System and method for multicasting IPSec protected communications

US 20070168655A1
Filed: 01/19/2006
Published: 07/19/2007
Est. Priority Date: 01/19/2006
Status: Active Grant

First Claim

Patent Images

1. A method of decrypting an Internet Protocol Security (IPSec)-encrypted multicast communication, comprising:

receiving an Internet Protocol Security (IPSec)-encrypted multicast communication at a device having IPSec decryption capabilities;

modifying the received multicast communication to appear as a unicast communication to the IPSec decryption capabilities; and

decrypting the modified communication using IPSec decryption capabilities.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is provided which allows multicast communications encrypted using IPSec protocol to be received by receivers in a network. In order to allow the receivers to receive the encrypted multicast communication, the address information of the received multicast communication is modified to appear as a unicast communication being transmitted directly to the address of the receiver, such that the receiver may then decrypt the received multicast communication using IPSec decryption capabilities or may, alternatively, forward the received multicast communication in its encrypted state to other devices. The system and method further provide IPSec encryption key delivery to the receiver using an encrypted markup language file. Multiple keys may also be generated for a given IP address of a receiver with each key being generated for a particular multicasting hierarchical classification.

49 Citations

View as Search Results

40 Claims

1. A method of decrypting an Internet Protocol Security (IPSec)-encrypted multicast communication, comprising:
- receiving an Internet Protocol Security (IPSec)-encrypted multicast communication at a device having IPSec decryption capabilities;
  
  modifying the received multicast communication to appear as a unicast communication to the IPSec decryption capabilities; and
  
  decrypting the modified communication using IPSec decryption capabilities.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
    - determining whether the received communication is a multicast communication;
      
      determining whether the received communication is Internet Protocol Security (IPSec)-encrypted; and
      
      in response to determining the received communication is a multicast IPSec-encrypted communication, modifying the received multicast communication to appear as a unicast communication by including a unicast destination address of the device in the communication.
  - 3. The method of claim 1, wherein the received communication is a multicast satellite communication.
  - 4. The method of claim 1, further comprising multicasting the decrypted communication to at least one other device.

5. A device for decrypting an Internet Protocol Security (IPSec)-encrypted multicast communication, said device comprising:
- a processor;
  
  a memory;
  
  a receiver for receiving an Internet Protocol Security (IPSec)-encrypted multicast communication;
  
  a communication modification module executable by the processor for modifying the received multicast communication to appear as a unicast communication to an IPSec decryption module; and
  
  a decryption device for decrypting the modified communication using IPSec protocol decryption.
- View Dependent Claims (6, 7, 8)
- - 6. The device of claim 5, wherein the communication modification module is further executable by the process for:
    - determining whether the received communication is a multicast communication;
      
      determining whether the received communication is Internet Protocol Security (IPSec)-encrypted; and
      
      in response to determining the received communication is a multicast IPSec-encrypted communication, modifying the received multicast communication to appear as a unicast communication by including a unicast destination address of the device in the communication.
  - 7. The device of claim 5, wherein the receiver is configured to receive a multicast satellite communication.
  - 8. The device of claim 5, further comprising a transmission device for multicasting the decrypted communication to at least one other device.

9. A machine-readable medium having program instructions stored thereon executable by a processing unit for performing the steps of:
- receiving an Internet Protocol Security (IPSec)-encrypted multicast communication at a device having IPSec decryption capabilities;
  
  modifying the received multicast communication to appear as a unicast communication to the IPSec decryption capabilities; and
  
  decrypting the modified communication using IPSec decryption capabilities.
- View Dependent Claims (10, 11, 12)
- - 10. The machine-readable medium of claim 9, further comprising program instructions stored thereon executable by a processing unit for performing the steps of:
    - determining whether the received communication is a multicast communication;
      
      determining whether the received communication is Internet Protocol Security (IPSec)-encrypted; and
      
      in response to determining the received communication is a multicast IPSec-encrypted communication, modifying the received multicast communication to appear as a unicast communication by including a unicast destination address of the device in the communication.
  - 11. The machine-readable medium of claim 9, further comprising program instructions stored thereon executable by a processing unit for receiving the communication as a multicast satellite communication.
  - 12. The machine-readable medium of claim 9, further comprising program instructions stored thereon executable by a processing unit for multicasting the decrypted communication to at least one other device.

