Secure multicast flow
First Claim
1. A method for authenticating a request for a specific data flow from an end-user device, the method comprising:
- a) receiving a request data transmission unit (DTU) from the end user device, said request DTU requesting said specific data flow for said end user device;
b) extracting identification data from said DTU, said identification data identifying said end user device and said specific data flow;
c) determining if said request DTU is legitimate based at least a portion of said identification data; and
d) executing a predetermined set of steps based on whether said request DTU is legitimate as determined in step c).
4 Assignments
0 Petitions
Accused Products
Abstract
Methods, devices and systems for providing content providers with a secure way to multicast their data flows only to legitimate end users. By making a specific decision for each potentially legitimate end user requesting a specific data flow, differing subscriber profiles may be taken into account. Furthermore, end to end encryption is avoided by having a switch and/or router control the specific data flow to a specific end user. Each end user sends a request DTU to the switch and/or router asking for permission to join a multicast group. The switch and/or router extracts identification data from the request data transmission unit (DTU) and determines whether the requesting end user is cleared for the requested specific data flow. This determination may be made by sending a query DTU containing the identification data to a policy server which checks the identification data against preprogrammed criteria in its databases. The policy server then sends a response DTU to the switch and/or router confirming or denying the authenticity or legitimacy of the request based on the identification data. In the meantime, after the switch and/or router sends the query DTU to the policy server, the switch and/or router allows the specific requested data flow to proceed to the requesting end user. If, based on the response from the policy server, the request is determined to not be legitimate or authentic, the specific data flow is terminated. If the request is legitimate or authentic, then the data flow is allowed to flow uninterrupted by the switch and/or router.
71 Citations
33 Claims
-
1. A method for authenticating a request for a specific data flow from an end-user device, the method comprising:
-
a) receiving a request data transmission unit (DTU) from the end user device, said request DTU requesting said specific data flow for said end user device;
b) extracting identification data from said DTU, said identification data identifying said end user device and said specific data flow;
c) determining if said request DTU is legitimate based at least a portion of said identification data; and
d) executing a predetermined set of steps based on whether said request DTU is legitimate as determined in step c). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 27, 28)
-
-
14. A network device for routing multiple data flows from data servers to end user devices, the device comprising:
-
means for receiving a request data transmission unit (DTU) from an end user device, said request DTU requesting a specific data flow for said end user device;
means for extracting identification data from said request DTU, said identification data identifying said end user device and said specific data flow;
means for transmitting a query regarding an authentication of said request DTU to a policy server capable of authenticating said request DTU based on at least a portion of said identification data, said query containing said at least a portion of said identification data;
means for receiving a response from said policy server, said response being related to said query; and
means for routing said specific data flow to said end user device, wherein said network device allows or prevents access to said specific data flow by said end user device based on whether said request DTU is legitimate. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. Computer readable media having encoded thereon a computer software product comprising:
-
a software module for receiving a request data transmission unit (DTU) from an end user device, said request DTU requesting a specific data flow for said end user device;
a software module for extracting identification data from said request DTU, said identification data identifying said end user device and said specific data flow;
a software module for determining if said request DTU is legitimate based on at least a portion of said identification data; and
a software module for allowing a transmission of said specific data flow to said end user device. - View Dependent Claims (21, 22, 23, 24, 25, 26)
-
-
29. A method of authenticating an end user device capable of coupling to a network, the method comprising:
-
a) receiving a data transmission unit (DTU) from said end user device, said DTU containing identification data identifying said end user device and specific data to which said end user device is supposed to have access;
b) extracting said identification data from said DTU; and
c) determining if said end user device is entitled to access said specific data based on at least a portion of said identification data and a set of predetermined business rules. - View Dependent Claims (30, 31, 32, 33)
-
Specification