Tree-based reliable multicast system where sessions are established by repair nodes that authenticate receiver nodes presenting participation certificates granted by a central authority
First Claim
1. A method of establishing a reliable multicast data distribution session, comprising:
- receiving at a repair node, when engaging in dialog with respect to the establishment of the multicast session, a certificate from a central authority authenticating a receiver for participation in the reliable multicast session;
authenticating the receiver based on its presentation of its participation certificate; and
approving the receiver for participating as a receiver in the reliable multicast session based on authorization information contained in its participation certificate.
2 Assignments
0 Petitions
Accused Products
Abstract
To authenticate and authorize prospective members in a reliable multicast data distribution setup, the prospective members contact a central authority to obtain a “participation certificate” for the multicast session. The central authority authenticates each node and issues a digitally signed certificate to the node. Each certificate contains information specifying the manner in which the respective node is authorized to participate in the multicast session in addition to the respective node'"'"'s public key. The nodes exchange their participation certificates with each other during session-establishment dialog to prove their identities and their authorization to participate. Each node verifies the rights of other nodes based on authorization information contained in the participation certificate received from the other node. Thus, a node is allowed to participate as a repair node only if it presents a participation certificate authorizing it to do so. Disruption in network operation is avoided by reducing the ability of malicious nodes to consume resources to the detriment of legitimate session members.
110 Citations
8 Claims
-
1. A method of establishing a reliable multicast data distribution session, comprising:
-
receiving at a repair node, when engaging in dialog with respect to the establishment of the multicast session, a certificate from a central authority authenticating a receiver for participation in the reliable multicast session;
authenticating the receiver based on its presentation of its participation certificate; and
approving the receiver for participating as a receiver in the reliable multicast session based on authorization information contained in its participation certificate.
-
-
2. A method of establishing a reliable multicast data distribution session, comprising:
-
at a network node acting as a central authority, providing each of a plurality of network nodes with a respective participation certificate serving as a credential enabling the node to participate in the reliable multicast data distribution session, each certificate being digitally signed by the central authority and containing authorization information specifying the manner in which the respective node is authorized to participate in the multicast session, the network nodes including a sender and a plurality of receivers, the receivers being organized into repair groups each including one receiver designated as a repair node for the group, the repair node for each group being responsible for reliably re-transmitting multicast messages received from the sender to any of the other receivers of the group upon request;
at the repair node for each repair group;
exchanging participation certificates with the other receivers of the repair group when engaging in dialog with respect to the establishment of the multicast session;
authenticating the other receivers of the repair group based on their presentation of their respective participation certificates; and
verifying the right of each of the other receivers of the repair group to participate as a receiver in the session based on the authorization information contained in the respective participation certificate; and
at each receiver other than the repair node in each repair group, upon exchanging participation certificates with the repair node of the group when engaging in dialog with respect to the establishment of the multicast session;
authenticating the repair node of the group based on its presentation of its participation certificate; and
verifying the right of the repair node to participate as a repair node in the session based on the authorization information contained in its participation certificate. - View Dependent Claims (3)
-
-
4. A system for establishing a reliable multicast data distribution session, comprising:
-
a central authority; and
a plurality of network nodes, the network nodes including a sender and a plurality of receivers, the receivers being organized into repair groups each including one receiver designated as a repair node for the group, the repair node for each group being responsible for reliably transmitting multicast messages received from the sender to each of the other receivers of the group;
the central authority being operative to provide each of the network nodes with a respective participation certificate serving as a credential enabling the node to participate in the reliable multicast data distribution session, each certificate being digitally signed by the central authority and containing authorization information specifying the manner in which the respective node is authorized to participate in the multicast session, the repair node for each repair group being operative to;
exchange participation certificates with the other receivers of the repair group when engaging in dialog with respect to the establishment of the multicast session;
authenticate the other receivers of the repair group based on their presentation of their respective participation certificates; and
verify the right of each of the other receivers of the repair group to participate as a receiver in the session based on the authorization information contained in the respective participation certificate, and each receiver other than the repair node of each repair group being operative to;
(i) exchange participation certificates with the repair node of the group when engaging in dialog with respect to the establishment of the multicast session, (ii) verify the right of the repair node to participate as a repair node in the session based on the authorization information contained in the participation certificate received from the repair node, and (iii) use the repair node'"'"'s public key included in the participation certificate to verify and accept digitally signed messages sent by the repair node.
