WO2009067951A1 - Method for determining multicasting proxy nodes, and method, device and system for multicasting - Google Patents

Method for determining multicasting proxy nodes, and method, device and system for multicasting Download PDF

Info

Publication number
WO2009067951A1
WO2009067951A1 PCT/CN2008/073150 CN2008073150W WO2009067951A1 WO 2009067951 A1 WO2009067951 A1 WO 2009067951A1 CN 2008073150 W CN2008073150 W CN 2008073150W WO 2009067951 A1 WO2009067951 A1 WO 2009067951A1
Authority
WO
WIPO (PCT)
Prior art keywords
multicast
node
group
key
multicast data
Prior art date
Application number
PCT/CN2008/073150
Other languages
French (fr)
Chinese (zh)
Inventor
Yongjun Liu
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2009067951A1 publication Critical patent/WO2009067951A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/563Data redirection of data network streams
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers

Definitions

  • the embodiments of the present invention relate to the field of communications, and in particular, to a method, a multicast method, a device, and a system for determining a multicast proxy node. Background technique
  • Multicast also called multicast, means that one node in the network simultaneously sends data to multiple destination nodes.
  • Multicast technology mainly involves multicast routing, group member management, and multicast security.
  • multicast security it is necessary to ensure that multicast data is not obtained by unauthorized nodes, usually by encryption and decryption.
  • the multicast source node and the group member node respectively use the network key shared by all network nodes to encrypt and decrypt the multicast data, since the non-group member node also knows the network key. Therefore, non-group members cannot be prevented from obtaining multicast data.
  • multicast source nodes and group member nodes use group keys to encrypt and decrypt multicast data. All group member nodes know or can obtain the group key, while non-group member nodes do not know the group key, thus preventing non-group member nodes from obtaining multicast data.
  • the multicast source node may be a group member node or a non-group member node. When the multicast source node is a non-group member node, since the non-group member node does not grasp the group key, it cannot be directly encrypted using the group key. .
  • the prior art solution is to set up a multicast manager in each group, which is one of the group member nodes, and manages security centrally. All multicast data initiated by non-group members is sent to the multicast manager. The multicast manager then uses the group key to encrypt the packets and then sends them to each group member node.
  • the embodiment of the invention provides a method, a multicast method, a device and a system for determining a multicast proxy node, so that the multicast source node can perform multicast according to an optimal route.
  • the method for determining a multicast proxy node in the embodiment of the present invention includes: a multicast source node sends a multicast proxy node discovery request; and each group member node that receives the discovery request or an intermediate node that stores routing information of a group member node returns a route
  • the cost is given to the multicast source node, and the routing cost is a routing cost of the multicast source node to each group member node; the multicast source node selects a path corresponding to the path with the lowest routing cost according to the returned routing cost
  • the group member node acts as a multicast proxy node.
  • the embodiment of the present invention further provides a multicast method, a node device, and a multicast system, which can implement multicast routing optimization under the premise of satisfying multicast security requirements.
  • the multicast method of the embodiment of the present invention includes: the multicast source node encrypts the multicast data by using a key shared by the multicast proxy node, and then sends the multicast data according to a preset route; the multicast proxy node is a multicast source node.
  • the key is a key other than the group key corresponding to the destination group identifier; after receiving the multicast data, the multicast proxy node decrypts the multicast data by using the shared key
  • the processing is performed to the upper layer, and the decrypted multicast data is encrypted by using the group key and transmitted to other group member nodes.
  • the node device of the embodiment of the present invention includes: a storage unit, configured to: when the node device is used as a multicast source node, store the destination group identifier and the corresponding preset route, and the identifier of the corresponding corresponding multicast proxy node and/or a shared key between the corresponding multicast proxy node and the node device, where the multicast proxy node is a group member node corresponding to a path with the least cost route between the node device and each group member node, the pre-predetermined Let the route be the path with the least cost of the route, and the shared key is other than the group key corresponding to the destination group.
  • the encryption unit is configured to encrypt the multicast data by using the shared key
  • the sending unit is configured to send the encrypted multicast data according to the preset route.
  • a node device includes: a receiving unit, configured to receive multicast data from a multicast source node; and a determining unit, configured to determine whether it is a multicast proxy node corresponding to the received multicast data,
  • the multicast proxy node is a group member node corresponding to a path with the least cost route between the multicast source node and each group member node;
  • the decryption unit is configured to determine, in the determining unit, that the node device is a corresponding multicast And proxying the node, decrypting the multicast data by using a key shared by the multicast source node, the shared key being a key other than the group key; and an encryption unit, configured to use the The group key encrypts the decrypted multicast data, and the sending unit is configured to send the multicast data encrypted by using the group key.
  • the multicast system of the embodiment of the present invention includes: a multicast source node, configured to encrypt the multicast data by using a key shared by the multicast proxy node, and then send the data according to a preset route; the multicast proxy node is multicast The group member node corresponding to the route with the least cost route between the source node and the member nodes of the group, the preset route is the path with the least cost of the route, and the shared key is a key other than the group key.
  • a multicast proxy node after receiving the multicast data, decrypting the multicast data by using the shared key, transmitting the multicast data to a higher layer for processing, and using the decrypted multicast data
  • the group key is encrypted and transmitted to other group member nodes.
  • a method for determining a multicast proxy node includes: sending a multicast proxy node discovery request to each group member node or an intermediate node storing routing information of the group member node;
  • the routing cost is the multicast The routing cost from the source node to each member node.
  • the multicast proxy node is a group member node corresponding to a path with a least cost route from the multicast source node to each member node, and the preset route is a path with the least cost of the route, and the multicast data is The destination group identifier is carried, where the shared key is a key other than the group key corresponding to the destination group identifier;
  • the multicast data is decrypted using the shared key and transmitted to a higher layer for processing, and the decrypted multicast data is encrypted using a group key and transmitted to other group member nodes.
  • the embodiment of the invention has the following advantages:
  • the multicast source node selects a group member node corresponding to the path with the least route cost from the group member node or the intermediate node as a multicast proxy node, so that the multicast source node can perform multicast according to the optimal route. . DRAWINGS
  • FIG. 1 is a flow chart of a method for determining a multicast proxy node according to Embodiment 1 of the present invention
  • FIG. 2 is a flowchart of a multicast method according to Embodiment 2 of the present invention.
  • FIG. 3 is a flow chart of a method for determining a multicast proxy node according to Embodiment 3 of the present invention.
  • FIG. 4 is a schematic diagram of a network structure in a scenario according to an embodiment of the present invention
  • FIG. 5 is a flowchart of a method for determining a multicast proxy node according to Embodiment 1 of the third embodiment of the present invention
  • FIG. 6 is a flowchart of a multicast method according to Embodiment 4 of the present invention.
  • FIG. 7 is a flowchart of a multicast method according to Embodiment 1 of the fourth embodiment of the present invention.
  • FIG. 8 is a schematic diagram of a multicast system according to Embodiment 5 of the present invention. detailed description
  • a first embodiment of the present invention describes a method for determining a multicast proxy node. As shown in FIG. 1, the method includes:
  • Step slOl sending a multicast proxy node discovery request to each group member node or an intermediate node storing routing information of the group member node;
  • Step s 102 Select, according to the routing cost returned by each group member node or the intermediate node storing the routing information of the group member node, the group member node corresponding to the path with the lowest routing cost as the multicast proxy node, and the routing cost is the multicast source node. The routing cost to each member node.
  • the multicast source node selects a group member node corresponding to the path with the least route cost from the group member node or the intermediate node as a multicast proxy node, so that the multicast source node can perform multicast according to the optimal route.
  • a second embodiment of the present invention describes a multicast method.
  • the method includes: Step s201: Receive multicast data sent by a multicast source node, where the multicast data is shared by the multicast source node and shared by the multicast proxy node.
  • the key is encrypted and the multicast data is sent according to the preset route;
  • the multicast proxy node is the group member node corresponding to the path with the most cost of the route from the multicast source node to the member nodes of each group, and the preset route
  • the multicast data carries the destination group identifier
  • the shared key is the key other than the group key corresponding to the destination group identifier.
  • the method further includes: determining whether it is a multicast proxy node corresponding to the multicast data.
  • the method for determining whether the multicast proxy node is the multicast data is: the multicast data carries the identifier of the multicast proxy node, and is determined according to the identifier; or
  • the multicast data also carries the Flag flag.
  • the group corresponding to the multicast data is determined. Broadcast proxy node; or,
  • the multicast data carries the multicast source node identifier, and the multicast proxy node stores the destination group identifier and the multicast source node identifier corresponding to the multicast proxy node, and the destination group identifier carried in the multicast data.
  • the multicast source node identifier is the same as the identifier stored by itself. When it is time, it is judged that it is a multicast proxy node corresponding to the multicast data.
  • Step s202 Decrypt the multicast data by using the shared key, and then transmit the multicast data to the upper layer for processing, and encrypt the decrypted multicast data by using the group key and transmit the data to the other group member nodes.
  • the multicast source node selects the group member node corresponding to the path with the least routing cost as the multicast proxy node from the group member nodes, so that the multicast source node can perform multicast according to the optimal route.
  • Embodiment 3 of the present invention describes a method for determining a multicast proxy node. As shown in Figure 3, the method includes the following steps:
  • Step s301 The multicast source node sends a multicast proxy node discovery request, where the discovery request carries the destination group identifier.
  • the multicast proxy node discovery request can be sent by broadcast.
  • Step s302 After receiving the discovery request, each group member node determines the routing cost of the node to the multicast source node, and then returns the result to the multicast source node.
  • the intermediate node which may be a group member node or a non-group member node.
  • a node can determine whether it is a member node of the group according to the destination group identifier carried in the discovery request. If it is a member node of the group, it returns the routing cost information to the multicast source node. That is, the non-group member node;), accumulates the routing cost from the previous hop to its own, and then forwards the multicast proxy node discovery request to its neighbor until it reaches the group member node.
  • Each group member node can return all routing costs to the multicast source node.
  • all routing costs theoretically refers to the route corresponding to all objective existing paths of the multicast source node to each group member node according to the network structure. The cost, but in fact, the multicast source node usually presets a period of time, and after the preset time is over, it no longer receives the returned route cost. Therefore, “all routing costs” usually refers to the routing cost of each path within a preset time.
  • Each group member node can also compare the routing costs of each path first, and only return the minimum routing cost. It can also return to the multicast source node after receiving the discovery request for the first time.
  • the routing cost of the requesting transmission path is found for the first time.
  • the discovery request is received for the second time, it is determined whether the routing cost corresponding to the second discovery request transmission path is smaller than the routing cost corresponding to the first discovery request transmission path. Returns the smaller route cost, if not, does not return, and records the smaller route cost.
  • each subsequent discovery request is received, it is compared with the previous smaller routing cost.
  • the intermediate node can directly return the routing cost to the multicast source node after receiving the discovery request.
  • the routing cost here may be the sum of the routing cost of the multicast source node to the intermediate node and the routing cost of the intermediate node to each group member node, and preferentially, the minimum route from the multicast source node to the intermediate node.
  • the cost is the sum of the minimum routing cost of the intermediate node to each group member node, because the number of returns can be reduced.
  • Step s303 The multicast source node selects, according to the routing cost information returned by the member nodes of each group, a group member node corresponding to the path with the smallest routing cost as the multicast proxy node of the destination group.
  • FIG. 4 is a schematic diagram of a network structure in a scenario according to an embodiment of the present invention.
  • Nodes A, B, C, D, and E belong to a group member of a multicast group G, and all members in the group G share one.
  • Group key Kg, the non-group member node cannot obtain this group key.
  • Node S is a non-group member and needs to send multicast data to each group member node of group G. That is to say, in this multicast process, node S is a multicast source node.
