Facilitating secure communications among multicast nodes in a telecommunications network
First Claim
1. A method for facilitating secure communications among multicast nodes in a telecommunications network, the method comprising the computer-implemented steps of:
- receiving, at an authoritative node from a first node, a first request to store an encryption key, wherein the first request includes an identifier, and wherein the first node uses the encryption key to encrypt data that is multicast with the identifier to a plurality of second nodes;
in response to the first request,the authoritative node storing the encryption key;
the authoritative node creating and storing an association between the encryption key and the identifier;
receiving, at the authoritative node from at least one second node of the plurality of second nodes, a second request to obtain the encryption key, wherein the second request includes the identifier;
in response to the second request,based on the identifier included in the second request and the association between the encryption key and the identifier, the authoritative node retrieving the encryption key; and
the authoritative node sending the encryption key to the at least one second node for use in decrypting the encrypted data.
1 Assignment
0 Petitions
Accused Products
Abstract
An approach for facilitating secure communications among multicast nodes in a telecommunications network is disclosed. A source node sends an encryption key and an identifier to an authoritative node that stores the encryption key and associates the identifier with the encryption key. The source node encrypts data using the encryption key and sends the encrypted data with the identifier in a multicast. The multicast destination nodes retrieve the encryption key from the authoritative node based on the identifier and then decrypt the multicast. A list of administrative nodes, a list of authorized nodes, and an expiration time may be used to manage the encryption key. The authoritative node may be a certificate authority or key distribution center, and the source node may encrypt the multicast using the Internet security protocol (IPsec) or secure socket layer (SSL). Thus, communications among multicast nodes may be efficiently secured in a scalable manner.
-
Citations
34 Claims
-
1. A method for facilitating secure communications among multicast nodes in a telecommunications network, the method comprising the computer-implemented steps of:
-
receiving, at an authoritative node from a first node, a first request to store an encryption key, wherein the first request includes an identifier, and wherein the first node uses the encryption key to encrypt data that is multicast with the identifier to a plurality of second nodes; in response to the first request, the authoritative node storing the encryption key; the authoritative node creating and storing an association between the encryption key and the identifier; receiving, at the authoritative node from at least one second node of the plurality of second nodes, a second request to obtain the encryption key, wherein the second request includes the identifier; in response to the second request, based on the identifier included in the second request and the association between the encryption key and the identifier, the authoritative node retrieving the encryption key; and the authoritative node sending the encryption key to the at least one second node for use in decrypting the encrypted data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for encrypting communications among multicast nodes in a telecommunications network, the method comprising the computer-implemented steps of:
-
an originating node sending a first request to store an encryption key and an identifier to an authoritative node; wherein the authoritative node, in response to the first request, (a) stores the encryption key and (b) creates and stores an association between the encryption key and the identifier; the originating node encrypting data based on the encryption key; and the originating node multicasting the encrypted data with the identifier to one or more receiving nodes, wherein; at least one receiving node of the one or more receiving nodes (a) sends a second request to obtain the encryption key to the authoritative node, wherein the second request includes the identifier, and (b) decrypts the encrypted data based on the encryption key that the at least one receiving node receives from the authoritative node; and the authoritative node, in response to the second request, (a) retrieves the encryption key, based on the identifier included in the second request and the association between the encryption key and the identifier, and (b) sends the encryption key to the at least one receiving node for use in decrypting the encrypted data.
-
-
11. A method for decrypting encrypted communications among multicast nodes in a telecommunications network, the method comprising the computer-implemented steps of:
-
a receiving node receiving from an originating node a multicast that includes encrypted data and an identifier, wherein; the encrypted data is encrypted by the originating node based on an encryption key; the authoritative node receives a first request from the originating node to store the encryption key, wherein the first request includes an identifier; in response to the first request, the authoritative node (a) stores the encryption key and (b) creates and stores an association between the encryption key and the identifier; the receiving node identifying the identifier from the multicast; the receiving node sending a second request to obtain the encryption key that includes the identifier to the authoritative node to obtain an encryption key used by the originating node to encrypt the encrypted data, wherein; the authoritative node, in response to the second request, (a) retrieves the encryption key, based on the identifier included in the second request and the association between the encryption key and the identifier, and (b) sends the encryption key for use in decrypting the encrypted data; in response to sending the second request to the authoritative node, the receiving node receiving the encryption key; and the receiving node decrypting the encrypted data based on the encryption key.
-
-
12. A method for a certificate authority to facilitate communications based on Internet protocol security (IPsec) among multicast nodes in a telecommunications network, the method comprising the computer-implemented steps of:
-
receiving, at the certificate authority from a first router that acts as a multicast originator, a first request to register an encryption key, wherein the first request includes a multicast session identifier and a list of authorized multicast receivers, and wherein the first router uses the encryption key to encrypt data based on IPsec and multicasts the encrypted data with the multicast session identifier to a plurality of second routers that act as multicast receivers; in response to the first request, the certificate authority creating and storing a multicast session certificate that includes the encryption key, the multicast session identifier, and the list of authorized multicast receivers; receiving, at the certificate authority from at least a particular second router of the plurality of second routers, a second request to obtain the encryption key, wherein the second request includes the multicast session identifier; in response to the second request, determining whether the particular second router is included in the list of authorized multicast receivers; when the particular second router is included in the list of authorized multicast receivers, based on the multicast session identifier included in the second request and the multicast session certificate, the certificate authority retrieving the encryption key; and the certificate authority sending the encryption key to the particular second router for use in decrypting the encrypted data based on IPsec.
-
-
13. A computer-readable storage medium carrying one or more sequences of instructions for facilitating secure communications among multicast nodes in a telecommunications network, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
receiving, at an authoritative node from a first node, a first request to store an encryption key, wherein the first request includes an identifier, and wherein the first node uses the encryption key to encrypt data that is multicast with the identifier to a plurality of second nodes; in response to the first request, the authoritative node storing the encryption key; the authoritative node creating and storing an association between the encryption key and the identifier; receiving, at the authoritative node from at least one second node of the plurality of second nodes, a second request to obtain the encryption key, wherein the second request includes the identifier; in response to the second request, based on the identifier included in the second request and the association between the encryption key and the identifier, the authoritative node retrieving the encryption key; and the authoritative node sending the encryption key to the at least one second node for use in decrypting the encrypted data.
-
-
14. A computer-readable storage medium carrying one or more sequences of instructions for encrypting communications among multicast nodes in a telecommunications network, cause the one or more processors to carry out the steps of:
-
an originating node sending a first request to store an encryption key and an identifier to an authoritative node; wherein the authoritative node, in response to the first request, (a) stores the encryption key and (b) creates and stores an association between the encryption key and the identifier; the originating node encrypting data based on the encryption key; and the originating node multicasting the encrypted data with the identifier to one or more receiving nodes, wherein; at least one receiving node of the one or more receiving nodes (a) sends a second request to obtain the encryption key to the authoritative node, wherein the second request includes the identifier, and (b) decrypts the encrypted data based on the encryption key that the at least one receiving node receives from the authoritative node; and the authoritative node, in response to the second request, (a) retrieves the encryption key, based on the identifier included in the second request and the association between the encryption key and the identifier, and (b) sends the encryption key to the at least one receiving node for use in decrypting the encrypted data.
-
-
15. An apparatus for facilitating secure communications among multicast nodes in a telecommunications network, comprising:
-
means for receiving, at an authoritative node from a first node, a first request to store an encryption key, wherein the first request includes an identifier, and wherein the first node uses the encryption key to encrypt data that is multicast with the identifier to a plurality of second nodes; means for the authoritative node storing the encryption key, in response to the first request; means for the authoritative node creating and storing an association between the encryption key and the identifier, in response to the first request; means for receiving, at the authoritative node from at least one second node of the plurality of second nodes, a second request to obtain the encryption key, wherein the second request includes the identifier; means for the authoritative node retrieving the encryption key, in response to the second request and based on the identifier included in the second request and the association between the encryption key and the identifier; and means for the authoritative node sending the encryption key to the at least one second node for use in decrypting the encrypted data, in response to the second request. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
16. An apparatus for encrypting communications among multicast nodes in a telecommunications network, comprising:
-
means for an originating node sending a first request to store an encryption key and an identifier to an authoritative node; wherein the authoritative node, in response to the first request, (a) stores the encryption key and (b) creates and stores an association between the encryption key and the identifier; means for the originating node encrypting data based on the encryption key; and means for the originating node multicasting the encrypted data with the identifier to one or more receiving nodes, wherein; at least one receiving node of the one or more receiving nodes (a) sends a second request to obtain the encryption key to the authoritative node, wherein the second request includes the identifier, and (b) decrypts the encrypted data based on the encryption key that the at least one receiving node receives from the authoritative node; and the authoritative node, in response to the second request, (a) retrieves the encryption key, based on the identifier included in the second request and the association between the encryption key and the identifier, and (b) sends the encryption key to the at least one receiving node for use in decrypting the encrypted data, the one or more receiving nodes use the identifier to retrieve the encryption key from the authoritative node and decrypt the encrypted data based on the encryption key.
-
-
17. An apparatus for facilitating secure communications among multicast nodes in a telecommunications network, comprising:
-
a processor; one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of; receiving, at an authoritative node from a first node, a first request to store an encryption key, wherein the first request includes an identifier, and wherein the first node uses the encryption key to encrypt data that is multicast with the identifier to a plurality of second nodes; in response to the first request, the authoritative node storing the encryption key; the authoritative node creating and storing an association between the encryption key and the identifier; receiving, at the authoritative node from at least one second node of the plurality of second nodes, a second request to obtain the encryption key, wherein the second request includes the identifier; in response to the second request, based on the identifier included in the second request and the association between the encryption key and the identifier, the authoritative node retrieving the encryption key; and the authoritative node sending the encryption key to the at least one second node for use in decrypting the encrypted data. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34)
-
-
18. An apparatus for encrypting communications among multicast nodes in a telecommunications network, comprising:
-
a processor; one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of; an originating node sending a first request to store an encryption key and an identifier to an authoritative node; wherein the authoritative node, in response to the first request, (a) stores the encryption key and (b) creates and stores an association between the encryption key and the identifier; the originating node encrypting data based on the encryption key; and the originating node multicasting the encrypted data with the identifier to one or more receiving nodes, wherein; at least one receiving node of the one or more receiving nodes (a) sends a second request to obtain the encryption key to the authoritative node, wherein the second request includes the identifier, and (b) decrypts the encrypted data based on the encryption key that the at least one receiving node receives from the authoritative node; and the authoritative node, in response to the second request, (a) retrieves the encryption key, based on the identifier included in the second request and the association between the encryption key and the identifier, and (b) sends the encryption key to the at least one receiving node for use in decrypting the encrypted data.
-
Specification