Dual encryption protocol for scalable secure group communication
First Claim
1. A method for adding a host to a multicast group comprising the steps of:
- identifying a key group and a subgroup for said host to join, said key group defined by a child node of a sender of multicast data and all descendant nodes of said child node of said sender, said subgroup defined by a subgroup manager and all child nodes of said subgroup manager;
said sender issuing a first encryption key to said host, said first encryption key corresponding to said key group; and
said subgroup manager issuing a second encryption key to said host, said second encryption key corresponding to said subgroup, both said first encryption key and said second encryption key required to access a data encryption key, said data encryption key providing access to said multicast data.
2 Assignments
0 Petitions
Accused Products
Abstract
A logical tree structure and method for managing membership in a multicast group provides scalability and security from internal attacks. The structure defines key groups and subgroups, with each subgroup having a subgroup manager. Dual encryption allows the sender of the multicast data to manage distribution of a first set of encryption keys whereas the individual subgroup managers manage the distribution of a second set of encryption keys. The two key sets allow the sender to delegate much of the group management responsibilities without compromising security because a key from each set is required to access the multicast data. Security is further maintained via a method in which subgroup managers can be either member subgroup managers or participant subgroup managers. Access to both keys is provided to member subgroup managers whereas access to only one key is provided to participant subgroup managers. Nodes can be added without the need to generate a new encryption key at the top level which provides improved scalability.
-
Citations
16 Claims
-
1. A method for adding a host to a multicast group comprising the steps of:
-
identifying a key group and a subgroup for said host to join, said key group defined by a child node of a sender of multicast data and all descendant nodes of said child node of said sender, said subgroup defined by a subgroup manager and all child nodes of said subgroup manager;
said sender issuing a first encryption key to said host, said first encryption key corresponding to said key group; and
said subgroup manager issuing a second encryption key to said host, said second encryption key corresponding to said subgroup, both said first encryption key and said second encryption key required to access a data encryption key, said data encryption key providing access to said multicast data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15)
transmitting a capability certificate from said host to said subgroup manager;
said subgroup manager verifying said capability certificate; and
said subgroup manager transmitting a key group identifier and a subgroup manager identifier to said host when said capability certificate is valid.
-
-
5. The method of claim 1 further comprising the steps of:
-
transmitting a capability packet from said host to said sender;
said sender verifying said capability packet;
said sender transmitting said first encryption key and an authorization certificate to said host when said capability packet is valid, said first encryption key and said authorization certificate encrypted with a public encryption key for said host; and
said sender updating a member database, said member database representing nodes of said multicast group entitled to said multicast data.
-
-
6. The method of claim 5 wherein said capability packet comprises authentification information, a subgroup manager identifier and a key group identifier.
-
7. The method of claim 5 further comprising the step of verifying that said host has not previously requested to join said multicast group.
-
8. The method of claim 1 further comprising the steps of:
-
transmitting an authorization certificate from said host to said subgroup manager, said authorization certificate encrypted with said host'"'"'s private encryption key;
said subgroup manager verifying said private encryption key;
said subgroup manager changing said second encryption key;
said subgroup manager issuing said changed second encryption key to said host; and
said subgroup manager issuing said changed second encryption key to remaining child nodes of said subgroup manager.
-
-
9. The method of claim 1 further comprising the step of recruiting a participant subgroup manager, said participant subgroup manager representing a node which is not entitled to said multicast data.
-
10. The method of claim 9 wherein said participant subgroup manager has access to only one of said first and second keys and therefore cannot decrypt said multicast data.
-
11. The method of claim 9 further comprising the steps of:
-
determining whether said participant subgroup manager is in a member database;
said sender changing said first encryption key corresponding to said key group when said participant subgroup manager is in said member database;
said sender issuing said first encryption key to members of said key group, said members defined by child nodes holding said first encryption key before it was changed.
-
-
14. The method of claim 1 further comprising a method for deleting a predetermined host from said multicast group comprising the steps of:
said subgroup manager changing said second encryption key to a third encryption key and sending said third encryption key to all members of said subgroup excluding said predetermined host.
-
15. The method of claim 14 wherein said first encryption key remains unchanged.
-
12. A multicast group comprising:
-
a logical tree structure, said structure having a sender node and said sender node having one or more child nodes;
a key group, said key group defined by a child node of said sender node and all descendant nodes of said child node, said sender node issuing a first encryption key to member nodes of said key group after verifying that said member nodes have not previously requested to join the multicast group, said member nodes defined by nodes of said key group; and
a subgroup, said subgroup defined by a subgroup manager and child nodes of said subgroup manager, said subgroup manager issuing a second encryption key to said subgroup, both said first encryption key and said second encryption key required to access a data encryption key, said data encryption key providing access to multicast data. - View Dependent Claims (13)
-
-
16. A system for implementing scalable secure multicasting comprising:
-
a hierarchical structure of nodes logically organized as one or more subgroups each subgroup having an associated subgroup manager and at least one child node that functions as the recipient of multicast information;
said subgroup manager issuing a subgroup key for use by its associated subgroup;
said hierarchical structure of nodes further having a root node that functions as the sender of multicast information, the root node and its hierarchically adjacent children logically defining a plurality of key groups;
said sender separately issuing a key group key to each of said key groups;
said sender supplying multicasting information to said host using a dual encryption protocol such that both subgroup key and key group key are required at said host to decrypt the multicast information, one or more of said subgroup managers being a participant subgroup manager, wherein said participant subgroup managers are not entitled to the multicast information; and
said sender determining whether said participant subgroup managers are in a member database.
-
Specification