The Group Manager is configured with group and access control information. Additionally, the group parameters are published using a directory service.

The new participant s Key Manager sends its request to the Group Manager, which checks whether this participant is allowed to join. If yes, the GroupManager assigns a unique ID to him, and selects a series of KEKs which will be transmitted to the newcomer. The selection of KEKs will be discussed separately for each key management scheme. The Group Manager now increases the revision of all keys (TEK and KEKs) to be transmitted to the participant by passing the keying material through a one-way function (e.g. a cryptographically secure hash), then sends the keys out to the new participant. It also informs the sender(s) to update their revision and TEK. The other participants will notice the revision change from the key reference tuple in ordinary data packets, and also pass their TEK through the one-way function. Since the function is not reversible, the newcomer has no way to determine the key that was used beforehand.

There are three ways to leave a group, namely  Silent Leave, Voluntary Leave  and  Forced Leave . Only the third kind is of interest here as the first two do not require any action from the group manager. If the Admission Control feels a need to forcibly exclude a participant, a leave message is to be sent out. Also, participants may ask the Admission Control to exclude a member. It is up to the admission policy how to deal with such requests. To exclude a member, all keys known to it need to be replaced with entirely new keying material. To make all remaining participants aware of this change, the key s version number is increased. The GroupManager sends out a message withnew keying material which can be decrypted by all the remaining participants  Key Managers, but not the member which just left.

The Group Manager notifies all remaining participants of the destruction, closes all network connections, destroys all keying material and frees all memory. As soon as all parties have thrown away their keying material, perfect forward secrecy covering all traffic against third party opponents is guaranteed.