Secure protocol for peer-to-peer network

US 9,596,220 B2
Filed: 01/20/2015
Issued: 03/14/2017
Est. Priority Date: 12/16/2010
Status: Active Grant

First Claim

Patent Images

1. A method of managing wireless communications, the method comprising:

operating a wireless computing device as a controlling member of a peer-to-peer group, including;

providing a master key to each of multiple remote devices, wherein the individual master key for each specific remote device of the multiple remote devices is different than the master key for every other remote device of the multiple remote devices;

determining whether a master key of a first remote device that is attempting to join the peer-to-peer group is valid; and

in response to determining that the master key of the first remote device is valid, generating a transient key for the first remote device based on the master key of the first remote device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A wireless computing device operating as a controller of a peer-to-peer group configured to generate unique master keys for each device joining the group. The wireless computing device may use the unique master keys to selectively remove remote devices from the group such that the remote device cannot later rejoin the group. Other remote devices, each possessing a master key that remains valid, can disconnect from the group and later reconnect to the group without express user action. To support such behavior, the wireless device may provide a user interface through which a user may manage connected remote devices by providing commands to selectively disconnect or remove remote devices from the group.

243 Citations

20 Claims

1. A method of managing wireless communications, the method comprising:
- operating a wireless computing device as a controlling member of a peer-to-peer group, including;
  
  providing a master key to each of multiple remote devices, wherein the individual master key for each specific remote device of the multiple remote devices is different than the master key for every other remote device of the multiple remote devices;
  
  determining whether a master key of a first remote device that is attempting to join the peer-to-peer group is valid; and
  
  in response to determining that the master key of the first remote device is valid, generating a transient key for the first remote device based on the master key of the first remote device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein operating the wireless computing device as the controlling member of the peer-to-peer group further includes:
    - removing the first remote device from the peer-to-peer group, including;
      
      invalidating the master key of the first remote device; and
      
      invalidating the transient key generated for the first remote device.
  - 3. The method of claim 2, wherein operating the wireless computing device as the controlling member of the peer-to-peer group further includes:
    - after invalidating the master key of the first remote device and invalidating the transient key generated for the first remote device, exchanging data with another remote device that is a member of the peer-to-peer group.
  - 4. The method of claim 2, wherein:
    - operating the wireless computing device as the controlling member of the peer-to-peer group further includes;
      
      storing the master key of the first remote device in a key store; and
      
      invalidating the master key of the first remote device comprises;
      
      deleting the master key of the first remote device from the key store.
  - 5. The method of claim 2, wherein:
    - operating the wireless computing device as the controlling member of the peer-to-peer group further includes;
      
      receiving a user request to remove the first remote device from the peer-to-peer group; and
      
      the invalidating of the master key of the first remote device is in response to the user request.
  - 6. The method of claim 1, wherein operating the wireless computing device as the controlling member of the peer-to-peer group further includes:
    - performing a group owner negotiation with the first remote device.
  - 7. The method of claim 1, wherein operating the wireless computing device as the controlling member of the peer-to-peer group further includes:
    - at a first time, disconnecting the first remote device from the peer-to-peer group; and
      
      at a second time, reconnecting the first remote device to the peer-to-peer group, the reconnecting comprising;
      
      authenticating the first remote device based on the master key of the first remote device; and
      
      generating another transient key based on the master key of the first remote device.
  - 8. The method of claim 1, wherein determining whether the master key of a first remote device that is attempting to join the peer-to-peer group is valid includes:
    - processing a message received from the first remote device with a key stored in a data store.
  - 9. The method of claim 1, wherein determining whether the master key of a first remote device that is attempting to join the peer-to-peer group is valid includes:
    - performing a handshake in accordance with a Wi-Fi Protected Access (WPA2) protocol.

