SYSTEMS AND METHODS FOR PROVIDING SECURE MULTICAST INTRA-CLUSTER COMMUNICATION
First Claim
1. A method for providing secure multicast communication capabilities to a plurality of nodes of a cluster, the method comprising:
- performing a mutual authentication session between a node joining the cluster and any single node validly part of the cluster; and
if the mutual authentication is successful, communicating a cluster secret to the node joining the cluster using a secure communication channel unique to the mutual authentication session, wherein the cluster secret renders the node joining the cluster a cluster node and enables the cluster node to securely communicate with every other node which is validly part of the cluster.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods which facilitate secure multicast communications between any valid node of a cluster using authentication between a node joining the cluster and any single node which is validly part of the cluster are disclosed. In accordance with embodiments, a cluster key is utilized to provide security with respect to intra-cluster communications. The cluster key of embodiments is shared by a node which is already part of the cluster with a node joining the cluster only after these two nodes mutually authenticate one another. The mutual authentication handshake of embodiments implements a protocol in which a session key is calculated by both nodes, thereby providing a secure means by which a cluster key may be shared. Having the cluster key, each node of the cluster is enabled to securely communicate with any other node of the cluster, whether individually (e.g., unicast) or collectively (e.g., multicast), according to embodiments.
-
Citations
23 Claims
-
1. A method for providing secure multicast communication capabilities to a plurality of nodes of a cluster, the method comprising:
-
performing a mutual authentication session between a node joining the cluster and any single node validly part of the cluster; and if the mutual authentication is successful, communicating a cluster secret to the node joining the cluster using a secure communication channel unique to the mutual authentication session, wherein the cluster secret renders the node joining the cluster a cluster node and enables the cluster node to securely communicate with every other node which is validly part of the cluster. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method comprising:
-
performing a mutual authentication handshake between a first node of a cluster and a second node of the cluster; communicating a cluster key between the first node and the second node using a secure communication channel established by the mutual authentication handshake between the first node and the second node; performing a mutual authentication handshake between a third node of the cluster and one of the first node and second node; communicating the cluster key between the third node and the one of the first node and second node using a secure communication channel established by the mutual authentication handshake between the third node and the one of the first node and the second node; and performing secure cluster communications between the first node, the second node, and the third node using the cluster key. - View Dependent Claims (15, 16, 17)
-
-
18. A system comprising:
a first processor-based network-connected device adapted to operate as a node of a cluster of nodes in accordance with code controlling the operation of the first processor-based network-connected device, wherein the code of the first processor-based network-connected device provides for operation of the first processor-based network-connected device as both a secure source of a secret of the cluster and a secure recipient of the secret of the cluster with respect to one or more other processor-based network-connected devices operating as nodes of the cluster, and wherein the secret of the cluster is adapted to allow secure communication between all nodes of the cluster. - View Dependent Claims (19, 20, 21, 22, 23)
Specification