Last hop topology sensitive multicasting key management

Abstract

A system and method of managing multicast key distribution that includes associating a multicast address with each internal node of the key tree, wherein the key tree is created based on the last hop topology.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

The preferred embodiments of the present invention are shown by a way of example, and not limitation, in the accompanying figures, in which:

FIGS. 1(A) and 1(B) show an illustrative Key Tree and Topology;

FIGS. 2(A) to 2(C) show illustrative Key Trees and Topology according to three different examples according to the present invention;

FIG. 3(A) is a chart showing illustrative exposures for various schemes;

FIG. 3(B) is a chart showing illustrative revocation messages for various schemes;

FIG. 4(A) is another chart showing illustrative exposures for various schemes;

FIG. 4(B) is another chart showing illustrative revocation messages for various schemes;

FIG. 4(C) is a chart showing various multicast groups per subnet;

FIG. 5(A) is another chart showing illustrative exposures for various schemes;

FIG. 5(B) is another chart showing illustrative revocation messages for various schemes;

FIG. 5(C) is another chart showing various multicast groups per subnet;

FIG. 6(A) shows an illustrative architectural diagram with a Broadcast Multicast Serving Center of 3GPP MBMS architecture; and

FIG. 6(B) shows an illustrative multicast traffic path architecture before MBMS.

Claims

1. A method of managing multicast key distribution, comprising: associating a multicast address with each internal node of a key tree, wherein the key tree is created based on the last hop topology.

2. The method of claim 1, wherein said key tree is based on a topology independent (TI) scheme.

3. The method of claim 2, wherein the key tree is independent of the physical topology and wherein each node of the key tree has an associated multicast address.

4. The method of claim 3, wherein each router of a subnet subscribes to multicast groups that correspond to the various nodes in the key tree.

5. The method of claim 1, wherein the top level multicast group (G) is used to transmit data and to update the key when a member joins while other of the multicast groups are used for updating session keys when one or more member leaves the multicast group.

6. The method of claim 1, wherein multicast revocation messages are sent only to subnets containing members with subscriptions to the corresponding multicast group, but wherein the revocation messages are not prevented from being visible to non-subscribing members that happen to be physically located in such subnets.

7. The method of claim 1, wherein the key tree is based on a topology dependent (TD) scheme.

8. The method of claim 7, wherein the key tree mirrors the physical topology.

9. The method of claim 7, wherein a router is associated with log (r) additional multicast groups, where r is the number of router subnets.

10. The method of claim 7, wherein there is a one-to-one correspondence between leaf multicast addresses and routers.

11. The method of claim 7, wherein the number of multicast groups is determined by the number of subnets and is independent of the number of participating members.

12. The method of claim 7, wherein said topology dependent scheme prevents the visibility of revocation messages to non-subscribing members that happen to be physically located in subnets containing members with subscriptions to the corresponding multicast group.

13. The method of claim 7, wherein a degree of subtrees rooted at nodes corresponding to leaf multicast nodes differs from a degree of other portions of the key tree.

14. The method of claim 13, wherein the degree of said subtrees is determined based on a number of members of the group present in a corresponding router subnet, while the degree of the other portions of the key tree is fixed a priori.

15. The method of claim 1, wherein said key tree is based on a topology incorporated (TC) scheme that incorporates but does not mirror the physical topology.

16. The method of claim 15, wherein there is a one-to-many correspondence between routers and leaf multicast addresses and wherein leaf multicast addresses are fully contained within router subnets.

17. The method of claim 15, wherein said topology incorporated scheme reduces a number of unicast revocation messages, while minimizing a visibility of multicast revocation messages outside of their destination member sets.

18. The method of claim 1, further including performing key revocations for multicast applications based on last hop topology.

19. The method of claim 18, wherein a last hop network involves wireless links, such as cellular network or WLANs.

20. The method of claim 19, wherein the last hop network incorporates multicast capabilities in cellular and 3G.

21. The method of claim 1, further including having a router (R) connect a subnet (S) to the rest of a communication network, a subset (TS) of group members reside in the subnet (S), and for each group member m in the subset (TS), the router (R) subscribes to the multicast group corresponding to each node on the path between the root and the leaf representing m in the logical key tree.