CN1848728B - Group broadcasting data controlled method based on IP network - Google Patents

Group broadcasting data controlled method based on IP network Download PDF

Info

Publication number
CN1848728B
CN1848728B CN 200510064338 CN200510064338A CN1848728B CN 1848728 B CN1848728 B CN 1848728B CN 200510064338 CN200510064338 CN 200510064338 CN 200510064338 A CN200510064338 A CN 200510064338A CN 1848728 B CN1848728 B CN 1848728B
Authority
CN
China
Prior art keywords
multicast
member
information
request
authority
Prior art date
Application number
CN 200510064338
Other languages
Chinese (zh)
Other versions
CN1848728A (en
Inventor
朱小勇
李挺屹
温慧尧
王劲林
王玲芳
Original Assignee
中国科学院声学研究所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国科学院声学研究所 filed Critical 中国科学院声学研究所
Priority to CN 200510064338 priority Critical patent/CN1848728B/en
Publication of CN1848728A publication Critical patent/CN1848728A/en
Application granted granted Critical
Publication of CN1848728B publication Critical patent/CN1848728B/en

Links

Abstract

A method for controlling multicast data based on IP network includes multicast right information preprocess as downs ending multicast right of multicast member to controller of multicast member and multicast certification management consisting of multicast joining /disengaging mechanism, mechanism of forced-disengaging multicast group and recording mechanism of multicast member behavior.

Description

一种基于IP网络的组播数据受控方法 IP Multicast Data Network Controlled Method

技术领域 FIELD

[0001] 本发明涉及IP网络系统,特别涉及到将计算机网络、电信网络相结合的IP [0001] The present invention relates to IP networks, and more particularly to computer networks, telecommunications networks a combination of IP

[0002] 网络服务系统。 [0002] network service system.

背景技术 Background technique

[0003] IP组播(也称多址广播或多播)技术,是一种允许一台或多台主机(组播源)发送单一数据包到多台主机(一次的,同时的)的TCP/IP网络技术。 [0003] IP multicast (also called multicast or multicast) technique, is a method that allows one or more hosts (multicast source) send a single packet to multiple hosts (once, at the same time) is a TCP / IP network technology. 组播作为一点对多点的通信,是节省网络带宽的有效方法之一。 As a multipoint multicast communication, one of the effective method is to save network bandwidth. IP组播通信必须依赖于IP组播地址,在IPv4中它是一个D类IP地址,范围从224. 0. 0. 0到239. 255. 255. 255,并被划分为局部链接组播地址、预留组播地址和管理权限组播地址三类。 IP multicast traffic must rely on an IP multicast address in IPv4, which is a Class D IP address ranging from 0.0 to 0. 224. 239. 255. 255. 255 and is divided into a link local multicast address reserved multicast addresses and multicast addresses three types of administrative privileges. 使用同一个IP组播地址接收组播数据包的所有主机构成了一个主机组,也称为组播组。 All hosts receiving multicast packets with a multicast IP address constitutes a host group, also known as a multicast group.

[0004] 在计算机网络(包括Internet网络)中,针对组播数据的传播,通常分为三个步骤:第一步是组播成员控制器接收组播成员的请求,因特网工程工作组(Internet Engineering Task Force,简称IETF)针对IPv4 定义的是IGMP,该协议分为IGMPl 和IGMP2 两个版本,IETF针对IPv6定义的是MLD ;第二步是从组播数据源到组播接收者之间路径的建立过程(即组播树的建立过程),这个过程已经由IETF定义了如DVMRP、PIM-SM、PIM-DM、 MOSPF等组播控制协议;第三步则是实际组播数据沿着第二步建立好的组播路径从组播数据源到各个组播成员的过程。 [0004] In a computer network (including the Internet), for a transmission of multicast data, usually divided into three steps: The first step is a request to receive the multicast members of the multicast member controllers, Internet Engineering Task Force (Internet Engineering Task Force, referred IETF) is defined for IPv4 IGMP, the protocol is divided into two versions IGMPl and IGMP2, IETF is defined for IPv6 MLD; second step is from the multicast data source into multicast path between receivers establishment process (i.e. the process of establishing multicast tree), the process has been defined as DVMRP, PIM-SM, PIM-DM, MOSPF and other multicast control protocol of the IETF; the third step is the actual multicast data along a second step-established process multicast path from the multicast data source to each of the multicast member. 上述的传统机制存在诸多不足之处,如对于任何主机发送的组播组加入请求,组播成员控制器不能拒绝;不能获知接收组播数据的成员数量;不能获得组播成员的与组播相关的行为信息;没有强制组播成员退出组播组的机制。 The presence of the many deficiencies of traditional mechanisms, such as a request to join any multicast group sent by the host, the controller can reject the multicast member; not know the number of members receive multicast data; multicast member can not be obtained with the multicast-related the behavior information; there is no mandatory multicast multicast group members quit mechanism. 因此在组播控制方面还存在改进的余地。 Thus there is room for improvement in the multicast control.

发明内容 SUMMARY

[0005] 本发明的目的在于克服传统组播成员管理协议的缺陷,增加组播成员的控制程度,从而提供一种基于IP网络的,包括组播加入/退出认证机制、强制退出组播组机制、组播成员行为记录机制的组播数据受控方法。 [0005] The object of the present invention to overcome the conventional drawbacks multicast group member management protocol, increasing the degree of control multicast member, thereby providing a IP-based network, including multicast join / quit authentication mechanisms, forced logout multicast group multicast data recording mechanism controlled method behavior multicast members.

