Apparatus and method for authenticating messages in a multicast

US 6,643,773 B1
Filed: 04/13/1999
Issued: 11/04/2003
Est. Priority Date: 04/13/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method utilized by a receiving node in a computer network for authenticating a message received from a transmitting node in the computer network, the receiving node being one of a plurality of nodes in a multicast, the method comprising:

locating a first tag received with the message, the first tag including data associated with at least one of the receiving node and the transmitting node, the first tag generated by the transmitting node utilizing an encryption key known to the transmitting node;

utilizing the first tag to determine if the transmitting node is in the multicast by calculating a generated first tag utilizing the encryption key and comparing the generated first tag with the first tag to determine if the transmitting node is in the multicast;

generating a second tag if the transmitting node is determined to be in the multicast; and

transmitting the message and generated second tag to a third node in the multicast, the second tag including data indicating that the receiving node is in the multicast.

View all claims

17 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method, utilized by a receiving node in a multicast for authenticating a message received from a transmitting node, uses tags to determine if the transmitting node is in the multicast. More particularly, a first tag received with the message is located and utilized to determine if the transmitting node is in the multicast. The first tag includes data associated with at least one of the receiving node and the transmitting node. A second tag then is generated if the transmitting node is determined to be in themulticast. Once generated, the second tag is transmitted with the message to a third node in the multicast. Among other things, the second tag includes data indicating that the receiving node is in the multicast.

46 Citations

View as Search Results

64 Claims

1. A method utilized by a receiving node in a computer network for authenticating a message received from a transmitting node in the computer network, the receiving node being one of a plurality of nodes in a multicast, the method comprising:
- locating a first tag received with the message, the first tag including data associated with at least one of the receiving node and the transmitting node, the first tag generated by the transmitting node utilizing an encryption key known to the transmitting node;
  
  utilizing the first tag to determine if the transmitting node is in the multicast by calculating a generated first tag utilizing the encryption key and comparing the generated first tag with the first tag to determine if the transmitting node is in the multicast;
  
  generating a second tag if the transmitting node is determined to be in the multicast; and
  
  transmitting the message and generated second tag to a third node in the multicast, the second tag including data indicating that the receiving node is in the multicast.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as defined by claim 1 wherein the encryption key is associated with the receiving node.
  - 3. The method as defined by claim 1 wherein the encryption key is associated with the transmitting node.
  - 4. The method as defined by claim 1 wherein the receiving node has an associated encryption key, the second tag being generated based upon the encryption key.
  - 5. The method as defined by claim 1 wherein the third node has an associated encryption key, the second tag being generated based upon the encryption key.
  - 6. The method as defined by claim 1 wherein the message includes a plurality of tags, each tag being associated with one of a plurality of nodes in the multicast, the plurality of tags being appended to the message.

7. A receiving node in a computer network for authenticating a message received from a transmitting node in the computer network, the receiving node being one of a plurality of nodes in a multicast, the receiving node comprising:
- a tag locator that locates a first tag received with the message, the first tag including data associated with at least one of the receiving node and the transmitting node, the first tag generated by the transmitting node utilizing an encryption key known to the transmitting node;
  
  an authenticator that utilizes the first tag to determine if the transmitting node is in the multicast, the authenticator comprising, a tag regenerator that utilizes the encryption key to produce a generated first tag, and a comparator that compares the generated first tag with the first tag to determine if the transmitting node is in the multicast;
  
  a tag generator that generates a second tag if the transmitting node is determined to be in the multicast; and
  
  an output that transmits the message and generated second tag to a third node in the multicast, the second tag including data indicating that the receiving node is in the multicast.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The receiving node as defined by claim 7 wherein the encryption key is associated with the receiving node.
  - 9. The receiving node as defined by claim 7 wherein the encryption key is associated with the transmitting node.
  - 10. The receiving node as defined by claim 7 having an associated encryption key, the second tag being generated based upon the encryption key.
  - 11. The receiving node as defined by claim 7 wherein the third node has an associated encryption key, the second tag being generated based upon the encryption key.
  - 12. The receiving node as defined by claim 7 wherein the message includes a plurality of tags, each tag being associated with one of a plurality of nodes in the multicast, the plurality of tags being appended to the message.

13. A computer program product for use with a receiving node in a computer network for authenticating a message received from a transmitting node in the computer network, the receiving node being one of a plurality of nodes in a multicast, the computer program product comprising a computer usable medium having computer readable program code thereon, the computer readable program code including:
- program code for locating a first tag received with the message, the first tag including data associated with at least one of the receiving node and the transmitting node, the first tag generated by the transmitting node utilizing an encryption key known to the transmitting node;
  
  program code for utilizing the first tag to determine if the transmitting node is in the multicast by calculating a generated first tag utilizing the encryption key and comparing the generated first tag with the first tag to determine if the transmitting node is in the multicast;
  
  program code for generating a second tag if the transmitting node is determined to be in the multicast; and
  
  program code for transmitting the message and generated second tag to a third node in the multicast, the second tag including data indicating that the receiving node is in the multicast.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer program product as defined by claim 13 wherein the encryption key is associated with the receiving node.
  - 15. The computer program product as defined by claim 13 wherein the encryption key is associated with the transmitting node.
  - 16. The computer program product as defined by claim 13 wherein the receiving node has an associated encryption key, the second tag being generated based upon the encryption key.
  - 17. The computer program product as defined by claim 13 wherein the third node has an associated encryption key, the second tag being generated based upon the encryption key.
  - 18. The computer program product as defined by claim 13 wherein the message includes a plurality of tags, each tag being associated with one of a plurality of nodes in the multicast, the plurality of tags being appended to the message.