  • Step s501 The multicast source node S broadcasts a multicast proxy node discovery request to its neighbor nodes K and I, and discovers the request at the multicast proxy node.
  • the request carries the identifier and routing cost of the destination group G.
  • the initial value of the routing cost is 0.
  • Step s502 After receiving the multicast proxy node discovery request, the node K determines, according to the identifier of the destination group G, that it does not belong to the group G, and therefore, accumulates the route generation from S to K. The price is 1, and then the multicast proxy node discovery request is re-broadcasted. The routing cost carried in the request is the accumulated routing cost, that is, 1. After receiving the multicast proxy node discovery request re-broadcasted by the node K, the node A determines that it belongs to the group member of the group G according to the identifier of the destination group G. Therefore, the route cost from K to A is accumulated 1.2, and the accumulated route is obtained.
  • the cost is 2.2, and the accumulated routing cost is returned to the multicast source node S.
  • the group member node A also receives the multicast proxy node discovery request forwarded by other non-group member nodes (for example, node I), and accumulates the routing cost, and returns the accumulated routing cost to the multicast source node S. It should be noted that the group member node A may also separately accumulate the routing cost in the multicast proxy node discovery request forwarded by each non-group member, that is, the routing cost of different paths of the multicast source node S to A, and then select one of them. The minimum routing cost, and the lowest routing cost is returned to the multicast source node S.
  • Other group member nodes: 8, C, D, and E also receive the multicast proxy node discovery request forwarded by the non-group member node, and add the route cost to the multicast source node. There are two ways to return, that is, to return the routing cost of different paths respectively, or to select the smallest one from the routing costs of different paths and then return the minimum routing cost.
  • Step s503 The multicast source node S selects a group member node corresponding to the path with the lowest route cost as the multicast proxy node of the destination group G according to the routing cost returned by the member nodes of each group. For example, if a group member node returns the routing cost of multiple paths, if the minimum routing cost selected by the multicast source node is one of the routing costs of the multiple paths, the group member node is used as a multicast proxy. node. In this case, the multicast source node can also select the minimum of multiple routing costs returned by the same group of member nodes, and then compare the minimum values of the routing costs returned by each group member node, and finally obtain the minimum value.
  • the corresponding group member node is a multicast proxy node.
  • the multicast source node directly selects the group member node corresponding to the path with the least routing cost as the multicast proxy node.
  • the multicast source node determines that the route cost corresponding to the A node is the smallest, and therefore uses the node A as its multicast proxy node.
  • group member node A is only a multicast proxy node for the group G and the source node S, and different multicast source nodes, or different groups, multicast proxy nodes. May be different.
  • the intermediate node from the multicast source node S to the group member nodes of the group G stores related routing information
  • the intermediate node may be a group member node or a non-group member node.
  • the intermediate node K stores the routing information of K to the group member nodes A, B, C, D, and E.
  • the stored routing information may be the minimum routing cost information of K to a single group member node, or may be the minimum routing cost information obtained by comparing the minimum routing cost corresponding to each group member node.
  • the node after receiving the multicast proxy node discovery request and knowing that the destination group is the group G, the node directly returns the routing cost information to the multicast source node according to the routing information stored in the group G. That is, the routing cost stored by the member nodes of each group is added to the routing cost of K to S, and then the accumulated routing cost is returned to the node A.
  • Embodiment 4 of the present invention describes a multicast method. As shown in FIG. 6, the multicast method includes the following steps:
  • Step s601 The multicast source node encrypts the multicast data by using a key shared by the multicast proxy node, and then sends the multicast data according to a preset route.
  • the multicast proxy node is a group member node corresponding to the path with the highest route cost from the multicast source node to the member nodes of each group. It is pre-determined and stored in the multicast source node, and the determined method may be The method for determining a multicast proxy node in the foregoing first embodiment may also use other methods.
  • the preset route is a route with the least cost between the multicast source node and the multicast proxy node, and is also determined and stored in the multicast source node, and may be determined by using the method in the foregoing Embodiment 1, or may be determined. Use other methods to determine.
  • the shared key may be a key other than the group key corresponding to the multicast data, and may be a point-to-point key, a multi-point-to-point key, or a point-to-multipoint key.
  • the multi-point-to-point key can be determined by the multicast proxy node and its corresponding multiple multicast source nodes by negotiation, distribution, and the like.
  • Step s602 After receiving the multicast data, the multicast proxy node decrypts the multicast data by using the shared key, transmits the multicast data to the upper layer for processing, and uses the decrypted multicast data to use the group secret.
  • the key is encrypted and transmitted to other group member nodes.
  • the multicast proxy node Before decrypting the multicast data, the multicast proxy node may first determine whether it is the multicast proxy node corresponding to the received multicast data. There are a plurality of methods for judging. One method is: when the multicast source node sends the multicast data, it carries the identifier of the multicast proxy node, and after receiving the multicast data, the multicast proxy node determines according to the identifier; In the method, when the multicast source node sends the multicast data, it carries the destination group identifier and the Flag flag. When the multicast proxy node receives the multicast data, if the destination group is found to be the group in which it belongs, and the Flag flag indicates the multicast.
  • the third method is to carry the destination group identifier and group when the multicast source node sends the multicast data.
  • the source node identifier is identified, and the group identifier and the multicast source node identifier corresponding to the multicast proxy node are stored in the multicast proxy node (the multicast proxy node can obtain the information from each multicast source node in advance and store the information.
  • the destination group identifier and the multicast source node identifier carried in the received multicast data are consistent with the identifiers stored by the multicast data, it is determined. It is the corresponding multicast proxy node.
  • the first two methods are preferred, which are simple and convenient, and consume less signaling.
  • the multicast method is as follows. As shown in FIG. 7, the method includes the following steps: Step s701: The multicast source node S encrypts the multicast data packet by using the point-to-point key Ks shared by the multicast proxy node A. The payload portion of the frame is encrypted with Ks). The trailing edge is sent out by a preset route. The data packet carries the identifier of the destination group G (in this embodiment, the destination group address) and a Flag flag. The initial value of the flag is 0, indicating that the data packet is not forwarded by the group member node. If the multicast packet has been forwarded by the multicast member, Flag becomes 1. Table 1 shows a possible frame format for a multicast packet, including the Flag flag, the source node address, and the destination group identifier. Table 1 A possible frame format for multicast packets
  • the multicast source node stores a shared key including each multicast group and corresponding route, a corresponding multicast proxy node, and the multicast source node.
  • the identifier of the multicast group G is represented by its address, which is 0x1234.
  • the routing table also stores the minimum cost route from S to A.
  • the multicast source node searches its own routing table based on the destination group address to obtain the corresponding route and shared key.
  • the multicast source node may also store the multicast proxy node identifier corresponding to each shared key.
  • Step s702 The multicast data packet arrives at the node K according to the preset route, and the node K determines that the destination group identifier of the data packet is not the group in which it is located, and therefore forwards according to the preset route. Since K does not know the key Ks, the content of the packet cannot be intercepted.
  • step s703 the multicast data packet arrives at node A according to the preset route, and according to the destination group identifier, it is determined that the destination group is the group in which it is located, and then the value of Flag is checked to be 0, so that it is determined that it is a multicast proxy node.
  • the node A knows that the source node is S according to the source node address. Therefore, the data packet is decrypted using the key Ks shared with the S, and then transmitted to the upper layer for processing.
  • the node A changes the value of the Flag identifier to 1, re-encrypts the multicast data packet using the group key Kg, and then transmits the multicast data packet between the nodes in the group, which may be multicast or used.
  • the key Kg decrypts the data packet and transmits it to the upper layer for processing, and transmits the data packet to the members of other groups.
  • the process of sending a data packet according to a preset route may be implemented by using multiple routing algorithms.
  • the AODV algorithm may be used to record only the next hop in the routing table.
  • the address can also use the DSR algorithm to record the address of the full path in the routing table, and the remaining full routing node address in the sent multicast packet.
  • the proxy node identifier is stored in the multicast source node, and is represented by the proxy node address.
  • the multicast source node stores the destination group identifier (here represented by the destination group address) and the corresponding route and proxy node address.
  • the multicast source node also stores a shared key of each multicast proxy node and the multicast source node.
  • the multicast source node sends a multicast packet, it carries the destination group identifier and the identifier of the multicast proxy node.
  • the identifier of the multicast proxy node is determined in advance and stored in the multicast source node.
  • the method for determining the multicast proxy node may use the method for determining the multicast proxy node in the foregoing first embodiment, or may use other methods.
  • each node on the preset route determines whether the multicast proxy node identifier in the data packet is its own identifier. If yes, the key shared by the multicast source node is used for decryption, and is transmitted to The high-level processing, at the same time, uses the group key Kg corresponding to the destination group identifier to encrypt the data packet and transmit between the nodes in the group. If not, continue to forward down according to the preset route.
  • the multicast proxy node stores its own multicast source node and multicast group information corresponding to the multicast proxy node.
  • the data frame contains the multicast source node identifier (for example, it can be a multicast source node address).
  • the multicast proxy node determines that it is the corresponding multicast proxy node according to the destination group identifier and the multicast source node identifier in the data packet, and uses the key shared with the multicast source node.
  • the decryption is transmitted to the upper layer processing, and at the same time, the packet is encrypted using the group key Kg and transmitted between the nodes in the group.
  • Embodiment 5 of the present invention describes a multicast system. As shown in FIG. 8, the multicast system includes a multicast source node 8000 and a multicast proxy node 8002.
  • the source node 8000 specifically includes a storage unit 8004, an encryption unit 8006, and a transmission unit 8008.
  • the storage unit 8004 is configured to store the destination group identifier and the corresponding preset route, and the corresponding multicast proxy node identifier and/or the shared key between the corresponding multicast proxy node and the node device.
  • the destination group identifier may be the address of the destination group
  • the multicast proxy node identifier may be the address of the multicast proxy node
  • the preset route is the path with the lowest routing cost between the multicast source node 8000 and the corresponding multicast proxy node.
  • the shared key is a key other than the group key corresponding to the destination group, that is, the group key corresponding to the destination group identifier.
  • Encryption unit 8006 is for encrypting the multicast data using a key (e.g., a point-to-point key) shared with the corresponding multicast proxy node.
  • the shared key cannot be the group key of the corresponding destination group.
  • the sending unit 8008 is configured to send the encrypted multicast data according to a preset route.
  • the multicast proxy node 8002 includes a receiving unit 8018, a determining unit 8016, a decrypting unit 8014, an encrypting unit 8012, and a transmitting unit 8010.
  • the receiving unit 8018 uses After receiving the multicast data from the multicast source node 8000, the determining unit 8016 is configured to determine whether the multicast proxy node 8002 is a multicast proxy node corresponding to the received multicast data. If so, the decryption unit 8014 decrypts the multicast data using the shared key described above for transmission to higher layer processing.
  • the judging unit 8016 may use a plurality of judging methods, for example, the three methods described in step 602 may be employed.
  • the encryption unit 8012 is configured to re-encrypt the decrypted multicast data using the group key, and then the re-encrypted data is transmitted by the transmitting unit 8010 to the other group member nodes.
  • the drawings are merely illustrative and represent logical structures in which the units shown as separate components may or may not be physically separated, and the components displayed as a unit may be Or it may not be a physical unit, that is, it can be located in one place or distributed to several network units.
  • the transmitting unit 8010 and the receiving unit 8018 may be physically located in one place to synthesize the transceiver unit, and the encrypting unit 8012 and the decrypting unit 8014 may also be located in one place and combined into an encryption and decryption unit.
  • the multicast source node selects the group member node corresponding to the path with the least routing cost as the multicast proxy node from the group member nodes, so that the multicast source node can perform multicast according to the optimal route.
  • the multicast source node encrypts the multicast data by using a key other than the group key, which satisfies the requirements of multicast security.
  • the multicast proxy nodes may be different, thereby dispersing the burden of the multicast proxy node, and avoiding the problem that the same node is overburdened as a multicast proxy node of different multicast source nodes.