[0006] 为达到上述发明目的,本发明提供的基于IP网络的组播数据受控方法,包括组播权限信息预处理和组播认证管理;所述组播权限信息预处理是将组播成员的组播权限下发到组播成员控制器的过程;所述组播权限信息预处理可采用成批次的处理方法或与接入认证相结合的方法。 [0006] In order to achieve the above object, the multicast data is controlled based on the IP network provided by the present invention, including the multicast authority and multicast authentication management information preprocessing; multicast authority information of the multicast member pretreatment the multicast to the multicast authority of the members of the process controller; the multicast authority information processing method may be employed as batch or pre-access authentication method of combining.

[0007] 所述组播认证管理包括组播加入认证机制,该机制通过如下步骤实现: [0007] The authentication management including multicast join multicast authentication mechanism that achieved by the following steps:

[0008] 11)组播成员根据用户指令,后台发起组播加入请求到组播成员控制器,该请求中携带能够识别用户身份的信息,并且带有安全保密标签; [0008] 11) a member of the multicast user according to the instruction, the background to the multicast join request to initiate a multicast member controllers, the request carries information that can identify the user, and the security and confidentiality with the tag;

[0009] 12)组播成员控制器根据接收到的请求,首先依据用户身份信息进行解密处理,并依据组播权限验证组播成员所发送的请求是否合法;如合法,向组播成员反馈成功信息,并打开用户所对应的组播数据转发;否则,向组播成员反馈失败信息。 [0009] 12) a member of the multicast controller according to the received request, first subscriber identity information according to a decryption process, and a member of a multicast authentication request is legitimate based on the transmitted multicast authority; as valid feedback to the multicast member success information, and the user opens the corresponding multicast data forwarding; otherwise, failure information feedback to the multicast members. [0010] 在组播成员已加入组播组的前提下,所述组播认证管理还包括组播退出认证机制,该机制通过如下步骤实现: [0010] Under the premise of multicast members have joined the multicast group, the multicast authentication manager further comprising exit multicast authentication mechanism that achieved by the following steps:

[0011] 13)组播成员根据用户指令,后台发起组播退出请求到组播成员控制器,该请求中携带能够识别用户身份的信息,并且带有安全保密标签; [0011] 13) a member of the multicast user according to the instruction, the background exit request initiates a multicast to the multicast member controllers, the request carries information that can identify the user, and the security and confidentiality with the tag;

[0012] 14)组播成员控制器根据接收到的请求,首先依据用户身份信息进行解密处理, 并依据组播权限验证组播成员所发送的请求是否合法;如合法,向组播成员反馈成功信息; 否则,向组播成员反馈失败信息。 [0012] 14) a member of the multicast controller according to the received request, first subscriber identity information according to a decryption process, and a member of a multicast authentication request is legitimate based on the transmitted multicast authority; as valid feedback to the multicast member success information; otherwise, failure information feedback to the multicast members.

[0013] 所述组播权限信息预处理中成批次的处理方法包括如下步骤: [0013] The batch processing method as preprocessing multicast authority information comprises the steps of:

[0014] 111)在组播行为处理中心与组播成员控制器之间定义组播权限格式文件; [0014] 111) the process definition file format multicast authority and multicast member between the central controller in the multicast behavior;

[0015] 112)通过FTP (文件传输协议)或自行定义的基于UDP/TCP的私有协议将组播权限格式文件由组播行为处理中心传递至组播成员控制器;或直接将组播权限信息使用自行定义的基于UDP/TCP的私有协议由组播行为处理中心传递至组播成员控制器。 [0015] 112) definable based on UDP / TCP multicast authority private protocol format transmitted by FTP (File Transfer Protocol) or processing center to conduct a multicast multicast member controllers; or directly to the multicast authority information based UDP / TCP protocol processing by a private multicast definable behavior is transmitted to the center member of the multicast controller.

[0016] 所述组播权限信息预处理中与接入认证相结合的方法包括如下步骤: [0016] Pretreatment of the multicast authority information and access authentication method comprising in combination the steps of:

[0017] 121)组播成员在接入网络的情况下,发起认证请求; [0017] 121) in the case of a member of a multicast access network initiates an authentication request;

[0018] 122)在组播成员控制器兼有认证接入路由器的功能的情况下,组播成员控制器向认证服务器发起认证请求,该认证请求通过Radius协议扩展数据字段; In the case [0018] 122) both of the function of the authentication access router multicast member controllers, members of the multicast controller initiates an authentication request to the authentication server, the authentication request through the Radius protocol extension data field;

[0019] 123)认证服务器将认证结果和该组播成员的组播权限传递给组播成员控制器, 组播成员控制器根据这些信息进行组播控制;其中认证结果通过Radius协议,扩展数据字段。 [0019] 123) the authentication server transmitting the authentication result and multicast authority of the multicast members of the multicast member to the controller, the controller multicast members multicast control according to the information; wherein the authentication result through the Radius protocol, extension data field of .

[0020] 所述步骤11)中的安全保密标签可以是对称加密或公钥加密或MD5算法摘要。 [0020] The step 11) in the security and confidentiality labels may be symmetric encryption or public key encryption algorithm or MD5 digest.

