Who is the assignee on this patent?

Wainner Warren Scott, Rowles Sheela D, Weis Brian E, and 4 more

What technology area does this patent fall under?

Primary CPC classification H04L9/0833. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Mar 22 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Detection of stale encryption policy by group members

US9294270B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9294270-B2
Application number	US-65232410-A
Country	US
Kind code	B2
Filing date	Jan 5, 2010
Priority date	Jan 5, 2010
Publication date	Mar 22, 2016
Grant date	Mar 22, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Various techniques that allow group members to detect the use of stale encryption policy by other group members are disclosed. One method involves receiving a message from a first group member via a network. The message is received by a second group member. The method then detects that the first group member is not using a most recent policy update supplied by a key server, in response to information in the message. In response, a notification message can be sent from the second group member. The notification message indicates that at least one group member is not using the most recently policy update. The notification message can be sent to the key server or towards the first group member.

First claim

Opening claim text (preview).

What is claimed is: 1. A method, comprising: receiving one or more policy messages via a control plane of a network; receiving a message from a first group member of a group via a data plane of the network, wherein the message comprises client content encrypted by the first group member using a first encryption policy applicable to the group, the message is received by a second group member of the group, the second group member is a network device, the control plane carries messages containing policy information used to manage an encryption scheme, the encryption scheme is implemented by the group, the group comprises the first and second group members, and the data plane carries messages containing content generated by clients of the first and second group members; in response to the receiving the message decrypting information in the message using an unexpired key, wherein the unexpired key existed prior to a time at which the most recent policy update was generated by a key server, and detecting that the first encryption policy differs from the most recent policy update supplied by the key server, wherein the most recent policy update is applicable to the group, and the detecting comprises comparing at least a portion of the decrypted information to information maintained by the second group member, wherein the information maintained by the second group member indicates the most recent policy update received by the second group member; and sending a notification message from the second group member, wherein the notification message indicates that at least one group member is not using the most recent policy update. 2. The method of claim 1 , wherein the detecting comprises comparing a first value included in the message with a second value maintained by the second group member, and wherein the second value identifies a key currently used by the second group member to decrypt messages. 3. The method of claim 1 , wherein the notification message is sent to the key server. 4. The method of claim 3 , wherein the notification message identifies the first group member. 5. The method of claim 3 , further comprising: sending a second notification message to the first group member, wherein the second notification message indicates that the first group member is not using the most recent policy update. 6. The method of claim 1 , wherein the notification message is sent to the first group member. 7. The method of claim 6 , wherein the notification message comprises the most recent policy update. 8. A first network device, wherein the first network device comprises: a plurality of hardware ports, wherein each of the plurality of hardware ports is configured to be coupled to a network, the plurality of hardware ports is configured to receive policy messages via a control plane of the network and to receive a message sent by a second network device of a group via a data plane of the network, the message comprises client content encrypted by the second network device using a first encryption policy applicable to the group, the control plane carries messages containing policy information used to manage an encryption scheme, the encryption scheme is implemented by the group, the group comprises the first network device and the second network device, and the data plane carries messages containing content generated by clients of the first and second network devices; a processor coupled to the plurality of hardware ports and configured to implement a stale policy detection module, wherein the stale policy detection module is configured to: decrypt, in response to receiving the message, information in the message using an unexpired key, wherein the unexpired key existed prior to a time at which the most recent policy update was generated by a key server, and detect, in response to the receiving the message, that the first encryption policy differs from the most recent policy update supplied to the first network device by the key server, wherein the most recent policy update is applicable to the group, and detecting that the first encryption policy differs from the most recent policy update comprises comparing at least a portion of the decrypted information to information maintained by the first network device, wherein the information maintained by the first network device indicates the most recent policy update received by the first network device; and send a notification message, via one of the plurality of hardware ports, if the second network device is not using the most recent policy update, wherein the notification message indicates that at least one of a plurality of group members is not using the most recent policy update. 9. The first network device of claim 8 , wherein the stale policy detection module is configured to: detect whether the second network device is using the most recent policy update by comparing a first value included in the message with a second value maintained by the first network device, wherein the second value identifies a key currently used by the first network device to decrypt messages. 10. The network first device of claim 8 , wherein the notification message is sent to the key server. 11. The first network device of claim 10 , wherein the stale policy detection module is configured to: send a second notification message to the second network device via the plurality of hardware ports, wherein the second notification message indicates that the second network device is not using the most recent policy update. 12. The first network device of claim 8 , wherein the notification message is sent to the second network device. 13. The first network device of claim 12 , wherein the notification message comprises the most recent policy update. 14. A system, comprising: network interface means for receiving policy messages via a control plane of a network and a message from a first group member of a group via a data plane of the network, wherein the message comprises client content encrypted by the first group member using a first encryption policy applicable to the group, a second group member comprises the network interface means, the control plane carries messages containing policy information used to manage an encryption scheme, the encryption scheme is implemented by the group, the group comprises the first and second group members, and the data plane carries messages containing content generated by clients of the first and second group members; means for decrypting information in the message using an unexpired key, wherein the unexpired key existed prior to a time at which the most recent policy update was generated by a key server; means for detecting that the first encryption policy differs from the most recent policy update supplied by the key server, wherein the most recent policy update is applicable to the group, and the detecting comprises comparing at least a portion of the decrypted information to information maintained by the second group member, wherein the information maintained by the second group member indicates the most recent policy update received by the second group member; and means for sending a notification message from the second group member, wherein the notification message indicates that at least one group member is not using the most recent policy update. 15. The system of claim 14 , wherein the notification message is sent to the key server. 16. The system of claim 14 , wherein the notification message is sent to the first group member. 17. The system of claim 14 , whe

Assignees

Inventors

Classifications

H04L12/1818
Conference organisation arrangements, e.g. handling schedules, setting up parameters needed by nodes to attend a conference, booking network resources, notifying involved parties · CPC title
H04L63/061
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
H04L9/0833Primary
involving conference or group key (network architectures or network communication protocols for key management in group communication in a packet data network H04L63/065) · CPC title
H04L63/0428Primary
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
H04L63/104
Grouping of entities · CPC title

Patent family

Related publications grouped by family.

View patent family 44224704

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9294270B2 cover?: Various techniques that allow group members to detect the use of stale encryption policy by other group members are disclosed. One method involves receiving a message from a first group member via a network. The message is received by a second group member. The method then detects that the first group member is not using a most recent policy update supplied by a key server, in response to infor…
Who is the assignee on this patent?: Wainner Warren Scott, Rowles Sheela D, Weis Brian E, and 4 more
What technology area does this patent fall under?: Primary CPC classification H04L9/0833. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Mar 22 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).