The present application claims priority from Japanese application serial no. 2004-222735, filed on Jul. 30, 2004, the content of which is hereby incorporated by reference into this application.
The present invention relates to a multicast communications technique used for the delivery of information such as content.
Multicast communications technologies are known as communications technologies effective for the simultaneous delivery of information such as the same content to a large number of (user) terminals. Multicast communications has the advantage of applying lower loads to delivery servers and using lower traffic as compared with unicast communications, which involves delivering information to each of a plurality of terminals on a point-to-point communications basis. In multicast communications technologies using the Internet Protocol (IP), the “Internet Group Membership Protocol (IGMP)” is used as a protocol for IPv4 communications and the “Multicast Listener Discovery” protocol for IPv6 communications. The IGMP is defined in open Internet Standards by the Internet Engineering Task Force (IETF)—Chapters 4 and 7, and Appendix 1, RFC1112 (related art 1), and Chapters 2, 3, 6, and 7, RFC2236 (related art 2). Similarly, the MLD protocol is defined in Chapters 3, 4, 5, and 6, RFC2710 (related art 3). The above-mentioned IGM and MLD protocols are used between a terminal and a packet transfer apparatus (such as gateways and routers). These protocols are designed for controlling a group of terminals configured to receive delivered data (a multicast group) in multicast communications where the same data is efficiently delivered to a plurality of hosts. The IGMP or MLD protocol is used when a terminal makes a participation request to a multicast group (request for multicast data delivery) or makes a request for withdrawal from the multicast group (request for stop of multicast data delivery).
On the other hand, participants of the multicast group all-receive information such as the same content. Thus, there are concerns about problems including differences in service levels available to each user, incorrect accesses and accounting. The acquisition information such as content therefore requires a method for authenticating users.
For an authentication method in multicast communications, a method described below is known. In this authentication method, an application for participation from a receiving host is followed by the advance registration of any receiving host that can participate in a multicast group with a user authentication server. An IGMP membership report showing a participation request from the receiving host is then transmitted to a router and an authentication is performed on the receiving host based on information contained in the report and the details of its registration in the above-mentioned user authentication server. After the authentication, the receiving host is permitted to participate in the multicast group during a permitted time. (Related art 4, Japanese Patent Laid-open No. 2003-158547)
In the multicast authentication method described in the related art 4, however, the user authentication server authenticates the host based on the details of the IGMP membership report and that of the registration every time the report is received. Each connection switching to a different group is therefore followed by authentication processing, thus resulting in an increase in switching delay and in processing load on the router and the authentication server.
A multicast authentication method is therefore known for providing simpler and faster processing. This authentication method requires only the first authentication by an authentication server with a user ID and password. The second and subsequent authentication sessions involves the use of a group list table provided in a router. (Related art 5, Japanese Patent Laid-Open Application No. 2003-348149)
In the multicast authentication method described in the above-mentioned related art 5, upon receipt of an authentication request, the authentication server checks the user ID and password added to the authentication request with a user's ID and password registered in advance to determine whether to authenticate the user. The authentication server then makes a group list request to a customer data server, which then receives the group list request and transmits to the authentication server a group list response that contains user IDs and group lists.
The multicast authentication method described in the related art 5 involves performing authentication processing by means of two servers, an authentication server and a custom data server, thus resulting in a larger authentication-caused time delay.
In addition, most of the current multicast communications using Internet protocols (IPs) are of the PPP type using IPv4. Because of problems with the depletion of available addresses, it is thought that most future multicast communications will be of the type using IPv6. Thus, an apparatus that accommodate multicast communications of both the above-mentioned PPP and IP types is desired for the smooth transfer to IPv6.
However, the aforementioned related arts 1 to 5 do not describe means that accommodates both PPP and IP multicast communications.
To solve the problems described above, a packet transfer apparatus according to the present invention includes a plurality of line interfaces adapted to receive and transmit the packet from and to the plurality of terminals or the network; and a processing unit for performing necessary processing based on contents of a packet received through any of the plurality of line interfaces before output to any of the plurality of line interfaces; wherein the processing unit performs the steps of: upon receiving a connection request from one of the plurality of terminals, storing information on the terminal in a memory; forwarding information necessary for authenticating the terminal and an authentication request to a authentication server in the network; receiving authentication permission from the authentication server and a group address list associated with the terminal that has made the connection request; associating the multicast group address list received with the information on the terminal stored in the memory for registration; and upon receiving a participation request from one of the plurality of terminals, determining whether or not a multicast group address contained in the participation request is present in the list in the memory, and permitting packet delivery from the network to the terminal if the multicast group address is present in the list in the memory, while rejecting the packet delivery from the network to the terminal if the multicast group address is not present in the list in the memory.