19. A method utilized by a receiving node in a computer network for authenticating a message received from a transmitting node in the computer network, the receiving node being one of a plurality of nodes in a multicast, the method comprising:
- locating a first tag received with the message, the first tag including information indicating if the transmitting node is in the multicast, the first tag generated by the transmitting node utilizing an encryption key known to the transmitting node;
  
  utilizing the first tag to determine if the transmitting node is in the multicast by calculating an ascertained first tag utilizing the encryption key and comparing the ascertained first tag with the first tag to determine if the transmitting node is in the multicast;
  
  generating a second tag if the transmitting node is determined to be in the multicast; and
  
  transmitting the message and generated second tag to a third node in the multicast, the second tag including information indicating that the receiving node is in the multicast.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 20. The method as defined by claim 19 wherein the first tag is appended to the message.
  - 21. The method as defined by claim 19 wherein the message includes a plurality of tags, each tag associated with one of a plurality of nodes in the multicast, the plurality of tags being appended to the message.
  - 22. The method of as defined by claim 19 wherein the first tag is incorporated into the message.
  - 23. The method as defined by claim 19 wherein the receiving node is a network router.
  - 24. The method as defined by claim 19 wherein the encryption key is associated with the receiving node, the second tag being generated based upon the encryption key.
  - 25. The method as defined by claim 19 wherein the third node has an associated encryption key, the second tag being generated based upon the encryption key.
  - 26. The method as defined by claim 19 wherein the encryption key is associated with the transmitting node.
  - 27. The method as defined by claim 19 wherein the encryption key is associated with the receiving node.
  - 28. The method as defined by claim 19 wherein the transmitting node is determined to be in the multicast if the ascertained first tag is substantially identical to the first tag.
  - 29. The method as defined by claim 19 wherein the message is generated by an origin node having an origin tag, the receiving node receiving the origin tag, the first tag and second tag being calculated based upon the origin tag.

30. A receiving node, in a computer network, that authenticates a message received from a transmitting node in the computer network, the receiving node being one of a plurality of nodes in a multicast, the receiving node comprising:
- an input that receives a first tag having information indicating whether the transmitting node is in the multicast, the first tag being received with the message, the first tag generated by the transmitting node utilizing an encryption key known to the transmitting node;
  
  a multicast identifier that utilizes the first tag to determine if the transmitting node is in the multicast, the multicast identifier comprising, means for ascertaining an ascertained first tag utilizing the encryption key, and a comparator that compares the ascertained first tag to the first tag; and
  
  a second tag generator that generates second tag if the transmitting node is determined to be in the multicast; and
  
  an output that transmits the message and generated second tag to a third node in the multicast, the second tag including information indicating that the receiving node is in the multicast.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 31. The receiving node is defined by claim 30 wherein the first tag is appended to the message.
  - 32. The receiving node as defined by claim 30 wherein the message includes a plurality of tags, each tag being associated with one of a plurality of nodes in the multicast, the plurality of tags being appended to the message.
  - 33. The receiving node as defined by claim 30 wherein the first tag is incorporated into the message.
  - 34. The receiving node as defined by claim 30 wherein the receiving node is a network router.
  - 35. The receiving node as defined by claim 30 wherein the encryption key is associated with the receiving node, the second tag being generated based upon the encryption key.
  - 36. The receiving node as defined by claim 30 wherein the third node has an associated encryption key, the second tag being generated based upon the encryption key.
  - 37. The receiving node as defined by claim 30 wherein the encryption key is associated with the transmitting node.
  - 38. The receiving node as defined by claim 30 wherein the encryption key is associated with the receiving node.
  - 39. The receiving node as defined by claim 30 wherein the transmitting node is determined to be in the multicast if the ascertained first tag is substantially identical to the first tag.
  - 40. The receiving node as defined by claim 30 wherein the message is generated by an origin node having an origin tag, the receiving node receiving the origin tag, the first tag and second tag being calculated based upon the origin tag.