Abstract

A method for determining multicasting proxy nodes is provided, and a method, device and system for multicasting are also provided. The method for determining multicasting proxy nodes comprises the following steps: a discovering request for multicasting proxy node is sent out by a multicasting original node; a routing cost is returned to the multicasting original node by each member in the group receiving the discovering request or by the intermediate node storing the routing information of each member of the group, in which the routing cost is the routing cost from the multicasting original node to each member node of the group; the member of the group node corresponding to the least routing cost is selected as the multicasting proxy node by the multicasting original node according to the returned routing cost. In the invention, the multicasting is implemented according to the optimal path by the multicasting original node, and the load of the multicasting proxy node is dispersed so that the problem that the same node serving as the multicasting proxy node for several multicasting original nodes becomes overload is avoided.

Description

确定组播代理节点的方法、 组播方法、 设备及系统 本申请要求于 2007年 11 月 21 日提交中国专利局, 申请号为 200710124665.3 ,发明名称为 "确定组播代理节点的方法、组播方法、 设备及系统"的中国申请的优先权, 其全部内容通过引用结合在本申 请中。 技术领域  Method for determining multicast proxy node, multicast method, device and system The application is submitted to the Chinese Patent Office on November 21, 2007, and the application number is 200710124665.3, and the invention name is "Method for determining multicast proxy node, multicast method" The priority of the Chinese application, the device and the system, the entire contents of which are incorporated herein by reference. Technical field
本发明实施例涉及通信领域,尤其涉及一种确定组播代理节点的 方法、 组播方法、 设备及系统。 背景技术  The embodiments of the present invention relate to the field of communications, and in particular, to a method, a multicast method, a device, and a system for determining a multicast proxy node. Background technique
组播, 也叫多播, 是指网络当中的一个节点同时发送数据到多个 目的节点。 组播技术主要涉及组播路由、组成员管理和组播安全等方 面。 其中, 组播安全方面, 需要保证组播数据不会被未授权的节点获 得, 通常是通过加解密来实现的。 在现有的一些网络中, 例如 ZigBee 网络,组播源节点和组成员节点分别使用所有网络节点共享的网络密 钥来对组播数据进行加密和解密, 由于非组成员节点也知道网络密 钥, 因此不能防范非组成员获取组播数据。  Multicast, also called multicast, means that one node in the network simultaneously sends data to multiple destination nodes. Multicast technology mainly involves multicast routing, group member management, and multicast security. Among them, in terms of multicast security, it is necessary to ensure that multicast data is not obtained by unauthorized nodes, usually by encryption and decryption. In some existing networks, such as the ZigBee network, the multicast source node and the group member node respectively use the network key shared by all network nodes to encrypt and decrypt the multicast data, since the non-group member node also knows the network key. Therefore, non-group members cannot be prevented from obtaining multicast data.
在另一些网络中,组播源节点和组成员节点使用组密钥来对组播 数据进行加密和解密。 所有组成员节点都知道或可以获得组密钥, 而 非组成员节点不掌握组密钥,因此可以防止非组成员节点获得组播数 据。 但是, 组播源节点可能是组成员节点, 也可能是非组成员节点, 当组播源节点是非组成员节点时, 由于非组成员节点不掌握组密钥, 因此不能直接使用组密钥来加密。 现有技术的解决方法是, 每个组中 设置一个组播管理器, 它是其中一个组成员节点, 对安全作集中式管 理。 非组成员发起的所有组播数据都先发送到组播管理器, 组播管理 器再使用组密钥来加密数据包, 然后发送到各组成员节点。  In other networks, multicast source nodes and group member nodes use group keys to encrypt and decrypt multicast data. All group member nodes know or can obtain the group key, while non-group member nodes do not know the group key, thus preventing non-group member nodes from obtaining multicast data. However, the multicast source node may be a group member node or a non-group member node. When the multicast source node is a non-group member node, since the non-group member node does not grasp the group key, it cannot be directly encrypted using the group key. . The prior art solution is to set up a multicast manager in each group, which is one of the group member nodes, and manages security centrally. All multicast data initiated by non-group members is sent to the multicast manager. The multicast manager then uses the group key to encrypt the packets and then sends them to each group member node.
在实现本发明的过程中, 发明人发现现有技术至少存在以下问 题:所有组播数据都必须先发送到组播管理器,路由不一定是最优的。 发明内容 In the process of implementing the present invention, the inventors have found that at least the following problems exist in the prior art. Problem: All multicast data must be sent to the multicast manager first, and the routing is not necessarily optimal. Summary of the invention
本发明实施例提供了一种确定组播代理节点的方法、 组播方法、 设备及系统, 以实现组播源节点可以按照最优路由进行组播。  The embodiment of the invention provides a method, a multicast method, a device and a system for determining a multicast proxy node, so that the multicast source node can perform multicast according to an optimal route.
本发明实施例的确定组播代理节点的方法包括:组播源节点发送 组播代理节点发现请求;收到所述发现请求的各组成员节点或存储有 组成员节点路由信息的中间节点返回路由代价给所述组播源节点,所 述路由代价为所述组播源节点到各组成员节点的路由代价;所述组播 源节点根据返回的路由代价,选择路由代价最小的路径所对应的组成 员节点作为组播代理节点。  The method for determining a multicast proxy node in the embodiment of the present invention includes: a multicast source node sends a multicast proxy node discovery request; and each group member node that receives the discovery request or an intermediate node that stores routing information of a group member node returns a route The cost is given to the multicast source node, and the routing cost is a routing cost of the multicast source node to each group member node; the multicast source node selects a path corresponding to the path with the lowest routing cost according to the returned routing cost The group member node acts as a multicast proxy node.
本发明实施例还提供了一种组播方法、 节点设备及组播系统, 可 以在满足组播安全要求的前提下, 实现组播路由的最优。  The embodiment of the present invention further provides a multicast method, a node device, and a multicast system, which can implement multicast routing optimization under the premise of satisfying multicast security requirements.
本发明实施例的组播方法, 包括: 组播源节点使用与组播代理节 点共享的密钥对组播数据进行加密, 然后按照预设路由发送; 所述组 播代理节点为组播源节点到各组成员节点之间路由代价最 d、的路径 所对应的组成员节点, 所述预设路由为该路由代价最小的路径, 所述 组播数据中携带目的组标识,所述共享的密钥为所述目的组标识对应 的组密钥之外的其他密钥; 所述组播代理节点接收到所述组播数据 后, 使用所述共享的密钥把所述组播数据解密后传到高层进行处理, 并把所述解密后的组播数据使用组密钥加密后向其他组成员节点传 输。  The multicast method of the embodiment of the present invention includes: the multicast source node encrypts the multicast data by using a key shared by the multicast proxy node, and then sends the multicast data according to a preset route; the multicast proxy node is a multicast source node. The group member node corresponding to the path with the lowest cost of each group member node, the preset route is the path with the least cost of the route, and the multicast data carries the destination group identifier, and the shared secret The key is a key other than the group key corresponding to the destination group identifier; after receiving the multicast data, the multicast proxy node decrypts the multicast data by using the shared key The processing is performed to the upper layer, and the decrypted multicast data is encrypted by using the group key and transmitted to other group member nodes.
本发明实施例的节点设备包括: 存储单元, 用于所述节点设备作 为组播源节点时, 存储目的组标识以及对应的预设路由, 以及预先确 定的对应组播代理节点的标识和 /或对应的组播代理节点与该节点设 备之间的共享密钥,所述组播代理节点为所述节点设备到各组成员节 点之间路由代价最小的路径所对应的组成员节点,所述预设路由为该 路由代价最小的路径,所述共享密钥为目的组所对应的组密钥之外的 其他密钥; 加密单元, 用于使用所述共享密钥对组播数据进行加密; 发送单元, 用于按照所述预设路由发送加密后的组播数据。 The node device of the embodiment of the present invention includes: a storage unit, configured to: when the node device is used as a multicast source node, store the destination group identifier and the corresponding preset route, and the identifier of the corresponding corresponding multicast proxy node and/or a shared key between the corresponding multicast proxy node and the node device, where the multicast proxy node is a group member node corresponding to a path with the least cost route between the node device and each group member node, the pre-predetermined Let the route be the path with the least cost of the route, and the shared key is other than the group key corresponding to the destination group. The encryption unit is configured to encrypt the multicast data by using the shared key, and the sending unit is configured to send the encrypted multicast data according to the preset route.
本发明又一实施例的节点设备包括: 接收单元, 用于接收来自组 播源节点的组播数据; 判断单元, 用于判断自己是否为所接收的组播 数据对应的组播代理节点 ,所述组播代理节点为所述组播源节点到各 组成员节点之间路由代价最小的路径所对应的组成员节点; 解密单 元, 用于在判断单元判断出所述节点设备是对应的组播代理节点时, 使用与所述组播源节点共享的密钥对所述组播数据进行解密 ,所述共 享的密钥为组密钥之外的其他密钥; 加密单元, 用于使用所述组密钥 对所述解密后的组播数据进行加密; 发送单元, 用于发送使用所述组 密钥加密后的组播数据。  A node device according to another embodiment of the present invention includes: a receiving unit, configured to receive multicast data from a multicast source node; and a determining unit, configured to determine whether it is a multicast proxy node corresponding to the received multicast data, The multicast proxy node is a group member node corresponding to a path with the least cost route between the multicast source node and each group member node; the decryption unit is configured to determine, in the determining unit, that the node device is a corresponding multicast And proxying the node, decrypting the multicast data by using a key shared by the multicast source node, the shared key being a key other than the group key; and an encryption unit, configured to use the The group key encrypts the decrypted multicast data, and the sending unit is configured to send the multicast data encrypted by using the group key.
