator peer node was authorized to issue the peer-specific group certificate; and means for verifying the peer-specific group certificate using the public key associated with the group administrator peer node. - View Dependent Claims (37)
-
-
38. A processor-readable non-transitory medium comprising instructions operational on a validating peer node, which when executed by a processor causes the processor to:
-
receive a peer-specific group certificate from a group member peer node seeking authentication as a member of a group, the peer-specific group certificate including a group identity, an identity of the group member peer node, an identity of a group administrator peer node and a signature by a private key of the group administrator peer node over one or more components of the peer-specific group certificate; obtain a group token from the peer-to-peer overlay network, the group token including a signature by the private key of the group administrator peer node, wherein the group token is stored in the peer-to-peer overlay network as a data object identified by the group identity; verify the signature of the group token using a public key associated with the group administrator peer node to validate that the group administrator peer node was authorized to issue the peer-specific group certificate; and verify the peer-specific group certificate using the public key associated with the group administrator peer node. - View Dependent Claims (39)
-
Specification