41. A computer program product for use with a receiving node in a computer network for authenticating a message received from a transmitting node in the computer network, the receiving node being one of a plurality of nodes in a multicast, the computer program product comprising a computer usable medium having computer readable program code thereon, the computer readable program code including:
- program code for locating a first tag, the first tag including information indicating if the transmitting node is in the multicast, the first tag being received with the message, the first tag generated by the transmitting node utilizing an encryption key known to the transmitting node;
  
  program code for utilizing the first tag to determine if the transmitting node is in the multicast by calculating an ascertained first tag utilizing the encryption key and comparing the ascertained first tag with the first tag to determine if the transmitting node is in the multicast;
  
  program code for generating a second tag if the transmitting node is determined to be in the multicast; and
  
  program code for transmitting the message and generated second tag to a third node in the multicast, the second tag including information indicating that the receiving node is in the multicast.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
- - 42. The computer program product as defined by claim 41 wherein the first tag is appended to the message.
  - 43. The computer program product as defined by claim 41 wherein the message includes a plurality of tags associated with a plurality of nodes in the multicast, the plurality of tags being appended to the message.
  - 44. The computer program product as defined by claim 41 wherein the first tag is incorporated into the message.
  - 45. The computer program product as defined by claim 41 wherein the receiving node is a network router.
  - 46. The computer program product as defined by claim 41 wherein the encryption key is associated with the receiving node, the second tag being generated based upon the encryption key.
  - 47. The computer program product as defined by claim 41 wherein the third node has an associated encryption key, the second tag being generated based upon the encryption key.
  - 48. The computer program product as defined by claim 41 wherein the encryption key is associated with the transmitting node.
  - 49. The computer program product as defined by claim 41 wherein the encryption key is associated with the receiving node.
  - 50. The computer program product as defined by claim 41 wherein the transmitting node is determined to be in the multicast if the ascertained first tag is substantially identical to the located first tag.
  - 51. The computer program product as defined by claim 41 wherein the message is generated by an origin node having an origin tag, the receiving node receiving the origin tag, the first tag and second tag being calculated based upon the origin tag.

52. A network device for participating in a multicast across a computer network, the network device comprising:
- an input that receives messages and their associated tags from other network devices, each associated tag generated utilizing a respective encryption key known to a respective one of the other network devices;
  
  a tag generator that generates tags;
  
  an authenticator that reads tags associated with each message received from the other network devices, the authenticator determining if each received message is received from a network device in the multicast based upon the tag associated with each received message, each received message deemed to be authenticated if determined to be received from a network device in the multicast by calculating a generated first tag utilizing the respective encryption key and comparing the generated first tag with the received associated tag to determine if the respective one of the other network devices is in the multicast; and
  
  an output that transmits an authenticated message and a tag to a given network device, the tag being generated by the tag generator to include information indicating that the network device is in the multicast.
- View Dependent Claims (53, 54, 55)
- - 53. The network device as defined by claim 52 wherein received messages without tags are deemed to be not authenticated.
  - 54. The network device as defined by claim 52 wherein the given network device has an associated encryption key, the transmitted tag being generated by the tag generator based upon the associated encryption key.
  - 55. The network device as defined by claim 52 wherein the network device includes a network device encryption key, the tag generator utilizing the network device encryption key to generate the transmitted tag.

56. In a multicast, a method of authenticating a message transmitted from a first node to a second node in a computer network, the method comprising:
- controlling the first node to generate a first tag having data indicating if the first node is in the multicast, the first tag generated by the first node utilizing an encryption key known to the first node;
  
  transmitting the message and the first tag to the second node;
  
  utilizing the first tag to determine if the first node is in the multicast by calculating a generated first tag utilizing the encryption key and comparing the generated first tag with the first tag to determine if the first node is in the multicast;
  
  generating a second tag if the first node is determined to be in the multicast; and
  
  transmitting the message and the second tag to a third node in the multicast, the second tag including data indicating that the second node is in the multicast.
- View Dependent Claims (57, 58, 59, 60, 61)
- - 57. The method as defined by claim 56 wherein the first tag is appended to the message.
  - 58. The method as defined by claim 56 wherein the encryption key is associated with the first node.
  - 59. The method as defined by claim 56 wherein the encryption key is associated with the second node.
  - 60. The method as defined by claim 56 wherein the second node has an associated second encryption key, the second tag being generated based upon the second encryption key.
  - 61. The method as defined by claim 56 wherein the third node has an associated third encryption key, the second tag being generated based upon the third encryption key.

62. In a multicast having a plurality of network devices, a method of filtering a message comprising:
- receiving the message and an identification tag from a first network device, the tag having identification data identifying the multicast, the identification tag generated by the first network device utilizing an encryption key known to the first network device;
  
  determining if the first network device is in the multicast based upon the identification tag by calculating a generated identification tag utilizing the encryption key and comparing the generated identification tag with the identification tag to determine if the first network device is in the multicast; and
  
  forwarding the message to a second network device in the multicast if the first network device is determined to be in the multicast.
- View Dependent Claims (63, 64)
- - 63. The method as defined by claim 62 further comprising:
64. The method as defined in claim 62 wherein the encryption key is associated with the first network device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Hardjono, Thomas
Primary Examiner(s)
Barron, Gilberto
Assistant Examiner(s)
Zand, Kambiz

Application Number

US09/290,557
Time in Patent Office

1,666 Days
Field of Search

713/153, 713/163, 713/200
US Class Current

713/153
CPC Class Codes

H04L 12/18   for broadcast or conference...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/12   Applying verification of th...

Apparatus and method for authenticating messages in a multicast

First Claim

17 Assignments

0 Petitions

Accused Products

Abstract

46 Citations

64 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for authenticating messages in a multicast

First Claim

17 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

64 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links