Method and apparatus for distributing and updating group controllers over a wide area network using a tree structure
First Claim
1. A method for communicating a session key from a first node of a secure multicast group to a plurality of other nodes of the multicast group, wherein each of the nodes is represented by a leaf node of a binary tree stored in a domain of a directory service that is distributed across a wide area network, wherein each of the nodes is capable of establishing multicast communication and serving as a key distribution center, the method comprising the steps of:
- creating and storing a group session key associated with the multicast group and a private key associated with each node in a group;
receiving information indicating that the first node is joining the multicast group;
updating all affected keys of a subset of nodes in a branch of the binary tree that contains the joining node;
receiving a new group session key for the multicast group, for use after addition of the first node, and a new private key for the first node, from a local group manager node;
communicating a message to the subset of nodes that causes the subset of nodes to update their private keys.
1 Assignment
0 Petitions
Accused Products
Abstract
An approach for establishing secure multicast communication among multiple multicast proxy service nodes of domains of a replicated directory service that spans a wide area network. The domains are organized in a logical tree and each domain stores a logical tree that organizes the multicast proxy service nodes. Each domain also comprises a group manager at the root node of the binary tree, a multicast key distribution center, multicast service agent, and directory service agent and key distribution center (Unicast). Multicast proxy service nodes each store a group session key and a private key. Replication of the directory accomplishes distribution of keys. A Multicast group member joins or leaves the group by publishing a message. The local key distribution center and multicast service agent obtain the identity of the publisher from a local directory service agent. Based on the ID value, a secure channel is established with the DSA of the group member'"'"'s domain. All keys of the binary tree branch that contains the joining or leaving node are updated, an updated group session key and a new private key are received.
235 Citations
21 Claims
-
1. A method for communicating a session key from a first node of a secure multicast group to a plurality of other nodes of the multicast group, wherein each of the nodes is represented by a leaf node of a binary tree stored in a domain of a directory service that is distributed across a wide area network, wherein each of the nodes is capable of establishing multicast communication and serving as a key distribution center, the method comprising the steps of:
-
creating and storing a group session key associated with the multicast group and a private key associated with each node in a group;
receiving information indicating that the first node is joining the multicast group;
updating all affected keys of a subset of nodes in a branch of the binary tree that contains the joining node;
receiving a new group session key for the multicast group, for use after addition of the first node, and a new private key for the first node, from a local group manager node;
communicating a message to the subset of nodes that causes the subset of nodes to update their private keys. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 13)
associating a plurality of intermediate nodes of the binary tree with a plurality of multicast service agents;
establishing a secure back channel group among the multicast service agents;
updating the group session key to all the multicast service agents by securely communicating the group session key using the secure back channel.
-
-
3. A method as recited in claim 1, further comprising the steps of:
-
associating a plurality of intermediate nodes of the binary tree with a plurality of multicast service agents, wherein the multicast service agents are distributed across a wide area network;
establishing a secure back channel group among the multicast service agents;
updating the group session key to all the multicast service agents across the wide area network by securely communicating the group session key using the secure back channel.
-
-
4. A method as recited in claim 1, further comprising the steps of:
-
associating a plurality of intermediate nodes of the binary tree with a plurality of multicast service agents;
establishing a secure back channel group among the multicast service agents;
updating the group session key to all the multicast service agents by securely communicating the group session key using the secure back channel;
at each intermediate node, updating the group session key of only those leaf nodes that are child nodes of the intermediate node.
-
-
5. A method as recited in claim 1, further comprising the steps of:
-
receiving a request for the group session key from a publisher node that is located in a different domain from the group manager node;
determining an identifier of the publisher node using a local directory service agent;
establishing a secure communication channel among the group manager node and a directory service agent in the different domain.
-
-
6. A method as recited in claim 1, wherein authenticating the plurality of multicast proxy service nodes includes authenticating the plurality of multicast proxy service nodes based on a directory that comprises a directory system agent (DSA) that communicates with one or more of the multicast proxy service nodes and a replication service agent (RSA) that replicates attribute information of the one or more multicast proxy service nodes.
-
7. A method as recited in claim 1, further comprising distributing a group session key to all nodes by creating and storing the group session key using a first multicast proxy service node of one domain of the directory;
- replicating the directory; and
obtaining the group session key from a local multicast proxy service node that is a replica of the first multicast proxy service node.
- replicating the directory; and
-
8. The method as recited in claim 1, further comprising selectively updating the group session key and the private keys by:
-
detecting whether a network node is leaving the secure multicast or broadcast group;
determining nodes that are affected in response to the detecting step;
updating the private keys of the affected intermediate nodes;
generating a new group session key;
modifying the attribute information based upon the updated private keys and the new group session key; and
requesting to distribute the modified attribute information using directory replication.
-
-
9. A method as recited in claim 1, further comprising selectively updating a group session key and the private keys, wherein the step of selectively updating comprises:
-
receiving a request message from a new network node to join the secure multicast group;
determining which of the intermediate nodes are affected in response to the receiving step;
updating the private keys of the affected intermediate nodes;
generating a new group session key and a private key of the new node;
modifying the attribute information based upon the updated private keys, the new group session key, and the private key of the new node; and
distributing the modified attribute information to all the affected nodes.
-
-
13. A method as recited in claim 1, further comprising the steps of:
-
associating a plurality of intermediate nodes of the binary tree with a plurality of multicast service agents;
establishing a secure back channel group among the multicast service agents;
updating the group session key to all the multicast service agents by securely communicating the group session key using the secure back channel;
at each intermediate node, updating the group session key of only those leaf nodes that are child nodes of the intermediate node.
-
-
10. A method for managing removal of a first node from a secure multicast group that comprises the first node and a plurality of multicast proxy service nodes in a communication network, wherein each of the nodes is represented by a leaf node of a binary tree stored in a domain of a directory service that is distributed across a wide area network, wherein each of the nodes is capable of establishing multicast communication and serving as a key distribution center, the method comprising the steps of:
-
creating and storing a group session key associated with the multicast group and a private key associated with each node in a directory;
receiving information indicating that the first node is leaving the multicast group;
updating all affected keys of a subset of nodes in a branch of the binary tree that contains the leaving node;
receiving a new group session key for the multicast group, for use after removal of the first node, and a new private key for the first node, from a local group manager node;
communicating a message to the subset of nodes that causes the subset of nodes to update their private keys. - View Dependent Claims (11, 12, 14, 15)
associating a plurality of intermediate nodes of the binary tree with a plurality of multicast service agents;
establishing a secure back channel group among the multicast service agents;
changing a private key associated with one of the intermediate nodes, in response to receiving information indicating that the first node is leaving the multicast group;
updating a group controller of the binary tree with the changed private key by sending the changed private key by securely communicating using the secure back channel.
-
-
12. A method as recited in claim 10, further comprising the steps of:
-
associating a plurality of intermediate nodes of the binary tree, including the first node, with a plurality of multicast service agents;
establishing a secure back channel group among the multicast service agents;
changing a plurality of private keys associated with all nodes that are child nodes of the first node, in response to receiving information indicating that the first node is leaving the multicast group;
updating a group controller of the binary tree with the changed private keys by decrypting the group session key from the group controller and then encrypting the group session key with the changed private keys.
-
-
14. A method as recited in claim 10, further comprising the steps of:
-
receiving a request for the group session key from a publisher node that is located in a different domain from the group manager node;
determining an identifier of the publisher node using a local directory service agent;
establishing a secure communication channel among the group manager node and a directory service agent in the different domain.
-
-
15. A method as recited in claim 10, further comprising distributing a group session key to all nodes by creating and storing the group session key using a first multicast proxy service node of one domain of the directory;
- replicating the directory; and
obtaining the group session key from a local multicast proxy service node that is a replica of the first multicast proxy service node.
- replicating the directory; and
-
16. A communication system for communicating a session key from a first node of a secure multicast group to a plurality of other nodes of the multicast group, wherein each of the nodes is represented by a leaf node of a binary tree stored in a domain of a directory service that is distributed across a wide area network, wherein each of the nodes is capable of establishing multicast communication and serving as a key distribution center, the communication system comprising:
-
a group controller that creates and manages secure multicast communication among the other multicast proxy service nodes, having a private key;
a computer-readable medium comprising one or more instructions which, when executed by one or more processors, cause the one or more processors to carry out the steps of;
creating and storing a group session key associated with the multicast group and a private key associated with each node in a directory;
receiving information indicating that the first node is joining the multicast group;
updating all affected keys of a subset of nodes in a branch of the binary tree that contains the joining node;
receiving a new group session key for the multicast group, for use after addition of the first node, and a new private key for the first node, from a local group manager node;
communicating a message to the subset of nodes that causes the subset of nodes to update their private keys.
