Video surveillance systems using out of band key exchange
US-12177293-B2 · Dec 24, 2024 · US
Detection of stale encryption policy by group members
US10243928B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10243928-B2 |
| Application number | US-201615010679-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 29, 2016 |
| Priority date | Jan 5, 2010 |
| Publication date | Mar 26, 2019 |
| Grant date | Mar 26, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Various techniques that allow group members to detect the use of stale encryption policy by other group members are disclosed. One method involves receiving a message from a first group member via a network. The message is received by a second group member. The method then detects that the first group member is not using a most recent policy update supplied by a key server, in response to information in the message. In response, a notification message can be sent from the second group member. The notification message indicates that at least one group member is not using the most recently policy update. The notification message can be sent to the key server or towards the first group member.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: transmitting, by a key server, a current encryption policy to a plurality of group members of a group, wherein the group comprises at least a first group member and a second group member; subsequent to transmitting the current encryption policy, detecting, by the key server, that the first group member is not using the current encryption policy, wherein the detecting comprises receiving, at the key server, a notification message indicating that the first group member is not using the current encryption policy, wherein the notification message is received from the second group member but not from the first group member, the notification message is received in response to the second group member comparing a first value included in an encrypted message with a second value maintained by the second group member, and the second value identifies an encryption key currently used by the second group member to decrypt messages; transmitting, by the key server, an update message to the first group member, wherein the update message comprises the current encryption policy; determining, by the key server, whether the first group member has acknowledged the update message; and in response to the determining that the first group member has not acknowledged the update message, excluding the first group member from the group. 2. The method of claim 1 , wherein the notification message identifies the first group member. 3. The method of claim 1 , wherein the notification message identifies a plurality of group members. 4. The method of claim 1 , wherein the current encryption policy was transmitted to the group using multicast, and transmitting the update message is performed using unicast. 5. A network device comprising: a plurality of hardware ports, wherein each of the plurality of hardware ports is configured to be coupled to a network; and a processor coupled to the plurality of hardware ports and configured to: transmit a current encryption policy to a plurality of group members of a group, wherein the group comprises at least a first group member and a second group member; subsequent to transmitting the current encryption policy, detect that the first group member is not using the current encryption policy, wherein detecting that the first group member is not using the current encryption policy comprises receiving, at a key server, a notification message indicating that the first group member is not using the current encryption policy, wherein the notification message is received from the second group member but not from the first group member, the notification message is received in response to the second group member comparing a first value included in an encrypted message with a second value maintained by the second group member, and the second value identifies an encryption key currently used by the second group member to decrypt messages; transmit an update message to the first group member, wherein the update message comprises the current encryption policy; determine whether the first group member has acknowledged the update message; and in response to determining that the first group member has not acknowledged the update message, exclude the first group member from the group. 6. The network device of claim 5 , wherein the current encryption policy was transmitted to the group using multicast, and transmitting the update message is performed using unicast. 7. A system, comprising: means for transmitting, by a key server, a current encryption policy to a plurality of group members of a group, wherein the group comprises at least a first group member and a second group member; means for detecting, by the key server and subsequent to transmitting the current encryption policy, that the first group member is not using the current encryption policy, wherein the detecting comprises receiving, at the key server, a notification message indicating that the first group member is not using the current encryption policy, wherein the notification message is received from the second group member but not from the first group member, the notification message is received in response to the second group member comparing a first value included in an encrypted message with a second value maintained by the second group member, and the second value identifies an encryption key currently used by the second group member to decrypt messages; means for transmitting, by the key server, an update message to the first group member, wherein the update message comprises the current encryption policy; means for determining, by the key server, whether the first group member has acknowledged the update message, wherein the key server is configured to transmit policy updates to members of the group; and means for excluding the first group member from the group, wherein the first group member is excluded from the group in response to the determining that the first group member has not acknowledged the update message. 8. The system of claim 7 , wherein the current encryption policy was transmitted to the group using multicast, and transmitting the update message is performed using unicast.
Assignees
Inventors
Classifications
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
- H04L63/0428Primary
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
Grouping of entities · CPC title
Conference organisation arrangements, e.g. handling schedules, setting up parameters needed by nodes to attend a conference, booking network resources, notifying involved parties · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10243928B2 cover?
- Various techniques that allow group members to detect the use of stale encryption policy by other group members are disclosed. One method involves receiving a message from a first group member via a network. The message is received by a second group member. The method then detects that the first group member is not using a most recent policy update supplied by a key server, in response to infor…
- Who is the assignee on this patent?
- Cisco Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0428. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 26 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).