System and method for providing secure multicasting across virtual private networks

US 8,037,303 B2
Filed: 03/13/2006
Issued: 10/11/2011
Est. Priority Date: 03/13/2006
Status: Active Grant

First Claim

Patent Images

1. A method for providing a secure multicast of data across an unsecured network, the method comprising:

receiving, at an IPSec virtual private network device (IVD), a join message identifying at least one private multicast group;

identifying, by the IVD, a public multicast group of the unsecured network that is mapped to the private multicast group;

generating, by the IVD, a membership report specifying the public multicast group;

inserting a public IVD address of the IVD into a source field of the membership report;

sending the membership report to the unsecured network;

creating an IPSec tunnel through the unsecured network to a network element;

generating an IPSec encrypted control message specifying the private multicast group; and

sending the encrypted control message through the tunnel to allow the network element to decrypt the encrypted control message and send the decrypted control message to another network element.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for securely transmitting multicast data across an unsecured public network. Such a method includes receiving a join message identifying at least one private multicast group; mapping the private multicast group to a public multicast group; generating a membership report specifying the public multicast group; and sending the membership report to the unsecured network. Additionally, the method may further comprise creating a secure tunnel through the unsecured network to a network element coupled; generating an encrypted control message specifying the private multicast group; and sending the encrypted control message through the secure tunnel to the network element.

Citations

20 Claims

1. A method for providing a secure multicast of data across an unsecured network, the method comprising:
- receiving, at an IPSec virtual private network device (IVD), a join message identifying at least one private multicast group;
  
  identifying, by the IVD, a public multicast group of the unsecured network that is mapped to the private multicast group;
  
  generating, by the IVD, a membership report specifying the public multicast group;
  
  inserting a public IVD address of the IVD into a source field of the membership report;
  
  sending the membership report to the unsecured network;
  
  creating an IPSec tunnel through the unsecured network to a network element;
  
  generating an IPSec encrypted control message specifying the private multicast group; and
  
  sending the encrypted control message through the tunnel to allow the network element to decrypt the encrypted control message and send the decrypted control message to another network element.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the join message is a control message.
  - 3. The method of claim 2, wherein the control message is a Protocol Independent Multicast control message.
  - 4. The method of claim 1, wherein the join message is a membership report.
  - 5. The method of claim 4, wherein the membership report is an Internet Group Message Protocol membership report.
  - 6. The method of claim 1, wherein the network element is an encryption device.
  - 7. The method of claim 1, further comprising:
    - receiving the encrypted control message from the secure tunnel;
      
      decrypting the encrypted control message; and
      
      sending the decrypted control message to a second network element.

8. A system for securely transmitting multicast data across a public network, the system comprising:
- a first encryptor network element comprising an IPSec virtual private network device (IVD) and operable toreceive a join message from a first network element, the join message identifying at least one private multicast group,identify a public multicast group of the unsecured network that is mapped to the private multicast group,generate a membership report specifying the public multicast group,send the membership report to the public network,generate an IPSec encrypted control message specifying the private multicast group,insert a public IVD address of the IVD into a source field of the membership report,send the encrypted control message through the secure tunnel to the second encryptor network element to allow the second encryptor network element to decrypt the encrypted control message and send the decrypted control message to another network element.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the first network element is selected from a group consisting of:
    - a router;
      
      a switch;
      
      a gateway;
      
      a bridge;
      
      a load-balancer; and
      
      a firewall.
  - 10. The system of claim 8, wherein the join message is a control message.
  - 11. The system of claim 10, wherein the control message is a Protocol Independent Multicast control message.
  - 12. The system of claim 8, wherein the first network element is a multicast receiver.
  - 13. The system of claim 12, wherein the join message is a membership report.
  - 14. The system of claim 13, wherein the membership report is an Internet Group Message Protocol membership report.

15. A non-transitory computer readable medium storing software for securely transmitting multicast data across a public network, the software being embodied in the non-transitory computer readable medium and comprising code such that when executed is operable to:
- receive a join message identifying at least one private multicast group;
  
  identify a public multicast group of the unsecured network that is mapped to the private multicast group;
  
  generate a membership report specifying the public multicast group;
  
  insert a public IVD address of the IVD into a source field of the membership report;
  
  send the membership report to the unsecured network;
  
  create an IPSec tunnel through the unsecured network to a network element;
  
  generate an IPSec encrypted control message specifying the private multicast group; and
  
  send the encrypted control message through the tunnel to allow the network element to decrypt the encrypted control message and send the decrypted control message to another network element.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable medium of claim 15, wherein the join message is a control message.
  - 17. The non-transitory computer readable Medium of claim 16, wherein the control message is a Protocol Independent Multicast control message.
  - 18. The non-transitory computer readable medium of claim 15, wherein the join message is a membership report.
  - 19. The non-transitory computer readable medium of claim 18, wherein the membership report is an Internet Group Message Protocol membership report.
  - 20. The non-transitory computer readable medium of claim 15, wherein the network element is an encryption device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Williamson, Gary Beau
Primary Examiner(s)
ZIA, SYED

Application Number

US11/374,645
Publication Number

US 20070214359A1
Time in Patent Office

2,038 Days
Field of Search

None
US Class Current

713/163
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/104   Grouping of entities

System and method for providing secure multicasting across virtual private networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing secure multicasting across virtual private networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links