[0021] 在组播成员已加入组播组的前提下,所述组播认证管理还包括强制退出组播组机制,该机制通过如下步骤实现: [0021] Under the premise of multicast members have joined the multicast group, the multicast authentication manager further comprises a force-quit a multicast group mechanism that achieved by the following steps:

[0022] 21)组播成员控制器根据从系统管理方面来的命令或者组播权限发生变化,导致特定组播成员不再具有目前正在接收的组播数据流的权限,生成强制退出组播组命令,将该命令发送到被强制退出的特定组播成员; [0022] 21) a member of the multicast controller varies according to a command from the management system or a multicast authority, resulting in a specific multicast members no longer have permission multicast data stream currently being received, generates a force-quit a multicast group command, the command is sent to a specific multicast member is forced to quit;

[0023] 22)组播成员接收到强制退出组播组命令之后,根据其中所包含的原因,生成可显示给用户的信息,同时主动退出组播接收状态。 After [0023] 22) a member of a multicast group receives multicast force-quit command, according to the reason contained therein, generates display information to the user, while the active multicast reception state exit.

[0024] 在具有所述组播加入/退出机制的前提下,组播成员每次主动产生所述组播加入/退出请求时,在组播行为处理中心记录用户ID、组播组标识、具体时间、动作类别。 When [0024] In having the multicast join / withdrawal mechanism premise, each active member of the multicast generating the multicast join / leave request, recording a user ID, a multicast group identified in the multicast processing center behavior, particularly time, action category.

[0025] 在具有所述强制退出组播组机制的前提下,组播成员控制器在每次强制特定组播成员退出组播组时,在组播行为处理中心记录用户ID、组播组标识、具体时间、动作类别。 [0025] provided having a force-quit the multicast group of the multicast member controllers at each specific multicast forced leave a multicast group member, the center of the behavior recording process in the multicast user ID, a multicast group identifier the specific time, the action category.

[0026] 现有的常规组播成员管理协议存在着一些弊端,如:对于任何主机发送的组播组加入请求,组播控制器不能拒绝;不能获知接收组播数据的成员数量;不能获得组播成员的与组播相关的行为信息;没有强制组播成员退出组播组的机制。 [0026] The conventional general multicast group member management protocol, there are some drawbacks, such as: for any multicast group join request sent by the host, the controller can reject the multicast; can not know the number of members receive multicast data; group can not be obtained members of the multicast broadcast-related behavior information; there is no mandatory multicast members exit mechanism multicast group. 与现有技术相比,本发明克服了上述弊端,增加了对组播成员的控制程度,为业务提供商、网络运营商利用组播协议在IP网络上进行业务运营提供了有效的手段。 Compared with the prior art, the present invention overcomes the above drawbacks, increases the degree of control over the multicast member, for service providers, network operators using the multicast protocol operations in IP network provides an effective means. 其具体表现如下:通过控制组播成员加入/ 退出组播组,能够制定一定的管理策略,为运营商提供商业运营的技术支持;通过控制组播成员加入/退出组播组,能够将非法用户屏蔽在组播数据接收域之外,防止其对正常组播成员用户的干扰,并减轻组播成员控制的负担,降低网络流量;通过强制退出组播组,为运营商的预付费业务提供技术支持和管理支持;通过对组播成员行为进行记录,为进一步的数据挖掘提供数据资料。 Specific performance is as follows: by controlling multicast members join / leave a multicast group, able to develop some management strategies, provide technical support for operators of commercial operations; by controlling multicast members join / leave a multicast group, unauthorized users will be able to shielded from receiving multicast data field, which prevents interference with members of multicast users, multicast and reduce the burden of the control member, reduce network traffic; by forced leave a multicast group, to provide technical operators prepaid services support and management support; conduct by members of the multicast record, provide data for further data mining.

附图说明 BRIEF DESCRIPTION

[0027] 图1是本发明的组播数据受控方法总体框图; [0027] FIG. 1 is a general block diagram of a method of controlled multicast data according to the present invention;

[0028] 图2是本发明一个优选实施例的组播权限信息预处理流程图; [0028] FIG. 2 is a multicast authority information of a preferred embodiment of the present invention, a flowchart of preprocessing;

[0029] 图3是本发明组播加入认证部分的流程图; [0029] FIG. 3 is a flowchart showing the authentication section of the present invention was added multicast;

[0030] 图4是本发明组播加入认证过程的时序图; [0030] FIG. 4 is a timing diagram of the present invention is added to the multicast authentication process;

[0031] 图5是本发明组播退出认证部分的流程图; [0031] FIG. 5 is a flowchart illustrating a multicast authentication exit portion of the present invention;

[0032] 图6是本发明组播退出认证过程的时序图; [0032] FIG. 6 is a timing diagram of the present invention to exit the multicast authentication process;

[0033] 图7是本发明中强制退出组播组部分的流程图; [0033] FIG. 7 is a flowchart showing the forced leave a multicast group in a part of the present invention;

[0034] 图8是本发明强制退出组播组过程的时序图; [0034] FIG 8 is a timing diagram of the present invention is forced to exit the process multicast group;

[0035] 图9是本发明另一个优选实施例的组播权限信息预处理流程图; [0035] FIG. 9 is a flowchart of the present invention, the pretreatment multicast authority information according to another preferred embodiment;

[0036] 图10是本发明所涉及到的三类实体的示意图; [0036] FIG. 10 is a schematic diagram of the three types of entities involved in the present invention;

[0037] 图11是本发明的组播受控方法的一种应用场景示意图。 [0037] FIG. 11 is a schematic view of an application scenario controlled multicast method of the present invention.

具体实施方式 Detailed ways

[0038] 本发明提供的基于IP网络的组播数据受控方法,涉及到三类实体:组播成员、组播成员控制器、组播行为处理中心(如图10所示)。 [0038] multicast data is controlled based on the IP network provided by the present invention involves three entities: a member of the multicast, the multicast member controllers, the central processing multicast behavior (Figure 10).

