Apparatus and method for authenticating messages in a multicast
First Claim
1. A method utilized by a receiving node in a computer network for authenticating a message received from a transmitting node in the computer network, the receiving node being one of a plurality of nodes in a multicast, the method comprising:
- locating a first tag received with the message, the first tag including data associated with at least one of the receiving node and the transmitting node, the first tag generated by the transmitting node utilizing an encryption key known to the transmitting node;
utilizing the first tag to determine if the transmitting node is in the multicast by calculating a generated first tag utilizing the encryption key and comparing the generated first tag with the first tag to determine if the transmitting node is in the multicast;
generating a second tag if the transmitting node is determined to be in the multicast; and
transmitting the message and generated second tag to a third node in the multicast, the second tag including data indicating that the receiving node is in the multicast.
17 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method, utilized by a receiving node in a multicast for authenticating a message received from a transmitting node, uses tags to determine if the transmitting node is in the multicast. More particularly, a first tag received with the message is located and utilized to determine if the transmitting node is in the multicast. The first tag includes data associated with at least one of the receiving node and the transmitting node. A second tag then is generated if the transmitting node is determined to be in themulticast. Once generated, the second tag is transmitted with the message to a third node in the multicast. Among other things, the second tag includes data indicating that the receiving node is in the multicast.
46 Citations
64 Claims
-
1. A method utilized by a receiving node in a computer network for authenticating a message received from a transmitting node in the computer network, the receiving node being one of a plurality of nodes in a multicast, the method comprising:
-
locating a first tag received with the message, the first tag including data associated with at least one of the receiving node and the transmitting node, the first tag generated by the transmitting node utilizing an encryption key known to the transmitting node;
utilizing the first tag to determine if the transmitting node is in the multicast by calculating a generated first tag utilizing the encryption key and comparing the generated first tag with the first tag to determine if the transmitting node is in the multicast;
generating a second tag if the transmitting node is determined to be in the multicast; and
transmitting the message and generated second tag to a third node in the multicast, the second tag including data indicating that the receiving node is in the multicast. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A receiving node in a computer network for authenticating a message received from a transmitting node in the computer network, the receiving node being one of a plurality of nodes in a multicast, the receiving node comprising:
-
a tag locator that locates a first tag received with the message, the first tag including data associated with at least one of the receiving node and the transmitting node, the first tag generated by the transmitting node utilizing an encryption key known to the transmitting node;
an authenticator that utilizes the first tag to determine if the transmitting node is in the multicast, the authenticator comprising, a tag regenerator that utilizes the encryption key to produce a generated first tag, and a comparator that compares the generated first tag with the first tag to determine if the transmitting node is in the multicast;
a tag generator that generates a second tag if the transmitting node is determined to be in the multicast; and
an output that transmits the message and generated second tag to a third node in the multicast, the second tag including data indicating that the receiving node is in the multicast. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program product for use with a receiving node in a computer network for authenticating a message received from a transmitting node in the computer network, the receiving node being one of a plurality of nodes in a multicast, the computer program product comprising a computer usable medium having computer readable program code thereon, the computer readable program code including:
-
program code for locating a first tag received with the message, the first tag including data associated with at least one of the receiving node and the transmitting node, the first tag generated by the transmitting node utilizing an encryption key known to the transmitting node;
program code for utilizing the first tag to determine if the transmitting node is in the multicast by calculating a generated first tag utilizing the encryption key and comparing the generated first tag with the first tag to determine if the transmitting node is in the multicast;
program code for generating a second tag if the transmitting node is determined to be in the multicast; and
program code for transmitting the message and generated second tag to a third node in the multicast, the second tag including data indicating that the receiving node is in the multicast. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A method utilized by a receiving node in a computer network for authenticating a message received from a transmitting node in the computer network, the receiving node being one of a plurality of nodes in a multicast, the method comprising:
-
locating a first tag received with the message, the first tag including information indicating if the transmitting node is in the multicast, the first tag generated by the transmitting node utilizing an encryption key known to the transmitting node;
utilizing the first tag to determine if the transmitting node is in the multicast by calculating an ascertained first tag utilizing the encryption key and comparing the ascertained first tag with the first tag to determine if the transmitting node is in the multicast;
