Apparatus and method for authenticating messages transmitted across different multicast domains

US 6,725,276 B1
Filed: 04/13/1999
Issued: 04/20/2004
Est. Priority Date: 04/13/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A border network device that transmits messages between a first multicast domain and a second multicast domain, the first multicast domain having one or more first network devices, the second multicast domain having one or more second network devices, the border network device comprising:

a first interface that receives a first domain message from the first domain for delivery to the second domain, the first domain message having first domain origin data, messages with first domain origin data originating from at least one of the first network devices;

a first message converter that converts the received first domain message into a first intermediate message, the first intermediate message including intermediate data indicating that the intermediate message originated from the border network device; and

an output that forwards the first intermediate message to a receiving second network device in the second domain;

wherein the first intermediate message includes data that causes the receiving second network device to convert the first intermediate message into a second message, the second message including data indicating that the second message originated from one of the second network devices.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A border network device for transmitting messages between a first multicast domain and a second multicast domain includes a first interface that receives a first domain message from the first domain for delivery to the second domain, a first message converter that converts the received first domain message into a first intermediate message, and an output that forwards the first intermediate message to a receiving second network device in the second domain. The first multicast domain and second multicast domain each respectively have first network devices and second network devices. In preferred embodiments, the first domain message has first domain origin data. Messages with first domain origin data originate from at least one of the first network devices. In a similar manner, the intermediate message includes intermediate data indicating that the intermediate message originated from the border network device.

42 Citations

View as Search Results

54 Claims

1. A border network device that transmits messages between a first multicast domain and a second multicast domain, the first multicast domain having one or more first network devices, the second multicast domain having one or more second network devices, the border network device comprising:
- a first interface that receives a first domain message from the first domain for delivery to the second domain, the first domain message having first domain origin data, messages with first domain origin data originating from at least one of the first network devices;
  
  a first message converter that converts the received first domain message into a first intermediate message, the first intermediate message including intermediate data indicating that the intermediate message originated from the border network device; and
  
  an output that forwards the first intermediate message to a receiving second network device in the second domain;
  
  wherein the first intermediate message includes data that causes the receiving second network device to convert the first intermediate message into a second message, the second message including data indicating that the second message originated from one of the second network devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The border network device as defined by claim 1 further comprising:
3. The border network device as defined by claim 2 wherein the output forwards the converted first domain message to at least one of the first network devices.
4. The border network device as defined by claim 1 wherein the first multicast domain has an associated key for authenticating messages transmitted between first network devices, the first origin data being associated with the first key.
5. The border network device as defined by claim 1 wherein the first multicast domain requires that each message authorized to be forwarded to first network devices in a multicast includes first domain origin data.
6. The border network device as defined by claim 1 wherein the first network devices comprise the border network device.
7. The border network device as defined by claim 1 further comprising:
- memory for storing an intermediate key, the first message converter retrieving the intermediate key from the memory to convert the received first domain message into the first intermediate message.
8. The border network device as defined by claim 1 further comprising:
- an authenticator operatively coupled with the first message converter, the authenticator confirming that the first domain message includes first domain origin data.
9. The border network device as defined by claim 1 wherein the receiving second network device is a border network device that converts the first intermediate message into a second message, the second message including data indicating that the second message originated from the receiving second network device.

10. A method of transmitting messages between a first multicast domain and a second multicast domain, the first multicast domain having one or more first network devices, the second multicast domain having one or more second network devices, the method comprising:
- receiving a first domain message from the first domain for delivery to the second domain, the first domain message having first domain origin data, messages with first domain origin data originating from at least one of the first network devices;
  
  converting the received first domain message into a first intermediate message, the first intermediate message including intermediate data indicating that the intermediate message originated from a border network device; and
  
  forwarding the first intermediate message to a receiving second network device in the second domain;
  
  wherein the first intermediate message includes data that causes the receiving second network device to convert the first intermediate message into a second message, the second message including data indicating that the second message originated from one of the second network devices.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method as defined by claim 10 further comprising:
12. The method as defined by claim 11 further comprising forwarding the converted first domain message to at least one of the first network devices.
13. The method as defined by claim 10 wherein the first multicast domain has an associated key for authenticating messages transmitted between first network devices, the first origin data being associated with the first key.
14. The method as defined by claim 10 wherein the first multicast domain requires that each message authorized to be forwarded to first network devices in a multicast includes first domain origin data.
15. The method as defined by claim 10 wherein the first network devices comprise the border network device.
16. The method as defined by claim 10 wherein the act of converting comprises:
- retrieving the intermediate key from memory to convert the received first domain message into the first intermediate message.
17. The method as defined by claim 10 further comprising:
- confirming that the first domain message includes first domain origin data.
18. The method as defined by claim 10 wherein the receiving second network device is a second border network device that converts the first intermediate message into a second domain message having data indicating that the message originated from the receiving second network device.