[0039] 其中,组播成员指发起组播请求的物理设备实体(这些行为往往直接或者间接地由人为触发);这些物理设备实体包括各类计算机、机顶盒或具备无线接入的各种终端设备。 [0039] wherein the multicast member refers to the multicast request originating entity of the physical device (such behavior is often triggered directly or indirectly by human); these physical entities include various types of computer devices, set top boxes or a variety of wireless access terminal apparatus comprising .

[0040] 组播成员控制器指直接接收或间接接收组播请求的设备实体;它既可以是硬件设备,如路由器、网关、二层交换机;也可以是在主机或服务器上实现的软件程序实体。 [0040] The multicast control member refers to the device receiving entity directly or indirectly receive the multicast request; It can be hardware devices, such as routers, gateways, switcher; entity may be a software program implemented on host or server .

[0041] 组播行为处理中心指从组播成员控制器处接收组播成员在不同组播组之间切换的有关信息,进而进行相关处理的设备实体,如运营支撑系统(BOSS)、业务管理系统、用户 [0041] Multicast refers to information processing center behavior between different multicast group members of a multicast handover from the controller to receive multicast members, and further processed for device-related entity, such as the operation support system (the BOSS), Service Management system user

管理系统等。 Management systems.

[0042] 组播成员可以通过各种无线或有线方式连接到组播成员控制器,包括xDSL(使用电话线方式进行数据通信的传输机制)、WLAN (802. lla、802. lib,802. Ilg等)、 WffAN(802. 16)以及各种以太网接入方式(10Mbps、100Mbps、IOOOMbps 以及IOGbps)。 [0042] multicast members may be connected by a variety of wireless or wired manner to a member of the multicast controller, including the xDSL (using a telephone line to be transmitted in data communication mechanism), WLAN (802. lla, 802. Lib, 802. Ilg etc.), WffAN (802. 16) as well as various Ethernet access (10Mbps, 100Mbps, IOOOMbps and IOGbps).

[0043] 组播成员控制器和组播行为处理中心之间,只要在IP协议层次是可以直接连通的即可。 [0043] members of the multicast and the multicast control process between the behavior of the center, as long as the IP protocol level is in direct communication.

[0044] 下面结合附图和具体实施例,对本发明提供的基于IP网络的组播数据受控方法作进一步阐述。 [0044] The following drawings and specific embodiments, the controlled method for multicast data network based on IP is further illustrated in conjunction with the present invention provides.

[0045] 本发明提供的基于IP网络的组播数据受控方法包括组播权限信息预处理和组播认证管理。 Multicast data is controlled based on the IP network provided by the invention [0045] This includes multicast authority and multicast authentication management information preprocessing. 其中组播权限信息预处理是将组播成员设备的组播权限下发到组播成员控制器的过程,可采用成批次的处理方法,也可采用与接入认证相结合的方法。 Wherein the multicast authority information to the multicast authority pretreatment multicast member device to the multicast member controllers process, may be employed as batch processing method, the method may also be employed in combination with the access authentication. 在组播权限信息预处理完成后,则可进行组播认证管理。 After the completion of pre-multicast right information, you can multicast authentication management. 组播认证管理包括组播加入/退出认证、强制退出组播组和组播成员行为记录,其具体实现步骤将在下文中详述。 Multicast Authentication management includes the multicast join / leave certification, and compulsory leave a multicast group the multicast member behavior records, specific implementation steps will be described in detail below. [0046] 实施例1 [0046] Example 1

[0047] 如图1所示,本发明提供的基于IP网络的组播数据受控方法包括: [0047] As shown in FIG. 1, the present invention provides the controlled multicast data based on an IP network comprises:

[0048] 步骤100 :组播权限信息预处理。 [0048] Step 100: the multicast authority information preprocessing.

[0049] 步骤200 :组播认证管理。 [0049] Step 200: Multicast Authentication Management.

[0050] 本实施例中,如图2所示,步骤100的预处理过程采用成批次的处理方法,包括如下子步骤: [0050] In this embodiment, as shown in FIG. 2, step 100 using the pretreatment process into a batch processing method, comprising the sub-steps of:

[0051] 步骤101 :在组播行为处理中心与组播成员控制器之间定义组播权限格式文件; 其中组播行为处理中心可以是运营支撑系统(BOSS)或业务管理系统或用户管理系统。 [0051] Step 101: the process definition file format between multicast authority and multicast member central multicast controller behavior; wherein the multicast behavior may be a processing center operations support systems (the BOSS) or the service management system or the user management system. 组播权限格式文件中包括用户ID,组播地址,权限标识等。 Multicast right format files including user ID, multicast address, logo and other privileges.

[0052] 步骤102 :通过FTP (文件传输协议)或自行定义的基于UDP/TCP的私有协议(在UDP/TCP的数据载荷部分传输组播权限信息,每条权限条目包括用户ID,组播地址,权限标识)将组播权限格式文件从组播行为处理中心传递至组播成员控制器;或者直接将组播权限信息从组播行为处理中心传递至组播成员控制器,该传递过程使用自行定义的基于UDP/ TCP的私有协议。 [0052] Step 102: via FTP (File Transfer Protocol) or self-defined based on UDP / TCP private protocol (multicast authority information portion of the transmission load UDP / TCP data, each piece of rights entry includes a user ID, the multicast address , permission identifies) the multicast access behavior from the multicast file delivery format processing center to the multicast member controllers; or multicast transmission from the multicast authority information processing center to conduct multicast member controllers, the transfer process itself using defined based on UDP / TCP proprietary protocol.