In addition, upon receiving a packet from any of the plurality of terminals, a packet transfer apparatus according to the present invention identifies whether a multicast type of the packet received is a PPP multicast type or an IP multicast type from the packet and performs authentication processing and the like in response to individual multicast types, thereby allowing both the PPP multicast communications and IP multicast communications.
According to the present invention, a simple communications system configuration reduces time delay due to authentication in multicast communications, thereby allowing fast packet communications.
According to the present invention, both the PPP multicast communications and IP multicast communications can be accommodated. This allows a smooth transition from IPv4 to IPv6.
According to the present invention, the invention also eliminates the need for additional functions to users' terminals and new settings, thus resulting in no loads on users and the provision of higher levels of services.
Preferred embodiments of the present invention will now be described in conjunction with the accompanying drawings, in which;
A first embodiment of the present invention will be first described.
A communications system 200 includes a plurality of terminals 1, a packet transfer apparatus (e.g., an access server) 2 connected to these terminals, a network (e.g., an Ipv4 network) 5 connected to the packet transfer apparatus 2, and a content delivery server 3 and an authentication server 4 which are connected to the network 5.
Terminal users have already entered into a contract with a content delivery company for programs available to these users, each of which is associated with multicast group addresses. Each terminal is provided with an MAC address and an IP address for identifying a group address and a terminal. The content delivery server 3 is also provided with a group address and an IP address. In
The content delivery server 3 delivers the content of a program that the user of a terminal 1 has made a request for to the terminal 1 provided with the same group address (224.10.10.10). The authentication server 4 associates information necessary for terminal authentication (e.g., an user ID and a password) with a group address list for programs about which each terminal user has entered into a contract with a content delivery company in advance for administration purposes (hereinafter referred to as a “group list”). In the first embodiment, upon receiving a connection request from the terminal 1 the packet transfer apparatus 2 registers information on the terminal 1 in a memory and forwards information necessary for authenticating the terminal (a user ID and a password) and an authentication request to the authentication server 4. The packet transfer apparatus receives authentication permission and a multicast group address list received associated with the terminal that have made the connection request from the authentication server 4. The packet transfer apparatus then associates the multicast group address list with the terminal information stored in the memory for registration purposes. When receiving a participation request from the terminal 1, the packet transfer apparatus determines whether the multicast group address contained in the participation request is present in a list in the memory. When the multicast group address is present in a list in the memory, the packet transfer apparatus permits the delivery of a packet from the content delivery server 3 to the terminal 1 and transmits the packet to the terminal 1. The foregoing will be further detailed later.
Line interfaces 30-1, . . . , 30-n, i.e., interfaces with a plurality of terminals and a network 5, are adapted to receive and transmit packets (e.g., PPP packets) from and to the plurality of terminals and the network 5. The protocol-processing unit 31 performs protocol processing and routing processing for received packets based on the content of the packet received through any of the plurality of line interfaces for output to any of the plurality of line interfaces.
The operation of the first embodiment will be described in detail below.
When, for example, a user inputs a user ID and a password from a software screen 100 (e.g., a media player) pre-installed in the terminal 1 as shown in
When receiving the PPP connection request from the terminal 1, for example, via the line interface 30-1 and the reception buffer 40 (Step 71), the processor 42 of the protocol-processing unit 31 provided for the packet transfer apparatus 2 registers an IP address (10. 1. 1. 1) and an MAC address (aa-bb-cc-dd-ee-ff) for the terminal 1, which are attached to the request, with the user administration table 47-1 (Step 72). The processor 42 then makes a PPP authentication request including a user ID and a password to a server 4. Note that the PPP authentication request is transmitted to the authentication server 4 via any transmission buffer 41 and a line interface 30.
When receiving the PPP authentication request from the packet transfer apparatus 2, the authentication server 4 checks the user ID and password contained in the PPP authentication request with registration information in the group list administration table 64 (Step 74). If the user ID and password have been already registered with the group list administration table 64, the authentication server 4 transmits a packet including information showing PPP authentication permission and the group list for the terminal 1 to the packet transfer apparatus 2 (Step 75).
The processor 42 of the protocol-processing unit 31 provided for the packet transfer apparatus 2 then registers the group list from the authentication server 4 with the user administration table 47-1 (Step 76).