本发明实施例的组播系统包括: 组播源节点, 用于使用与组播代 理节点共享的密钥对组播数据进行加密, 然后按照预设路由发送; 所 述组播代理节点为组播源节点到各组成员节点之间路由代价最小的 路径所对应的组成员节点, 所述预设路由为该路由代价最小的路径, 所述共享的密钥为组密钥之外的其他密钥; 组播代理节点, 用于在接 收到所述组播数据后 ,使用所述共享的密钥把所述组播数据解密后传 到高层进行处理,并把所述解密后的组播数据使用组密钥加密后向其 他组成员节点传输。  The multicast system of the embodiment of the present invention includes: a multicast source node, configured to encrypt the multicast data by using a key shared by the multicast proxy node, and then send the data according to a preset route; the multicast proxy node is multicast The group member node corresponding to the route with the least cost route between the source node and the member nodes of the group, the preset route is the path with the least cost of the route, and the shared key is a key other than the group key. a multicast proxy node, after receiving the multicast data, decrypting the multicast data by using the shared key, transmitting the multicast data to a higher layer for processing, and using the decrypted multicast data The group key is encrypted and transmitted to other group member nodes.
本发明又一实施例的一种确定组播代理节点的方法, 包括: 向各组成员节点或存储有组成员节点路由信息的中间节点发送 组播代理节点发现请求;  A method for determining a multicast proxy node according to still another embodiment of the present invention includes: sending a multicast proxy node discovery request to each group member node or an intermediate node storing routing information of the group member node;
根据所述各组成员节点或存储有组成员节点路由信息的中间节 点返回的路由代价,选择路由代价最小的路径所对应的组成员节点作 为组播代理节点,所述路由代价为所述组播源节点到各组成员节点的 路由代价。  Selecting, according to the routing cost returned by the group member node or the intermediate node storing the routing information of the group member node, the group member node corresponding to the path with the lowest routing cost as the multicast proxy node, and the routing cost is the multicast The routing cost from the source node to each member node.
本发明又一实施例的一种组播方法, 包括:  A multicast method according to still another embodiment of the present invention includes:
接收组播源节点发送的组播数据 ,所述组播数据是所述组播源节 点使用与组播代理节点共享的密钥加密,并按照预设路由发送的组播 数据;所述组播代理节点为组播源节点到各组成员节点之间路由代价 最小的路径所对应的组成员节点,所述预设路由为该路由代价最小的 路径, 所述组播数据中携带目的组标识, 所述共享的密钥为所述目的 组标识对应的组密钥之外的其他密钥; Receiving multicast data sent by the multicast source node, where the multicast data is encrypted by using the key shared by the multicast source node and shared by the multicast proxy node, and sending according to the preset route The multicast proxy node is a group member node corresponding to a path with a least cost route from the multicast source node to each member node, and the preset route is a path with the least cost of the route, and the multicast data is The destination group identifier is carried, where the shared key is a key other than the group key corresponding to the destination group identifier;
使用所述共享的密钥把所述组播数据解密后传到高层进行处理, 并把所述解密后的组播数据使用组密钥加密后向其他组成员节点传 输。  The multicast data is decrypted using the shared key and transmitted to a higher layer for processing, and the decrypted multicast data is encrypted using a group key and transmitted to other group member nodes.
与现有技术相比, 本发明实施例具有以下优点:  Compared with the prior art, the embodiment of the invention has the following advantages:
本发明实施例釆用组播源节点从组成员节点或中间节点中选择 路由代价最小的路径所对应的组成员节点作为组播代理节点,从而可 以使组播源节点按照最优路由进行组播。 附图说明  In the embodiment of the present invention, the multicast source node selects a group member node corresponding to the path with the least route cost from the group member node or the intermediate node as a multicast proxy node, so that the multicast source node can perform multicast according to the optimal route. . DRAWINGS
图 1是本发明实施例一的一种确定组播代理节点的方法的流程 图;  1 is a flow chart of a method for determining a multicast proxy node according to Embodiment 1 of the present invention;
图 2是本发明实施例二的一种组播方法的流程图;  2 is a flowchart of a multicast method according to Embodiment 2 of the present invention;
图 3是本发明实施例三的一种确定组播代理节点的方法的流程 图;  3 is a flow chart of a method for determining a multicast proxy node according to Embodiment 3 of the present invention;
图 4是本发明实施例所应用的一种场景下的网络结构示意图; 图 5是本发明实施例三的应用实施例 1的确定组播代理节点的方 法的流程图;  4 is a schematic diagram of a network structure in a scenario according to an embodiment of the present invention; FIG. 5 is a flowchart of a method for determining a multicast proxy node according to Embodiment 1 of the third embodiment of the present invention;
图 6是本发明实施例四的一种组播方法的流程图;  6 is a flowchart of a multicast method according to Embodiment 4 of the present invention;
图 7是本发明实施例四的应用实施例 1的组播方法的流程图; 图 8是本发明实施例五的组播系统示意图。 具体实施方式  7 is a flowchart of a multicast method according to Embodiment 1 of the fourth embodiment of the present invention; and FIG. 8 is a schematic diagram of a multicast system according to Embodiment 5 of the present invention. detailed description
为使本发明的目的、技术方案和优点更加清楚, 下面结合附图对 本发明作进一步的详细描述。 本发明实施例一描述了一种确定组播代理节点的方法, 如图 1所 示, 包括: The present invention will be further described in detail below with reference to the accompanying drawings. A first embodiment of the present invention describes a method for determining a multicast proxy node. As shown in FIG. 1, the method includes:
步骤 slOl , 向各组成员节点或存储有组成员节点路由信息的中间 节点发送组播代理节点发现请求;  Step slOl, sending a multicast proxy node discovery request to each group member node or an intermediate node storing routing information of the group member node;
步骤 s 102 ,根据各组成员节点或存储有组成员节点路由信息的中 间节点返回的路由代价,选择路由代价最小的路径所对应的组成员节 点作为组播代理节点,路由代价为组播源节点到各组成员节点的路由 代价。  Step s 102: Select, according to the routing cost returned by each group member node or the intermediate node storing the routing information of the group member node, the group member node corresponding to the path with the lowest routing cost as the multicast proxy node, and the routing cost is the multicast source node. The routing cost to each member node.
本发明实施例釆用组播源节点从组成员节点或中间节点中选择 路由代价最小的路径所对应的组成员节点作为组播代理节点,从而可 以使组播源节点按照最优路由进行组播。  In the embodiment of the present invention, the multicast source node selects a group member node corresponding to the path with the least route cost from the group member node or the intermediate node as a multicast proxy node, so that the multicast source node can perform multicast according to the optimal route. .
本发明实施例二描述了一种组播方法, 如图 2所示, 包括: 步骤 s201 , 接收组播源节点发送的组播数据, 组播数据是组播源 节点使用与组播代理节点共享的密钥加密,并按照预设路由发送的组 播数据;组播代理节点为组播源节点到各组成员节点之间路由代价最 'J、的路径所对应的组成员节点, 预设路由为该路由代价最 d、的路径, 组播数据中携带目的组标识,共享的密钥为目的组标识对应的组密钥 之外的其他密钥。  A second embodiment of the present invention describes a multicast method. As shown in FIG. 2, the method includes: Step s201: Receive multicast data sent by a multicast source node, where the multicast data is shared by the multicast source node and shared by the multicast proxy node. The key is encrypted and the multicast data is sent according to the preset route; the multicast proxy node is the group member node corresponding to the path with the most cost of the route from the multicast source node to the member nodes of each group, and the preset route For the route with the most cost, the multicast data carries the destination group identifier, and the shared key is the key other than the group key corresponding to the destination group identifier.
在使用共享的密钥对组播数据进行解密之前, 还包括: 判断自己是否为组播数据所对应的组播代理节点。  Before decrypting the multicast data by using the shared key, the method further includes: determining whether it is a multicast proxy node corresponding to the multicast data.
上述判断自己是否为组播数据所对应的组播代理节点的方法为: 组播数据中还携带有组播代理节点标识, 根据标识来进行判断; 或者,  The method for determining whether the multicast proxy node is the multicast data is: the multicast data carries the identifier of the multicast proxy node, and is determined according to the identifier; or
组播数据中还携带有 Flag标志, 当根据目的组标识判断出目的组 为自己所在的组, 且 Flag标志表明组播数据未经组成员转发时, 判断 出自己为组播数据所对应的组播代理节点; 或者,  The multicast data also carries the Flag flag. When the destination group is determined to be the group in which the destination group is located, and the Flag flag indicates that the multicast data is not forwarded by the group member, the group corresponding to the multicast data is determined. Broadcast proxy node; or,
组播数据中携带有组播源节点标识,组播代理节点中存储有自己 作为组播代理节点时所对应的目的组标识和组播源节点标识, 当组播 数据中携带的目的组标识和组播源节点标识与自己所存储的标识一 致时, 判断出自己为组播数据所对应的组播代理节点。 The multicast data carries the multicast source node identifier, and the multicast proxy node stores the destination group identifier and the multicast source node identifier corresponding to the multicast proxy node, and the destination group identifier carried in the multicast data. The multicast source node identifier is the same as the identifier stored by itself. When it is time, it is judged that it is a multicast proxy node corresponding to the multicast data.
步骤 s202 , 使用共享的密钥把组播数据解密后传到高层进行处 理, 并把解密后的组播数据使用组密钥加密后向其他组成员节点传 输。  Step s202: Decrypt the multicast data by using the shared key, and then transmit the multicast data to the upper layer for processing, and encrypt the decrypted multicast data by using the group key and transmit the data to the other group member nodes.
依据本发明实施例,组播源节点从组成员节点中选择路由代价最 小的路径所对应的组成员节点作为组播代理节点,从而可以使组播源 节点按照最优路由进行组播。  According to the embodiment of the present invention, the multicast source node selects the group member node corresponding to the path with the least routing cost as the multicast proxy node from the group member nodes, so that the multicast source node can perform multicast according to the optimal route.
本发明实施例三描述了一种确定组播代理节点的方法。如图 3所 示, 该方法包括以下步骤:  Embodiment 3 of the present invention describes a method for determining a multicast proxy node. As shown in Figure 3, the method includes the following steps:
步骤 s301、组播源节点发送组播代理节点发现请求,在发现请求 中携带目的组标识。该组播代理节点发现请求可以通过广播的形式发 送。  Step s301: The multicast source node sends a multicast proxy node discovery request, where the discovery request carries the destination group identifier. The multicast proxy node discovery request can be sent by broadcast.
步骤 s302、各组成员节点收到发现请求后,确定自己到组播源节 点的路由代价, 然后返回给组播源节点。  Step s302: After receiving the discovery request, each group member node determines the routing cost of the node to the multicast source node, and then returns the result to the multicast source node.