[0053] 步骤200即本发明的主体部分组播认证管理,包括组播加入/退出认证、强制退出组播组和组播成员行为记录。 [0053] Step 200 i.e. multicast authentication management body portion of the present invention, including multicast join / quit authentication, and forced to leave a multicast group the multicast member behavior record. 在进行具体的认证管理前,首先需要扩展现有组播管理协议, 对于IP网络,以IPv4协议栈为例,假定参考设计参照IGMPV2,因为IETF标准的IGMPv2协议字段中没能包含和用户相关的信息,而且IGMPv2的命令标识字段值还有空余,这样就可以扩展命令标识。 DETAILED before performing authentication management, first extension of the existing multicast management protocol for IP networks to IPv4 protocol stack, for example, assumed that the reference design reference IGMPv2, because the IETF standard protocol IGMPv2 failed field associated with the user comprises information, and IGMPv2 command identification field value as well as spare, so that you can identify the extended commands. 添加5个命令标识,分别表示控制组播成员加入请求、控制组播成员加入响应、控制组播成员退出请求、控制组播成员退出响应、强制退出组播组命令,同时针对这5 类命令定义5类协议数据单元(PDU),在这些PDU中,包括和用户相关的信息。 Add five command identifies, respectively, a control member of a multicast join request, in response to the control members to join the multicast, the multicast control members leave request, the control members leave a multicast response, force-quit command a multicast group, also define the command for this class 5 class 5 protocol data unit (PDU), in the PDU, including information associated with the user. 在5类命令中的字段部分中包含有安全保密标签,该安全保密标签可以是对称加密或公钥加密或MD5 算法摘要,它们在封装命令控制包的时候经过计算加入。 Field portion 5 class command contains confidential security tag, security and confidentiality of the tag may be symmetric encryption or public key encryption algorithm or MD5 digest, which has been calculated at the time the package was added command control packet. 扩展IGMPv2协议和定义PDU的具体过程属于本领域技术人员的公知技术,不再赘述。 Extended and IGMPv2 protocol specific process defined PDU belongs to techniques known in the art in the art, it is omitted.

[0054] 如图3、4所示,组播加入认证包括如下子步骤: [0054] As shown, the multicast join 3,4 authentication comprises the substeps of:

[0055] 步骤201 :组播成员请求加入某个组播组,利用扩展的组播管理协议发送组播加入请求。 [0055] Step 201: a member of a multicast request to join a multicast group, multicast management protocol using the extended sends a multicast join request.

[0056] 步骤202 :组播成员控制器收到组播加入请求,转发该请求到组播行为处理中心。 [0056] Step 202: The controller receives the multicast members of the multicast join request, forwards the request to the processing center multicast behavior.

[0057] 步骤203 :组播行为处理中心接到步骤202中转发的组播加入请求,把该请求中的相应信息与组播允许信息进行比较,如果吻合,则返回允许加入的请求结果;如不吻合,则返回拒绝加入的请求结果。 [0057] Step 203: 202 conduct processing center forwarding multicast join request to a multicast step, the information corresponding to the multicast request permission information is compared, if match, the request is allowed to join the return result; as not match, reject the request to join the result is returned.

[0058] 步骤204 :组播成员控制器接收到步骤203中组播行为处理中心返回的请求结果并判断该请求结果,如果为允许加入,将组播成员加入组播组并转发响应到组播成员,同时将组播成员加入组播的结果发送到组播行为处理中心。 [0058] Step 204: The controller receives the multicast members of multicast in step 203 acts to return the center of the processing result of the request and determine whether the request result, if it is allowed to join the multicast group and members join the multicast response to the multicast forwarding members, and it will send the results to join a multicast multicast members to conduct multicast processing center.

[0059] 步骤205 :组播成员收到加入结果,判断结果,如果成功,则转入接收组播数据状态;否则提示相应失败信息给用户,之后转入组播成员设备的点播主菜单。 [0059] Step 205: receive a multicast join members result, the determination result, if successful, the process proceeds to receiving multicast data; otherwise the corresponding failure information to prompt the user, the main menu after the transition to on-demand multicast member devices.

[0060] 如图5、6所示,组播退出认证方法包括如下子步骤: [0060] As shown in FIG. 5, 6, exit the multicast authentication method comprises the substeps of:

[0061] 步骤211 :组播成员请求退出某个组播组,组播成员利用扩展的组播管理协议发送组播退出请求。 [0061] Step 211: a member of a multicast request exits a multicast group, using the extended multicast member sends a multicast Group Management Protocol exit request. [0062] 步骤212 :组播成员控制器收到组播退出请求,转发该请求到组播行为处理中心。 [0062] Step 212: The controller receives a multicast multicast member exit request, forwards the request to the processing center multicast behavior.

[0063] 步骤213 :组播行为处理中心接到转发请求,查询组播允许列表,如果找到,返回结果为允许退出;否则,结果为非法请求。 [0063] Step 213: The multicast forwarding behavior treatment center received a request to allow multicast query list, if found, return the results to allow exit; otherwise, the result is an illegal request. 然后组播行为处理中心将结果发送到组播成员控制器。 Then the behavior of multicast processing center sends the results to the multicast member controllers.

[0064] 步骤214 :组播成员控制器收到组播行为处理中心传来的退出应答,转发响应到组播成员,同时判断请求结果,如果结果为允许退出,将组播成员设备所在端口进行退出组 [0064] Step 214: The controller receives the multicast member to exit the multicast response behavior coming from the processing center, in response to forward multicast members, while the judgment result of the request, if the result is allowed to exit the port where the device for the multicast member exit group

播组处理。 Multicast group processing.

[0065] 步骤215 :组播成员控制器将退出处理结果发送到组播行为处理中心;组播成员设备收到退出应答,判断结果,如果结果为允许退出,组播成员设备转入其点播主菜单;否则提示非法请求信息,之后组播成员设备转入点播主菜单。 [0065] Step 215: the members of the multicast controller will exit the processing result to the behavior of multicast processing center; exit device receives the multicast response member, the determination result, if the result is allowed to exit the device into its on-demand multicast member main menu; otherwise prompt illegal request information after a member of the multicast device into the main menu on demand.

[0066] 如图7、8所示,强制退出组播组方法包括如下子步骤: [0066] 7 and 8, the force-quit a multicast group comprising the sub-steps:

[0067] 步骤221 :组播行为处理中心定时对加入组播的组播成员设备进行轮询,如果连续η次轮询,在本实施例中η取3,定时间隔定义为10秒(轮询次数和时间间隔可以根据实际情况确定)。 [0067] Step 221: the timing of a multicast behavior processing center member device added to the multicast multicast poll, if the continuous polling η times, in the present embodiment, taking η 3, timing interval is defined as 10 seconds (poll and the number of time intervals may be determined according to actual conditions). 组播成员设备没有响应,组播行为处理中心向组播成员控制器发送退出组播命令。 Members of the multicast device does not respond, the multicast behavioral treatment center sends a command to the multicast member leaves of multicast controller. 或者根据管理策略要求,管理者要求组播成员设备退出组播组时,组播行为处理中心向组播成员控制器发送退出组播命令。 According to management or policy requirements, the manager requires a multicast group member device leaves of multicast, multicast behavioral treatment center sends a command to the multicast member leaves of multicast controller.

[0068] 步骤222 :组播成员控制器收到组播退出命令,将组播成员设备所在端口进行退出组播组处理,组播成员控制器将退出处理结果发到组播行为处理中心。 [0068] Step 222: The controller receives a multicast multicast members Exit command, a multicast port member device where processing leave a multicast group, the multicast members of the controller will exit the processing result to the multicast behavior processing center.

[0069] 组播行为记录的方法是:在每次收到组播加入请求或组播退出请求的情况下,或者因为管理原因强制组播成员设备退出组播组的情况下,在组播行为处理中心进行记录, 记录信息包括用户ID、组播地址、发生时间、动作类别(如退出/加入)等信息。 [0069] The method multicast behavior record is: in the case of each received a request to join a multicast or multicast exit request, or because mandatory administrative reasons in the case of multicast member device leaves the multicast group, multicast behavior processing center recorded, the record information including user ID, the multicast address, time of occurrence, operation type (e.g. exit / added) and other information.

[0070] 实施例2 [0070] Example 2

[0071] 本发明提供的基于IP网络的组播数据受控方法包括: [0071] multicast data is controlled based on the IP network according to the present invention comprises:

[0072] 步骤100 :组播权限信息预处理。 [0072] Step 100: the multicast authority information preprocessing.

[0073] 步骤200 :组播认证管理。 [0073] Step 200: Multicast Authentication Management.

[0074] 本实施例中,步骤100的预处理过程采用与接入认证相结合的方法,包括如下子步骤(如图9所示): [0074] In this embodiment, the pretreatment process of step 100 and the access authentication method of combining comprises the sub-step (Figure 9):

[0075] 步骤111 :组播成员在接入网络的情况下,发起认证请求。 [0075] Step 111: In the case of multicast member access network initiates an authentication request.

[0076] 步骤112 :在组播成员控制器兼有认证接入路由器的功能的情况下,组播成员控制器在收到组播成员的认证请求后向认证服务器发起认证请求,该认证请求通过Radius 协议扩展数据字段。 [0076] Step 112: In a case where both the function member controllers multicast authentication access router, the multicast member controller initiates an authentication request to the authentication server receives the authentication request multicast member, the authentication request through Radius protocol extension data field.

[0077] 步骤113 :认证服务器将认证结果和该组播成员的组播权限传递给组播成员控制器,组播成员控制器根据这些信息进行组播控制。 [0077] Step 113: The authentication server multicast authority of the multicast member and the authentication result is transmitted to the controller multicast members, the members of the multicast controller multicast control according to the information. 这里的认证结果也通过Radius协议,扩展数据字段。 Here also the authentication result through the Radius protocol, extension data field.

[0078] 本实施例中,步骤200与实施例1完全相同,不再赘述。 [0078] In this embodiment, step 200 is identical with Example 1, is omitted.

[0079] 图11为本发明的一个应用场景,它示出了在IP网络中的用户观看IPTV的一个实例。 A scenario [0079] FIG. 11 of the present invention, which shows an example of a user in the IP network of the IPTV viewing. 图中各设备通过以太网络连接在一起,组播流服务器是IPTV服务器,要播放的节目存放在其中,按照一定的调度机制进行播放;组播权限维护在实际中可以是运营支撑系统,在组播控制路由器开机时通知组播权限维护机将所管辖的用户设备组播权限下载到本地;之后在膝上型计算机作为组播成员设备,组播控制路由器作为组播成员控制器的情况下,在膝上型计算机、组播控制路由器和组播行为处理中心三者之间应用组播控制机制。 FIG each device is connected together via Ethernet, IPTV multicast server is a streaming server, to play a program stored therein, to play in a certain scheduling mechanism; multicast authority can be maintained in real operation support system, in the group after the laptop case multicast members as the device, multicast control router as multicast member controller; notification broadcast rights to maintain control multicast router boot device user multicast authority of the machine will be downloaded to the local jurisdiction in laptop computers, multicast control and multicast router acts of processing applications multicast control mechanism between the three centers.