generating a second tag if the transmitting node is determined to be in the multicast; and
transmitting the message and generated second tag to a third node in the multicast, the second tag including information indicating that the receiving node is in the multicast. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A receiving node, in a computer network, that authenticates a message received from a transmitting node in the computer network, the receiving node being one of a plurality of nodes in a multicast, the receiving node comprising:
-
an input that receives a first tag having information indicating whether the transmitting node is in the multicast, the first tag being received with the message, the first tag generated by the transmitting node utilizing an encryption key known to the transmitting node;
a multicast identifier that utilizes the first tag to determine if the transmitting node is in the multicast, the multicast identifier comprising, means for ascertaining an ascertained first tag utilizing the encryption key, and a comparator that compares the ascertained first tag to the first tag; and
a second tag generator that generates second tag if the transmitting node is determined to be in the multicast; and
an output that transmits the message and generated second tag to a third node in the multicast, the second tag including information indicating that the receiving node is in the multicast. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A computer program product for use with a receiving node in a computer network for authenticating a message received from a transmitting node in the computer network, the receiving node being one of a plurality of nodes in a multicast, the computer program product comprising a computer usable medium having computer readable program code thereon, the computer readable program code including:
-
program code for locating a first tag, the first tag including information indicating if the transmitting node is in the multicast, the first tag being received with the message, the first tag generated by the transmitting node utilizing an encryption key known to the transmitting node;
program code for utilizing the first tag to determine if the transmitting node is in the multicast by calculating an ascertained first tag utilizing the encryption key and comparing the ascertained first tag with the first tag to determine if the transmitting node is in the multicast;
program code for generating a second tag if the transmitting node is determined to be in the multicast; and
program code for transmitting the message and generated second tag to a third node in the multicast, the second tag including information indicating that the receiving node is in the multicast. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
-
-
52. A network device for participating in a multicast across a computer network, the network device comprising:
-
an input that receives messages and their associated tags from other network devices, each associated tag generated utilizing a respective encryption key known to a respective one of the other network devices;
a tag generator that generates tags;
an authenticator that reads tags associated with each message received from the other network devices, the authenticator determining if each received message is received from a network device in the multicast based upon the tag associated with each received message, each received message deemed to be authenticated if determined to be received from a network device in the multicast by calculating a generated first tag utilizing the respective encryption key and comparing the generated first tag with the received associated tag to determine if the respective one of the other network devices is in the multicast; and
an output that transmits an authenticated message and a tag to a given network device, the tag being generated by the tag generator to include information indicating that the network device is in the multicast. - View Dependent Claims (53, 54, 55)
-
-
56. In a multicast, a method of authenticating a message transmitted from a first node to a second node in a computer network, the method comprising:
-
controlling the first node to generate a first tag having data indicating if the first node is in the multicast, the first tag generated by the first node utilizing an encryption key known to the first node;
transmitting the message and the first tag to the second node;
utilizing the first tag to determine if the first node is in the multicast by calculating a generated first tag utilizing the encryption key and comparing the generated first tag with the first tag to determine if the first node is in the multicast;
generating a second tag if the first node is determined to be in the multicast; and
transmitting the message and the second tag to a third node in the multicast, the second tag including data indicating that the second node is in the multicast. - View Dependent Claims (57, 58, 59, 60, 61)
-
-
62. In a multicast having a plurality of network devices, a method of filtering a message comprising:
-
receiving the message and an identification tag from a first network device, the tag having identification data identifying the multicast, the identification tag generated by the first network device utilizing an encryption key known to the first network device;
determining if the first network device is in the multicast based upon the identification tag by calculating a generated identification tag utilizing the encryption key and comparing the generated identification tag with the identification tag to determine if the first network device is in the multicast; and
forwarding the message to a second network device in the multicast if the first network device is determined to be in the multicast. - View Dependent Claims (63, 64)
forwarding a second tag with the message to the second network device if the first network device is determined to be in the multicast, the second tag including data indicating that the message has been forwarded from at least one network device in the multicast.
-
-
64. The method as defined in claim 62 wherein the encryption key is associated with the first network device.
Specification