WO2000038392A2 - Appareil et procede de distribution de cles d'authentification de dispositifs de reseau dans un systeme multidestinataire - Google Patents

Appareil et procede de distribution de cles d'authentification de dispositifs de reseau dans un systeme multidestinataire Download PDF

Info

Publication number
WO2000038392A2
WO2000038392A2 PCT/US1999/031019 US9931019W WO0038392A2 WO 2000038392 A2 WO2000038392 A2 WO 2000038392A2 US 9931019 W US9931019 W US 9931019W WO 0038392 A2 WO0038392 A2 WO 0038392A2
Authority
WO
WIPO (PCT)
Prior art keywords
key
multicast
authentication key
encrypted
network devices
Prior art date
Application number
PCT/US1999/031019
Other languages
English (en)
Other versions
WO2000038392A3 (fr
Inventor
Thomas Hardjono
Original Assignee
Nortel Networks Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nortel Networks Limited filed Critical Nortel Networks Limited
Publication of WO2000038392A2 publication Critical patent/WO2000038392A2/fr
Publication of WO2000038392A3 publication Critical patent/WO2000038392A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications

Definitions

  • the invention generally relates networks and, more particularly, the invention relates to multicast transmissions across a computer network.
  • Multicasting is a well known method of transmitting messages to selected groups of users across a network, such as the Internet.
  • One simple example of multicasting entails transmitting an E-mail message to a plurality of users that each are on a mailing list.
  • Video conferencing and teleconferencing also use multicasting principles and thus, often are referred to as "multiconferencing.”
  • Many of the messages transmitted during a multicast include multicast control parameters that control the execution of the multicast
  • control messages One exemplary type of control message enables nodes to join an ongoing multicast.
  • an unauthorized network device transmits a control message to a multicast session.
  • an unauthorized network device undesirably may transmit a control message that prematurely ends a multicast session.
  • One solution to this problem (recently proposed by the PIM Working Group of the Internet Engineering Task Force) utilizes well known key encryption techniques to authenticate control messages transmitted between routers. To that end, a symmetrical authentication key is provided to each router in the multicast to encrypt and decrypt control messages transmitted in the multicast. Accordingly, upon receipt of a control message from another router, a receiving router can confirm that the control message was transmitted from an authorized router in the multicast by decrypting the received control message with the symmetrical authentication key.
  • an apparatus and method of distributing an authentication key to multicast network devices in a multicast loads a set of the multicast network devices with a security key that is unavailable to network devices that are not members of the multicast.
  • the authentication key then is encrypted via the security key to produce an encrypted authentication key that is forwarded to the set of multicast network devices.
  • the security key enables the set of multicast network devices to decrypt the encrypted authentication key to produce the authentication key.
  • the authentication key preferably is utilized by the multicast network devices to authenticate messages transmitted in the multicast.
  • the security key which may be manually loaded into memory of each multicast network device, is an asymmetrical key pair. In other embodiments, the security key is a symmetrical key.
  • the multicast may be configured in accord with any known multicast protocol, including the protocol independent multicast protocol. When configured as such, the authentication key may be produced by a rendezvous point multicast network device in the multicast.
  • the authentication key is changed during the multicast to produce a modified key. Accordingly, in such circumstances, the modified key is encrypted with the security key to produce an encrypted modified key that is forwarded to each multicast network device.
  • the encrypted authentication key is forwarded by a forwarding multicast network device, where the security key is selected to authenticate the identity of the forwarding multicast network device.
  • the security key also may be selected to ensure the secrecy of the encrypted authentication key.
  • the network devices may be routers or other network devices.
  • the set of multicast network devices may include all of the multicast network devices that are members of the multicast. For example, the set of multicast network devices may be a set of routers executing the protocol independent multicast protocol.
  • an apparatus and method of distributing an authentication key to network devices in a multicast encrypts the authentication key with a security key to produce an encrypted authentication key.
  • the secret key is unavailable to network devices that are not members of the multicast, and available to network devices that are members of the multicast.