When the user of the terminal 1 selects a desired program 101 (group address: 224. 10. 10. 10) from the terminal 1 and presses the transmission button 102, a participation request is transmitted to the packet transfer apparatus 2 (Step 77).
Upon receiving the participation request, the processor 42 of the protocol-processing unit 31 provided for the packet transfer apparatus 2 retrieves the user administration table 47-1 based on the IP address and the MAC address (Step 78). If there is a group address contained the participation request in the table with respect to a matching IP address and MAC address, the apparatus permits the delivery of a multicast packet from the content delivery server 3 (Step 79). The packet transfer apparatus 2 then transmits a multicast packet from the content delivery server 3 to the terminal 1 (Step 80).
If such a group address is not in the table as a result of the retrieval at Step 78, the packet transfer apparatus 2 rejects the delivery of a multicast packet to the terminal 1 (Step 81).
If the group address is not in the table as a result of the retrieval at Step 82, the packet transfer apparatus 2 discards the multicast packet from the content delivery server 3 (Step 85).
According to the first embodiment, as described above, the authentication server 4 performs PPP authentication and transmits a group address list administrated to the packet transfer apparatus 2. The packet transfer apparatus 2 associates the list with terminal information and registers the list with the table. When receiving a request for participation in any multicast group contained in the list from the terminal, the packet transfer apparatus 2 transmits a multicast from the content delivery server to the terminal that has made the participation request, based on the participation request and the contents of the table. Accordingly, the system configuration thus simplified reduces time delay due to authentication in multicast communications, thereby allowing fast communications.
A second embodiment of the present invention will now be described below.
A packet transmitted from a terminal 1 is an IPv4 packet 7 while a packet transmitted from a terminal 121 is a PPP packet 127 (reference numeral 126 denotes a PPP header), which is an encapsulated IPv6 packet. A packet transfer apparatus 2 determines whether the packet is intended for PPP multicast communications or IP multicast communications through the present or absence of a PPP header in a packet from a terminal. The packet transfer apparatus 2 determines the protocol (the IPv4 or IPv6) through a “version number” 8 provided for the header of an Ipv4 packet or an IPv6 packet contained in a PPP packet.
FIGS. 16 to 22 show sequence diagrams each showing the operation of the communications system according to the present invention.
When receiving a connection request from a terminal 1 (Step 1601), a processor 42 in a protocol processing unit 31 provided for a packet transfer apparatus 2 identifies PPP multicast communications through a packet and registers information that the communications is of the PPP multicast type and an IP address and a MAC address for the terminal 1 with a user administration table 47-1 (Step 1602). The packet transfer apparatus 2 also identifies the IPv4 through a “version number” 8 (
A processor 60 in the authentication server 4 checks the user ID and the password for the terminal 1 received via a network interface 63 with an user ID and a password registered with a group list administration table 64 (Step 1604). If there are a relevant user ID and a relevant password in the table, the processor transmits a authentication permission and a group list (224. 10. 10. 10, 224. 20. 20. 20) to the packet transfer apparatus 2 (Step 1605).
The processor 42 in the protocol processing unit 31 provided for the packet transfer apparatus 2 associates the group list from the authentication server 4 with information (an IP address, an MAC address, and the like) about the terminal 1 before registration with the user administration table 47-1 (Step 1606). The processor 42 then makes to a web server 100 a request for the provision to the terminal 1 of a screen 2300-1 (“Successful in connection”) shown in
Upon receiving the above-mentioned provision request from the packet transfer apparatus 2, the web server 100 transmits the screen 2300-1 to the terminal 1 (Step 1608). This allows the screen 2300-1 to be displayed on the WWW browser of the terminal 1.
When, then, the user of the terminal 1 selects a desired program (a group address: 224. 10. 10. 10) from a contracted program 2301 and presses a registration button (or transmission button) 2302, a participation request is transmitted from the terminal 1 to the packet transfer apparatus 2 (Step 1609).
The processor 42 in the protocol-processing unit 31 provided for the packet transfer apparatus 2 retrieves the user administration table 47-1 based on the IP address (10 1. 1. 1), and the MAC address (aa-bb-cc-dd-ee-ff) contained in a packet received (Step 1610). If a group address (224. 10. 10. 10) contained in the participation request is present in the group list, the packet transfer apparatus 2 permits the delivery of a multicast packet from the content delivery server 3 (Step 1611) and transmits the multicast packet to the terminal 1 (Step 1612).
In
Upon receiving the above-mentioned provision request from a packet transfer apparatus 2, the web server 100 transmits the screen 2300-2 to the terminal 1 through the packet transfer apparatus 2 (Step 1702). This allows the screen 2300-2 to be displayed on the WWW browser of the terminal 1.
