Securing multicast data

US 20080072035A1
Filed: 11/01/2007
Published: 03/20/2008
Est. Priority Date: 01/31/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method of securing data of a multicast transmitted in a network, comprising:

receiving an initiation message to join a multicast, the multicast having a specific Ethernet address;

generating a set of N different IP addresses, mapping the set of N different IP addresses to the specific Ethernet address;

assigning each of the N different IP addresses to separate tunnels; and

, splitting the data of the multicast into smaller segments of the multicast; and

assigning each of the smaller segments of the multicast to a specific one of the tunnels for transmission in the network.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for securing multicast data are described. Data of a multicast, is protected through the use of at least double encryption keys, such as a community-of-interest key and session key. Data of a multicast is also split into portions of multicast in accordance with the session key, and transmitted over a choice of different pathways to one or more endpoints. The community-of-interest key is a prerequisite to joining or requesting deliver of a particular multicast. The community-of-interest key initializes, and exchanges a session key. All endpoints in a particular multicast community-of-interest group share the same session keys values. Endpoints that join a group (tune-in) must be notified of the session keys that are being used by the group at that particular time. A “Join” request is usually sent to an Ethernet address group. That address, is mapped to a community-of-interest of N IP addresses corresponding to each VLAN associated with the community-of-interest (the group) for the multicast.

125 Citations

20 Claims

1. A method of securing data of a multicast transmitted in a network, comprising:
- receiving an initiation message to join a multicast, the multicast having a specific Ethernet address;
  
  generating a set of N different IP addresses, mapping the set of N different IP addresses to the specific Ethernet address;
  
  assigning each of the N different IP addresses to separate tunnels; and
  
  , splitting the data of the multicast into smaller segments of the multicast; and
  
  assigning each of the smaller segments of the multicast to a specific one of the tunnels for transmission in the network.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising setting a timer, and responding to the initiation message after receiving the initiation message.
  - 3. The method of claim 1, wherein a gateway receives the initiation message.
  - 4. The method of claim 1, further comprising encrypting the initiation message using a session key.
  - 5. The method of claim 1, further comprising encrypting the initiation message using a session key, and encrypting the session key using a particular community-of-interest key.
  - 6. The method of claim 1, further comprising assigning each of the smaller segments of the multicast to a specific one of the tunnels for transmission in the network according to a specific sequence established by a session key.

7. A method of securing data in a private network, the method comprising:
- receiving a request from a first endpoint in the private network to join a multicast transmitted from an external host to the private network, the request encrypted with a session key, which is further encrypted by a particular community-of-interest key;
  
  decrypting the session key according to the particular community-of-interest key; and
  
  contacting the external, host on behalf, of the first endpoint to join the multicast.
- View Dependent Claims (8, 9)
- - 8. The method of claim 7, further comprising decrypting the request using the session key, and sending an Internet Group Management Protocol query corresponding to the request.
  - 9. The method of claim 7, further comprising receiving a multicast transmission from the external host at a second endpoint device in the private network, and encrypting each portion of the multicast transmission using a cryptographic data set, the cryptographic data set including encryption/decryption keys for establishing a communication session between the first and second endpoint devices;
    - and encrypting cry set using a community-of-interest key, wherein the community-of-interest key is a shared key residing in the first and second endpoint devices, the community-of-interest key corresponding to a community-of-interest associated with at least one of;
      
      the first and second endpoint computing devices. decrypting the request using the session key, and sending an Internet Group Management Protocol query corresponding to the request.

10. The method further comprising:
- receiving a multicast transmission from the external host at a second endpoint device in the private network, using a community-of-interest key to encrypt a cryptographic data set including splitting the cryptographic data set into portions in accordance with the community-of-interest key;
  
  transmitting, to the first endpoint, the portions of the cryptographic data set separately using the community-of-interest key;
  
  using the cryptographic data set to encrypt the multicast, including splitting the multicast into portions of the multicast in accordance with the cryptographic data set; and
  
  transmitting, to the endpoint, the portions, of the multicast separately using the cryptographic data set.

11. A gateway device for securing data in a private network, the gateway device comprising:
- means for receiving query to join a multicast address;
  
  the query including configuration data that is in an encrypted format, the configuration data for use to establish a communication session between a first computing device and the gateway device;
  
  means for using a first key to attempt to decrypt the configuration data;
  
  means for providing a communication session between the first computing device and the gateway device for the transmission of a data set from the first computing device to the gateway device, when the attempt to decrypt the configuration data using the first key is successful.

12. A system for securing multicast data in a private network when the system receives the multicast data from an external host which is destined for a computing device within the private network, the system comprising:
- means for using a community-of-interest key to encrypt a cryptographic data set including splitting the cryptographic data set into portions in accordance with the community-of-interest key;
  
  means for transmitting, to the computing device, the portions of the cryptographic data set separately using the community-of-interest key;
  
  means for using the cryptographic data set to encrypt the multicast data, including splitting the multicast data into portions of the multicast data in accordance with the cryptographic data set; and
  
  means for transmitting, to the computing device, the portions of the multicast data separately using the cryptographic data set.

13. In a receiving device, a method for joining a multicast group, the multicast group associated with a particular community-of-interest, comprising:
- encrypting a first cryptographic data set including splitting the first cryptographic data set into portions in accordance with a community-of-interest key, the community-of-interest key associated with the particular community-of-interest;
  
  transmitting a request message to join a multicasts group address including splitting the request message into portions of the request message in accordance with the first cryptographic data set;
  
  receiving an encrypted synchronization message that contains a second cryptographic data set; and
  
  using the community of interest key associated with the particular community-of-interest to decrypt the synchronization message, and obtain the second cryptographic data set; and
  
  using the second cryptographic data set to obtain and decrypt a data flow associated with the multicast group address.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13, further comprising sending the encrypted synchronization message back to the receiving device after receiving transmission of the request message.
  - 15. The method of claim 13, further comprising receiving the request message, and after a predetermined period, sending the encrypted synchronization message back to the receiving device.
  - 16. The method of claim 13, wherein the receiving device must be a member of the particular community-of-interest to join the multicast group address.
  - 17. The method of claim 13, further comprising receiving the request message, and after a predetermined period, sending the encrypted synchronization message back to the receiving device, wherein the sending of the synchronization message is performed by a gateway device.
  - 18. The method of claim 13, receiving the request message, and contacting an external host on behalf of the receiving device.
  - 19. The method of claim 13, wherein the receiving device is a endpoint in a private network.
  - 20. The method of claim 18, wherein a gateway receives the request message and contacts the external host.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Anh Duong, Robert Johnson
Original Assignee
Anh Duong, Robert Johnson
Inventors
Duong, Anh, Johnson, Robert

Application Number

US11/982,112
Publication Number

US 20080072035A1
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0428   wherein the data content is...

H04L 63/105   Multiple levels of security

H04L 65/104   in the network

H04L 65/611   for multicast or broadcast ...

Securing multicast data

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

125 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Securing multicast data

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

125 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others