  • the encrypted authentication key then is forwarded to the multicast network devices so that each such multicast network device can decrypt the encrypted authentication key with the security key to produce the authentication key.
  • the security key which may be manually loaded into memory of each multicast network device, is an asymmetrical key pair. In other embodiments, the security key is a symmetrical key.
  • the multicast may be configured in accord with any known multicast protocol, including the protocol independent multicast protocol. When configured as such, the authentication key may be produced by a rendezvous point multicast network device in the multicast.
  • the authentication key is changed during the multicast to produce a modified key. Accordingly, in such circumstances, the modified key is encrypted with the security key to produce an encrypted modified key that is forwarded to each multicast network device.
  • the encrypted authentication key is forwarded by a forwarding multicast network device, where the security key is selected to authenticate the identity of the forwarding multicast network device.
  • the security key also may be selected to ensure the secrecy of the encrypted authentication key.
  • an apparatus and method of distributing an authentication key to multicast network devices in a multicast first receives an encrypted authentication key that is an encrypted form of the authentication key.
  • the encrypted form preferably is encrypted by a secret key.
  • the secret key then is utilized to decrypt the encrypted authentication key to produce the authentication key.
  • the security key is unavailable to network devices that are not members of the multicast.
  • the security key is loaded into each network device in the multicast.
  • the security key may be an asymmetrical key pair, or a symmetrical key.
  • the multicast preferably is configured in accord with the protocol independent multicast network protocol.
  • an apparatus and method of distributing an authentication key to multicast network devices in a multicast loads each of the multicast network devices with a security key that is unavailable to network devices that are not members of the multicast.
  • the authentication key then is encrypted via the security key to produce an encrypted authentication key that is forwarded to the set of multicast network devices.
  • Each multicast network device then is controlled to utilize the secret key to decrypt the encrypted authentication key, thus producing the authentication key.
  • Preferred embodiments of the invention are implemented as a computer program product having a computer usable medium with computer readable program code thereon.
  • the computer readable code may be read and utilized by the computer system in accordance with conventional processes.
  • Figure 1 schematically shows an exemplary network arrangement in which preferred embodiments of the invention may be implemented.
  • Figure 2A schematically show a key distribution router that may be configured in accord with preferred embodiments of the invention.
  • Figure 2B schematically show a protocol independent multicast router that may be configured in accord with preferred embodiments of the invention.
  • Figure 3 shows a preferred process for initiating a protocol independent multicast in the network shown in figure 1.
  • Figure 4 shows a preferred process for distributing keys to protocol independent multicast routers.
  • Preferred embodiments of the invention relate to the secure distribution of an authentication key that confirms the authenticity of messages transmitted in a multicast ("multicast messages"). More particularly, the authentication key is utilized by multicast network devices to authenticate multicast messages, thereby ensuring that multicast messages received by multicast network devices were produced by network devices that are authorized to participate in the multicast. As discussed in greater detail below, the authentication key is distributed in an encrypted form within a key dissemination message that receiving network devices can decrypt by means of an asymmetrical security key. The security key is not available to network devices that are not authorized to participate in the multicast, thus ensuring both the authenticity and secrecy of key dissemination messages that distribute the authentication key to the multicast network devices.
  • FIG 1 schematically shows an exemplary multicast network 100 in which preferred embodiments of the invention may be implemented.
  • the network 100 preferably is executing in accord with a known multicast protocol, such as the protocol independent multicast protocol ("PEVI protocol").
  • PEVI protocol protocol independent multicast protocol
  • IP Multicast Internet Protocol multicast protocol
  • the PIM protocol therefore is discussed for exemplary purposes only and is not intended to limit the scope of the invention.
  • the multicast network 100 includes a rendezvous point router 102 for distributing multicast parameters and forming the multicast distribution tree, a bootstrap router 104 for selecting and identifying the rendezvous point router 102, a plurality of PEVI routers 106 that operate in accord with the PIM network protocol, and one or more non-PEVI routers 108 that merely forward PIM multicast messages toward the PIM routers 106.
