A peer-to-peer (“P2P”) system is a network that relies primarily on the computing power and bandwidth of participants in the network rather than concentrating it in a relatively low number of servers. P2P systems are commonly used to connect computing nodes via ad-hoc networks. P2P systems are useful for many purposes, including real-time communications (“RTC”), collaboration, content distribution, distributed processing, file sharing, and others.
In P2P systems, it is often necessary to create secure groups of computing nodes. For instance, it may be desirable for a group of computing nodes to create a secure group for the purposes of enabling collaboration on a project or secure instant messaging among group members. It is, therefore, desirable to restrict the participation in a peer group to a set of nodes known as group members. Other computing nodes that are not authorized as members of the group should not be permitted to connect to the group or participate in group activities.
In standard client-server systems, servers typically provide authentication and authorization services. In a P2P system, however, there are no centralized servers with security databases that can provide these security services. In a serverless peer environment, the peer computing nodes must provide their own authentication. In many cases, authentication is performed in P2P systems utilizing identity certificates. These identity certificates may be issued and signed by a central authority, or they may be self-signed certificates that are signed by their creators.
Previous P2P authorization solutions require significant out-of-band communication between an administrator node and the tentative group member in order for the tentative group member to become a member of a group. In particular, in previous solutions, several rounds of out-of-band communication, including the insecure transmission of self-signed certificates must take place in order to add a new member to a group. Previous solutions, therefore, are unnecessarily complicated, require excessive user intervention and require the unnecessary utilization of computing resources in order to add a new member to a group of computing nodes. The only alternative to simplify authorization in current solutions is to do away with specific node authentication, and simply assume that any anonymous node that presents a shared secret has the same permissions to the group. This alternative lacks the ability to differentiate permission levels, and prevents the association of actions and data in the group with the node responsible for that action or data.
It is with respect to these considerations and others that aspects of a computing system for authorizing the granting of authority to a computing node to participate in a group of computing nodes utilizing a shared group password is described below.