Techniques for securing data flow in internet multicasting
First Claim
1. A routing element for multicast digital communications, comprising:
- a. at least one input port;
b. at least one output port; and
c. a processor for controlling packet routing from an input port to an output port, said processor configured to obtain a public key and to decode at least a portion of a multicast join request comprising encrypted information submitted by a user using said public key to verify that said user is authorized to join a multicast, and further configured to block multicast packets received from senders blocked from sending to a receiver as indicated by a bit-mask received with a multicast join request.
2 Assignments
0 Petitions
Accused Products
Abstract
Multicast communications are expanded to include the concept of private multicasts. An address space dedicated to multicast is partitioned into a subspace for public multicasts and a subspace for private multicasts. A public key/private key encryption pair is used for private multicasts and installed on domain name servers or on certification authorities. Portions of a multicast join request are sent together with a corresponding encrypted version. Private multicast equipped routers receive the multicast join request, retrieve the public key from a domain name server or from a certification authority and decrypt the encrypted portion of the join request to determine if the requester is authorized. Group specific multicast joins are also permitted by sending a bit-mask identifying a group of senders which are authorized or prohibited from sending to a user joining a multicast.
-
Citations
15 Claims
-
1. A routing element for multicast digital communications, comprising:
-
a. at least one input port;
b. at least one output port; and
c. a processor for controlling packet routing from an input port to an output port, said processor configured to obtain a public key and to decode at least a portion of a multicast join request comprising encrypted information submitted by a user using said public key to verify that said user is authorized to join a multicast, and further configured to block multicast packets received from senders blocked from sending to a receiver as indicated by a bit-mask received with a multicast join request.
-
-
2. Apparatus for participating in a multicast, comprising
a. a communication port; - and
b. a processor for controlling communications over said communications port;
said processor configured to send a private multicast join request comprising first information and encrypted first information.- View Dependent Claims (3, 4, 5)
- and
-
6. A method of operating a communications system comprising the step of:
providing a multicast address space having a subspace for public multicasts and a subspace for private multicasts.
-
7. A method of sending a multicast join request, comprising the step of:
a. sending first information including a user identification together with an encrypted version of said first information. - View Dependent Claims (8)
-
9. A method of sending a multicast join request from a user, comprising the step of:
a. sending a list of bit-masks specifying at least one of a group of senders permitted to send to said user and a group of senders prohibited from sending to said user.
-
10. A computer program product, comprising:
-
a. a memory medium; and
b. a computer program stored on said memory medium, said computer program comprising instructions for providing a multicast address space having a subspace for public multicasts and a subspace for private multicasts. - View Dependent Claims (11)
-
-
12. A computer program product, comprising:
-
a. a memory medium; and
b. a computer program stored on said memory medium, said computer program comprising instructions for sending a multicast join request, including a user identification together with an encrypted version of said user identification. - View Dependent Claims (13)
-
-
14. A computer program product, comprising:
-
a. a memory medium; and
b. a computer program stored on said memory medium, said computer program comprising instructions for sending a group specific multicast join request including a bit-mask specifying at least one of a group of senders permitted to send to said user and a group of senders prohibited from sending to said user. - View Dependent Claims (15)
-
Specification