在发现请求到达各组成员节点之前, 通常会经过中间节点, 中间 节点可能是组成员节点, 也可能是非组成员节点。 一个节点收到发现 请求后,可以根据发现请求中携带的目的组标识来判断自己是否为组 成员节点, 如果是组成员节点, 则向组播源节点返回路由代价信息, 如果不是组成员节点 (即是非组成员节点;), 则累加从上一跳到自己 的路由代价, 然后向其邻节点转发组播代理节点发现请求, 直到到达 组成员节点。  Before the discovery request arrives at each member node, it usually passes through the intermediate node, which may be a group member node or a non-group member node. After receiving a discovery request, a node can determine whether it is a member node of the group according to the destination group identifier carried in the discovery request. If it is a member node of the group, it returns the routing cost information to the multicast source node. That is, the non-group member node;), accumulates the routing cost from the previous hop to its own, and then forwards the multicast proxy node discovery request to its neighbor until it reaches the group member node.
各组成员节点可以向组播源节点返回所有路由代价, 这里的 "所 有路由代价"理论上是指, 根据网络结构, 组播源节点到各组成员节 点的所有客观存在的路径所对应的路由代价, 但实际上, 组播源节点 通常会预设一段时间, 在该预设时间结束后, 不再接收返回的路由代 价。 因此, "所有路由代价" 通常是指预设时间内的各路径的路由代 价。  Each group member node can return all routing costs to the multicast source node. Here, "all routing costs" theoretically refers to the route corresponding to all objective existing paths of the multicast source node to each group member node according to the network structure. The cost, but in fact, the multicast source node usually presets a period of time, and after the preset time is over, it no longer receives the returned route cost. Therefore, "all routing costs" usually refers to the routing cost of each path within a preset time.
各组成员节点也可以先对各路径的路由代价做比较,只返回最小 的路由代价; 也可以在第一次接收到发现请求后, 向组播源节点返回 第一次发现请求传输路径的路由代价, 第二次接收到发现请求时, 先 判断第二次发现请求传输路径对应的路由代价是否比第一次发现请 求传输路径对应的路由代价小, 如果是, 则返回该较小的路由代价, 如果不是, 则不返回, 并记录该较小的路由代价。 以后各次接收到发 现请求时, 均与此前较小的路由代价比较, 如果更小, 则返回该更小 的路由代价,否则不返回。釆用先比较再返回较小者或最小者的方式, 相对于返回所有路由代价而言, 可以减少返回次数, 从而减少返回途 中各节点信令交互, 有利于减少网络负荷。 Each group member node can also compare the routing costs of each path first, and only return the minimum routing cost. It can also return to the multicast source node after receiving the discovery request for the first time. The routing cost of the requesting transmission path is found for the first time. When the discovery request is received for the second time, it is determined whether the routing cost corresponding to the second discovery request transmission path is smaller than the routing cost corresponding to the first discovery request transmission path. Returns the smaller route cost, if not, does not return, and records the smaller route cost. When each subsequent discovery request is received, it is compared with the previous smaller routing cost. If it is smaller, the smaller routing cost is returned, otherwise it is not returned.方式 Compare and return to the smaller or the smallest, and reduce the number of returns relative to returning all routing costs, thereby reducing the signaling interaction of each node on the way back, which is beneficial to reduce network load.
此外, 如果某中间节点存储有自己到各组成员节点的路由信息, 则该中间节点接收到发现请求后,可以直接向组播源节点返回路由代 价。 这里的路由代价, 可以是组播源节点到该中间节点的各路由代价 与该中间节点到各组成员节点的各路由代价之和, 优先的, 是组播源 节点到该中间节点的最小路由代价与该中间节点到各组成员节点的 最小路由代价之和, 因为可以减少返回的次数。  In addition, if an intermediate node stores its own routing information to each group member node, the intermediate node can directly return the routing cost to the multicast source node after receiving the discovery request. The routing cost here may be the sum of the routing cost of the multicast source node to the intermediate node and the routing cost of the intermediate node to each group member node, and preferentially, the minimum route from the multicast source node to the intermediate node. The cost is the sum of the minimum routing cost of the intermediate node to each group member node, because the number of returns can be reduced.
步骤 s303、 组播源节点根据各组成员节点返回的路由代价信息, 选择路由代价最小的路径所对应的组成员节点作为目的组的组播代 理节点。  Step s303: The multicast source node selects, according to the routing cost information returned by the member nodes of each group, a group member node corresponding to the path with the smallest routing cost as the multicast proxy node of the destination group.
下面介绍实施例三的方法在图 4所示的网络中的应用实施例 1。 如图 4所示,为本发明实施例所应用的一种场景下的网络结构示 意图, 节点 A、 B、 C、 D、 E都属于组播组 G的组成员, 组 G中所 有成员共享一个组密钥 Kg, 非组成员节点不能获取此组密钥。 节点 S为非组成员, 需要发送组播数据到组 G的各个组成员节点。也就是 说, 在该次组播过程中, 节点 S为组播源节点。  The application example 1 of the method of the third embodiment in the network shown in Fig. 4 will be described below. FIG. 4 is a schematic diagram of a network structure in a scenario according to an embodiment of the present invention. Nodes A, B, C, D, and E belong to a group member of a multicast group G, and all members in the group G share one. Group key Kg, the non-group member node cannot obtain this group key. Node S is a non-group member and needs to send multicast data to each group member node of group G. That is to say, in this multicast process, node S is a multicast source node.
在该网络中, 如图 5所示, 确定组播代理节点的方法如下: 步骤 s501、 组播源节点 S向其邻节点 K和 I广播组播代理节点 发现请求, 在该组播代理节点发现请求中携带目的组 G 的标识和路 由代价。 这里设路由代价初始值为 0。  In the network, as shown in FIG. 5, the method for determining the multicast proxy node is as follows: Step s501: The multicast source node S broadcasts a multicast proxy node discovery request to its neighbor nodes K and I, and discovers the request at the multicast proxy node. The request carries the identifier and routing cost of the destination group G. Here, the initial value of the routing cost is 0.
步骤 s502、 节点 K收到组播代理节点发现请求后, 根据目的组 G的标识, 判断出自己不属于组 G, 因此, 累加从 S到 K的路由代 价 1 , 然后重新广播组播代理节点发现请求, 该请求中携带的路由代 价为累加后的路由代价, 即 1。 节点 A收到节点 K重新广播的组播 代理节点发现请求后, 根据目的组 G的标识判断出自己属于组 G的 组成员, 因此, 累加从 K到 A的路由代价 1.2, 得到累加后的路由代 价 2.2, 并将该累加后的路由代价返回给组播源节点 S。 同样, 组成 员节点 A还会收到其他非组成员节点(例如节点 I )转发的组播代理 节点发现请求, 并累加路由代价, 将累加后的路由代价返回给组播源 节点 S。 需要说明的是, 组成员节点 A也可以先分别累加各非组成员 转发的组播代理节点发现请求中的路由代价, 即组播源节点 S 到 A 的不同路径的路由代价, 然后从中选择一个最小的路由代价, 并将该 最低的路由代价返回给组播源节点 S。 Step s502: After receiving the multicast proxy node discovery request, the node K determines, according to the identifier of the destination group G, that it does not belong to the group G, and therefore, accumulates the route generation from S to K. The price is 1, and then the multicast proxy node discovery request is re-broadcasted. The routing cost carried in the request is the accumulated routing cost, that is, 1. After receiving the multicast proxy node discovery request re-broadcasted by the node K, the node A determines that it belongs to the group member of the group G according to the identifier of the destination group G. Therefore, the route cost from K to A is accumulated 1.2, and the accumulated route is obtained. The cost is 2.2, and the accumulated routing cost is returned to the multicast source node S. Similarly, the group member node A also receives the multicast proxy node discovery request forwarded by other non-group member nodes (for example, node I), and accumulates the routing cost, and returns the accumulated routing cost to the multicast source node S. It should be noted that the group member node A may also separately accumulate the routing cost in the multicast proxy node discovery request forwarded by each non-group member, that is, the routing cost of different paths of the multicast source node S to A, and then select one of them. The minimum routing cost, and the lowest routing cost is returned to the multicast source node S.
其他组成员节点:8、 C、 D、 E也会收到非组成员节点转发的组播 代理节点发现请求, 并累加路由代价后返回给组播源节点。返回方式 也可以有两种, 即分别返回不同路径的路由代价, 或者先从不同路径 的路由代价中选择最小的一个然后返回该最小路由代价。  Other group member nodes: 8, C, D, and E also receive the multicast proxy node discovery request forwarded by the non-group member node, and add the route cost to the multicast source node. There are two ways to return, that is, to return the routing cost of different paths respectively, or to select the smallest one from the routing costs of different paths and then return the minimum routing cost.
步骤 s503、 组播源节点 S根据各组成员节点返回的路由代价, 选择路由代价最小的路径所对应的组成员节点, 作为目的组 G 的组 播代理节点。 例如, 在一个组成员节点返回多条路径的路由代价的情 况下,如果组播源节点选择出的最小路由代价是这多条路径的路由代 价之一, 则将该组成员节点作为组播代理节点。 在这种情况下, 组播 源节点也可以先选择同一组成员节点返回的多个路由代价中的最小 值, 然后将各个组成员节点返回路由代价的最小值进行比较, 最后得 出的最小值所对应的组成员节点就是组播代理节点。在每个组成员节 点只返回一个路由代价的情况下,组播源节点直接选择路由代价最小 的路径所对应的组成员节点作为组播代理节点。 在本应用实施例中, 组播源节点判断出 A节点对应的路由代价最小, 因此将节点 A作为 其组播代理节点。  Step s503: The multicast source node S selects a group member node corresponding to the path with the lowest route cost as the multicast proxy node of the destination group G according to the routing cost returned by the member nodes of each group. For example, if a group member node returns the routing cost of multiple paths, if the minimum routing cost selected by the multicast source node is one of the routing costs of the multiple paths, the group member node is used as a multicast proxy. node. In this case, the multicast source node can also select the minimum of multiple routing costs returned by the same group of member nodes, and then compare the minimum values of the routing costs returned by each group member node, and finally obtain the minimum value. The corresponding group member node is a multicast proxy node. In the case that only one routing cost is returned for each group member node, the multicast source node directly selects the group member node corresponding to the path with the least routing cost as the multicast proxy node. In this application embodiment, the multicast source node determines that the route cost corresponding to the A node is the smallest, and therefore uses the node A as its multicast proxy node.
需要说明的是, 组成员节点 A只是对组 G和源节点 S来说是组 播代理节点, 对于不同的组播源节点, 或者不同的组, 组播代理节点 可能不同。 It should be noted that the group member node A is only a multicast proxy node for the group G and the source node S, and different multicast source nodes, or different groups, multicast proxy nodes. May be different.
下面接着介绍实施例三的方法在图 4 所示的网络中的具体应用 实施例 2。  Next, a specific application example 2 of the method of the third embodiment in the network shown in Fig. 4 will be described.