  • the network 100 also includes a key distribution router 110 for generating and transmitting encryption keys for use in the multicast.
  • Each of the network devices of the multicast network 100 preferably communicates across a large scale network, such as the Internet.
  • Figure 2A schematically shows several internal components of the key distribution router 110.
  • the key distribution router 110 includes a key generator 200 for generating encryption keys in accord with preferred embodiments of the invention, an encrypter 202 for producing key dissemination messages, and a transmitter 204 for transmitting messages to multicast groups.
  • a key generator 200 for generating encryption keys in accord with preferred embodiments of the invention
  • an encrypter 202 for producing key dissemination messages
  • a transmitter 204 for transmitting messages to multicast groups.
  • Figure 2B schematically shows several internal components of a PEVI router 106 that may be utilized in the multicast network 100 shown in figure 1.
  • the PEVI router 106 includes a receiver 206 for receiving messages from other nodes of the multicast, a decrypter 208 for decrypting key dissemination messages in accord with preferred embodiments of the invention, memory 210 for storing data (e.g., the security key preloaded into the PIM router 106), and control logic 212 for executing PEVI functionality, such as decrypting (i.e., authenticating) multicast messages with the authentication key.
  • decrypting i.e., authenticating
  • FIG. 3 shows a preferred process of initiating a multicast utilizing the PEvl protocol.
  • the process begins at step 300, in which various keys utilized in the multicast are distributed to the PEVI routers 106.
  • keys are a bootstrap router asymmetrical public key pair ("bootstrap key") and a rendezvous key, both of which are known in the art.
  • the bootstrap key which preferably is a public key pair that complies with the well known "Rivest, Shamir, and Adleman cryptography method" (RSA cryptography method), is used to encrypt a message identifying the rendezvous point router 102.
  • the rendezvous key preferably is a symmetrical key that is utilized for communication between the rendezvous point router 102 and the bootstrap router 104.
  • the prior noted security key also is distributed to each PEVI router 106.
  • the security key preferably is a key pair having a "semi-public" key and a secret key.
  • the semi-public key is not considered to be a public key since it is not available from a publicly available certification authority. Accordingly, the semi-public key is loaded into the memory 210 of each PEVI router 106 that is to participate in the multicast shown in figure 1.
  • the semi-public key may be preloaded during manufacture of a given PEVI router 106, or may be manually loaded via a portable medium, such as a CD-ROM or floppy disk. Accordingly, the semi-public key is not available to network devices other than those loaded with the semi-public key.
  • Step 300 further includes the distribution of the authentication key to each selected PEVI router 106. Details of the distribution of the authentication key and other keys are discussed below with regard to the process shown in figure 4.
  • the process continues to step 302, in which the bootstrap router 104 first selects the PEVI router 106 that is to act as the rendezvous point router 102, and then broadcasts the identity of the selected rendezvous point router 102 to the PIM routers 106 in the multicast. To that end, the bootstrap router 104 conducts a well known election process to select the rendezvous point router 102. The identity of the selected rendezvous point router 102 then is encrypted (i.e., authenticated or digitally signed) via the bootstrap secret key, and transmitted to the multicast network 100.
  • the receiving PEVI routers 106 decrypt (i.e., authenticate) the encrypted identity of the rendezvous point router 102 by means of the bootstrap public key. Encrypting and decrypting (i.e., authenticating) the rendezvous point router identity in this manner ensures that its transmission is from a bootstrap router 104 that is authorized to initiate the multicast.
  • step 304 in which the router tables in the P M routers 106 are updated accordingly, and other multicast parameters are set in accord with conventional processes, thus ending the process.
  • the multicast is initiated and the PEVI routers 106 may transmit multicast messages across the multicast network 100 in accord with conventional processes.
  • FIG. 4 shows a preferred process for distributing keys (i.e., particularly the authentication key) to protocol independent multicast routers as discussed above in step 300.
  • the process begins at step 400, in which the key distribution router 110 generates the bootstrap key and the rendezvous key. Once generated, the key distribution router 110 transmits both the bootstrap and rendezvous keys to the bootstrap router 104, and the rendezvous key to the rendezvous point router 102 (step 402). To that end, a secure channel is established between the key distribution router 110 and each of the bootstrap router 104 and the rendezvous point router 102 for transmitting such keys. The key distribution router 110 then may utilize the secret key of the security key to encrypt the public key portion of the bootstrap key. The resulting encrypted bootstrap key then may be transmitted by the key distribution router 110 to each of the PIM routers 106 participating in the multicast (step 404).
  • the authentication key then is generated by the key distribution router 110 (step 406), and then encrypted with the secret key of the security key by the key distribution router encrypter 202 (step 408).
  • the authentication key preferably is encrypted by means of a cryptographic algorithm (e.g., the RSA cryptography method or the Data Encryption Standard) that produces the resultant key dissemination message. In such case, the hash may be appended to a message.
  • a cryptographic algorithm e.g., the RSA cryptography method or the Data Encryption Standard
  • the hash may be appended to a message.
  • step 410 in which the encrypted authentication key is transmitted to the respective PEVI routers 106. This transmission may be made in any conventional manner, such as via a unicast or via the distribution tree.
  • the encrypted authentication message is decrypted by means of the semi-public key of the security key (step 412).
  • Multicast messages then may be freely transmitted between the PEVI routers 106 within the multicast domain.
  • multicast messages received by non- PEVI routers 108 are merely re-transmitted in their entireties toward PEVI routers 106 in the multicast.
  • the authentication key is periodically changed to ensure that an unauthorized network device monitoring multicast traffic cannot determine its identity. Accordingly, the key distribution router 110 periodically changes the authentication key by transmitting a message to the PEVI routers 106 indicating that such message includes a new authentication key. A new key may be generated every several minutes, hours, days, or other selected time interval. In some embodiments, no time interval is selected and thus, the authentication key is sporadically changed. Accordingly, the process continues to step 414, in which the key distribution router 110 determines if the authentication key is to be changed. If it is not to be changed, then the process ends. If it is changed, then the process loops to step 406, in which the key distribution router 110 generates a new authentication key.
  • the security key is a symmetrical key.
  • the order of various steps of the processes shown in figures 3 and 4 may be varied as necessary without affecting the execution of the process.
  • the network devices utilized in the multicast network 100 may be any network device and thus, are not intended to be limited to routers. Routers are discussed for exemplary purposes only and should not be construed to limit the use or scope of preferred embodiments of the invention.
  • Preferred embodiments of the invention may be implemented in any conventional computer programming language.
  • preferred embodiments may be implemented in a procedural programming language (e.g., "C") or an object oriented programming language (e.g., "C++").
  • object oriented programming language e.g., "C++”
  • Alternative embodiments of the invention may be implemented as preprogrammed hardware elements (e.g., application specific integrated circuits), or other related components.
  • Alternative embodiments of the invention may be implemented as a computer program product for use with a computer system.
  • Such implementation may include a series of computer instructions fixed either on a tangible medium, such as a computer readable media (e.g., a diskette, CD-ROM, ROM, or fixed disk), or transmittable to a computer system via a modem or other interface device, such as a communications adapter connected to a network over a medium.
  • the medium may be either a tangible medium (e.g., optical or analog communications lines) or a medium implemented with wireless techniques (e.g., microwave, infrared or other transmission techniques).
  • the series of computer instructions preferably embodies all or part of the functionality previously described herein with respect to the system.
  • Such computer instructions can be written in a number of programming languages for use with many computer architectures or operating systems. Furthermore, such instructions may be stored in any memory device, such as semiconductor, magnetic, optical or other memory devices, and may be transmitted using any communications technology, such as optical, infrared, microwave, or other transmission technologies. It is expected that such a computer program product may be distributed as a removable medium with accompanying printed or electronic documentation (e.g., shrink wrapped software), preloaded with a computer system (e.g., on system ROM or fixed disk), or distributed from a server or electronic bulletin board over the network (e.g., the Internet or World Wide Web).
  • printed or electronic documentation e.g., shrink wrapped software
  • preloaded with a computer system e.g., on system ROM or fixed disk
  • server or electronic bulletin board e.g., the Internet or World Wide Web

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

L'invention concerne un appareil et un procédé de distribution d'une clé d'authentification à des dispositifs de réseau multidestinataire. Ledit procédé consiste à stocker sur un ensemble de dispositifs de réseau multidestinataire une clé de sécurité non disponible pour les dispositifs de réseau non membres du système multidestinataire. Ensuite, la clé d'authentification est codée avec la clé de sécurité pour produire une clé d'authentification codée qui est transmise à l'ensemble des dispositifs de réseau multidestinataire. La clé de sécurité permet à l'ensemble des dispositifs de réseau multidestinataire de décoder la clé d'authentification codée, de façon à produire la clé d'authentification. Il est préférable que les dispositifs de réseau multidestinataire utilisent la clé d'authentification pour authentifier les messages transmis dans le système multidestinataire.
PCT/US1999/031019 1998-12-23 1999-12-23 Appareil et procede de distribution de cles d'authentification de dispositifs de reseau dans un systeme multidestinataire WO2000038392A2 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US11373498P 1998-12-23 1998-12-23
US60/113,734 1998-12-23
US24726399A 1999-02-10 1999-02-10
US09/247,263 1999-02-10

Publications (2)

Publication Number Publication Date
WO2000038392A2 true WO2000038392A2 (fr) 2000-06-29
WO2000038392A3 WO2000038392A3 (fr) 2000-08-17

Family

ID=26811405

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1999/031019 WO2000038392A2 (fr) 1998-12-23 1999-12-23 Appareil et procede de distribution de cles d'authentification de dispositifs de reseau dans un systeme multidestinataire

Country Status (1)

Country Link
WO (1) WO2000038392A2 (fr)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005086412A1 (fr) 2004-03-05 2005-09-15 Electronics And Telecommunications Research Institute Procede de gestion de cles de chiffrement du trafic dans un systeme internet portable sans fil et procede de configuration de protocole correspondant, procede de fonctionnement d'un automate a cles de chiffrement du trafic dans une station abonnee
GB2423435A (en) * 2005-02-17 2006-08-23 Motorola Inc Access control for mobile multicast
CN101222772B (zh) * 2008-01-23 2010-06-09 西安西电捷通无线网络通信有限公司 一种基于id的无线多跳网络认证接入方法
US20110072266A1 (en) * 2008-10-10 2011-03-24 Hisashi Takayama Information processing device, authentication system, authentication device, information processing method, information processing program, recording medium, and integrated circuit
US8688974B2 (en) 2008-01-23 2014-04-01 China Iwncomm Co., Ltd. Method for managing wireless multi-hop network key
US8886935B2 (en) 2010-04-30 2014-11-11 Kabushiki Kaisha Toshiba Key management device, system and method having a rekey mechanism

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0693836A1 (fr) * 1994-06-10 1996-01-24 Sun Microsystems, Inc. Procédé et dispositif pour un schéma de maniement de clef pour protocoles internet
EP0887982A2 (fr) * 1997-06-23 1998-12-30 Sun Microsystems, Inc. Procédé et système de distribution sécurisée de clés cryptographiques dans un réseau à destinations multiples

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0693836A1 (fr) * 1994-06-10 1996-01-24 Sun Microsystems, Inc. Procédé et dispositif pour un schéma de maniement de clef pour protocoles internet
US5668877A (en) * 1994-06-10 1997-09-16 Sun Microsystems, Inc. Method and apparatus for stepping pair keys in a key-management scheme
EP0887982A2 (fr) * 1997-06-23 1998-12-30 Sun Microsystems, Inc. Procédé et système de distribution sécurisée de clés cryptographiques dans un réseau à destinations multiples

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JORDAN F ET AL: "SECURE MULTICAST COMMUNICATIONS USING A KEY DISTRIBUTION CENTER" PROCEEDINGS OF THE IFIP TC6 INTERNATIONAL CONFERENCE ON INFORMATION NETWORKS AND DATA COMMUNICATION,NL,AMSTERDAM, NORTH HOLLAND, vol. CONF. 5, 1994, pages 367-380, XP000593303 ISBN: 0-444-81869-3 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005086412A1 (fr) 2004-03-05 2005-09-15 Electronics And Telecommunications Research Institute Procede de gestion de cles de chiffrement du trafic dans un systeme internet portable sans fil et procede de configuration de protocole correspondant, procede de fonctionnement d'un automate a cles de chiffrement du trafic dans une station abonnee
EP1721409A1 (fr) * 2004-03-05 2006-11-15 Electronics and Telecommunications Research Institute Procede de gestion de cles de chiffrement du trafic dans un systeme internet portable sans fil et procede de configuration de protocole correspondant, procede de fonctionnement d un automate a cles de chiffrement du trafic dans une station abonnee
EP1721409A4 (fr) * 2004-03-05 2011-01-05 Korea Electronics Telecomm Procede de gestion de cles de chiffrement du trafic dans un systeme internet portable sans fil et procede de configuration de protocole correspondant, procede de fonctionnement d un automate a cles de chiffrement du trafic dans une station abonnee
GB2423435A (en) * 2005-02-17 2006-08-23 Motorola Inc Access control for mobile multicast
GB2423435B (en) * 2005-02-17 2007-07-18 Motorola Inc Access control for mobile multicast
CN101222772B (zh) * 2008-01-23 2010-06-09 西安西电捷通无线网络通信有限公司 一种基于id的无线多跳网络认证接入方法
US8688974B2 (en) 2008-01-23 2014-04-01 China Iwncomm Co., Ltd. Method for managing wireless multi-hop network key
US20110072266A1 (en) * 2008-10-10 2011-03-24 Hisashi Takayama Information processing device, authentication system, authentication device, information processing method, information processing program, recording medium, and integrated circuit
US8479000B2 (en) * 2008-10-10 2013-07-02 Panasonic Corporation Information processing device, authentication system, authentication device, information processing method, information processing program, recording medium, and integrated circuit
US8886935B2 (en) 2010-04-30 2014-11-11 Kabushiki Kaisha Toshiba Key management device, system and method having a rekey mechanism

Also Published As

Publication number Publication date
WO2000038392A3 (fr) 2000-08-17

Similar Documents

Publication Publication Date Title
US5748736A (en) System and method for secure group communications via multicast or broadcast
US6038322A (en) Group key distribution
US7120696B1 (en) Cryptographic communications using pseudo-randomly generated cryptography keys
JP4814339B2 (ja) 制約された暗号キー
US7328343B2 (en) Method and apparatus for hybrid group key management
US9148421B2 (en) Method and system for encryption of messages in land mobile radio systems
CA2690778C (fr) Systeme et procede pour creer et envoyer des donnees de diffusion et multidiffusion
US5812671A (en) Cryptographic communication system
US6725276B1 (en) Apparatus and method for authenticating messages transmitted across different multicast domains
EP0887982A2 (fr) Procédé et système de distribution sécurisée de clés cryptographiques dans un réseau à destinations multiples
US20090292914A1 (en) Nodes and systems and methods for distributing group key control message
CN102447679B (zh) 一种保障对等网络数据安全的方法及系统
US6052787A (en) Process for group-based cryptographic code management between a first computer unit and group computer units
US20050111668A1 (en) Dynamic source authentication and encryption cryptographic scheme for a group-based secure communication environment
CN102905199A (zh) 一种组播业务实现方法及其设备
EP1135888B1 (fr) Appareil et procede permettant de limiter les acces illicites a une multi-diffusion sur reseau
JPH10107832A (ja) 暗号同報メールシステム
WO2000038392A2 (fr) Appareil et procede de distribution de cles d'authentification de dispositifs de reseau dans un systeme multidestinataire
JP2004242210A (ja) マルチキャスト配信システム及びその方法並びにデータ中継装置、クライアント装置、認証・鍵管理装置
JP2001244924A (ja) 情報暗号化方式
JPH06276188A (ja) 電子通信装置
CN116208327A (zh) 基于国密加密及pgp信任网络的端到端通信方法及系统
Lorenz et al. A scalable framework for secure group communication
JP2001285274A (ja) 暗号通信方法及び暗号通信システム
CN115801245A (zh) 设备通信方法、装置、存储介质及电子装置

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): CA US

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

AK Designated states

Kind code of ref document: A3

Designated state(s): CA US

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase