Directory enabled secure multicast group communications
First Claim
1. A method for securely establishing communication in a multicast group of nodes of a network, in which the nodes of the network include publishers and subscribers, the method comprising the computer-implemented steps of:
- registering a publisher and a subscriber with an event server;
wherein the event server is communicatively connected to a directory that stores objects representing event types;
in response to registering the publisher, the event server determining whether the publisher is authorized to produce a particular event, which corresponds to a particular event type, by checking in the directory a particular object that represents the particular event type;
in response to registering the subscriber, the event server determining whether the subscriber is authorized to receive the particular event by checking in the directory the particular object that represents the particular event type; and
storing, within the event server, a group session key for establishing a multicast group, wherein the multicast group includes the publisher and the subscriber, and the group session key is encrypted in a first message that has a prescribed format.
0 Assignments
0 Petitions
Accused Products
Abstract
An approach for establishing secure communication among multiple multicast groups using a multi-master directory is disclosed. The multi-master directory is on a per object and per attribute access controls basis. The event service nodes, which can implemented as event servers, are distributed throughout an enterprise domain. The attributes of the event service nodes include the group session key and the private keys of the event service nodes. A standardized authentication service is used to register publishers and subscribers. These publishers and subscribers can individually belong to multiple multicast groups under a readily scalable, secure network architecture.
118 Citations
29 Claims
-
1. A method for securely establishing communication in a multicast group of nodes of a network, in which the nodes of the network include publishers and subscribers, the method comprising the computer-implemented steps of:
-
registering a publisher and a subscriber with an event server; wherein the event server is communicatively connected to a directory that stores objects representing event types; in response to registering the publisher, the event server determining whether the publisher is authorized to produce a particular event, which corresponds to a particular event type, by checking in the directory a particular object that represents the particular event type; in response to registering the subscriber, the event server determining whether the subscriber is authorized to receive the particular event by checking in the directory the particular object that represents the particular event type; and storing, within the event server, a group session key for establishing a multicast group, wherein the multicast group includes the publisher and the subscriber, and the group session key is encrypted in a first message that has a prescribed format. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 24, 25)
-
-
13. A communication system for creating a plurality of secure multicast groups in a network that includes a plurality of principals configured for functioning as subscribers and publishers, the communication system comprising:
-
an event server communicatively coupled to the plurality of principals for registering the plurality of principals; wherein the event server is communicatively coupled to a multi-master directory that stores objects representing event types; means in the event server for determining, in response to registering the publishers, whether the publishers are authorized to produce particular events, which correspond to particular event types, by checking in the directory particular objects that represent the particular event types; means in the event server for determining, in response to registering the subscribers, whether the subscribers are authorized to receive the particular events by checking in the directory the particular objects that represent the particular event types; means in the event server for creating a group session key for establishing one of the multicast groups; and means in the event server for distributing the group session key to a set of publishers and subscribers of the plurality of principals in an encrypted message that has a prescribed format. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A computer system functioning as an event server and for establishing multiple secure multicast groups, the computer system comprising:
-
a communication interface for communicating with a plurality of nodes; a bus coupled to the communication interface for transferring data; one or more processors coupled to the bus; and a memory coupled to the one or more processors via the bus, the memory including one or more sequences of instructions which when executed by the one or more processors cause the one or more processors to perform the steps of; accessing a directory that stores objects representing event types; registering the plurality of nodes with the event server, wherein the plurality of nodes include a set of publishers and a set of subscribers; in response to registering a particular publisher, determining whether the particular publisher is authorized to produce a particular event, which corresponds to a particular event type, by checking in the directory a particular object that represents the particular event type; in response to registering a particular subscriber, determining whether the particular subscriber is authorized to receive the particular event by checking in the directory the particular object that represents the particular event type; and establishing a multicast group, which includes the particular publisher and the particular subscriber, by storing a group session key in an encrypted message that has a prescribed format and sending the encrypted message to the multicast group. - View Dependent Claims (20, 21, 22, 26, 27)
-
-
23. A computer-readable storage medium storing one or more sequences of instructions for securely establishing communication in a multicast group of nodes of a network, in which the nodes of the network include publishers and subscribers, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
-
registering a publisher and a subscriber with an event server; wherein the event server is communicatively connected to a directory that stores objects representing event types; in response to registering the publisher, the event server determining whether the publisher is authorized to produce a particular event, which corresponds to a particular event type, by checking in the directory a particular object that represents the particular event type; in response to registering the subscriber, the event server determining whether the subscriber is authorized to receive the particular event by checking in the directory the particular object that represents the particular event type; and storing, within the event server, a group session key for establishing a multicast group, wherein the multicast group includes the publisher and the subscriber, and the group session key is encrypted in a first message that has a prescribed format. - View Dependent Claims (28, 29)
-
Specification