在该实施例中, 从组播源节点 S到组 G的各组成员节点的中间 节点存储了相关路由信息, 该中间节点可以是组成员节点, 也可以是 非组成员节点。 例如, 中间节点 K存储了 K到组成员节点 A、 B、 C、 D、 E的路由信息。 该存储的路由信息可以是 K到单个组成员节点的 最小路由代价信息,也可以是将各个组成员节点所对应的最小路由代 价进行比较之后得出的最小路由代价信息。  In this embodiment, the intermediate node from the multicast source node S to the group member nodes of the group G stores related routing information, and the intermediate node may be a group member node or a non-group member node. For example, the intermediate node K stores the routing information of K to the group member nodes A, B, C, D, and E. The stored routing information may be the minimum routing cost information of K to a single group member node, or may be the minimum routing cost information obtained by comparing the minimum routing cost corresponding to each group member node.
在该实施例中, 当节点 Κ收到组播代理节点发现请求并得知出目 的组是组 G后, 直接根据自己存储的到组 G的路由信息向组播源节 点 Α返回路由代价信息, 即, 把自己存储的到各组成员节点的路由 代价累加上 K到 S的路由代价, 然后向节点 A返回该累加后的路由 代价。  In this embodiment, after receiving the multicast proxy node discovery request and knowing that the destination group is the group G, the node directly returns the routing cost information to the multicast source node according to the routing information stored in the group G. That is, the routing cost stored by the member nodes of each group is added to the routing cost of K to S, and then the accumulated routing cost is returned to the node A.
本发明实施例四描述了一种组播方法。 如图 6所示, 该组播方法 包括如下步骤:  Embodiment 4 of the present invention describes a multicast method. As shown in FIG. 6, the multicast method includes the following steps:
步骤 s601、组播源节点使用与组播代理节点共享的密钥对组播数 据进行加密, 然后按照预设路由发送。 组播代理节点是组播源节点到 各组成员节点之间的路由代价最 d、的路径所对应的组成员节点,它是 预先确定并存储在组播源节点中的,确定的方法可以是前述实施例一 的确定组播代理节点的方法, 也可以釆用其他方法。预设的路由是组 播源节点与组播代理节点之间路由代价最小的路径 ,也是预先确定并 存储在组播源节点中的, 可以釆用前述实施例一的方法来确定, 也可 以釆用其他方法来确定。共享的密钥可以是该组播数据对应的组密钥 以外的其他密钥, 可以是点对点密钥、 也可以是多点对点的密钥, 还 可以点对多点的密钥。多点对点的密钥可以由组播代理节点与其对应 的多个组播源节点之间通过协商、 分发等方式来确定。  Step s601: The multicast source node encrypts the multicast data by using a key shared by the multicast proxy node, and then sends the multicast data according to a preset route. The multicast proxy node is a group member node corresponding to the path with the highest route cost from the multicast source node to the member nodes of each group. It is pre-determined and stored in the multicast source node, and the determined method may be The method for determining a multicast proxy node in the foregoing first embodiment may also use other methods. The preset route is a route with the least cost between the multicast source node and the multicast proxy node, and is also determined and stored in the multicast source node, and may be determined by using the method in the foregoing Embodiment 1, or may be determined. Use other methods to determine. The shared key may be a key other than the group key corresponding to the multicast data, and may be a point-to-point key, a multi-point-to-point key, or a point-to-multipoint key. The multi-point-to-point key can be determined by the multicast proxy node and its corresponding multiple multicast source nodes by negotiation, distribution, and the like.
步骤 s602、组播代理节点接收到组播数据后,使用共享的密钥把 组播数据解密后传到高层进行处理,并把解密后的组播数据使用组密 钥加密后向其他组成员节点传输。 Step s602: After receiving the multicast data, the multicast proxy node decrypts the multicast data by using the shared key, transmits the multicast data to the upper layer for processing, and uses the decrypted multicast data to use the group secret. The key is encrypted and transmitted to other group member nodes.
组播代理节点在对组播数据进行解密之前,可以先判断自己是否 为所接收到的组播数据所对应的组播代理节点。 判断的方法有多种, 其中一种方法是, 组播源节点发送组播数据时, 携带组播代理节点标 识, 组播代理节点接收到组播数据后, 根据该标识来进行判断; 第二 种方法是, 组播源节点发送组播数据时, 携带目的组标识和 Flag标 志, 当组播代理节点接收到组播数据后, 如果发现目的组为自己所在 的组, 且 Flag标志表明组播数据未经组成员转发时, 则判断得出自 己就是所接收的组播数据所对应的组播代理节点; 第三种方法是, 组 播源节点发送组播数据时, 携带目的组标识和组播源节点标识, 并且 在组播代理节点中存储自己作为组播代理节点时所对应的组标识和 组播源节点标识(组播代理节点可以事先从各组播源节点处获得这些 信息并存储), 当所接收的组播数据中携带的目的组标识和组播源节 点标识与自己所存储的标识一致时,判断出自己就是所对应的组播代 理节点。 这三种方法中, 优选前两种方法, 简单方便, 且消耗的信令 小。  Before decrypting the multicast data, the multicast proxy node may first determine whether it is the multicast proxy node corresponding to the received multicast data. There are a plurality of methods for judging. One method is: when the multicast source node sends the multicast data, it carries the identifier of the multicast proxy node, and after receiving the multicast data, the multicast proxy node determines according to the identifier; In the method, when the multicast source node sends the multicast data, it carries the destination group identifier and the Flag flag. When the multicast proxy node receives the multicast data, if the destination group is found to be the group in which it belongs, and the Flag flag indicates the multicast. When the data is not forwarded by the group member, it is judged that it is the multicast proxy node corresponding to the received multicast data. The third method is to carry the destination group identifier and group when the multicast source node sends the multicast data. The source node identifier is identified, and the group identifier and the multicast source node identifier corresponding to the multicast proxy node are stored in the multicast proxy node (the multicast proxy node can obtain the information from each multicast source node in advance and store the information. When the destination group identifier and the multicast source node identifier carried in the received multicast data are consistent with the identifiers stored by the multicast data, it is determined. It is the corresponding multicast proxy node. Among the three methods, the first two methods are preferred, which are simple and convenient, and consume less signaling.
下面结合图 4所示的网络,详细描述实施例四中的组播方法的应 用实施例。  The application example of the multicast method in the fourth embodiment will be described in detail below with reference to the network shown in FIG.
在应用实施例 1中, 组播方法如下, 如图 7所示, 包括: 步骤 s701、 组播源节点 S使用和组播代理节点 A共享的点对点 密钥 Ks对组播数据包进行加密 (即将帧中的净荷部分用 Ks加密 ) 后沿预设路由发送出去。 数据包中带有目的组 G 的标识 (本实施例 中为目的组地址 )和一个 Flag标志, Flag的初始值为 0, 表示该数据 包未经组成员节点转发。 如果组播数据包经过了组播成员的转发, 则 Flag变为 1。 表一示出了组播数据包的一种可能的帧格式, 包含 Flag 标志, 源节点地址和目的组标识。 表一 组播数据包的一种可能的帧格式
Figure imgf000013_0001
In the application embodiment 1, the multicast method is as follows. As shown in FIG. 7, the method includes the following steps: Step s701: The multicast source node S encrypts the multicast data packet by using the point-to-point key Ks shared by the multicast proxy node A. The payload portion of the frame is encrypted with Ks). The trailing edge is sent out by a preset route. The data packet carries the identifier of the destination group G (in this embodiment, the destination group address) and a Flag flag. The initial value of the flag is 0, indicating that the data packet is not forwarded by the group member node. If the multicast packet has been forwarded by the multicast member, Flag becomes 1. Table 1 shows a possible frame format for a multicast packet, including the Flag flag, the source node address, and the destination group identifier. Table 1 A possible frame format for multicast packets
Figure imgf000013_0001
本实施例中, 组播源节点中存储有包含各个组播组及对应的路 由、 对应的组播代理节点与该组播源节点的共享密钥。 如表二所示, 该路由表中, 组播组 G的标识用其地址来表示, 即为 0x1234。 同时, 路由表中还存储有 S到 A的最小代价路由。 组播源节点发送组播数 据包前, 根据目的组地址查找自身存储的路由表, 可以得到对应的路 由及共享密钥。 本实施例中, 组播源节点也可以存储各共享密钥对应 的组播代理节点标识。  In this embodiment, the multicast source node stores a shared key including each multicast group and corresponding route, a corresponding multicast proxy node, and the multicast source node. As shown in Table 2, in the routing table, the identifier of the multicast group G is represented by its address, which is 0x1234. At the same time, the routing table also stores the minimum cost route from S to A. Before sending a multicast packet, the multicast source node searches its own routing table based on the destination group address to obtain the corresponding route and shared key. In this embodiment, the multicast source node may also store the multicast proxy node identifier corresponding to each shared key.
表二 路由表 1  Table 2 Routing Table 1
Figure imgf000013_0002
Figure imgf000013_0002
步骤 s702、 组播数据包按照预设的路由到达节点 K, 节点 K判 断出数据包的目的组标识不是自己所在的组,因此按照预设的路由进 行转发。 由于 K不知道密钥 Ks, 因此无法截获数据包的内容。  Step s702: The multicast data packet arrives at the node K according to the preset route, and the node K determines that the destination group identifier of the data packet is not the group in which it is located, and therefore forwards according to the preset route. Since K does not know the key Ks, the content of the packet cannot be intercepted.
步骤 s703、组播数据包按照预设的路由到达节点 A,根据目的组 标识判断出目的组就是自己所在的组, 再检查 Flag的值为 0, 因此判 断出自己就是组播代理节点。 同时, 节点 A根据源节点地址得知源 节点为 S, 因此, 使用与 S共享的密钥 Ks对数据包进行解密, 然后 传到高层进行处理。 并且, 节点 A把 Flag标识的值更改为 1 , 使用 组密钥 Kg重新加密组播数据包, 然后在组内节点之间进行组播数据 包的传输, 可以用组播的方式, 也可以用广播或单播的方式。 步骤 s704、 后面的组播节点:8、 C、 D、 E接收到组播数据包后, 根据目的组标识判断出目的组就是自己所在的组, 并且检查到 Flag=l , 因此, 直接使用组密钥 Kg把数据包解密后传到高层进行处 理, 并向其他组内成员进行数据包的传输。 In step s703, the multicast data packet arrives at node A according to the preset route, and according to the destination group identifier, it is determined that the destination group is the group in which it is located, and then the value of Flag is checked to be 0, so that it is determined that it is a multicast proxy node. At the same time, the node A knows that the source node is S according to the source node address. Therefore, the data packet is decrypted using the key Ks shared with the S, and then transmitted to the upper layer for processing. Moreover, the node A changes the value of the Flag identifier to 1, re-encrypts the multicast data packet using the group key Kg, and then transmits the multicast data packet between the nodes in the group, which may be multicast or used. Broadcast or unicast. Step s704: After the multicast node: 8, C, D, and E receive the multicast data packet, determine, according to the destination group identifier, that the destination group is the group in which it belongs, and check that Flag=l, therefore, directly use the group. The key Kg decrypts the data packet and transmits it to the upper layer for processing, and transmits the data packet to the members of other groups.
可以理解的是, 本实施例中, 按照预设的路由进行数据包的发送 的过程, 可以釆取多种路由算法来实现, 例如, 可以用 AODV算法, 在路由表中只记录下一跳的地址, 也可以釆用 DSR算法, 在路由表 中记录全路径的地址,在所发送的组播数据包中给出剩余全路由节点 地址。  It can be understood that, in this embodiment, the process of sending a data packet according to a preset route may be implemented by using multiple routing algorithms. For example, the AODV algorithm may be used to record only the next hop in the routing table. The address can also use the DSR algorithm to record the address of the full path in the routing table, and the remaining full routing node address in the sent multicast packet.
在应用实施例 2中, 与应用实施例 1的区别在于, 组播源节点中 存储有代理节点标识, 这里用代理节点地址表示。 如表三所示, 组播 源节点中存储有目的组标识(这里用目的组地址表示)及对应的路由、 代理节点地址。组播源节点中还存储有各组播代理节点与该组播源节 点的共享密钥。 组播源节点发送组播数据包时, 携带目的组标识和组 播代理节点的标识。组播代理节点的标识是预先确定并存储在组播源 节点中的,确定组播代理节点的方法可以釆用前述实施例一的确定组 播代理节点的方法, 也可以釆用其他方法。预设路由上的各节点收到 组播数据包后, 判断数据包中的组播代理节点标识是否为自己的标 识, 如果是, 则使用与组播源节点共享的密钥进行解密, 传到高层处 理, 同时, 使用目的组标识所对应的组密钥 Kg将数据包加密后在组 内节点之间进行传输。 如果不是, 则继续按照预设路由向下转发。  In the application embodiment 2, the difference from the application embodiment 1 is that the proxy node identifier is stored in the multicast source node, and is represented by the proxy node address. As shown in Table 3, the multicast source node stores the destination group identifier (here represented by the destination group address) and the corresponding route and proxy node address. The multicast source node also stores a shared key of each multicast proxy node and the multicast source node. When the multicast source node sends a multicast packet, it carries the destination group identifier and the identifier of the multicast proxy node. The identifier of the multicast proxy node is determined in advance and stored in the multicast source node. The method for determining the multicast proxy node may use the method for determining the multicast proxy node in the foregoing first embodiment, or may use other methods. After receiving the multicast data packet, each node on the preset route determines whether the multicast proxy node identifier in the data packet is its own identifier. If yes, the key shared by the multicast source node is used for decryption, and is transmitted to The high-level processing, at the same time, uses the group key Kg corresponding to the destination group identifier to encrypt the data packet and transmit between the nodes in the group. If not, continue to forward down according to the preset route.
表三 路由表 2  Table 3 Routing Table 2
Figure imgf000014_0001
在应用实施例 3中, 与应用实施例 1不同的是, 组播代理节点存 储有自己作为组播代理节点所对应的组播源节点及组播组信息。数据 帧中包含组播源节点标识(例如可以是组播源节点地址)。 当组播代 理节点接收到组播数据包时,根据数据包中的目的组标识和组播源节 点标识判断出自己为对应的组播代理节点,并使用与组播源节点共享 的密钥进行解密, 传到高层处理, 同时, 使用组密钥 Kg将数据包加 密后在组内节点之间进行传输。
Figure imgf000014_0001
In Application Example 3, unlike the application embodiment 1, the multicast proxy node stores its own multicast source node and multicast group information corresponding to the multicast proxy node. The data frame contains the multicast source node identifier (for example, it can be a multicast source node address). When the multicast proxy node receives the multicast data packet, it determines that it is the corresponding multicast proxy node according to the destination group identifier and the multicast source node identifier in the data packet, and uses the key shared with the multicast source node. The decryption is transmitted to the upper layer processing, and at the same time, the packet is encrypted using the group key Kg and transmitted between the nodes in the group.
可以理解的是, 虽然上述各实施例中, 为便于理解, 对方法的步 骤釆用了顺序性描述, 但是应当指出的是, 对于上述步骤的顺序并不 做严格的限制。  It will be understood that, although the above embodiments have been described in order to facilitate the understanding of the steps of the method, it should be noted that the order of the above steps is not strictly limited.
本领域普通技术人员可以理解,上述各实施例的方法中的全部或 部分步骤可以通过程序来指令相关的硬件来实现,该程序可以存储于 一计算机可读取存储介质中, 所述的存储介质, 可以是 ROM/RAM、 磁碟、 光盘等。  It will be understood by those skilled in the art that all or part of the steps of the foregoing embodiments may be implemented by a program instructing related hardware, and the program may be stored in a computer readable storage medium, the storage medium It can be ROM/RAM, disk, CD, etc.
本发明实施例五描述了一种组播系统。 如图 8所示, 该组播系统 包括组播源节点 8000和组播代理节点 8002。  Embodiment 5 of the present invention describes a multicast system. As shown in FIG. 8, the multicast system includes a multicast source node 8000 and a multicast proxy node 8002.
源节点 8000具体包括存储单元 8004、 加密单元 8006和发送单 元 8008。 其中, 存储单元 8004用于存储目的组标识以及对应的预设 路由, 以及对应的组播代理节点标识和 /或对应的组播代理节点与该 节点设备之间的共享密钥。 目的组标识可以是目的组的地址, 组播代 理节点标识可以是组播代理节点的地址,预设路由为组播源节点 8000 与相应的组播代理节点之间路由代价最小的路径。共享密钥为目的组 所对应的组密钥之外的其他密钥,即不能是目的组标识所对应的组密 钥。 加密单元 8006用于对使用与相应组播代理节点共享的密钥 (例 如点对点密钥)对组播数据进行加密。 该共享的密钥不能是相应目的 组的组密钥。 发送单元 8008, 用于将加密后的组播数据按照预设路 由发送。  The source node 8000 specifically includes a storage unit 8004, an encryption unit 8006, and a transmission unit 8008. The storage unit 8004 is configured to store the destination group identifier and the corresponding preset route, and the corresponding multicast proxy node identifier and/or the shared key between the corresponding multicast proxy node and the node device. The destination group identifier may be the address of the destination group, and the multicast proxy node identifier may be the address of the multicast proxy node, and the preset route is the path with the lowest routing cost between the multicast source node 8000 and the corresponding multicast proxy node. The shared key is a key other than the group key corresponding to the destination group, that is, the group key corresponding to the destination group identifier. Encryption unit 8006 is for encrypting the multicast data using a key (e.g., a point-to-point key) shared with the corresponding multicast proxy node. The shared key cannot be the group key of the corresponding destination group. The sending unit 8008 is configured to send the encrypted multicast data according to a preset route.
组播代理节点 8002包括接收单元 8018、 判断单元 8016、解密单 元 8014、 加密单元 8012、 发送单元 8010。 其中, 接收单元 8018用 于接收来自组播源节点 8000的组播数据, 然后, 判断单元 8016用于 判断组播代理节点 8002是否为所接收的组播数据对应的组播代理节 点。 如果是, 则解密单元 8014使用前述的共享密钥对该组播数据进 行解密, 以传往高层处理。 判断单元 8016所釆用的判断方法可以有 多种, 例如可以釆用步骤 602描述的三种方法。 加密单元 8012用于 使用组密钥对解密后的组播数据进行重新加密, 然后, 由发送单元 8010将该重新加密后的数据向其他组成员节点发送。 The multicast proxy node 8002 includes a receiving unit 8018, a determining unit 8016, a decrypting unit 8014, an encrypting unit 8012, and a transmitting unit 8010. Wherein, the receiving unit 8018 uses After receiving the multicast data from the multicast source node 8000, the determining unit 8016 is configured to determine whether the multicast proxy node 8002 is a multicast proxy node corresponding to the received multicast data. If so, the decryption unit 8014 decrypts the multicast data using the shared key described above for transmission to higher layer processing. The judging unit 8016 may use a plurality of judging methods, for example, the three methods described in step 602 may be employed. The encryption unit 8012 is configured to re-encrypt the decrypted multicast data using the group key, and then the re-encrypted data is transmitted by the transmitting unit 8010 to the other group member nodes.
可以理解的是, 附图中 (或实施例中)所示仅仅是示意性的, 表 示逻辑结构,其中作为分离部件显示的单元可能是或者可能不是物理 上分开的, 作为单元显示的部件可能是或者可能不是物理单元, 即可 以位于一个地方, 或者分布到几个网络单元上。 例如,发送单元 8010 和接收单元 8018可能物理上位于一个地方, 组合成收发单元, 而加 密单元 8012和解密单元 8014也可能是位于一个地方,组合成加解密 单元。  It will be understood that the drawings (or in the embodiments) are merely illustrative and represent logical structures in which the units shown as separate components may or may not be physically separated, and the components displayed as a unit may be Or it may not be a physical unit, that is, it can be located in one place or distributed to several network units. For example, the transmitting unit 8010 and the receiving unit 8018 may be physically located in one place to synthesize the transceiver unit, and the encrypting unit 8012 and the decrypting unit 8014 may also be located in one place and combined into an encryption and decryption unit.
依据本发明实施例,组播源节点从组成员节点中选择路由代价最 小的路径所对应的组成员节点作为组播代理节点,从而可以使组播源 节点按照最优路由进行组播。 并且, 组播源节点使用与组密钥之外的 其他密钥对组播数据进行加密, 可以满足组播安全性的要求。 此外, 对于不同的组播源节点, 组播代理节点可以不同, 从而分散了组播代 理节点的负担,避免了同一节点作为不同组播源节点的组播代理节点 时负担过重的问题。  According to the embodiment of the present invention, the multicast source node selects the group member node corresponding to the path with the least routing cost as the multicast proxy node from the group member nodes, so that the multicast source node can perform multicast according to the optimal route. Moreover, the multicast source node encrypts the multicast data by using a key other than the group key, which satisfies the requirements of multicast security. In addition, for different multicast source nodes, the multicast proxy nodes may be different, thereby dispersing the burden of the multicast proxy node, and avoiding the problem that the same node is overburdened as a multicast proxy node of different multicast source nodes.
附图和相关描述只是为了说明本发明的原理,并非用于限定本发 明的保护范围。例如,本发明可以应用于任何类型的通信网,有线网, 固定网, 卫星网等等, 并且不局限于图 1所示的网络结构。 因此, 凡 在本发明的精神和原则之内所作的任何修改、 等同替换、 改进等, 均 包含在本发明的保护范围内。  The drawings and the related description are merely illustrative of the principles of the invention and are not intended to limit the scope of the invention. For example, the present invention can be applied to any type of communication network, wired network, fixed network, satellite network, etc., and is not limited to the network structure shown in FIG. Therefore, any modifications, equivalents, improvements, etc. made within the spirit and scope of the present invention are included in the scope of the present invention.