[0080] 为实现本发明,需要在组播成员设备(如图11中的膝上型计算)上安装组播客户端软件,该软件根据IGMPv2源程序(这可以通过开源软件的方式获得)数据单元的格式定义几个数据结构,并且编写请求、应答、命令的处理函数。 [0080] In order to achieve the present invention, the multicast client software needs to be installed on a member of a multicast device (a laptop computing in FIG. 11), the software source code in accordance with IGMPv2 (which may be obtained by way of open source software) data several cell format definition data structure, and the preparation of the request, response, command handler. 同时,需要在组播成员控制器(如图11中的控制组播路由器)上安装服务器端的软件,该软件与客户端软件的开发方法基本相同,区别仅仅在于完成的任务不同;另外还需要在组播成员控制器上编写记录组播成员行为的函数。 Meanwhile, the need to install the members in the multicast controller (controlling the multicast router 11 as shown) on the server-side software, the software and the client software development method is substantially the same, differ only task; also need multicast member functions written record of behavior on the multicast member controllers. 这些编程过程都属于本领域专业人员的公知技术,不再赘述。 The programming techniques are all well known in the art professionals, it is omitted.

[0081] 本发明中,在控制组播路由器积累组播成员行为数据到一定程度或一定时间之后,可以通过现有的各种通信方式,如TCP、UDP等,将数据传送到组播行为处理中心,当然也可以由组播行为处理中心主动获取这些信息。 [0081] In the present invention, the data after a certain time to a certain extent in the control or multicast router multicast members accumulation behavior, through a variety of conventional communication methods, such as TCP, UDP, etc., transmits data to the multicast processing behavior Center, of course, you can also take the initiative to get these information processing center by the multicast behavior. 组播行为处理中心获得组播成员行为数据之后,可以使用数据挖掘技术或其他数据分析技术,从而获得管理部门想要的数据。 After multicast behavior behavioral data processing center to obtain multicast member, you can use data mining techniques or other data analysis techniques to obtain data management wanted.

Claims (6)

  1. 一种基于IP网络的组播数据受控方法,其特征在于,包括组播权限信息预处理和组播认证管理;所述组播权限信息预处理是将组播成员的组播权限下发到组播成员控制器的过程;所述组播权限信息预处理可采用成批次的处理方法或与接入认证相结合的方法;所述组播认证管理包括组播加入认证机制,该机制通过如下步骤实现:11)组播成员根据用户指令,后台发起组播加入请求到组播成员控制器,该请求中携带能够识别用户身份的信息,并且带有安全保密标签;12)组播成员控制器根据接收到的请求,首先依据用户身份信息进行解密处理,并依据组播权限验证组播成员所发送的请求是否合法;如合法,向组播成员反馈成功信息,并打开用户所对应的组播数据转发;否则,向组播成员反馈失败信息;所述组播认证管理还包括组播退出认证机制,该机制通 Multicast data controlled method based on IP network, characterized by comprising the multicast authority and multicast authentication management information preprocessing; multicast authority of the multicast authority information preprocessing is sent to the multicast member process controller multicast member; multicast authority information of the pre-processing method can be employed as a batch process or a combination of the access authentication; authentication management includes the multicast join a multicast authentication mechanism, which by implement the steps of: 11) members of the multicast user according to the instruction, the background originating multicast join request to the multicast member controllers, the request carries information that can identify the user, and the security and confidentiality with label; 12) to control the multicast member according to the received request, first subscriber identity information according to a decryption process, and multicast authority according to the request transmitted authentication multicast member is legitimate; as valid feedback information to the multicast member success, and opens the corresponding user group multicast data forwarding; otherwise, failure information feedback to the multicast member; the multicast authentication management also includes multicast exit authentication mechanism, the mechanism through 如下步骤实现:13)组播成员根据用户指令,后台发起组播退出请求到组播成员控制器,该请求中携带能够识别用户身份的信息,并且带有安全保密标签;14)组播成员控制器根据接收到的请求,首先依据用户身份信息进行解密处理,并依据组播权限验证组播成员所发送的请求是否合法;如合法,向组播成员反馈成功信息;否则,向组播成员反馈失败信息。 Implement the steps of: 13) members of the multicast user according to the instruction, the background exit request initiates a multicast to the multicast member controllers, the request carries information that can identify the user, and the security and confidentiality with label; 14) to control the multicast member according to the received request, first decryption processing based on user identity information, and upon request multicast authority to verify multicast members sent is legitimate; as legitimate, successful feedback information to the multicast member; otherwise, the feedback to the multicast member failure information.
  2. 2.按权利要求1所述的组播数据受控方法,所述组播权限信息预处理中成批次的处理方法包括如下步骤:111)在组播行为处理中心与组播成员控制器之间定义组播权限格式文件;112)通过FTP (文件传输协议)或自行定义的基于UDP/TCP的私有协议将组播权限格式文件由组播行为处理中心传递至组播成员控制器;或直接将组播权限信息使用自行定义的基于UDP/TCP的私有协议由组播行为处理中心传递至组播成员控制器。 2. The method of claim controlled multicast data 1, the multicast authority information processing method to a batch pretreatment comprises the steps of: 111) and the processing center of the multicast member controllers multicast behavior defined between multicast authority format; 112) definable based on UDP / TCP multicast authority private protocol format transmitted by FTP (file transfer protocol) or processing center to conduct a multicast multicast member controllers; directly or the authority information based multicast UDP / TCP protocol processing from the private multicast behavior is transmitted to the center self-defined multicast member controllers.
  3. 3.按权利要求1所述的组播数据受控方法,所述步骤11)中的安全保密标签采用对称加密或公钥加密或MD5算法摘要。 3. The method as claimed in claim controlled multicast data 1, security label step 11) using a symmetric encryption or public key encryption algorithm or MD5 digest.
  4. 4.按权利要求1所述的组播数据受控方法,所述组播认证管理还包括强制退出组播组机制,该机制通过如下步骤实现:21)组播成员控制器根据从系统管理方面来的命令或者组播权限发生变化,导致特定组播成员不再具有目前正在接收的组播数据流的权限,生成强制退出组播组命令,将该命令发送到被强制退出的特定组播成员;22)组播成员接收到强制退出组播组命令之后,根据其中所包含的原因,生成可显示给用户的信息,同时主动退出组播接收状态。 4. The method of claim controlled multicast data 1, the authentication manager further comprises a multicast leave a multicast group mandatory mechanism that achieved by the following steps: 21) The multicast member from the system management controller command or multicast authority to change, resulting in a specific multicast members no longer have permission multicast data stream currently being received, generates a force-quit command a multicast group, multicast transmits the command to the particular member is forced to exit the ; after 22) members of a multicast group receives multicast force-quit command, according to the reason contained therein, generates display information to the user, while the active multicast reception state exit.
  5. 5.按权利要求2所述的组播数据受控方法,组播成员每次主动产生所述组播加入/退出请求时,在组播行为处理中心记录用户ID、组播组标识、具体时间、动作类别。 When the controlled multicast data 5. The method as claimed in claim 2, each active member of the multicast generating the multicast join / leave request, recording a user ID, a multicast group identification, multicast specific time behavior processing center , action category.
  6. 6.按权利要求4所述的组播数据受控方法,组播成员控制器在每次强制特定组播成员退出组播组时,在组播行为处理中心记录用户ID、组播组标识、具体时间和动作类别。 6. The method as claimed in claim 4, wherein the controlled multicast data, the multicast member to force the controller at each specific multicast leave a multicast group member, the central recording user ID, a multicast group identified in the multicast processing behavior, the specific time and action category.
CN 200510064338 2005-04-14 2005-04-14 Group broadcasting data controlled method based on IP network CN1848728B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200510064338 CN1848728B (en) 2005-04-14 2005-04-14 Group broadcasting data controlled method based on IP network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200510064338 CN1848728B (en) 2005-04-14 2005-04-14 Group broadcasting data controlled method based on IP network

