WO2009036685A1 - Procédé et appareil pour implémenter une authentification de multidiffusion - Google Patents

Procédé et appareil pour implémenter une authentification de multidiffusion Download PDF

Info

Publication number
WO2009036685A1
WO2009036685A1 PCT/CN2008/072309 CN2008072309W WO2009036685A1 WO 2009036685 A1 WO2009036685 A1 WO 2009036685A1 CN 2008072309 W CN2008072309 W CN 2008072309W WO 2009036685 A1 WO2009036685 A1 WO 2009036685A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
multicast
authentication
information
network device
Prior art date
Application number
PCT/CN2008/072309
Other languages
English (en)
Chinese (zh)
Inventor
Peilin Yang
Guomin Wu
Yuping Zhao
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2009036685A1 publication Critical patent/WO2009036685A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the present invention relates to the field of multicast technologies, and in particular, to a method and apparatus for implementing multicast authentication.
  • a multicast group consists of a sender and a receiver, and a sender-to-receiver is connected by a multicast distribution tree.
  • the sender needs to send data to the receiver, the sender sends the data through the host to the router connected to it, and the router forwards the data to the receiver through the multicast distribution tree.
  • the router does not impose any restrictions on the host that sends the data.
  • IGMP Internet Group Management Protocol
  • the router processes the report. After the text, the corresponding multicast group data is forwarded to the host.
  • the router does not impose any restrictions on hosts that want to receive multicast messages.
  • multicast security has become a problem that must be solved as soon as possible. Preventing unauthorized recipients from receiving multicast packets is a key factor in achieving multicast security.
  • the multicast protocol such as IGMP
  • the user can join or leave at will, which prevents the user from performing access control on the multicast service.
  • the user can perform the denial of service for the network bandwidth. (Deny of Service, DoS) attacks, thereby wasting network bandwidth.
  • DoS Deny of Service
  • the second is the charging problem. Because the multicast protocol, such as IGMP, does not involve accounting, the multicast source cannot know when the user joins or leaves the multicast group.
  • the third is the authorization problem; because the multicast protocol, such as IGMP, does not have the authentication function, the operator cannot authorize each user with different rights according to the needs of each user.
  • a method for implementing multicast security in the prior art is: authenticating a user at the application layer (such as the Web mode), authenticating the user at the application layer, and not setting permissions on the user at the access network layer.
  • the application layer such as the Web mode
  • the user rights of the network device between the router and the host can be set up; or the user can download the corresponding user rights through the network management mode.
  • User management can also be achieved by encrypting multicast data and managing it by key.
  • the inventors have found that the above prior art method has at least the following problems: The method is difficult to implement and high in cost. At the same time, this method cannot solve the problem that the user performs DoS attacks against network bandwidth and wastes network bandwidth.
  • Embodiments of the present invention provide a method and apparatus for implementing multicast authentication. Therefore, multicast authentication can be performed on the access network, and the multicast service received by the user can be controlled.
  • An embodiment of the present invention is implemented by the following technical solutions: A method for implementing multicast authentication, including: a switching device receiving an authentication result of a multicast authentication, and acquiring rights information of a user included in the authentication result; The switching device saves the permission information, and controls the multicast stream that needs to be sent to the user according to the permission information.
  • a method for implementing multicast authentication including: after the network device determines that the user terminal needs to perform multicast authentication, the network device sends a message requesting multicast authentication to the user; the user receives the request After the multicast authentication message is sent, the multicast authentication request is sent to the network device.
  • a method for implementing multicast authentication comprising: an authentication server receiving a multicast authentication request that is sent by a user and carrying user authentication information and multicast group identification information; the authentication server is configured according to the user authentication information and the multicast group identifier The information is authenticated by the user, and the authentication result carrying the authentication success or failure information is returned to the network device corresponding to the user.
  • a switching device comprising: a rights information obtaining module, configured to receive an authentication result of the multicast authentication sent by another network device, and obtain the user right information from the authentication result; and the rights information saving module is configured to obtain the The user's permission information stores the correspondence between each user and user authority information.
  • a network side device comprising: a multicast authentication judging module, configured to: after receiving a multicast authentication request sent by a user, determine, according to the multicast address and the user address included in the multicast authentication request, whether the device needs to be
  • the multicast authentication triggering module is configured to: after the multicast authentication determination module determines that the user needs to perform multicast authentication, send a message requesting multicast authentication to the user.
  • the embodiment of the present invention saves the rights information of each user in the switching device, so that the receiving device can perform the receiving control of the multicast service by using the switching device.
  • the embodiment of the present invention can also pass through the network side. After the judgment, the multicast authentication to the user is initiated first.
  • the embodiments of the present invention can also implement other authentication protocols and multicast protocols to cooperate with each other to perform multicast authentication for users.
  • FIG. 1 is a schematic diagram of a process flow of Embodiment 1 according to an embodiment of the present invention
  • FIG. 2 is an IGMP/MLD join message using an extended manner of IGMP/MLD Report messages according to an embodiment of the present invention
  • An IGMP/MLD jo in message in a new message type manner defined in the IGMP/MLD protocol is provided in the embodiment of the present invention
  • FIG. 4 is a schematic diagram of a switching device that forwards a multicast stream to a user according to a multicast forwarding table according to an embodiment of the present invention
  • FIG. 5 is a schematic diagram of a process flow of Embodiment 2 according to an embodiment of the present invention
  • FIG. 6 is a schematic flowchart of a process of Embodiment 3 according to an embodiment of the present invention
  • FIG. 8 is a schematic diagram of another processing procedure of Embodiment 4 according to an embodiment of the present invention
  • FIG. 9 is a schematic structural diagram of a switching device according to an embodiment of the present invention
  • Embodiments of the present invention provide a method and apparatus for authenticating a multicast service.
  • the switching device receives the authentication result sent by the multicast router, where the authentication result includes the user receiving the corresponding multicast service right information, and the switching device forms a multicast forwarding table according to the received authentication result.
  • the switching device After receiving the multicast service that the user needs to receive, the switching device searches the multicast forwarding table to determine whether the user has the right to receive the multicast service, and if yes, forwards the multicast service to the user; otherwise, does not The user forwards the above multicast service.
  • the above process of authenticating a multicast service may be performed by extending an existing Group Management Protocol (GMP) protocol, such as IGMP, a multicast listening (MLD) protocol, or an Extensible Authentication Protocol (EAP). to realise.
  • GMP Group Management Protocol
  • IGMP multicast listening
  • EAP Extensible Authentication Protocol
  • the above authentication process can also be implemented by designing a special GMP protocol.
  • the authentication process can also be implemented by using other authentication protocols and multicast protocols to cooperate with each other.
  • the above process of authenticating a multicast service may first be triggered by a multicast router. That is, the multicast router generates a trigger mechanism to require the multicast user to perform authentication.
  • the IGMP and EAP protocols are first introduced.
  • IGMP The function implemented by IGMP is bidirectional: On the one hand, the user informs the local multicast router through IGMP that it wants to join and receive information of a specific multicast group. On the other hand, the multicast router periodically queries the local area network through IGMP. Whether the members of the group are active (that is, whether there are still members of a multicast group in the network segment), and collecting and maintaining the membership of the group in the network segment.
  • IGMPvl the members of the group are active (that is, whether there are still members of a multicast group in the network segment), and collecting and maintaining the membership of the group in the network segment.
  • the Type field in Table 1 above indicates the IGMPv2 packet type, which mainly includes four types:
  • the general query packet is used to learn which multicast group members exist on the adjacent network.
  • a specific group query message is used to know whether a member specified in a neighboring network exists.
  • the general query message and the specific group query message are distinguished by the group address field: The group address field of the general query message is 0, and the group address field of the specific group query message is the address of the multicast group to be queried.
  • this type of packet is mainly used to implement IGMPvl member report.
  • This is a message class that is added to IGMPv2 and is added to IGMPv2.
  • this type of packet is mainly used to implement IGMPv2 member report.
  • this type of message is mainly used to implement the leave group report.
  • the format of the IGMPv3 and IGMPv1 packets is similar to the IGMPv2 packet format.
  • EAP protocol packet format is described in detail in RFC3748.
  • the encapsulation format of EAP packets is shown in Table 2 below: Table 2 :
  • the code value of EAP is specified as follows: 1 indicates the type of Request message; 2 indicates the type of Response message; 3 indicates the type of Success; 4 indicates the type of Failure message.
  • the meanings of the Code field, the Identifier field, and the Length field in Table 3 above are as described in Table 2 above.
  • the Type field in Table 3 above occupies 1 byte, and the field value specifies the type of Request or Response. It must appear in the EAP Request message or Response message and only one Type appears. Generally, the value of the Type field in the Response packet is the same as the value of the Type field in the Request packet. However, the Response packet can have a Nak type. When the Supplicant sends a Nak-type packet to respond to the Request, it indicates that the Type in the Request cannot be accepted by the Supplicant. It can indicate that it wants to use and support it. Type of certification.
  • Type field values defined in RFC2284 are: 1 for Identity type; 2 for Notification type; 3 for Nak (Response only) type; 4 for MD5-Challenge type; 5 for OTP (One-Time Password) (RFC 1938) type ; 6 indicates the Generic Token Card type.
  • the meanings of the Code field, the Identifier field, and the Length field in Table 4 above are as described in Table 2 above.
  • the Success message is sent to the Supplicant by the Authenticator. After the user information is successfully authenticated, the Authenticator sends an EAP packet with a value of 3 (Success) to indicate that the authentication succeeds. When the user information fails to be authenticated, the Authenticator sends a Code field value. 4 EAP packet (ie Failure) to indicate that the authentication failed.
  • Embodiment 1 implements multicast message exchange between a host (user) and a multicast router by extending the IGMP/MLD protocol.
  • the specific processing process includes:
  • a bit in Reserved is used, for example, the last bit is used to identify whether it is the first Report message, and "1" is indicated as the first Join message. "0" is expressed as a normal Report message.
  • the above user authentication information can be placed in the new type: Information, and the new type Protocol Type indicates the authentication type, PAP, CHAP. Etc., the new type Length indicates the length of the user information.
  • the multicast router After receiving the IGMP/MLD join message, the multicast router obtains the user authentication information and the group address information of the multicast group carried in the message. The multicast router also determines whether the IGMP/MLD join message is the first report message sent by the user to the multicast router according to the configuration method of the IGMP/MLD join message. After the multicast router determines that the received IGMP/MLD join message is the first report message of the user, that is, the IGMP join message, the multicast authentication information and the group address information of the multicast group are sent to the authentication server. . After receiving the user authentication information and the group address information of the multicast group, the authentication server authenticates the user.
  • the authentication server After the authentication server successfully authenticates the user, the authentication server returns an authentication result carrying the authentication success information to the multicast router.
  • the multicast router After receiving the above authentication result, the multicast router gives the user the corresponding permission, and allows the user to join the multicast group to be joined, and allows the user to receive the corresponding multicast service.
  • the multicast router transmits the authentication result of the user's authority information to the switching device, and the user's rights information includes the multicast service information that the user can receive.
  • the switching device After receiving the above authentication result, the switching device adds the permission information of the user to the multicast forwarding table.
  • the multicast forwarding table contains multicast service information that each user has permission to receive.
  • the switching device After receiving the multicast stream that the user needs to receive, the switching device searches the multicast forwarding table to determine whether the user has the right to receive the multicast stream, and if yes, forwards the multicast stream to the user; otherwise, The above multicast stream is not forwarded to the user.
  • the switching device notifies the user that the authentication is successful.
  • the authentication server fails to authenticate the user, the authentication result of the authentication failure information is returned to the multicast router.
  • the multicast router After receiving the above authentication result carrying the authentication failure information, the multicast router sends the authentication result to the switching device.
  • the switching device After receiving the above authentication result carrying the authentication failure information, the switching device does not add the user to the multicast forwarding table. Notify the user that the authentication failed. After receiving the multicast stream that the user needs to receive, the switching device searches the multicast forwarding table and finds that the user does not have permission to receive the multicast stream, and does not forward the multicast stream to the user.
  • a multicast forwarding table may be set up in the foregoing switching device.
  • the multicast forwarding table may include: a multicast group MAC address, a user MAC address, and a port/VC where the user is located, and may also include a VLAN. User IP address and other information.
  • the device searches for the corresponding multicast forwarding table and replaces the destination multicast MAC address of the multicast stream with the unicast MAC address for each user.
  • a schematic diagram of the switching device forwarding the multicast stream to the user according to the multicast forwarding table is shown in FIG. 4 .
  • a user multicast forwarding table is formed, so that the network can control the forwarding of the multicast stream to the authorized multicast user, but for the user without the authority. , illegal users cannot receive multicast streams.
  • the above switching devices include but are not limited to: network switches such as Layer 2 switches, Layer 3 switches, or digital subscriber line access multiplexers.
  • the multicast router After receiving the multicast authentication request packet, the multicast router sends the extended EAP request packet to the user, and the extended EAP request packet carries the multicast information.
  • the EAP code type is request or response
  • the Type 1 indicates the user ID.
  • the type is extended.
  • the user identifier is not limited to the user name, and the user identifier also carries the group information (group address) that the user wants to join.
  • the user After receiving the extended EAP request packet, the user sends the extended EAP response packet to the multicast router.
  • the user identifier in the extended EAP response packet carries user authentication information, such as a user name, a user authentication code, and the like, and the group information that the user wants to join.
  • the multicast router After receiving the EAP response packet, the multicast router sends a normal EAP challenge word request packet to the user.
  • the challenge word is carried in the user identifier in the EAP challenge word request message.
  • the so-called challenge word is a random number.
  • the multicast router and the user have a shared key, which is a key that both the multicast router and the user know.
  • the user After receiving the challenge word sent by the multicast router, the user encrypts the challenge word with the shared key, and then sends the ciphertext to the multicast router.
  • the multicast router decrypts the ciphertext with the shared key to obtain the ciphertext.
  • the challenge word compares the challenge word with the challenge word previously sent to the user, and determines the correctness of the shared key based on the comparison result.
  • the user After receiving the EAP challenge word request message, the user encrypts the challenge word with the shared key, and then responds to the EAP challenge word response message carrying the ciphertext to the multicast router.
  • the multicast router decrypts the ciphertext by using the shared key, obtains the challenge word carried in the ciphertext, compares the challenge word with the challenge word previously sent to the user, and after the comparison result is consistent, the user authentication is performed.
  • the information is transmitted to the authentication server along with the group information that the user wants to join.
  • the authentication server determines whether the user has the right to join the multicast group, and if yes, sends an authentication success message that allows the user to join the multicast group to the multicast router; otherwise, the sending rejection The user joins the authentication failure message of the multicast group to the multicast router.
  • Embodiment 3 of the embodiment of the present invention provides a trigger mechanism to require a multicast user to perform authentication.
  • the process flow of Embodiment 3 is shown in FIG. 6.
  • the specific processing process includes the following steps:
  • the IGMP join message contains the group address of the multicast group to be joined and the related information of the user. : IP address and MAC address, etc.
  • the multicast router extracts the related information of the user and the group address information of the multicast group from the received IGMP join message. In addition, the multicast router can obtain the port number information of the user through the port that receives the IGMP join message. The multicast router also determines whether the IGMP join message is the first report message sent by the user to the multicast router according to the configuration method of the IGMP join message. After the multicast router determines that the received report packet is the first report packet of the user, that is, the IGMP join packet, the multicast router sends the related information of the obtained user and the group address information of the multicast group to the authentication. server.
  • the authentication server authenticates the received information about the client, and determines whether the multicast group that the user needs to join is a specific group, or whether the user is a privileged user.
  • the principle that the authentication server performs the above judgment may be set according to specific requirements. For example, to determine whether the source address of the user is a privileged address, the so-called privileged address can be understood as an address with special rights, and a special address of all group contents can be viewed. If yes, it is determined that the above user is a privileged user. Determine whether the group address that the user applies for is A specific group, a specific group can be understood as some open group, such as a television advertisement channel, etc. If yes, it is determined that the multicast group that the user needs to join is a specific group.
  • the multicast router sends an authentication success message to the multicast router to allow the user to join the multicast group; otherwise, the group is sent to the group.
  • the broadcast router returns an authentication failure packet that triggers multicast authentication.
  • the multicast router After receiving the authentication success packet, the multicast router gives the user the corresponding permission, and allows the user to join the multicast group to be joined, allowing the user to receive data of the multicast group and view the multicast group. Content.
  • the multicast router sends a multicast authentication trigger packet to the user.
  • the multicast authentication trigger packet can be implemented in multiple forms.
  • the multicast authentication trigger packet may be an IGMP query packet carrying an authentication request.
  • the message is sent in unicast form.
  • the normal IGMPv3 query message is shown in Table 5 below. table 5:
  • Source Address [N] can use one bit in the Resv field in Table 5 above, for example, the last bit to identify whether the query message carries the authentication request, and set "1" to carry the authentication request, set "0" Indicated as not carrying an authentication request.
  • the IGMPv3 query message after the last bit position of the Resv field is "1" is as shown in Table 6 below. Table 6:
  • Embodiment 4 of the embodiment of the present invention provides a process of authenticating a user by using other out-of-band authentication protocols (such as DHCP, PPP0E, etc.) and a multicast protocol.
  • the process flow of the embodiment 4 is as shown in FIG. 7.
  • the specific process is as follows: The user sends a multicast authentication request carrying the user authentication information and the group address of the multicast group that the user needs to join to the authentication server through other out-of-band authentication protocols. .
  • FIG. 8 A schematic diagram of another processing flow of Embodiment 4 is shown in FIG. 8. The difference between the processing flow and the processing flow shown in FIG. 7 is that the multicast router returns the authentication result to the switching device through a multicast protocol (such as IGMP).
  • the switching device forms a multicast forwarding table according to the received authentication result, and controls the user according to the multicast forwarding table.
  • the multicast router in each of the above embodiments may also be a NAS device.
  • the structure of the switching device provided by the embodiment of the present invention is as shown in FIG. 9 , and includes the following modules:
  • the privilege information obtaining module 91 is configured to receive an authentication result that is sent by another network device to authenticate the request of the user to join the multicast group, and obtain the authentication result.
  • the user included in the authentication result obtains the rights information of the corresponding multicast service;
  • the rights information saving module 92 is configured to save the correspondence between the users and the rights information according to the rights information acquired by the user rights information obtaining module.
  • the multicast service control module 93 is configured to: after receiving the multicast service that needs to be sent to the user, search for a corresponding relationship saved by the rights information storage module, and determine whether the user has the right to receive the multicast service, If yes, the multicast service is forwarded to the user; otherwise, the multicast service is not forwarded to the user.
  • the foregoing multicast service control module is optional and can be embedded in the switching device or a module that is set independently of the switching device.
  • the rights information storage module 92 may further store a multicast forwarding table, where the multicast forwarding table includes: a correspondence between a multicast address and a user address.
  • the multicast service control module 93 may further include: a unicast stream forwarding submodule, configured to: after receiving the multicast stream that needs to be forwarded, query the multicast forwarding table, and obtain an address corresponding to the address of the multicast stream. The user address is copied to the corresponding unicast stream of each user and sent to the user. As shown in FIG.
  • the schematic diagram of the network side device for performing multicast authentication includes the following modules:
  • the multicast authentication determining module 101 is configured to: after receiving the request for joining the multicast group sent by the user, And determining, according to the multicast address and the user address included in the request for joining the multicast group, whether the multicast authentication is required for the user, and the multicast authentication triggering module 102 is configured to: when the multicast authentication determination module determines that the After the user performs multicast authentication, the user sends a multicast authentication trigger message to the user.
  • the network side device may be a NAS or a multicast router.
  • the embodiment of the present invention implements multicast user authentication, which solves the problem that users in the previous multicast protocol can join a multicast group at will, and can leave an important problem arbitrarily, thereby avoiding the enjoyment of users without rights.
  • Multicast service implementing multicast-based access control.
  • the solution applies the result of the multicast authentication to the switching device, thereby further avoiding the problem that the multicast stream is not flooded in the switching device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Les modes de réalisation de la présente invention concernent un procédé et un appareil pour implémenter une authentification de multidiffusion. Le procédé comprend principalement les étapes suivantes : un dispositif de commutation reçoit le résultat de l'authentification de multidiffusion et acquiert les informations sur les droits de l'utilisateur comprises dans le résultat de l'authentification ; le dispositif de commutation sauvegarde les informations sur les droits et ordonne que le flux continu de multidiffusion demandé soit envoyé à l'utilisateur, en fonction des informations sur les droits. L'appareil comprend principalement un dispositif de commutation et le dispositif de commutation comprend : un module d'acquisition d'informations sur les droits, destiné à recevoir le résultat de l'authentification de multidiffusion envoyée par d'autres dispositifs de réseau et à acquérir les informations sur les droits d'utilisateur comprises dans le résultat de l'authentification ; un module de sauvegarde d'informations sur les droits, destiné à sauvegarder la relation correspondante entre chaque utilisateur et les informations sur les droits d'utilisateur en fonction des informations sur les droits acquises par le module d'acquisition d'informations sur les droits. L'utilisation de l'invention permet d'implémenter une authentification de multidiffusion d'utilisateurs dans des réseaux d'accès et de commander le service de multidiffusion reçu par les utilisateurs.
PCT/CN2008/072309 2007-09-17 2008-09-09 Procédé et appareil pour implémenter une authentification de multidiffusion WO2009036685A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNA2007101218969A CN101394277A (zh) 2007-09-17 2007-09-17 实现组播认证的方法和装置
CN200710121896.9 2007-09-17

Publications (1)

Publication Number Publication Date
WO2009036685A1 true WO2009036685A1 (fr) 2009-03-26

Family

ID=40467517

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/072309 WO2009036685A1 (fr) 2007-09-17 2008-09-09 Procédé et appareil pour implémenter une authentification de multidiffusion

Country Status (2)

Country Link
CN (1) CN101394277A (fr)
WO (1) WO2009036685A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102378115A (zh) * 2010-08-16 2012-03-14 杭州华三通信技术有限公司 组播接入控制方法、系统和装置
CN107645728A (zh) * 2017-09-30 2018-01-30 刘昱 自组网的实现方法、装置及存储介质
CN113691462A (zh) * 2021-07-29 2021-11-23 杭州迪普科技股份有限公司 互联网组管理协议的应答方法及装置
CN115473843A (zh) * 2021-06-10 2022-12-13 中国电信股份有限公司 信息交互方法、路由器和通信系统
CN115550736A (zh) * 2022-12-02 2022-12-30 浙江宇视科技有限公司 视频隐私区域的获取、传输方法、装置、电子设备及介质

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101917280A (zh) * 2010-08-19 2010-12-15 中兴通讯股份有限公司 一种集团用户使用组播业务的认证及计费方法和系统
CN102447565B (zh) * 2010-10-11 2015-09-09 中国电信股份有限公司 一种在宽带接入网实现组播控制的方法和系统
CN103166769A (zh) * 2011-12-14 2013-06-19 中兴通讯股份有限公司 一种组播业务控制方法和系统
CN102970614B (zh) * 2012-11-22 2016-06-08 杭州华三通信技术有限公司 Iptv网络中的aaa服务器及其处理方法
CN103312514B (zh) * 2013-06-21 2016-06-29 中国人民解放军信息工程大学 基于单播转发模式的组播接收者接入验证方法
CN110798812B (zh) * 2018-08-02 2021-07-09 华为技术有限公司 一种群组通信方法及装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1414759A (zh) * 2002-01-30 2003-04-30 华为技术有限公司 受控组播的系统及其实现方法
WO2004040860A1 (fr) * 2002-10-31 2004-05-13 Fujitsu Limited Systeme de communication multidestination ip
CN1798024A (zh) * 2004-12-20 2006-07-05 上海贝尔阿尔卡特股份有限公司 实现组播认证及计费的方法和设备
CN1917507A (zh) * 2005-08-19 2007-02-21 上海贝尔阿尔卡特股份有限公司 一种实现组播业务预览的方法及其装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1414759A (zh) * 2002-01-30 2003-04-30 华为技术有限公司 受控组播的系统及其实现方法
WO2004040860A1 (fr) * 2002-10-31 2004-05-13 Fujitsu Limited Systeme de communication multidestination ip
CN1798024A (zh) * 2004-12-20 2006-07-05 上海贝尔阿尔卡特股份有限公司 实现组播认证及计费的方法和设备
CN1917507A (zh) * 2005-08-19 2007-02-21 上海贝尔阿尔卡特股份有限公司 一种实现组播业务预览的方法及其装置

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102378115A (zh) * 2010-08-16 2012-03-14 杭州华三通信技术有限公司 组播接入控制方法、系统和装置
CN107645728A (zh) * 2017-09-30 2018-01-30 刘昱 自组网的实现方法、装置及存储介质
CN107645728B (zh) * 2017-09-30 2023-06-02 刘昱 自组网的实现方法、装置及存储介质
CN115473843A (zh) * 2021-06-10 2022-12-13 中国电信股份有限公司 信息交互方法、路由器和通信系统
CN115473843B (zh) * 2021-06-10 2023-06-20 中国电信股份有限公司 信息交互方法、路由器和通信系统
CN113691462A (zh) * 2021-07-29 2021-11-23 杭州迪普科技股份有限公司 互联网组管理协议的应答方法及装置
CN113691462B (zh) * 2021-07-29 2023-09-15 杭州迪普科技股份有限公司 互联网组管理协议的应答方法及装置
CN115550736A (zh) * 2022-12-02 2022-12-30 浙江宇视科技有限公司 视频隐私区域的获取、传输方法、装置、电子设备及介质
CN115550736B (zh) * 2022-12-02 2023-05-05 浙江宇视科技有限公司 视频隐私区域的获取、传输方法、装置、电子设备及介质

Also Published As

Publication number Publication date
CN101394277A (zh) 2009-03-25

Similar Documents

Publication Publication Date Title
WO2009036685A1 (fr) Procédé et appareil pour implémenter une authentification de multidiffusion
EP1424807B1 (fr) Procédé de contrôle d'appartenance à un groupe de multidiffusion
EP1986396B1 (fr) Système et procédé de mise en oeuvre de multidiffusion contrôlée
Ballardie et al. Multicast-specific security threats and counter-measures
US8762707B2 (en) Authorization, authentication and accounting protocols in multicast content distribution networks
KR101396042B1 (ko) 다이나믹 호스트 컨피규레이션 및 네트워크 액세스 인증
CN100499554C (zh) 网络准入控制方法及网络准入控制系统
US8094663B2 (en) System and method for authentication of SP ethernet aggregation networks
US20110167482A1 (en) Secure authentication advertisement protocol
JP2004135281A (ja) 安定したマルチキャストフロー
WO2004114619A1 (fr) Procede et systeme pour commander une source de diffusion selective
US20120240209A1 (en) Secure information distribution between nodes (network devices)
WO2005091562A1 (fr) Procede servant a mettre en oeuvre un service a diffusion selective
WO2008034319A1 (fr) Procédé, système et dispositif d'authentification destinés à un dispositif de réseau
WO2009043220A1 (fr) Procédé et dispositif permettant de commander l'accès d'un dispositif utilisateur à un service multidiffusion dans un réseau d'accès
Liyanage et al. Securing virtual private LAN service by efficient key management
Benzekki et al. Devolving IEEE 802.1 X authentication capability to data plane in software‐defined networking (SDN) architecture
WO2008052475A1 (fr) Procédé, système et dispositif pour une authentification de multidiffusion
CN100591068C (zh) 一种桥接设备透传802.1x认证报文的方法
WO2009003383A1 (fr) Procédé de multidiffusion, dispositif de réseau et système de multidiffusion
Ishikawa et al. An architecture for user authentication of IP multicast and its implementation
GB2423435A (en) Access control for mobile multicast
JP2005142656A (ja) Ipマルチキャスト配信制御システム
JP2003348149A (ja) Ipマルチキャスト用認証方法およびこれを用いるipマルチキャスト用認証システム
Pillai et al. IGMPx: port based service access control for IP multicast

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08800821

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08800821

Country of ref document: EP

Kind code of ref document: A1