Scalable groups of authenticated entities
Abstract
Example embodiments provide various techniques for securing communications within a group of entities. In one example method, a request from an entity to join the group is received and a signed, digital certificate associated with the entity is accessed. Here, the signed, digital certificate is signed with a group private key that is associated with a certification authority for the group. The signed, digital certificate is added to a group roster, and this addition is to admit the entity into the group. The group roster with the signed, digital certificate is itself signed with the group private key and distributed to the group, which includes the entity that transmitted the request. Communication to the entity is then encrypted using the signed, digital certificate included in the group roster.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A computer-implemented method of securing communications within a group of entities, the method comprising:
designating a first entity in a group of entities as a certification authority to sign digital certificates for use by the entities within the group wherein the first entity:
signs a digital certificate for the first entity with a group private key;
adds the signed digital certificate to a group roster for the group;
adds an identifier for the first entity to the group roster, the identifier associated with the signed digital certificate for the first entity;
distributes the group roster with the signed digital certificates associated with the first entity and each of the one or more entities to the group; and
wherein distributing the group roster, enables exchange of encrypted communications between the entities within the group.
2 . The method of claim 1 , wherein the first entity:
creates a group digital certificate and the group private key; and creates the digital certificate and private key for the first entity.
3 . The method of claim 1 , wherein the first entity:
adds one or more other entities in the group of entities to the group roster; and distributes the group roster with the signed digital certificate associated with the first entity and each of the one or more entities to the group.
4 . The method of claim 1 , including encrypting a communication for transmission from one entity to a second entity using the signed digital certificate associated with the second entity included in the group roster.
5 . The method of claim 1 , wherein adding one or more other entities in the group of entities to the group roster includes receiving a digital certificate associated with the other entity, and signing the received digital certificate associated with the other entity with the group private key.
6 . The method of claim 5 wherein adding one or more other entities in the group of entities to the group roster includes adding the signed digital certificate to a group roster, the group roster including a plurality of signed digital certificates associated with the entities of the group, and adding an identifier associated with the other entity to the group roster, the identifier associated with the signed digital certificate associated with the other entity in the group roster.
7 . The method of claim 1 , wherein the group digital certificate is used to authenticate certificates of the one or more other entities for into the group.
8 . The method of claim 1 , wherein signing the digital certificate includes the certification authority computing a 50 - 100 byte sized digital signature of the digital certificate, encrypting the digital signature with the group private key, and annotating the digital certificate with the encrypted signature.
9 . The method of claim 1 , wherein the group roster includes the signed digital certificates for all entities in the group of entities.
10 . A system to secure communications within a group of entities, the system comprising:
a network interface to enable communications with one or more entities in the group of entities; a processor; and one or more memory resources storing instructions that, when executed by the processor, cause the processor to:
sign a digital certificate for the first entity with a group private key;
add the signed digital certificate to a group roster for the group;
add an identifier for the first entity to the group roster, the identifier associated with the signed digital certificate for the first entity;
distribute the group roster with the signed digital certificates associated with the first entity and each of the one or more entities to the group; and
wherein distributing the group roster, enables exchange of encrypted communications between the entities within the group.
11 . The system of claim 10 , including instructions that, when executed by the processor, cause the processor to:
create a group digital certificate and the group private key; and create the digital certificate and private key for the first entity.
12 . The system of claim 10 , including instructions that, when executed by the processor, cause the processor to:
add one or more other entities in the group of entities to the group roster; and distribute the group roster with the signed digital certificate associated with the first entity and each of the one or more entities to the group.
13 . The system of claim 10 , wherein the exchange of encrypted communications includes using the signed digital certificate associated with the second entity included in the group roster to encrypt a communication for transmission from one entity to a second entity.
14 . The system of claim 10 , wherein adding one or more other entities in the group of entities to the group roster includes (i) receiving a digital certificate associated with the other entity, (ii) signing the received digital certificate associated with the other entity with the group private key, (iii) adding the signed digital certificate to a group roster, the group roster including a plurality of signed digital certificates associated with the entities of the group, and (iv) adding an identifier associated with the other entity to the group roster, the identifier associated with the signed digital certificate associated with the other entity in the group roster.
15 . The system of claim 10 , wherein the group digital certificate is used to authenticate certificates of the one or more other entities for admission into the group.
16 . The system of claim 10 , wherein signing the digital certificate includes the certification authority computing a 50-100 byte sized digital signature of the digital certificate, encrypting the digital signature with the group private key, and annotating the digital certificate with the encrypted signature.
17 . The system of claim 10 , wherein the group roster includes the signed digital certificates for all entities in the group of entities.
18 . The system of claim 10 , wherein the identifier associated with the signed digital certificate is one of a user name, an organization name, Media Access Control (MAC) address, or processor serial number.
19 . A non-transitory computer-readable medium that stores instructions, executable by one or more processors, that cause the one or more processors to perform operations to:
receive a designation as a certification authority to sign digital certificates for use by entities within a group of entities; create a group digital certificate and a group private key; create a digital certificate and private key for the certification authority; sign the digital certificate with the group private key; add the signed digital certificate to a group roster for the group; add an identifier for the certification authority to the group roster, the identifier being associated with the signed digital certificate for the certification authority; add one or more other entities in the group of entities to the group roster; distribute the group roster with the signed digital certificates associated with the first entity and each of the one or more entities to the group; and enable exchange of encrypted communications between the entities within the group.
20 . The non-transitory computer-readable of claim 19 , wherein the exchange of encrypted communications between the entities within the group includes encrypting a communication to transmit from one entity to a second entity using the signed digital certificate associated with the second entity included in the group roster.Join the waitlist — get patent alerts
Track US2016112408A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.