Apparatus and method for authenticating messages transmitted across different multicast domains
First Claim
1. A border network device that transmits messages between a first multicast domain and a second multicast domain, the first multicast domain having one or more first network devices, the second multicast domain having one or more second network devices, the border network device comprising:
- a first interface that receives a first domain message from the first domain for delivery to the second domain, the first domain message having first domain origin data, messages with first domain origin data originating from at least one of the first network devices;
a first message converter that converts the received first domain message into a first intermediate message, the first intermediate message including intermediate data indicating that the intermediate message originated from the border network device; and
an output that forwards the first intermediate message to a receiving second network device in the second domain;
wherein the first intermediate message includes data that causes the receiving second network device to convert the first intermediate message into a second message, the second message including data indicating that the second message originated from one of the second network devices.
8 Assignments
0 Petitions
Accused Products
Abstract
A border network device for transmitting messages between a first multicast domain and a second multicast domain includes a first interface that receives a first domain message from the first domain for delivery to the second domain, a first message converter that converts the received first domain message into a first intermediate message, and an output that forwards the first intermediate message to a receiving second network device in the second domain. The first multicast domain and second multicast domain each respectively have first network devices and second network devices. In preferred embodiments, the first domain message has first domain origin data. Messages with first domain origin data originate from at least one of the first network devices. In a similar manner, the intermediate message includes intermediate data indicating that the intermediate message originated from the border network device.
42 Citations
54 Claims
-
1. A border network device that transmits messages between a first multicast domain and a second multicast domain, the first multicast domain having one or more first network devices, the second multicast domain having one or more second network devices, the border network device comprising:
-
a first interface that receives a first domain message from the first domain for delivery to the second domain, the first domain message having first domain origin data, messages with first domain origin data originating from at least one of the first network devices;
a first message converter that converts the received first domain message into a first intermediate message, the first intermediate message including intermediate data indicating that the intermediate message originated from the border network device; and
an output that forwards the first intermediate message to a receiving second network device in the second domain;
wherein the first intermediate message includes data that causes the receiving second network device to convert the first intermediate message into a second message, the second message including data indicating that the second message originated from one of the second network devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
an intermediate interface that receives a second intermediate message from a given second network device, the second intermediate message having origination data indicating that it originated from the given second network device; and
a second message converter that converts the received second intermediate message into a converted first domain message with first domain data.
-
-
3. The border network device as defined by claim 2 wherein the output forwards the converted first domain message to at least one of the first network devices.
-
4. The border network device as defined by claim 1 wherein the first multicast domain has an associated key for authenticating messages transmitted between first network devices, the first origin data being associated with the first key.
-
5. The border network device as defined by claim 1 wherein the first multicast domain requires that each message authorized to be forwarded to first network devices in a multicast includes first domain origin data.
-
6. The border network device as defined by claim 1 wherein the first network devices comprise the border network device.
-
7. The border network device as defined by claim 1 further comprising:
memory for storing an intermediate key, the first message converter retrieving the intermediate key from the memory to convert the received first domain message into the first intermediate message.
-
8. The border network device as defined by claim 1 further comprising:
an authenticator operatively coupled with the first message converter, the authenticator confirming that the first domain message includes first domain origin data.
-
9. The border network device as defined by claim 1 wherein the receiving second network device is a border network device that converts the first intermediate message into a second message, the second message including data indicating that the second message originated from the receiving second network device.
-
10. A method of transmitting messages between a first multicast domain and a second multicast domain, the first multicast domain having one or more first network devices, the second multicast domain having one or more second network devices, the method comprising:
-
receiving a first domain message from the first domain for delivery to the second domain, the first domain message having first domain origin data, messages with first domain origin data originating from at least one of the first network devices;
converting the received first domain message into a first intermediate message, the first intermediate message including intermediate data indicating that the intermediate message originated from a border network device; and
forwarding the first intermediate message to a receiving second network device in the second domain;
wherein the first intermediate message includes data that causes the receiving second network device to convert the first intermediate message into a second message, the second message including data indicating that the second message originated from one of the second network devices. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
receiving a second intermediate message from a given second network device, the second intermediate message having origination data indicating that it originated from the given second network device; and
converting the received second intermediate message into a converted first domain message with first domain data.
-
-
12. The method as defined by claim 11 further comprising forwarding the converted first domain message to at least one of the first network devices.
-
13. The method as defined by claim 10 wherein the first multicast domain has an associated key for authenticating messages transmitted between first network devices, the first origin data being associated with the first key.
-
14. The method as defined by claim 10 wherein the first multicast domain requires that each message authorized to be forwarded to first network devices in a multicast includes first domain origin data.
-
15. The method as defined by claim 10 wherein the first network devices comprise the border network device.
-
16. The method as defined by claim 10 wherein the act of converting comprises:
retrieving the intermediate key from memory to convert the received first domain message into the first intermediate message.
-
17. The method as defined by claim 10 further comprising:
confirming that the first domain message includes first domain origin data.
-
18. The method as defined by claim 10 wherein the receiving second network device is a second border network device that converts the first intermediate message into a second domain message having data indicating that the message originated from the receiving second network device.
-
19. A computer program product for use on a computer system for transmitting messages between a first multicast domain and a second multicast domain, the first multicast domain having one or more first network devices, the second multicast domain having one or more second network devices, the computer program product comprising a computer usable medium having computer readable program code thereon, the computer readable program code including:
-
program code for receiving a first domain message from the first domain for delivery to the second domain, the first domain message having first domain origin data, messages with first domain origin data originating from at least one of the first network devices;
program code for converting the received first domain message into a first intermediate message, the first intermediate message including intermediate data indicating that the intermediate message originated from a border network device; and
program code for forwarding the first intermediate message to a receiving second network device in the second domain;
wherein the first intermediate message includes data that causes the receiving second network device to convert the first intermediate message into a second message, the second message including data indicating that the second message originated from one of the second network devices. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
program code for receiving a second intermediate message from a given second network device, the second intermediate message having origination data indicating that it originated from the given second network device; and
program code for converting the received second intermediate message into a converted first domain message with first domain data.
-
-
21. The computer program product as defined by claim 20 further comprising program code for forwarding the converted first domain message to at least one of the first network devices.
-
22. The computer program product as defined by claim 19 wherein the first multicast domain has an associated key for authenticating messages transmitted between first network devices, the first origin data being associated with the first key.
-
23. The computer program product as defined by claim 19 wherein the first multicast domain requires that each message authorized to be forwarded to first network devices in a multicast includes first domain origin data.
-
24. The computer program product as defined by claim 19 wherein the first network devices comprise the border network device.
-
25. The computer program product as defined by claim 19 wherein the program code for converting comprises:
program code for retrieving the intermediate key from memory to convert the received first domain message into the first intermediate message.
-
26. The computer program product as defined by claim 19 further comprising:
program code for confirming that the first domain message includes first domain origin data.
-
27. The computer program product as defined by claim 19 wherein the receiving second network device is a second border network device that converts the first intermediate message into a second domain message having data indicating that the message originated from the receiving second network device.
-
28. A border network device that transmits messages between a first multicast domain and a second multicast domain, the first multicast domain having one or more first network devices, the second multicast domain having one or more second network devices, the border network device comprising:
-
an intermediate interface that receives a second intermediate message from the second domain, the second intermediate message including intermediate data indicating that the second intermediate message originated from one network devices, the second intermediate message being converted by the one of the second network devices from a second domain message including second domain data indicating that the second domain message originated from at least one of the second network devices;
a first message converter that converts the received second intermediate message into a converted first domain message with first domain data, message with first domain data originating from one of the first network devices; and
a first output that forwards the converted first domain message to at least one of the first network devices. - View Dependent Claims (29, 30, 31, 32, 33)
a first interface that receives a first domain message from at least one of the first network devices, the first domain message having first domain data;
a second message converter that converts the received first domain message into a first intermediate message, the first intermediate message having data indicating that the first intermediate message originated from the border router; and
a second output that forwards the first intermediate message to at least one of the second network devices.
-
-
30. The border network device as defined by claim 28 wherein the first multicast domain has an associated first key for authenticating messages transmitted between first network devices, the first domain data being associated with the first key.
-
31. The border network device as defined by claim 28 wherein the first multicast domain requires that each first domain message authorized to participate in a multicast in the first domain include first domain origin data.
-
32. The border network device as defined by claim 28 wherein the at least one of the first network devices receiving the converted first domain message converts the converted first domain message into a second domain message having data indicating that the message originated from one of the second network devices.
-
33. The border network device as defined by claim 28 further comprising:
an authenticator operatively coupled with the first message converter, the authenticator checking the second intermediate message to determine if the second intermediate message includes the intermediate data.
-
34. A method of transmitting messages between a fist multicast domain and a second multicast domain, the first multicast domain having one or more first network devices, the second multicast domain having one or more second network devices, the border network device comprising:
-
receiving a second intermediate message from the second domain, the second intermediate message including intermediate data indicating that the second intermediate message originated from one of the second network devices, the second intermediate message being converted by the one of the second network devices from a second domain message including second domain data indicating that the second domain message originated from at least one of the second network devices;
converting the received second intermediate message into a converted first domain message with first domain data, messages with first domain data originating from one of the first network devices; and
forwarding the converted first domain message to at least one of the first network devices. - View Dependent Claims (35, 36, 37, 38, 39)
receiving a first domain message from at least one of the first network devices, the first domain message having first domain data;
controlling a border network device to convert the received first domain message into a first intermediate message, the first intermediate message having data indicating that the first intermediate message originated from the border router; and
forwarding the first intermediate message to at least one of the second network devices.
-
-
36. The method as defined by claim 34 wherein the first multicast domain has an associated first key for authenticating messages transmitted between first network devices, the first domain data being associated with the first key.
-
37. The method as defined by claim 34 wherein the first multicast domain requires that each first domain message authorized to participate in a multicast in the first domain include first domain origin data.
-
38. The method as defined by claim 34 wherein the at least one of the first network devices receiving the converted first domain message converts the converted first domain message into a second domain message having data indicating that the message originated from one of the second network devices.
-
39. The method as defined by claim 34 further comprising:
checking the intermediate message to determine if the second intermediate message includes the second intermediate data.
-
40. A computer program product for use on a computer system for transmitting messages between a first multicast domain and a second multicast domain, the first multicast domain having one or more first network devices, the second multicast domain having one or more second network devices, the computer program product comprising a computer usable medium having computer readable program code thereon, the computer readable program code including:
-
program code for receiving a second intermediate message from the second domain, the second intermediate message including intermediate data indicating that the second intermediate message originated from one of the second network devices, the second intermediate message being converted by the one of the second network devices from a second domain message including second domain data indicating that the second domain message originated from at least one of the second network devices;
program code for converting the received second intermediate message into a converted first domain message with first domain data, messages with first domain data originating from one of the first network devices; and
program code for forwarding the converted first domain message to at least one of the first network devices. - View Dependent Claims (41, 42, 43, 44, 45)
program code for receiving a first domain message from at least one of the first network devices, the first domain message having first domain data;
program code for controlling a border network device to convert the received first domain message into a first intermediate message, the first intermediate message having data indicating that the first intermediate message originated from the border router; and
program code for forwarding the first intermediate message to at least one of the second network devices.
-
-
42. The computer program product as defined by claim 40 wherein the first multicast domain has an associated first key for authenticating messages transmitted between first network devices, the first domain data being associated with the first key.
-
43. The computer program product as defined by claim 40 wherein the first multicast domain requires that each first domain message authorized to participate in a multicast in the first domain include first domain origin data.
-
44. The computer program product as defined by claim 40 wherein the at least one of the first network devices receiving the converted first domain message converts the converted first domain message into a second domain message having data indicating that the message originated from one of the second network devices.
-
45. The computer program product as defined by claim 40 further comprising:
program code for checking the second intermediate message to determine if the intermediate message includes the second intermediate data.
-
46. A method of transmitting messages between a first multicast domain and a second multicast domain, the method comprising:
-
receiving a first message from a first network device in the first domain, the first message having first identification data indicating that the first message originated from the first network device, the first message also having first domain origin data indicating that the first message originated in the first multicast domain;
controlling a confirming network device to analyze the first identification data to determine that the first message originated from the first network device;
adding second identification data to the first message to form an authenticated message, the second identification data indicating that the first message was authenticated by the confirming network device; and
forwarding the authenticated message to a second network device in the second domain, the second network device adding third identification data to the first message, the third identification data indicating that the first message originated from the second network device, the second network device also adding second domain origin data to the first message, the second domain origin data indicating that the first message originated in the second multicast domain. - View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54)
removing the first identification data.
-
-
50. The method as defined by claim 46 wherein the first domain requires that each first domain message authorized to participate in a multicast include first domain origin data, each message with first domain origin data originating from a device in the first domain.
-
51. The method as defined by claim 50 wherein the act of adding comprises:
adding intermediate data to form the authenticated message, the intermediate data indicating that the first message was authenticated by the confirming network device.
-
52. The method as defined by claim 51 wherein the intermediate data is formed by a key that is associated with both the confirming network device and the second network device.
-
53. The method as defined by claim 50 wherein the first domain origin data includes a MAC.
-
54. The method as defined by claim 46 wherein the confirming network device is in the first domain.
Specification