19. A computer program product for use on a computer system for transmitting messages between a first multicast domain and a second multicast domain, the first multicast domain having one or more first network devices, the second multicast domain having one or more second network devices, the computer program product comprising a computer usable medium having computer readable program code thereon, the computer readable program code including:
- program code for receiving a first domain message from the first domain for delivery to the second domain, the first domain message having first domain origin data, messages with first domain origin data originating from at least one of the first network devices;
  
  program code for converting the received first domain message into a first intermediate message, the first intermediate message including intermediate data indicating that the intermediate message originated from a border network device; and
  
  program code for forwarding the first intermediate message to a receiving second network device in the second domain;
  
  wherein the first intermediate message includes data that causes the receiving second network device to convert the first intermediate message into a second message, the second message including data indicating that the second message originated from one of the second network devices.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The computer program product as defined by claim 19 further comprising:
21. The computer program product as defined by claim 20 further comprising program code for forwarding the converted first domain message to at least one of the first network devices.
22. The computer program product as defined by claim 19 wherein the first multicast domain has an associated key for authenticating messages transmitted between first network devices, the first origin data being associated with the first key.
23. The computer program product as defined by claim 19 wherein the first multicast domain requires that each message authorized to be forwarded to first network devices in a multicast includes first domain origin data.
24. The computer program product as defined by claim 19 wherein the first network devices comprise the border network device.
25. The computer program product as defined by claim 19 wherein the program code for converting comprises:
- program code for retrieving the intermediate key from memory to convert the received first domain message into the first intermediate message.
26. The computer program product as defined by claim 19 further comprising:
- program code for confirming that the first domain message includes first domain origin data.
27. The computer program product as defined by claim 19 wherein the receiving second network device is a second border network device that converts the first intermediate message into a second domain message having data indicating that the message originated from the receiving second network device.

28. A border network device that transmits messages between a first multicast domain and a second multicast domain, the first multicast domain having one or more first network devices, the second multicast domain having one or more second network devices, the border network device comprising:
- an intermediate interface that receives a second intermediate message from the second domain, the second intermediate message including intermediate data indicating that the second intermediate message originated from one network devices, the second intermediate message being converted by the one of the second network devices from a second domain message including second domain data indicating that the second domain message originated from at least one of the second network devices;
  
  a first message converter that converts the received second intermediate message into a converted first domain message with first domain data, message with first domain data originating from one of the first network devices; and
  
  a first output that forwards the converted first domain message to at least one of the first network devices.
- View Dependent Claims (29, 30, 31, 32, 33)
- - 29. A border network device as defined by claim 28 further comprising:
30. The border network device as defined by claim 28 wherein the first multicast domain has an associated first key for authenticating messages transmitted between first network devices, the first domain data being associated with the first key.
31. The border network device as defined by claim 28 wherein the first multicast domain requires that each first domain message authorized to participate in a multicast in the first domain include first domain origin data.
32. The border network device as defined by claim 28 wherein the at least one of the first network devices receiving the converted first domain message converts the converted first domain message into a second domain message having data indicating that the message originated from one of the second network devices.
33. The border network device as defined by claim 28 further comprising:
- an authenticator operatively coupled with the first message converter, the authenticator checking the second intermediate message to determine if the second intermediate message includes the intermediate data.

34. A method of transmitting messages between a fist multicast domain and a second multicast domain, the first multicast domain having one or more first network devices, the second multicast domain having one or more second network devices, the border network device comprising:
- receiving a second intermediate message from the second domain, the second intermediate message including intermediate data indicating that the second intermediate message originated from one of the second network devices, the second intermediate message being converted by the one of the second network devices from a second domain message including second domain data indicating that the second domain message originated from at least one of the second network devices;
  
  converting the received second intermediate message into a converted first domain message with first domain data, messages with first domain data originating from one of the first network devices; and
  
  forwarding the converted first domain message to at least one of the first network devices.
- View Dependent Claims (35, 36, 37, 38, 39)
- - 35. The method as defined by claim 34 further comprising:
36. The method as defined by claim 34 wherein the first multicast domain has an associated first key for authenticating messages transmitted between first network devices, the first domain data being associated with the first key.
37. The method as defined by claim 34 wherein the first multicast domain requires that each first domain message authorized to participate in a multicast in the first domain include first domain origin data.
38. The method as defined by claim 34 wherein the at least one of the first network devices receiving the converted first domain message converts the converted first domain message into a second domain message having data indicating that the message originated from one of the second network devices.
39. The method as defined by claim 34 further comprising:
- checking the intermediate message to determine if the second intermediate message includes the second intermediate data.

40. A computer program product for use on a computer system for transmitting messages between a first multicast domain and a second multicast domain, the first multicast domain having one or more first network devices, the second multicast domain having one or more second network devices, the computer program product comprising a computer usable medium having computer readable program code thereon, the computer readable program code including:
- program code for receiving a second intermediate message from the second domain, the second intermediate message including intermediate data indicating that the second intermediate message originated from one of the second network devices, the second intermediate message being converted by the one of the second network devices from a second domain message including second domain data indicating that the second domain message originated from at least one of the second network devices;
  
  program code for converting the received second intermediate message into a converted first domain message with first domain data, messages with first domain data originating from one of the first network devices; and
  
  program code for forwarding the converted first domain message to at least one of the first network devices.
- View Dependent Claims (41, 42, 43, 44, 45)
- - 41. The computer program product as defined by claim 40 further comprising:
42. The computer program product as defined by claim 40 wherein the first multicast domain has an associated first key for authenticating messages transmitted between first network devices, the first domain data being associated with the first key.
43. The computer program product as defined by claim 40 wherein the first multicast domain requires that each first domain message authorized to participate in a multicast in the first domain include first domain origin data.
44. The computer program product as defined by claim 40 wherein the at least one of the first network devices receiving the converted first domain message converts the converted first domain message into a second domain message having data indicating that the message originated from one of the second network devices.
45. The computer program product as defined by claim 40 further comprising:
- program code for checking the second intermediate message to determine if the intermediate message includes the second intermediate data.

46. A method of transmitting messages between a first multicast domain and a second multicast domain, the method comprising:
- receiving a first message from a first network device in the first domain, the first message having first identification data indicating that the first message originated from the first network device, the first message also having first domain origin data indicating that the first message originated in the first multicast domain;
  
  controlling a confirming network device to analyze the first identification data to determine that the first message originated from the first network device;
  
  adding second identification data to the first message to form an authenticated message, the second identification data indicating that the first message was authenticated by the confirming network device; and
  
  forwarding the authenticated message to a second network device in the second domain, the second network device adding third identification data to the first message, the third identification data indicating that the first message originated from the second network device, the second network device also adding second domain origin data to the first message, the second domain origin data indicating that the first message originated in the second multicast domain.
- View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54)
- - 47. The method as defined by claim 46 wherein the first identification data includes a digital signature of the first network device.
  - 48. The method as defined by claim 46 wherein the second identification data includes a digital signature of the confirming network device.
  - 49. The method as defined by claim 46 further comprising:
50. The method as defined by claim 46 wherein the first domain requires that each first domain message authorized to participate in a multicast include first domain origin data, each message with first domain origin data originating from a device in the first domain.
51. The method as defined by claim 50 wherein the act of adding comprises:
- adding intermediate data to form the authenticated message, the intermediate data indicating that the first message was authenticated by the confirming network device.
52. The method as defined by claim 51 wherein the intermediate data is formed by a key that is associated with both the confirming network device and the second network device.
53. The method as defined by claim 50 wherein the first domain origin data includes a MAC.
54. The method as defined by claim 46 wherein the confirming network device is in the first domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Clearinghouse LLC (RPX Corporation)
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Cain, Bradley, Hardjono, Thomas
Primary Examiner(s)
CALDWELL, ANDREW T

Application Number

US09/290,753
Time in Patent Office

1,834 Days
Field of Search

713/153, 713/168, 713/170, 713/176, 709/204, 709/205, 709/246, 709/229, 709/238-242, 370/390
US Class Current

709/238
CPC Class Codes

H04L 12/1836   with heterogeneous network ...

H04L 45/04   Interdomain routing, e.g. h...

H04L 45/16   Multipoint routing

Apparatus and method for authenticating messages transmitted across different multicast domains

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

54 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for authenticating messages transmitted across different multicast domains

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

54 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links