13. A device for decrypting an Internet Protocol Security (IPSec)-encrypted multicast communication, said device comprising:
- means for receiving an Internet Protocol Security (IPSec)-encrypted multicast communication at a device having IPSec decryption capabilities;
  
  means for modifying the received multicast communication to appear as a unicast communication to the IPSec decryption capabilities; and
  
  means for decrypting the modified communication using IPSec decryption capabilities.
- View Dependent Claims (14, 15, 16)
- - 14. The device of claim 13, wherein said means for modifying the received multicast communication further:
    - determines whether the received communication is a multicast communication;
      
      determines whether the received communication is Internet Protocol Security (IPSec)-encrypted; and
      
      in response to determining the received communication is a multicast IPSec-encrypted communication, modifies the received multicast communication to appear as a unicast communication by including a unicast destination address of the device in the communication.
  - 15. The device of claim 13, wherein the received communication is a multicast satellite communication.
  - 16. The device of claim 13, further comprising means for multicasting the decrypted communication to at least one other device.

17. A method comprising:
- generating a key to be used to encrypt and decrypt data;
  
  placing the generated key into a markup language file;
  
  encrypting the markup language file;
  
  transmitting the encrypted markup language file to a receiver; and
  
  decrypting the encrypted markup language file at the receiver to determine the generated key.
- View Dependent Claims (18, 19, 20, 24)
- - 18. The method of claim 17, wherein the markup language file is an Extensible Markup Language (XML) file.
  - 19. The method of claim 17, wherein the key allows data to be encrypted and decrypted according to Internet Protocol Security (IPSec) protocol.
  - 20. The method of claim 17, further comprising:
    - encrypting a communication using the generated key;
      
      transmitting the encrypted communication to the receiver; and
      
      decrypting the encrypted communication using the generated key.
  - 24. The device of claim 17, wherein:
    - the encryption device further encrypts a communication using the generated key;
      
      the transmitter further transmits the encrypted communication to the receiver; and
      
      the decryption device further decrypts the encrypted communication using the generated key.

21. A device for providing an encrypted key to a remote location, said device comprising:
- a processor;
  
  a memory;
  
  a key server for generating a key to be used to encrypt and decrypt data and for placing the generated key into a markup language file;
  
  an encryption device for encrypting the markup language file;
  
  a transmitter for transmitting the encrypted markup language file to a receiver; and
  
  a decryption device decrypting the encrypted markup language file at the receiver to determine the generated key.
- View Dependent Claims (22, 23)
- - 22. The device of claim 21, wherein the markup language file is an Extensible Markup Language (XML) file.
  - 23. The device of claim 21, wherein the key allows data to be encrypted and decrypted according to Internet Protocol Security (IPSec) protocol.

25. A device for providing an encrypted key to a remote location, said device comprising:
- means for generating a key to be used to encrypt and decrypt data;
  
  means for placing the generated key into a markup language file;
  
  means for encrypting the markup language file;
  
  means for transmitting the encrypted markup language file to a receiver; and
  
  means for decrypting the encrypted markup language file at the receiver to determine the generated key.
- View Dependent Claims (26, 27, 28)
- - 26. The device of claim 25, wherein the markup language file is an Extensible Markup Language (XML) file.
  - 27. The device of claim 25, wherein the key allows data to be encrypted and decrypted according to Internet Protocol Security (IPSec) protocol.
  - 28. The device of claim 25, further comprising:
    - means for encrypting a communication using the generated key;
      
      means for transmitting the encrypted communication to the receiver; and
      
      means for decrypting the encrypted communication using the generated key.

29. A machine-readable medium having program instructions stored thereon executable by a processing unit for performing the steps of:
- generating a key to be used to encrypt and decrypt data;
  
  placing the generated key into a markup language file;
  
  encrypting the markup language file;
  
  transmitting the encrypted markup language file to a receiver; and
  
  decrypting the encrypted markup language file at the receiver to determine the generated key.
- View Dependent Claims (30, 31, 32)
- - 30. The machine-readable medium of claim 29, wherein the markup language file is an Extensible Markup Language (XML) file.
  - 31. The machine-readable medium of claim 29, wherein the key allows data to be encrypted and decrypted according to Internet Protocol Security (IPSec) protocol.
  - 32. The machine-readable medium of claim 29, further comprising program instructions stored thereon executable by a processing unit for:
    - encrypting a communication using the generated key;
      
      transmitting the encrypted communication to the receiver; and
      
      decrypting the encrypted communication using the generated key.