When, then, the user of the terminal 1 selects a program (a group address: 224. 30. 30. 30) for which the participation request has been made from the program 2301 and presses the registration button 2302 (Step 1703), a request for new registration of the group address (224. 30. 30. 30) is transmitted from the terminal 1 to the authentication server 4 through the packet transfer apparatus 2 (Step 1704).
A processor 60 in the authentication server 4 adds and registers the received group address (224. 30. 30. 30) with the group list for the terminal 1 in a group list administration table 64 (Step 1705). The processor 60 also transmits registration permission and an updated group list (224. 10. 10. 10, 224. 20. 20. 20, and 224. 30. 30. 30) to the packet transfer apparatus 2 (Step 1706).
The processor 42 in the protocol-processing unit 31 provided for the packet transfer apparatus re-registers the group list of the updated terminal 1 with a user administration table 47-1 (Step 1707). The processor 42 also permits the delivery of a multicast packet delivery from a content delivery server 3 (Step 1708) and transmits the multicast packet to the terminal 1 (Step 1709).
Upon receiving a participation request (group address: ff0e::1) from the terminal 121 (Step 1801), a processor 42 in a protocol processing unit 31 provided for the packet transfer apparatus 2 identifies IP multicast communications from a packet containing the request and registers the information with a user administration table 47-1 (Step 1802). IP multicast communications involves transmitting a PPP packet and can be identified through the PPP header of the PPP packet. In addition, the processor 42 identifies the IPv6 through a “version number” 8 (
In
Upon receiving the above-mentioned provision request from a packet transfer apparatus 2, the web server 124 transmits the screen 2300-2 to the terminal 121 (Step 1902). This allows the screen 2300-2 to be displayed on the WWW browser of the terminal 121.
When, then, the user of the terminal 121 selects a program (a group address: ff0e::3) for which the participation request has been made from the program 2301 (Step 1903), a request for new registration of the group address (ff0e::3) is transmitted from the terminal 121 to an authentication server 123 through the packet transfer apparatus 2 (Step 1904).
The authentication server 123 adds and registers the received group address (ff0e::3) with the group list for the terminal 121 in a group list administration table 64 (Step 1905). The authentication server 123 also transmits registration permission and an updated group list (ff0e::1, ff0e::1, ff0e::1) to the packet transfer apparatus 2 (Step 1906).
A processor 42 in a protocol-processing unit 31 provided for the packet transfer apparatus re-registers the updated group list of the terminal 121 with a user administration table 47-1 (Step 1907). The processor 42 also permits the delivery of a multicast packet from a content delivery server 3 (Step 1908) and transmits the multicast packet to the terminal 121 (Step 1909).
In
Upon receiving the above-mentioned provision request from the packet transfer apparatus 2, the web server 124 transmits the screen 2300-3 to the terminal 121 (Step 2002). This allows the screen 2300-3 to be displayed on the WWW browser of the terminal 121.
When, then, the user of the terminal 121 inputs a user ID and a password from the terminal 121 and presses a registration button 2302 (Step 2003), an authentication request is transmitted to an authentication server 123 via the packet transfer apparatus 2 (Step 2004).
The authentication server 123 checks the user ID and the password for the terminal 121 with a user ID and a password registered with a group list administration table (Step 2005). If there are not relevant user ID and relevant password in the table, the authentication server 123 transmits authentication rejection to the packet transfer apparatus 2 (Step 2006).
Upon receiving the authentication rejection from the authentication server 123, a processor 42 in a protocol processing unit 31 provided for the packet transfer apparatus 2 counts authentications and registers the number of authentications with the user administration table 47-1 (Step 2007). The sequence from Steps 2001 to 2007 is repeated until the number of authentication is 2. At the second authentication, the processor 42 then makes to a web server 124 a request for the provision to a terminal 121 of a screen 2300-4 (“Unsuccessful in authentication”) shown in
The web server 124 then transmits the screen 2300-4 to the terminal 121. This allows the screen 2300-4 to be displayed on the WWW browser of the terminal 121.
An authentication server 123 checks the user ID and the password for the terminal 121 with an user ID and a password registered with a group list administration table (Step 2005). If there are a relevant user ID and a relevant password in the table, the authentication server 123 transmits authentication permission and a group list (ff0e::1, ff0e::2) to the packet transfer apparatus 2 (Step 2101).
A processor 42 in a protocol processing unit 31 provided for the packet transfer apparatus 2 registers the group list of the terminal 121 received from the authentication server 123 with a user administration table 47-1 (Step 2102). The processor 42 also permits the delivery of a multicast packet from a content delivery server 122 (Step 2003) and transmits the multicast packet to the terminal 121 (Step 2104).
From the terminal 121, a request for the provision of a screen 2300-5 (“Input your information”) shown in
The web server 124 transmits the screen 2300-5 to the terminal 121 (Step 2202) via the packet transfer apparatus 2 to prompt the terminal to new registration. This allows the screen 2300-5 to be displayed on the WWW browser of the terminal 121.
When the user of the terminal 121 inputs user information (including a user ID and a password) and information on a desired program (group address: ff0e::1, ff0e::2, for example) from the terminal 121 and presses a registration button 2302 (Step 2203), a request for new registration is transmitted to an authentication server 123 via the packet transfer apparatus 2 from the terminal 121 (Step 2204). Note that a desired program may be selected from a program 2301 when the program information is inputted.
Upon receiving the request for new registration from a terminal 121, an authentication server 123 newly registers the user ID, password and group address (ff0e::1, ff0e::2) of the terminal 121 contained in the request with a group list administration table (Step 2205). The authentication server 123 then transmits a registration permission and the group address (ff0e::1, ff0e::2) to the packet transfer apparatus 2 (Step 2206).
A processor 42 in a protocol processing unit 31 provided for the packet transfer apparatus 2 registers a group list from the authentication server 123 with a user administration table 47-1 (Step 2207). The processor 42 also permits the delivery of a multicast packet from a content delivery server 122 (Step 2208) and transmits the multicast packet to the terminal 121 (Step 2209).
FIGS. 28 to 31 are flow charts showing processing by a processor 42 provided for the protocol processing unit 31 of the packet transfer apparatus 2 according to the second embodiment of the present invention.
Upon receiving a PPP packet or an IP packet from a terminal (Step 2800), the processor 42 first identifies IP or PPP multicast communications through the packet (Step 2801). PPP multicast communications involves a PPP header attached to the PPP packet and can be identified through the presence or absence of the PPP header. Note that the processor 42 determines the protocol (the IPv4 or IPv6) through a “version number” provided for the header of the IPv4 packet or the IPv6 packet contained in the PPP packet. If the type of the packet received is a PPP multicast packet at Step 2801, the processor 42 registers PPP multicast information, an IP address and an MAC address with a user administration table 47-1 (Step 2802). The processor 42 then makes an authentication to an authentication server 4. If authentication is permitted by the authentication server 4, the processor 42 receives an authentication permission and a relevant group list from the authentication server 4 (Step 2804). The processor 42 then associates the authentication permission and the relevant group list with information on a relevant terminal before registration with a user administration table 47-1 (Step 2805). The processor 42 then makes to a web server 100 a request for the provision of a screen 2300-1 shown in
As a result that the processor 42 makes a authentication request to the authentication server 4 at Step 2803,
If a group address contained in the participation request is not present in the group list as a result of the retrieval at Step 2810,
If the type of the packet received is an IP multicast packet at Step 2801,
If the IP address is not in the table as a result of the retrieval at Step 2824, the processor 42 makes to a web server 124 a request for the provision to the terminal of a screen 2300-3 shown in
When the processor receives a checkup result (an authentication permission and a group list) at Step 2830, the group list is registered with the user administration table 47-1 and the processor performs the processing for Steps 2826 and 2827.
Upon receiving a request for the provision of the screen 2300-5 from the terminal 121 after the processing for Step 2828, the processor forwards the provision request to the web server 124 (Step 2834,
If the type of a message is a withdrawal request at Step 2808 or 2822,
Upon receiving a packet from any of a plurality of terminals, as described above, according to the second embodiment, the processor identifies PPP multicast communications or IP multicast communications from the packet and performs processing for each of these two types of communications, thus allowing packet transfer. This makes it possible to accommodate both of PPP multicast communications and IP multicast communications.
Note that in the second embodiment, the web servers 100 and 124 are designed to transmit information for prompting a user to the registration of a non-contracted program and a new registration of user information to user terminals 1 and 121. If, however, a function of prompting a user to these registrations is not required, web servers 100 and 124 may not be provided. If the packet transfer apparatus 2 receives a request for participation in a non-contracted program from the terminal 1 or 121 in this case, the apparatus rejects the delivery of the request because there is not a group address already registered at Step 2810 (
Number | Date | Country | Kind |
---|---|---|---|
2004-222735 | Jul 2004 | JP | national |