-
-
5. A computer program product including a computer readable medium, the computer readable medium having a reliable multicast member verification program stored thereon for execution in a computer functioning as a network node, the reliable multicast member verification program comprising:
-
program code for obtaining a multicast session participation certificate from a central authority, the participation certificate serving as a credential enabling the network node to participate in a reliable multicast data distribution session, the certificate being digitally signed by the central authority and containing information specifying that the network node is authorized to participate as a repair node in the multicast session; and
program code for (i) exchanging participation certificates with receiver nodes when engaging in dialog with respect to the establishment of the multicast session, (ii) verifying the right of each receiver node to participate in the session based on authorization information contained in the participation certificate received from the receiver node, and (iii) using the receiver node'"'"'s public key included in its participation certificate to verify and accept digitally signed messages sent by the receiver node.
-
-
6. A computer data signal including a computer program for use in establishing a reliable multicast data distribution session, the computer program comprising:
-
program code for obtaining a multicast session participation certificate from a central authority, the participation certificate serving as a credential enabling a network node to participate in the reliable multicast data distribution session, the certificate being digitally signed by the central authority and containing information specifying that the network node is authorized to participate as a repair node in the multicast session; and
program code for (i) exchanging participation certificates with receiver nodes when engaging in dialog with respect to the establishment of the multicast session, (ii) verifying the right of each receiver node to participate as a receiver in the session based on authorization information contained in the participation certificate received from the receiver node, and (iii) using the receiver node'"'"'s public key included in its participation certificate to verify and accept digitally signed messages sent by the receiver node.
-
-
7. A system for establishing a reliable multicast data distribution session, comprising:
-
means, at a network node acting as a central authority, for providing each of a plurality of network nodes with a respective participation certificate serving as a credential enabling the node to participate in the reliable multicast data distribution session, each certificate being digitally signed by the central authority and containing authorization information specifying the manner in which the respective node is authorized to participate in the multicast session the network nodes including a sender and a plurality of receivers, the receivers being organized into repair groups each including one receiver designated as a repair node for the group, the repair node for each group being responsible for reliably re-transmitting multicast messages received from the sender to any of the other receivers of the group upon request;
means at the repair node for each repair group for;
exchanging participation certificates with the other receivers of the repair group when engaging in dialog with respect to the establishment of the multicast session;
authenticating the other receivers of the repair group based on their presentation of their respective participation certificates; and
verifying the right of each of the other receivers of the repair group to participate as a receiver in the session based on the authorization information contained in the respective participation certificate; and
means, at each receiver other than the repair node in each repair group, upon exchanging participation certificates with the repair node of the group when engaging in dialog with respect to the establishment of the multicast session, for (i) verifying the right of the repair node to participate as a repair node in the session based on the authorization information contained in the participation certificate received from the repair node, and (ii) using the repair node'"'"'s public key included in its participation certificate to verify and accept digitally signed messages sent by the repair node.
-
-
8. A method of establishing a reliable multicast data distribution session, comprising:
-
at a network node, receiving from a central authority a participation certificate serving as a credential enabling the node to participate in the reliable multicast data distribution session, each certificate being digitally signed by the central authority and containing information specifying that the node is authorized to participate as a repair node in the multicast session;
exchanging participation certificates with receiver network nodes when engaging in dialog with respect to the establishment of the multicast session;
authenticating the receiver nodes based on their presentation of their respective participation certificates; and
verifying the right of each receiver node to participate as a receiver node in the session based on the authorization information contained in the participation certificate received from the receiver node.
-
Specification