| 摘要 |
multicast A method and apparatus for secure and scalable key management in a multicast net work environment is provided. In a first portion, one or more seed nodes on the netwo rk receive a multicast transmission request for a cryptographic key from a requesting node. The seed no de compares the identity of the requesting node with an authenticated predetermined list of node s having permission to receive the cryptographic key. If the comparison indicates the requesting no de is not a member of the authenticated predetermined list, the seed node denies the multicast requ est. However, if the comparison indicates that the requesting node is a member of the predetermined l ist of nodes, the cryptographic key is transmitted using a secure unicast key distribution techniq ue such as SKIP. A second portion concerns the requesting node which generates a multicast request to obtain the cryptographic key from one or more seed nodes and one or more keyed nodes on the internetwork. The multicast request for the cryptographic key is initially transmitted a minim um hop count over the internetwork to locate the closest seed node. The requesting node delays a b rief time period waiting for at least one response from at least one seed node or keyed node on t he internetwork. If the at least one response is not received within this time period, the minimum h op count is increased by a hop count increment and the requesting node repeats the above steps. Eventu ally, the requesting node increases the hop count and receives the cryptographic key over a secure un icast key management technique such as SKIP. As a final step, the requesting node is convered into a keyed node. The keyed node acts as a seed node and provides the cryptographic key to other r equesting nodes on the internetwork.
|
