Method and apparatus for creating a secure communication channel among multiple event service nodes
First Claim
1. A method for adding a first event service node to a multicast group that includes a plurality of event service nodes in a communication network, the method comprising the steps of:
- receiving a plurality of private keys from a subset of event service nodes of the plurality of event service nodes, wherein the subset of event service nodes comprises nodes that are affected by adding the first event service node to the multicast group; and
communicating the plurality of private keys to the first event service node,wherein the method is performed by one or more processors.
0 Assignments
0 Petitions
Accused Products
Abstract
An approach for establishing secure multicast communication among multiple event service nodes is disclosed. The event service nodes, which can be distributed throughout an enterprise domain, are organized in a logical tree that mimics the logical tree arrangement of domains in a directory server system. The attributes of the event service nodes include the group session key and the private keys of the event service nodes that are members of the multicast or broadcast groups. The private keys provide unique identification values for the event service nodes, thereby facilitating distribution of such keys. Because keys as well as key version information are housed in the directory, multicast security can readily be achieved over any number of network domains across the entire enterprise. Key information is stored in, and the logical tree is supported by, a directory service.
111 Citations
30 Claims
-
1. A method for adding a first event service node to a multicast group that includes a plurality of event service nodes in a communication network, the method comprising the steps of:
-
receiving a plurality of private keys from a subset of event service nodes of the plurality of event service nodes, wherein the subset of event service nodes comprises nodes that are affected by adding the first event service node to the multicast group; and communicating the plurality of private keys to the first event service node, wherein the method is performed by one or more processors. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A secure network communication system, comprising a plurality of group controllers coupled to a communication network, wherein at least one group controller of the plurality of group controllers comprises:
-
a processor; a memory coupled to the processor using a bus; one or more sequences of instructions stored in the memory for adding a first event service node to a multicast group that includes a plurality of event service nodes in the communication network, wherein execution of the one or more sequences of instructions by the processor causes the processor to perform the steps of; receiving a plurality of private keys from a subset of event service nodes of the plurality of event service nodes, wherein the subset of event service nodes comprises nodes that are affected by adding the first event service node to the multicast group; and communicating the plurality of private keys to the first event service node. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An apparatus for adding a first event service node to a multicast group that includes a plurality of event service nodes in a communication network, the apparatus comprising:
-
one or more processors; means for receiving a plurality of private keys from a subset of event service nodes of the plurality of event service nodes, wherein the subset of event service nodes comprises nodes that are affected by adding the first event service node to the multicast group; and means for communicating the plurality of private keys to the first event service node. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A method for removing a first event service node of a plurality of event service nodes from a multicast group that includes the plurality of event service nodes in a communication network, wherein the plurality of event service nodes is logically organized according to a binary tree that includes a root node, one or more intermediate nodes, and one or more leaf nodes, the method comprising the steps of:
-
for a particular node in the binary tree that corresponds to the first event service node, encrypting an authentication key for an immediate ancestral node that is logically above the particular node in the binary tree using one or more private keys of one or more nodes that are logically below the particular node; iteratively repeating said encrypting step for each successive ancestral node of the first event service node in the binary tree until the authentication key of the root node has been encrypted; and communicating the authentication keys to each event service node that is represented in a branch of the binary tree that includes the particular node that corresponds to the first event service node, wherein the method is performed by one or more processors. - View Dependent Claims (20, 21, 22)
-
-
23. A secure network communication system, comprising a plurality of group controllers coupled to a communication network, wherein at least one group controller of the plurality of group controllers comprises:
-
a processor; a memory coupled to the processor using a bus; one or more sequences of instructions stored in the memory for removing a first event service node of a plurality of event service nodes from a multicast group that includes the plurality of event service nodes in a communication network, wherein the plurality of event service nodes is logically organized according to a binary tree that includes a root node, one or more intermediate nodes, and one or more leaf nodes, wherein execution of the one or more sequences of instructions by the processor causes the processor to perform the steps of; for a particular node in the binary tree that corresponds to the first event service node, encrypting an authentication key for an immediate ancestral node that is logically above the particular node in the binary tree using one or more private keys of one or more nodes that are logically below the particular node; iteratively repeating said encrypting step for each successive ancestral node of the first event service node in the binary tree until the authentication key of the root node has been encrypted; and communicating the authentication keys to each event service node that is represented in a branch of the binary tree that includes the particular node that corresponds to the first event service node. - View Dependent Claims (24, 25, 26)
-
-
27. An apparatus for removing a first event service node of a plurality of event service nodes from a multicast group that includes the plurality of event service nodes in a communication network, wherein the plurality of event service nodes is logically organized according to a binary tree that includes a root node, one or more intermediate nodes, and one or more leaf nodes, the apparatus comprising:
-
one or more processors; means for encrypting, for a particular node in the binary tree that corresponds to the first event service node, an authentication key for an immediate ancestral node that is logically above the particular node in the binary tree using one or more private keys of one or more nodes that are logically below the particular node; means for iteratively repeating said encrypting step for each successive ancestral node of the first event service node in the binary tree until the authentication key of the root node has been encrypted; and means for communicating the authentication keys to each event service node that is represented in a branch of the binary tree that includes the particular node that corresponds to the first event service node. - View Dependent Claims (28, 29, 30)
-
Specification