Secure protocol for peer-to-peer network

US 8,948,382 B2
Filed: 12/16/2010
Issued: 02/03/2015
Est. Priority Date: 12/16/2010
Status: Active Grant

First Claim

Patent Images

1. A method of managing wireless communications, the method comprising:

operating a wireless computing device as a controlling member of a peer-to-peer group, including;

performing a key generation process with a first wireless device, including;

providing a first master key to the first wireless device;

performing a key generation process with a second wireless device, including;

providing a second master key to the second wireless device, the second master key being different than the first master key;

forming a peer-to-peer group including the first wireless device and the second wireless device as clients, the forming comprising;

authenticating the first wireless device based on the first master key;

generating a first transient key based on the first master key;

authenticating the second wireless device based on the second master key; and

generating a second transient key based on the second master key; and

exchanging data with the first wireless device and the second wireless device as part of the peer-to-peer group, the exchanging comprising;

encrypting data for transmission to the first wireless device with the first transient key; and

encrypting data for transmission to the second wireless device with the second transient key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A wireless computing device operating as a controller of a peer-to-peer group configured to generate unique master keys for each device joining the group. The wireless computing device may use the unique master keys to selectively remove remote devices from the group such that the remote device cannot later rejoin the group. Other remote devices, each possessing a master key that remains valid, can disconnect from the group and later reconnect to the group without express user action. To support such behavior, the wireless device may provide a user interface through which a user may manage connected remote devices by providing commands to selectively disconnect or remove remote devices from the group.

Citations

20 Claims

1. A method of managing wireless communications, the method comprising:
- operating a wireless computing device as a controlling member of a peer-to-peer group, including;
  
  performing a key generation process with a first wireless device, including;
  
  providing a first master key to the first wireless device;
  
  performing a key generation process with a second wireless device, including;
  
  providing a second master key to the second wireless device, the second master key being different than the first master key;
  
  forming a peer-to-peer group including the first wireless device and the second wireless device as clients, the forming comprising;
  
  authenticating the first wireless device based on the first master key;
  
  generating a first transient key based on the first master key;
  
  authenticating the second wireless device based on the second master key; and
  
  generating a second transient key based on the second master key; and
  
  exchanging data with the first wireless device and the second wireless device as part of the peer-to-peer group, the exchanging comprising;
  
  encrypting data for transmission to the first wireless device with the first transient key; and
  
  encrypting data for transmission to the second wireless device with the second transient key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein operating the wireless computing device as the controller of the peer-to-peer group further includes:
    - removing the first wireless device from the peer-to-peer group, including;
      
      invalidating the first master key; and
      
      invalidating the first transient key.
  - 3. The method of claim 2, wherein operating the wireless computing device as the controlling member of the peer-to-peer group further includes:
    - after invalidating the first master key and invalidating the first transient key, exchanging data with the second wireless device as part of the peer-to-peer group.
  - 4. The method of claim 2, wherein operating the wireless computing device as the controlling member of the peer-to-peer group further includes:
    - performing a group owner negotiation with at least the first wireless device, whereby the wireless computing device is selected as a group owner.
  - 5. The method of claim 2, wherein:
    - operating the wireless computing device as the controlling member of the peer-to-peer group further includes;
      
      storing the first master key and the second master key in a key store; and
      
      invalidating the first master key comprises;
      
      deleting the first master key from the key store.
  - 6. The method of claim 2, wherein:
    - operating the wireless computing device as the controlling member of the peer-to-peer group further includes;
      
      receiving a user request to remove the first wireless device from the peer-to-peer group; and
      
      invalidating the first master key is performed in response to the user request.
  - 7. The method of claim 1, wherein operating the wireless computing device as the controlling member of the peer-to-peer group further includes:
    - at a first time, disconnecting the second wireless device from the peer-to-peer group; and
      
      at a second time, reconnecting the second wireless device to the group, the reconnecting comprising;
      
      authenticating the second wireless device based on the second master key; and
      
      generating a further transient key based on the second master key.

8. A computing device comprising:
- a radio;
  
  at least one processor; and
  
  computer storage medium storing computer-executable components for execution on the at least on processor, the computer-executable components comprising;
  
  a peer-to-peer control component configured to operate the computing device as a group owner of a peer-to-peer group of multiple remote devices, and to control the peer-to-peer group in accordance with a peer-to-peer protocol;
  
  a key generator, the key generator configured to provide a master key to each of the multiple remote devices, wherein the master key for each of the multiple remote devices is different than the master key for every other remote device of the multiple remote devices; and
  
  an authentication component, the authentication component configured to;
  
  determine whether a remote device attempting to join the peer-to-peer group has a valid master key; and
  
  in response to a determination that the remote device attempting to join the peer-to-peer group has the valid master key, generate a transient key for the remote device based on the valid master key.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The computing device of claim 8, wherein:
    - the computing device further comprises a data store for storing master keys generated by the key generator; and
      
      the authentication component is further configured to determine whether the remote device attempting to join the peer-to-peer group has the valid master key by processing a message received from the remote device with a key in the data store.
  - 10. The computing device of claim 9, wherein:
    - the computer executable components further comprise;
      
      a component to remove a master key associated with the remote device from the data store in response to a user request to remove the remote device from the peer-to-peer group.
  - 11. The computing device of claim 10, wherein:
    - the authentication component is further configured to determine whether the remote device attempting to join the peer-to-peer group has the valid master key by performing a handshake in accordance with a WPA2 protocol.
  - 12. The computing device of claim 9, wherein:
    - the radio operates in a frequency band above 2 GHz and below 6 GHz.

13. At least one computer readable storage medium comprising a memory, or a disk, that stores computer executable instructions that, when executed by a processor of a controller device, perform a method comprising:
- performing a key generation process with each of a plurality of remote devices, the key generation process comprising, for each remote device of the plurality of remote devices;
  
  providing a master key to that remote device; and
  
  storing the master key for that remote device in a key store;
  
  forming, as a controlling member, a peer-to-peer group of the controller device and at least a subset of the plurality of remote devices, the forming comprising, for each remote device in the subset;
  
  authenticating that remote device based on the master key stored in the key store for that remote device; and
  
  generating a transient key for that remote device based on the master key stored in the key store for that remote device; and
  
  exchanging data with the remote devices in the peer-to-peer group, the exchanging comprising, for one or more remote devices in the group;
  
  encrypting data to be sent to that remote device with the transient key generated for that remote device.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The at least one computer readable storage medium of claim 13, wherein the method further comprises:
    - removing a particular remote device from the peer-to-peer group, the removing comprising;
      
      invalidating the master key for the particular remote device.
  - 15. The at least one computer readable storage medium of claim 14, wherein the removing is performed in response to user input.
  - 16. The at least one computer readable storage medium of claim 15, wherein the method further comprises:
    - disconnecting another remote device from the peer-to-peer group, the disconnecting comprising;
      
      invalidating the transient key generated for the other remote device.
  - 17. The at least one computer readable storage medium of claim 16, wherein:
    - the computer executable instructions for forming the peer-to-peer group;
      
      readmit the disconnected other remote device to the peer-to-peer group; and
      
      deny the removed particular remote device access to the peer-to-peer group.
  - 18. The at least one computer readable storage medium of claim 16, wherein:
    - storing the master key for that remote device comprises;
      
      storing the master key in the key store in connection with data describing that remote device.
  - 19. The at least one computer readable storage medium of claim 18, wherein the method further comprises:
    - rendering a user interface for receiving peer to peer group management commands, the user interface comprising;
      
      a display area presenting icons representing remote devices in the peer-to-peer group, each icon being based on the data in the key store that describes a corresponding remote device; and
      
      a command menu presenting a first command to disconnect a first remote device from the peer-to-peer group and a second command to remove a second remote device from the peer-to-peer group.
  - 20. The at least one computer readable storage medium of claim 15, wherein the method further comprises:
    - rendering a user interface comprising;
      
      a display area through which a specific remote device of the peer-to-peer group is selectable;
      
      a first actuatable command area to request disconnection of a selected remote device from the peer-to-peer group; and
      
      a second actuatable command selectable to request removal of a selected remote device from the peer-to-peer group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Hassan, Amer A., Desai, Mitesh K., Gupta, Yatharth, Filgueiras, Henrique
Primary Examiner(s)
CHEN, SHIN HON

Application Number

US12/970,159
Publication Number

US 20120155643A1
Time in Patent Office

1,510 Days
Field of Search

380/282, 726/4
US Class Current

380/45
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/065   for group communications cr...

H04L 63/083   using passwords cryptograph...

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/1046   Joining mechanisms

H04L 67/1093   Some peer nodes performing ...

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

H04L 9/321   involving a third party or ...

H04L 9/3242   involving keyed hash functi...

H04W 12/041   Key generation or derivation

H04W 12/062   Pre-authentication

H04W 84/18   Self-organising networks, e...

Secure protocol for peer-to-peer network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure protocol for peer-to-peer network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links