| CPC H04L 63/065 (2013.01) [H04L 9/0836 (2013.01); H04L 9/0891 (2013.01); H04L 9/3073 (2013.01)] | 20 Claims |
|
1. A system for managing group membership, the system comprising:
one or more processors; and
a non-transitory computer-readable storage medium storing instructions, which when executed by the one or more processors cause the one or more processors to:
receive a request to remove a user from a group, wherein the group is associated with a binary tree, and wherein the binary tree comprises a plurality of leaf nodes with each leaf node of the plurality of leaf nodes representing a corresponding user or device within the group;
locate, within the binary tree, (1) a root node, (2) a leaving leaf node associated with the user being removed from the group, (3) a sibling leaf node corresponding to a node that shares a parent node with the leaving leaf node, (4) a right-most leaf node, and (5) an immediate parent of the right-most leaf node;
copy sibling node parameters of the sibling leaf node into a temporary storage, and root node parameters from the root node into the sibling leaf node, wherein the sibling node parameters comprises a sibling node private key and a sibling node public key, and wherein the root node parameters comprises a root private key and a root public key;
compute an update path from the leaving leaf node to the root node, wherein the update path comprises a plurality of nodes connecting the leaving leaf node to the root node;
update a plurality of private keys and a plurality of public keys for each node along the update path between the leaving leaf node and the root node;
replace the root node parameters within the sibling leaf node with the sibling node parameters from the temporary storage;
interchange leaving leaf node parameters within the leaving leaf node with right-most leaf node parameters from the right-most leaf node; and
remove the right-most leaf node from the binary tree.
|