-
-
17. A method for communicating a session key from a first node of a secure multicast group to a plurality of other nodes of the multicast group, wherein each of the nodes is represented by a leaf node of a binary tree stored in a domain of a directory service that is distributed across a wide area network, wherein each of the nodes is capable of establishing multicast communication and serving as a key distribution center, the method comprising the steps of:
-
creating and storing a group session key associated with the multicast group and a private key associated with each node in a directory;
receiving information indicating that the first node is joining the multicast group;
updating all affected keys of a subset of nodes in a branch of the binary tree that contains the joining node;
receiving a new group session key for the multicast group, for use after addition of the first node, and a new private key for the first node, from a local group manager node;
communicating a message to the subset of nodes that causes the subset of nodes to update their private keys;
distributing the first group session key among the multicast proxy service nodes by using periodic directory replication of the attribute information, wherein the attribute information comprises the first group session key, and the private keys; and
forming a second secure multicast group among the plurality of client nodes by one of the leaf nodes using a second group session key obtained from a local replica of the node that generated the first group session key. - View Dependent Claims (18, 19)
detecting whether one of the nodes is leaving the secure multicast or broadcast group;
determining which of other nodes are affected by deletion of the leaving node;
updating the private keys of the affected intermediate nodes;
generating a new group session key;
modifying the attribute information based upon the updated private keys and the new group session key; and
distributing the modified attribute information using directory replication.
-
-
19. The method as recited in claim 17, further comprising selectively updating the first group session key and the private keys via the DSA, wherein the step of selectively updating comprises:
-
receiving a request message from a new node to join the secure multicast or broadcast group;
determining which other nodes are affected by addition of the joining node;
updating the private keys of the affected nodes;
generating a new group session key and a private key of the new node;
modifying the attribute information based upon the updated private keys, the new group session key, and the private key of the new node; and
distributing the modified attribute information using directory replication.
-
-
20. A communication system for creating a secure multicast or broadcast group, the communication system comprising:
-
a plurality of multicast proxy service nodes, each of the multicast proxy service nodes having attribute information comprising a group identification value for uniquely identifying a particular one of the multicast proxy service nodes, wherein the plurality of multicast proxy service nodes is located in one of a plurality of domains of a directory service that spans a wide area network and the domains forms a logical arrangement of the multicast proxy service nodes according to a tree structure, the tree structure having a root node, intermediate nodes, and leaf nodes, one of the multicast proxy service node being designated as a primary multicast proxy service node, the primary multicast proxy service node being mapped to the root node, the other multicast proxy service nodes having private keys corresponding to the group identification values and being mapped to the intermediate nodes and the leaf nodes;
a directory comprising a directory system agent (DSA) for communicating with one or more of the multicast proxy service nodes to authenticate each of the multicast proxy service nodes and for replicating the attribute information of the one or more multicast proxy service nodes; and
a plurality of client nodes coupled to one of the multicast proxy service nodes, the one multicast proxy service node creating a secure multicast or broadcast client group that is separate from the secure multicast or broadcast group;
wherein one of the multicast proxy service nodes is configured for carrying out the steps of creating and storing a group session key associated with the multicast group and a private key associated with each node in a directory;
receiving information indicating that the first node is joining the multicast group;
updating all affected keys of a subset of nodes in a branch of the binary tree that contains the joining node;
receiving a new group session key for the multicast group, for use after addition of the first node, and a new private key for the first node, from a local group manager node;
communicating a message to the subset of nodes that causes the subset of nodes to update their private keys.
-
-
21. A computer-readable medium carrying one or more sequences of instructions for communicating a session key from a first node of a secure multicast group to a plurality of other nodes of the multicast group, wherein each of the nodes is represented by a leaf node of a binary tree stored in a domain of a directory service that is distributed across a wide area network, wherein each of the nodes is capable of establishing multicast communication and serving as a key distribution center, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
-
creating and storing a group session key associated with the multicast group in a directory;
authenticating the first multicast proxy service node with a subset of the multicast proxy service nodes that are affected by an addition of the first multicast proxy service node to the multicast group, based on the group session key stored in the directory;
receiving a plurality of private keys from the subset of nodes;
receiving a new group session key for the multicast group for use after addition of the first multicast proxy service node from a local multicast proxy service node that has received the group session key through periodic replication of the directory;
communicating the new group session key private key to the first multicast proxy service node;
communicating a message to the subset of nodes that causes the subset of nodes to update their private keys.
-
Specification