33. A method of broadcasting a secure multicast communication, said method comprising:
- assigning content to be delivered in various hierarchies in an IP multicast communication;
  
  assigning different encryption keys for each respective hierarchy of the IP multicast communication;
  
  encrypting the content in the various hierarchies in an IP multicast communication using respectively assigned encryption keys;
  
  transmitting the encryption keys for the various hierarchies of the IP multicast communication to respective receivers intended to receive respective encryption keys;
  
  transmitting the encrypted IP multicast communication to the receivers;
  
  decrypting the content in the various hierarchies of the IP multicast communication at only those receivers having the respective encryption keys for such content.
- View Dependent Claims (34, 35, 36, 37, 38)
- - 34. The method of claim 33, comprising:
    - encrypting a first multicast communication using a first encryption key;
      
      delivering the first encryption key to a plurality of receivers for decrypting the encrypted first multicast communication;
      
      transmitting the encrypted first multicast communication to the plurality of receivers;
      
      encrypting at least one additional multicast communication using at least one additional encryption key, wherein each additional multicast communication is encrypted with its own respective encryption key;
      
      delivering the at least one additional encryption key to a subset of the plurality of receivers for decrypting the encrypted at least one additional multicast communication;
      
      transmitting the encrypted at least one additional multicast communication to the plurality of receivers, wherein all of the plurality of receivers having the first encryption key will be capable of decrypting the encrypted first multicast communication while only the subset of the plurality of receivers having the at least one additional encryption key will be capable of decrypting the encrypted additional multicast communication.
  - 35. The method of claim 33, wherein each multicast communication includes at least one broadcast channel, the method further comprising:
    - encrypting each broadcast channel using a different respective channel encryption key; and
      
      delivering each respective channel encryption key for each broadcast channel to a respective subset of the plurality of channels.
  - 36. The method of claim 35, wherein each wherein each broadcast channel of a multicast communication includes at least one event, the method further comprising:
    - encrypting each event using a different respective event encryption key; and
      
      delivering each respective event encryption key for each event to a respective subset of the plurality of channel-receiving receivers.
  - 37. The method of claim 36, further comprising:
    - transmitting the at least one broadcast channel and the at least one event to respective subsets of receivers, wherein a key hierarchy is formed such that;
      
      all of the plurality of receivers having the first encryption key will be capable of decrypting the encrypted first multicast communication, only the subsets of the plurality of receivers having the respective channel encryption keys will be capable of further decrypting the encrypted at least one broadcast channel, and only the further subsets of the plurality of channel-receiving receivers having the respective event encryption keys will be capable of further decrypting the encrypted at least one event.
  - 38. The method of claim 37, wherein each event encryption key is only valid for a predetermined period of time associated with the transmitted event.

39. A device for broadcasting a secure multicast communication, said device comprising:
- means for assigning content to be delivered in various hierarchies in an IP multicast communication;
  
  means for assigning different encryption keys for each respective hierarchy of the IP multicast communication;
  
  means for encrypting the content in the various hierarchies in an IP multicast communication using respectively assigned encryption keys;
  
  means for transmitting the encryption keys for the various hierarchies of the IP multicast communication to respective receivers intended to receive respective encryption keys;
  
  means for transmitting the encrypted IP multicast communication to the receivers;
  
  means for decrypting the content in the various hierarchies of the IP multicast communication at only those receivers having the respective encryption keys for such content.

40. A method of broadcasting a multicast communication to a plurality of receivers, said method comprising:
- grouping receivers into desired groups of receivers;
  
  assigning different encryption keys for each respective group of receivers;
  
  transmitting the encryption keys for the respective groups of receivers for use in decrypting respective multicast communications received by the receivers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hughes Network Systems LLC (Echostar Corporation)
Original Assignee
Hughes Network Systems LLC (Echostar Corporation)
Inventors
Davis, Matthew, Mosbarger, Myron, Thomasson, John, Terry, Neil

Granted Patent

US 8,176,317 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/151
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/065   for group communications cr...

H04L 63/164   at the network layer

System and method for multicasting IPSec protected communications

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for multicasting IPSec protected communications

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links