10. At least one computer readable storage medium comprising a memory, or a disk, storing computer executable instructions for performing operations to manage a peer-to-peer wireless network, the operations comprising:
- operating a first wireless device as a controller for the peer-to-peer wireless network, including;
  
  issuing an individual master key to each of multiple other wireless devices, wherein the individual master key issued to each of the other multiple wireless devices is different than the individual master key for every other wireless device of the multiple other wireless devices;
  
  determining whether a master key transmitted to the first wireless device by a second wireless device in association with an attempt by the second wireless device to join the peer-to-peer wireless network is valid; and
  
  in response to determining that the master key transmitted to the first wireless device by the second wireless device is valid, issuing a transient key for the peer-to-peer wireless network to the second wireless device.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The at least one computer readable storage medium of claim 10, wherein the transient key is based on the individual master key issued to the second wireless device.
  - 12. The at least one computer readable storage medium of claim 10, wherein operating the wireless computing device as the controller for the peer-to-peer wireless network further includes:
    - removing the second wireless device from the peer-to-peer wireless network, including;
      
      invalidating the master key for the second wireless device; and
      
      invalidating the transient key issued to the second wireless device.
  - 13. The at least one computer readable storage medium of claim 12, wherein:
    - operating the wireless computing device as the controller for the peer-to-peer wireless network further includes;
      
      receiving a user request to remove the second wireless device from the peer-to-peer wireless network; and
      
      the invalidating of the master key for the second wireless device is in response to the user request.
  - 14. The at least one computer readable storage medium of claim 10, wherein operating the wireless computing device as the controller for the peer-to-peer wireless network further includes:
    - at a first time, disconnecting the second wireless device from the peer-to-peer wireless network; and
      
      at a second time, reconnecting the second wireless device to the peer-to-peer wireless network, including;
      
      authenticating the second wireless device based on a master key transmitted to the first wireless device by a second wireless device in association with an attempt by the second wireless device to reconnect to the peer-to-peer wireless network; and
      
      issuing another transient key for the peer-to-peer wireless network to the second wireless device.
  - 15. The at least one computer readable storage medium of claim 10, wherein determining whether the master key transmitted to the first wireless device by the second wireless device is valid includes:
    - performing a process in accordance with a Wi-Fi Protected Access (WPA2) protocol.

16. A computing device comprising:
- a radio;
  
  at least one processor; and
  
  computer storage medium storing computer-executable instructions for execution on the at least on processor, the computer-executable instructions for causing the computing device to;
  
  operate the computing device as a group owner of a peer-to-peer group of multiple remote devices;
  
  control the peer-to-peer group in accordance with a peer-to-peer protocol;
  
  exchange encrypted data with a particular remote device in the peer-to-peer group, the encrypted data being encrypted for decryption by the particular remote device with a transient key generated for that particular remote device;
  
  perform a key generation process for each of the multiple remote devices, the key generation process comprising, for each remote device of the multiple remote devices;
  
  generating an individualized master key for that remote device; and
  
  storing the master key for that remote device in a key store;
  
  determine validity of a master key presented by a remote device attempting to join the peer-to-peer group; and
  
  generate a transient key for the remote device attempting to join the peer-to-peer group if the master key presented by that remote device is determined to be valid.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computing device of claim 16, wherein the instructions are also for causing the computing device to generate the transient key for the remote device according to a Wi-Fi Protected Access (WPA2) process.
  - 18. The computing device of claim 16, wherein the instructions are also for causing the computing device to selectively invalidate the master key for one of the multiple remote devices without invalidating the master key for another of the multiple remote devices.
  - 19. The computing device of claim 18, wherein invalidation of the master key for the one of the multiple remote devices removes the one of the multiple remote devices from the peer-to-peer group.
  - 20. The computing device of claim 16, wherein:
    - the instructions are also for causing the computing device to invalidate the transient key for the remote device without invalidating a transient key for another remote device; and
      
      invalidation of the transient key for the remote device disconnects the remote device from the peer-to-peer group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Hassan, Amer A., Desai, Mitesh K., Gupta, Yatharth, Filgueiras, Henrique
Primary Examiner(s)
CHEN, SHIN HON

Application Number

US14/600,477
Publication Number

US 20150229612A1
Time in Patent Office

784 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/065   for group communications cr...

H04L 63/083   using passwords cryptograph...

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/1046   Joining mechanisms

H04L 67/1093   Some peer nodes performing ...

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

H04L 9/321   involving a third party or ...

H04L 9/3242   involving keyed hash functi...

H04W 12/041   Key generation or derivation

H04W 12/062   Pre-authentication

H04W 84/18   Self-organising networks, e...

Secure protocol for peer-to-peer network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

243 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure protocol for peer-to-peer network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

243 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links