Method and apparatus for distributing group data in a tunneled encrypted virtual private network
First Claim
1. A method, comprising:
- receiving a packet from a sender at a data communication device, wherein the packet is to be multicast to a plurality of destinations, each of which is a member of a multicast group;
identifying a security association related to the packet based, at least in part, on a data stream associated with the packet and security information shared between the data communications device and the plurality of destinations;
in response to determining that the security association related to the packet is shared between the data communications device and the plurality of destinations, processing the packet for the multicast group;
in response to determining that the security association related to the packet is shared between the data communications device and a particular destination but not the plurality of destinations, processing the packet separately for the particular destination;
wherein the method is performed by the data communication device.
0 Assignments
0 Petitions
Accused Products
Abstract
A packet forwarding process, on a data communications device, forwards a packet to a plurality of destinations within a network from that data communications device using an “encrypt, then replicate” method. The packet forwarding process receives a packet that is to be transmitted to the plurality of destinations, and applies a security association to the packet using security information shared between the data communications device, and the plurality of destinations, to create a secured packet. The secured packet contains a header that has a source address and a destination address. The source address is inserted into the header, and then the packet forwarding process replicates the secured packet, once for each of the plurality of destinations. After replication, the destination address is inserted into the header, and the packet forwarding process transmits each replicated secured packet to each of the plurality of destinations authorized to maintain the security association.
-
Citations
24 Claims
-
1. A method, comprising:
-
receiving a packet from a sender at a data communication device, wherein the packet is to be multicast to a plurality of destinations, each of which is a member of a multicast group; identifying a security association related to the packet based, at least in part, on a data stream associated with the packet and security information shared between the data communications device and the plurality of destinations; in response to determining that the security association related to the packet is shared between the data communications device and the plurality of destinations, processing the packet for the multicast group; in response to determining that the security association related to the packet is shared between the data communications device and a particular destination but not the plurality of destinations, processing the packet separately for the particular destination; wherein the method is performed by the data communication device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable storage medium encoded with one or more sequences of instructions, which when executed on a processor, cause the processor to perform:
-
receiving a packet from a sender at a data communication device, wherein the packet is to be multicast to a plurality of destinations, each of which is a member of a multicast group; identifying a security association related to the packet based, at least in part, on a data stream associated with the packet and security information shared between the data communications device and the plurality of destinations; in response to determining that the security association related to the packet is shared between the data communications device and the plurality of destinations, processing the packet for the multicast group; in response to determining that the security association related to the packet is shared between the data communications device and a particular destination but not the plurality of destinations, processing the packet separately for the particular destination. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus, comprising:
-
one or more processors; a computer-readable medium encoded with one or more sequences of instructions, which when executed on a processor, cause the processor to perform; receiving a packet from a sender at a data communication device, wherein the packet is to be multicast to a plurality of destinations, each of which is a member of a multicast group; identifying a security association related to the packet based, at least in part, on a data stream associated with the packet and security information shared between the data communications device and the plurality of destinations; in response to determining that the security association related to the packet is shared between the data communications device and the plurality of destinations, processing the packet for the multicast group; in response to determining that the security association related to the packet is shared between the data communications device and a particular destination but not the plurality of destinations, processing the packet separately for the particular destination. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification