Securing multicast data
First Claim
1. A method of securing data of a multicast transmitted in a network, comprising:
- receiving an initiation message to join a multicast, the multicast having a specific Ethernet address;
generating a set of N different IP addresses, mapping the set of N different IP addresses to the specific Ethernet address;
assigning each of the N different IP addresses to separate tunnels; and
, splitting the data of the multicast into smaller segments of the multicast; and
assigning each of the smaller segments of the multicast to a specific one of the tunnels for transmission in the network.
5 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for securing multicast data are described. Data of a multicast, is protected through the use of at least double encryption keys, such as a community-of-interest key and session key. Data of a multicast is also split into portions of multicast in accordance with the session key, and transmitted over a choice of different pathways to one or more endpoints. The community-of-interest key is a prerequisite to joining or requesting deliver of a particular multicast. The community-of-interest key initializes, and exchanges a session key. All endpoints in a particular multicast community-of-interest group share the same session keys values. Endpoints that join a group (tune-in) must be notified of the session keys that are being used by the group at that particular time. A “Join” request is usually sent to an Ethernet address group. That address, is mapped to a community-of-interest of N IP addresses corresponding to each VLAN associated with the community-of-interest (the group) for the multicast.
125 Citations
20 Claims
-
1. A method of securing data of a multicast transmitted in a network, comprising:
-
receiving an initiation message to join a multicast, the multicast having a specific Ethernet address;
generating a set of N different IP addresses, mapping the set of N different IP addresses to the specific Ethernet address;
assigning each of the N different IP addresses to separate tunnels; and
,splitting the data of the multicast into smaller segments of the multicast; and
assigning each of the smaller segments of the multicast to a specific one of the tunnels for transmission in the network. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of securing data in a private network, the method comprising:
-
receiving a request from a first endpoint in the private network to join a multicast transmitted from an external host to the private network, the request encrypted with a session key, which is further encrypted by a particular community-of-interest key;
decrypting the session key according to the particular community-of-interest key; and
contacting the external, host on behalf, of the first endpoint to join the multicast. - View Dependent Claims (8, 9)
-
-
10. The method further comprising:
-
receiving a multicast transmission from the external host at a second endpoint device in the private network, using a community-of-interest key to encrypt a cryptographic data set including splitting the cryptographic data set into portions in accordance with the community-of-interest key;
transmitting, to the first endpoint, the portions of the cryptographic data set separately using the community-of-interest key;
using the cryptographic data set to encrypt the multicast, including splitting the multicast into portions of the multicast in accordance with the cryptographic data set; and
transmitting, to the endpoint, the portions, of the multicast separately using the cryptographic data set.
-
-
11. A gateway device for securing data in a private network, the gateway device comprising:
-
means for receiving query to join a multicast address;
the query including configuration data that is in an encrypted format, the configuration data for use to establish a communication session between a first computing device and the gateway device;
means for using a first key to attempt to decrypt the configuration data;
means for providing a communication session between the first computing device and the gateway device for the transmission of a data set from the first computing device to the gateway device, when the attempt to decrypt the configuration data using the first key is successful.
-
-
12. A system for securing multicast data in a private network when the system receives the multicast data from an external host which is destined for a computing device within the private network, the system comprising:
-
means for using a community-of-interest key to encrypt a cryptographic data set including splitting the cryptographic data set into portions in accordance with the community-of-interest key;
means for transmitting, to the computing device, the portions of the cryptographic data set separately using the community-of-interest key;
means for using the cryptographic data set to encrypt the multicast data, including splitting the multicast data into portions of the multicast data in accordance with the cryptographic data set; and
means for transmitting, to the computing device, the portions of the multicast data separately using the cryptographic data set.
-
-
13. In a receiving device, a method for joining a multicast group, the multicast group associated with a particular community-of-interest, comprising:
-
encrypting a first cryptographic data set including splitting the first cryptographic data set into portions in accordance with a community-of-interest key, the community-of-interest key associated with the particular community-of-interest;
transmitting a request message to join a multicasts group address including splitting the request message into portions of the request message in accordance with the first cryptographic data set;
receiving an encrypted synchronization message that contains a second cryptographic data set; and
using the community of interest key associated with the particular community-of-interest to decrypt the synchronization message, and obtain the second cryptographic data set; and
using the second cryptographic data set to obtain and decrypt a data flow associated with the multicast group address. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification