36 results about "Multicast security" patented technology

An approach for establishing secure multicast communication among multiple multicast proxy service nodes is disclosed. The multicast proxy service nodes, which can be distributed throughout an enterprise domain, are organized in a logical tree that mimics the logical tree arrangement of domains in a directory server system. The attributes of the multicast proxy service nodes include the group session key and the private keys of the multicast proxy service nodes that are members of the multicast or broadcast groups. The private keys provide unique identification values for the multicast proxy service nodes, thereby facilitating distribution of such keys. Because keys as well as key version information are housed in the directory, multicast security can be achieved over any number of network domains across the entire enterprise. Key information is stored in, and the logical tree is supported by, a directory service. Replication of the directory accomplishes distribution of keys. Multicast proxy service nodes may obtain current key information from a local copy of the replicated directory.

An approach for establishing secure multicast communication among multiple event service nodes is disclosed. The event service nodes, which can be distributed throughout an enterprise domain, are organized in a logical tree that mimics the logical tree arrangement of domains in a directory server system. The attributes of the event service nodes include the group session key and the private keys of the event service nodes that are members of the multicast or broadcast groups. The private keys provide unique identification values for the event service nodes, thereby facilitating distribution of such keys. Because keys as well as key version information are housed in the directory, multicast security can readily be achieved over any number of network domains across the entire enterprise. Key information is stored in, and the logical tree is supported by, a directory service.

The utility model discloses a method that can realize multiparty communication security. The method is an improvement to the transport layer security protocol or the datagram transport layer security protocol, which aims to solve the disadvantages of bad portability and low deployment of the present multicast security protocol family and avoid the disadvantages of high input and big risk brought by developing a new technical proposal. The method comprises that: step a: identity authentication is performed to a group control key management server and a member equipment by running the transport layer security protocol or the datagram transport layer security protocol, and an initial session is created by negotiation; step b: the group control key management server and the member equipment distribute a group session and a key updating session to other group member equipments by running a group key management sub-protocol; step c: when the group control key management server detected a key updating event, the group control key management server and the member equipment update the key by running the group key management sub-protocol. The utility model also discloses a multiparty communication security system and equipment.

A method of supporting a security for a multicast communication is provided in a mobile station. The mobile station shares an MAK with a base station, derives a prekey based on a first parameter including the MAK, and derives a multicast security key including an MTEK based on a second parameter including the prekey, and decrypts a multicast traffic using the multicast security key.

The invention relates to a multicast security agent component and a multicast encryption management method. The file encryption and decryption sub-module in the multicast module is a specific execution module for multicast users to perform message or file encryption / decryption, and adopts the RSA algorithm as the multicast encryption / decryption algorithm, the user's private key is used as the decryption key. After the system is authenticated, if some users on the intranet need to communicate in the group, the group key composed of the product of all members' private keys can guarantee the security of the multicast. When a user joins or an old user exits, by updating the group key, the newly joined user cannot access the communication content before joining and the exiting user cannot access the communication content after exiting, realizing one-key encryption in the multicast group. With the function of decrypting the key, when the group members change, there is no need to update the keys (private keys) of other users in the group. Forward secrecy, backward secrecy, and collusion resistance.

The present invention relates to a DNS-based multicast security control method and device. The method includes: sending a DNS request message to a domain name server to obtain a list of multicast source DNS addresses of an IPTV server; After the data message, address verification is performed on the multicast data message according to the multicast source DNS address list and the locally maintained multicast address list; forwarding control is performed on the multicast data message according to the verification result. The invention can effectively authenticate the multicast source, realize effective security control of the multicast service flow, not only ensure the stability of the multicast service, reduce network attacks, but also simplify the complicated processing flow of multicast source filtering, and the project realizes and simple to deploy.

The present invention provides a service access method, device, and system, and relates to the field of television services, to guarantee multicast security of a network device. The method includes: obtaining an authorized multicast address list according to program channel list information provided by a server; receiving an Internet Group Management Protocol IGMP packet request sent by a user terminal device, where the IGMP packet request carries a multicast address; verifying the multicast address in the IGMP packet request according to the multicast address list; and sending a media data stream corresponding to the verified multicast address to the user terminal device. The solutions of the present invention are suitable for realizing the security of multicast of network device.

The invention relates to the field of communications, which discloses a method for a communications system and a terminal to join a multicast broadcast service, which ensures that the terminal can be smoothly joined MBS business in order to receive the MBS business data. In the invention, the terminal acquires the MBS authorization key from an MBS service network then acquires the MBS multicast parameters and / or a multicast security key from the loading network in order to join the corresponding MBS business. Through the processes, the terminal can successfully receive the corresponding MBS business parameters based on the loading indicated by the multicast parameters, according to MBS security key that is generated by the MBS authorization key and the multicast security key. Before the MBS authorization key is issued, the MBS service network needs to certify the terminal and does not issue the MBS key to the terminal unless the certification is passed. The process that the terminal acquires the MBS multicast parameters and the multicast security key for joining the MBS business, from the loading network can be started either from the side of the network or directly from the terminal.