Publications (2)

Publication Number Publication Date
CN1848728A CN1848728A (en) 2006-10-18
CN1848728B true CN1848728B (en) 2010-09-01

Family

ID=37078111

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200510064338 CN1848728B (en) 2005-04-14 2005-04-14 Group broadcasting data controlled method based on IP network

Country Status (1)

Country Link
CN (1) CN1848728B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101247553B (en) * 2007-02-13 2011-08-10 华为技术有限公司 Multimedia broadcast multicast service system and conversation starting and stopping method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1404259A (en) 2001-09-13 2003-03-19 华为技术有限公司 Business node-controlling multicasting method
CN1414759A (en) 2002-01-30 2003-04-30 华为技术有限公司 Controlled group broadcasting system and its realizing method
CN1419363A (en) 2002-11-26 2003-05-21 华为技术有限公司 Protocol 802.1X based multicast control method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1404259A (en) 2001-09-13 2003-03-19 华为技术有限公司 Business node-controlling multicasting method
CN1414759A (en) 2002-01-30 2003-04-30 华为技术有限公司 Controlled group broadcasting system and its realizing method
CN1419363A (en) 2002-11-26 2003-05-21 华为技术有限公司 Protocol 802.1X based multicast control method

Also Published As

Publication number Publication date
CN1848728A (en) 2006-10-18

Similar Documents

Publication Publication Date Title
US6948076B2 (en) Communication system using home gateway and access server for preventing attacks to home network
US7301944B1 (en) Media file distribution with adaptive transmission protocols
DE60131990T3 (en) Device and method for the selective encryption of multimedia data to be transmitted to a network
JP4705958B2 (en) Digital rights management method in a broadcast / multicast service
US6970941B1 (en) System and method for separating addresses from the delivery scheme in a virtual private network
CN100591020C (en) Multimedia business implementing system, method and relevant device
US8166175B2 (en) Sharing a port with multiple processes
KR101038612B1 (en) Information processing device, information processing method
US20040172559A1 (en) 802.1X protocol-based multicasting control method
US6359902B1 (en) System for translation and delivery of multimedia streams
CN101651622B (en) Scalable security services for multicast in a router having integrated zone-based firewall
US5699513A (en) Method for secure network access via message intercept
US8762707B2 (en) Authorization, authentication and accounting protocols in multicast content distribution networks
US6963573B1 (en) System, device, and method for receiver access control in a multicast communication system
EP2071838A1 (en) A system, device and method of suppoting ims terminals to share iptv services
US7233987B2 (en) System and method for converting requests between different multicast protocols in a communication network
US20050111474A1 (en) IP multicast communication system
CN101207501B (en) IP broadcasting system and a multicast group management apparatus for the same
US7865599B2 (en) Methods and apparatus for supporting transmission of streaming data
RU2282945C2 (en) System and method for organization of controllable broadcasting
US8458462B1 (en) Verifying integrity of network devices for secure multicast communications
EP1487168B1 (en) Secure multicast flow
CN100548044C (en) Mobile television broadcasting control system and broadcasting network and method
US7500006B2 (en) Ticketing and keying for orchestrating distribution of network content
US6654806B2 (en) Method and apparatus for adaptably providing data to a network environment

Legal Events

Date Code Title Description
C06 Publication
C10 Request of examination as to substance
C14 Granted
C17 Cessation of patent right