Claims

权利要求 Rights request
1、 一种确定组播代理节点的方法, 其特征在于, 包括: 组播源节点发送组播代理节点发现请求; A method for determining a multicast proxy node, the method comprising: the multicast source node sending a multicast proxy node discovery request;
收到所述发现请求的各组成员节点或存储有组成员节点路由信 息的中间节点返回路由代价给所述组播源节点,所述路由代价为所述 组播源节点到各组成员节点的路由代价;  The group member node that receives the discovery request or the intermediate node that stores the routing information of the group member node returns a routing cost to the multicast source node, where the routing cost is the multicast source node to each group member node. Routing cost
所述组播源节点根据返回的路由代价,选择路由代价最小的路径 所对应的组成员节点作为组播代理节点。  The multicast source node selects a group member node corresponding to the path with the lowest route cost as the multicast proxy node according to the returned routing cost.
2、 根据权利要求 1所述的方法, 其特征在于,  2. The method of claim 1 wherein
所述组成员节点返回的路由代价为所述组播源节点到该组成员 节点的最小路由代价。  The routing cost returned by the group member node is the minimum routing cost of the multicast source node to the group member node.
3、 根据权利要求 1所述的方法, 其特征在于, 所述中间节点返回 的路由代价为: 自己到各组成员节点的最小路由代价与所述组播源节 点到该中间节点的最小路由代价之和。  3. The method according to claim 1, wherein the routing cost returned by the intermediate node is: a minimum routing cost of the member node to each group and a minimum routing cost of the multicast source node to the intermediate node. Sum.
4、 根据权利要求 1、 2或 3所述的方法, 其特征在于,  4. A method according to claim 1, 2 or 3, characterized in that
所述发现请求中携带目的组标识;  The discovery request carries a destination group identifier;
收到所述发现请求的各组成员节点返回路由代价给所述组播源 节点包括:收到所述发现请求的节点根据所述目的组标识判断自己是 否为组成员节点, 如果是, 则返回路由代价给所述组播源节点; 如果 不是, 则将所述发现请求进行转发, 直到到达组成员节点。  The group member node that receives the discovery request returns a routing cost to the multicast source node, and the node that receives the discovery request determines whether it is a group member node according to the destination group identifier, and if yes, returns Routing the cost to the multicast source node; if not, forwarding the discovery request until the group member node is reached.
5、 一种组播方法, 其特征在于, 包括:  5. A multicast method, comprising:
组播源节点使用与组播代理节点共享的密钥对组播数据进行加 密, 然后按照预设路由发送; 所述组播代理节点为组播源节点到各组 成员节点之间路由代价最小的路径所对应的组成员节点,所述预设路 由为该路由代价最小的路径, 所述组播数据中携带目的组标识, 所述 共享的密钥为所述目的组标识对应的组密钥之外的其他密钥;  The multicast source node encrypts the multicast data by using a key shared by the multicast proxy node, and then sends the multicast data according to a preset route; the multicast proxy node is the least costly route between the multicast source node and each group member node. The group member node corresponding to the path, the preset route is the path with the least cost of the route, the multicast data carries the destination group identifier, and the shared key is the group key corresponding to the destination group identifier. Other keys outside;
所述组播代理节点接收到所述组播数据后 ,使用所述共享的密钥 把所述组播数据解密后传到高层进行处理,并把所述解密后的组播数 据使用组密钥加密后向其他组成员节点传输。 After receiving the multicast data, the multicast proxy node decrypts the multicast data by using the shared key, and then transmits the multicast data to a higher layer for processing, and the decrypted multicast number is used. After being encrypted using the group key, it is transmitted to other group member nodes.
6、 根据权利要求 5所述的组播方法, 其特征在于, 在所述组播代 理节点使用所述共享的密钥对组播数据进行解密之前, 还包括: 所述组播代理节点判断自己是否为所述组播数据所对应的组播 代理节点。  The multicast method according to claim 5, wherein before the multicast proxy node decrypts the multicast data by using the shared key, the method further includes: the multicast proxy node determining itself Whether it is a multicast proxy node corresponding to the multicast data.
7、 根据权利要求 6所述的组播方法, 其特征在于, 所述判断自己 是否为所述组播数据所对应的组播代理节点的方法为:  The multicast method according to claim 6, wherein the method for determining whether it is the multicast proxy node corresponding to the multicast data is:
所述组播数据中还携带有组播代理节点标识 ,所述组播代理节点 根据该标识来进行判断; 或者  The multicast data further carries a multicast proxy node identifier, and the multicast proxy node determines according to the identifier; or
所述组播数据中还携带有 Flag标志, 当所述组播代理节点根据所 述目的组标识判断出目的组为自己所在的组, 且 Flag标志表明所述组 播数据未经组成员转发时,判断出自己为所述组播数据所对应的组播 代理节点; 或者,  The multicast data further carries a Flag flag, and when the multicast proxy node determines, according to the destination group identifier, the destination group is the group in which the group is located, and the Flag flag indicates that the multicast data is not forwarded by the group member. Determining that it is a multicast proxy node corresponding to the multicast data; or
所述组播数据中携带有组播源节点标识 ,所述组播代理节点中存 储有自己作为组播代理节点时所对应的目的组标识和组播源节点标 识, 当所述组播数据中携带的目的组标识和组播源节点标识与自己所 存储的标识一致时,判断出自己为所述组播数据所对应的组播代理节 点。  The multicast data carries a multicast source node identifier, where the multicast proxy node stores the destination group identifier and the multicast source node identifier corresponding to the multicast proxy node, when the multicast data is in the multicast data. When the carried destination group identifier and the multicast source node identifier are consistent with the identifiers stored by the multicast destination node, the multicast proxy node corresponding to the multicast data is determined.
8、 根据权利要求 5、 6或 7所述的方法, 其特征在于, 所述共享的 密钥为点对点密钥。  8. Method according to claim 5, 6 or 7, characterized in that the shared key is a point-to-point key.
9、 一种节点设备, 其特征在于, 包括:  9. A node device, comprising:
存储单元, 用于所述节点设备作为组播源节点时, 存储目的组标 识以及对应的预设路由, 以及预先确定的对应组播代理节点的标识和 /或对应的组播代理节点与该节点设备之间的共享密钥, 所述组播代 理节点为所述节点设备到各组成员节点之间路由代价最小的路径所 对应的组成员节点, 所述预设路由为该路由代价最小的路径, 所述共 享密钥为目的组所对应的组密钥之外的其他密钥;  a storage unit, configured to store the destination group identifier and the corresponding preset route, and the identifier of the corresponding corresponding multicast proxy node and/or the corresponding multicast proxy node and the node when the node device is used as the multicast source node a shared key between the devices, the multicast proxy node is a group member node corresponding to a path with the least cost route between the node device and each group member node, and the preset route is a path with the least cost of the route The shared key is a key other than the group key corresponding to the destination group;
加密单元, 用于使用所述共享密钥对组播数据进行加密; 发送单元, 用于按照所述预设路由发送加密后的组播数据。 The encryption unit is configured to encrypt the multicast data by using the shared key, and the sending unit is configured to send the encrypted multicast data according to the preset route.
10、 一种节点设备, 其特征在于, 包括: 10. A node device, comprising:
接收单元, 用于接收来自组播源节点的组播数据;  a receiving unit, configured to receive multicast data from a multicast source node;
判断单元,用于判断自己是否为所接收的组播数据对应的组播代 理节点,所述组播代理节点为所述组播源节点到各组成员节点之间路 由代价最小的路径所对应的组成员节点;  a determining unit, configured to determine whether it is a multicast proxy node corresponding to the received multicast data, where the multicast proxy node is a path corresponding to a path with the least cost route between the multicast source node and each group member node Group member node;
解密单元,用于在判断单元判断出所述节点设备是对应的组播代 理节点时 ,使用与所述组播源节点共享的密钥对所述组播数据进行解 密, 所述共享的密钥为组密钥之外的其他密钥;  a decryption unit, configured to: when the determining unit determines that the node device is a corresponding multicast proxy node, decrypt the multicast data by using a key shared by the multicast source node, where the shared key Other keys than the group key;
加密单元,用于使用所述组密钥对所述解密后的组播数据进行加 密;  An encryption unit, configured to encrypt the decrypted multicast data by using the group key;
发送单元, 用于发送使用所述组密钥加密后的组播数据。  And a sending unit, configured to send the multicast data encrypted by using the group key.
11、 一种组播系统, 其特征在于, 包括:  11. A multicast system, comprising:
组播源节点,用于使用与组播代理节点共享的密钥对组播数据进 行加密, 然后按照预设路由发送; 所述组播代理节点为组播源节点到 各组成员节点之间路由代价最小的路径所对应的组成员节点,所述预 设路由为该路由代价最小的路径,所述共享的密钥为组密钥之外的其 他密钥;  a multicast source node, configured to encrypt the multicast data by using a key shared by the multicast proxy node, and then send the multicast data according to a preset route; the multicast proxy node is a route between the multicast source node and each group member node. The group member node corresponding to the least cost path, the preset route is the path with the least cost of the route, and the shared key is a key other than the group key;
组播代理节点, 用于在接收到所述组播数据后, 使用所述共享的 密钥把所述组播数据解密后传到高层进行处理,并把所述解密后的组 播数据使用组密钥加密后向其他组成员节点传输。  a multicast proxy node, after receiving the multicast data, decrypting the multicast data by using the shared key, and transmitting the multicast data to a higher layer for processing, and using the decrypted multicast data to use the group The key is encrypted and transmitted to other group member nodes.
12、 一种确定组播代理节点的方法, 其特征在于, 包括: 向各组成员节点或存储有组成员节点路由信息的中间节点发送 组播代理节点发现请求;  12. A method for determining a multicast proxy node, the method comprising: sending a multicast proxy node discovery request to each group member node or an intermediate node storing routing information of the group member node;
根据所述各组成员节点或存储有组成员节点路由信息的中间节 点返回的路由代价,选择路由代价最小的路径所对应的组成员节点作 为组播代理节点,所述路由代价为所述组播源节点到各组成员节点的 路由代价。  Selecting, according to the routing cost returned by the group member node or the intermediate node storing the routing information of the group member node, the group member node corresponding to the path with the lowest routing cost as the multicast proxy node, and the routing cost is the multicast The routing cost from the source node to each member node.
13、 一种组播方法, 其特征在于, 包括:  13. A multicast method, comprising:
接收组播源节点发送的组播数据,所述组播数据是所述组播源节 点使用与组播代理节点共享的密钥加密,并按照预设路由发送的组播 数据;所述组播代理节点为组播源节点到各组成员节点之间路由代价 最小的路径所对应的组成员节点,所述预设路由为该路由代价最小的 路径, 所述组播数据中携带目的组标识, 所述共享的密钥为所述目的 组标识对应的组密钥之外的其他密钥; Receiving multicast data sent by the multicast source node, where the multicast data is the multicast source section The point is encrypted by using a key shared by the multicast proxy node, and the multicast data is sent according to a preset route; the multicast proxy node is a path corresponding to a path with the least cost route between the multicast source node and each group member node. The group member node, the preset route is a path with the least cost of the route, and the multicast data carries the destination group identifier, where the shared key is other than the group key corresponding to the destination group identifier. key;
使用所述共享的密钥把所述组播数据解密后传到高层进行处理, 并把所述解密后的组播数据使用组密钥加密后向其他组成员节点传 输。  The multicast data is decrypted using the shared key and transmitted to a higher layer for processing, and the decrypted multicast data is encrypted using a group key and transmitted to other group member nodes.
14、 根据权利要求 13所述的组播方法, 其特征在于, 在使用所述 共享的密钥对组播数据进行解密之前, 还包括:  The multicast method according to claim 13, wherein before decrypting the multicast data by using the shared key, the method further includes:
判断自己是否为所述组播数据所对应的组播代理节点。  Determine whether it is the multicast proxy node corresponding to the multicast data.
15、 根据权利要求 14所述的组播方法, 其特征在于, 所述判断自 己是否为所述组播数据所对应的组播代理节点的方法为:  The multicast method according to claim 14, wherein the method for determining whether it is a multicast proxy node corresponding to the multicast data is:
所述组播数据中还携带有组播代理节点标识 ,根据所述标识来进 行判断; 或者  The multicast data further carries a multicast proxy node identifier, and is determined according to the identifier; or
所述组播数据中还携带有 Flag标志, 当根据所述目的组标识判断 出目的组为自己所在的组, 且 Flag标志表明所述组播数据未经组成员 转发时, 判断出自己为所述组播数据所对应的组播代理节点; 或者, 所述组播数据中携带有组播源节点标识 ,组播代理节点中存储有 自己作为组播代理节点时所对应的目的组标识和组播源节点标识, 当 所述组播数据中携带的目的组标识和组播源节点标识与自己所存储 的标识一致时, 判断出自己为所述组播数据所对应的组播代理节点。  The multicast data further carries a Flag flag. When the destination group is determined according to the destination group identifier, the destination group is the group in which the group belongs, and the flag indicates that the multicast data is not forwarded by the group member. The multicast proxy node corresponding to the multicast data; or the multicast data carries the multicast source node identifier, and the multicast proxy node stores the destination group identifier and group corresponding to the multicast proxy node The source node identifier is determined to be the multicast proxy node corresponding to the multicast data when the destination group identifier and the multicast source node identifier carried in the multicast data are consistent with the identifiers stored by the multicast source node.
PCT/CN2008/073150 2007-11-21 2008-11-21 Method for determining multicasting proxy nodes, and method, device and system for multicasting WO2009067951A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710124665.3A CN101442419B (en) 2007-11-21 2007-11-21 Method for determining multicast proxy node, multicast method, equipment and system
CN200710124665.3 2007-11-21

Publications (1)

Publication Number Publication Date
WO2009067951A1 true WO2009067951A1 (en) 2009-06-04

Family

ID=40678039

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/073150 WO2009067951A1 (en) 2007-11-21 2008-11-21 Method for determining multicasting proxy nodes, and method, device and system for multicasting

Country Status (2)

Country Link
CN (1) CN101442419B (en)
WO (1) WO2009067951A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105530183B (en) * 2014-09-30 2019-11-05 中兴通讯股份有限公司 The acquisition of response message, the method for routing of response message, apparatus and system
CN105764110B (en) * 2014-12-16 2017-06-06 中国科学院沈阳自动化研究所 A kind of wireless sensor network routing optimization method based on immune clonal selection
CN106888083B (en) * 2015-12-15 2020-04-21 中国移动通信集团公司 Group key generation method under Internet of things and communication node

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006088614A1 (en) * 2005-02-17 2006-08-24 Motorola, Inc. Multicast routing
CN101043429A (en) * 2006-06-05 2007-09-26 华为技术有限公司 Method for establishing multicasting LSP in MPLS field and multicasting data communication system
WO2008018153A1 (en) * 2006-08-09 2008-02-14 Telefonaktiebolaget Lm Ericsson (Publ) A method and apparatus for routing a packet in mobile ip system
CN101141488A (en) * 2006-09-08 2008-03-12 华为技术有限公司 Multicast service agent implementing method and system and node discovering method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100488163C (en) * 2005-01-19 2009-05-13 华为技术有限公司 Multicast service processing method and system
CN100499583C (en) * 2005-10-20 2009-06-10 华为技术有限公司 Method for realizing simplified IGMP multicast surrogate

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006088614A1 (en) * 2005-02-17 2006-08-24 Motorola, Inc. Multicast routing
CN101043429A (en) * 2006-06-05 2007-09-26 华为技术有限公司 Method for establishing multicasting LSP in MPLS field and multicasting data communication system
WO2008018153A1 (en) * 2006-08-09 2008-02-14 Telefonaktiebolaget Lm Ericsson (Publ) A method and apparatus for routing a packet in mobile ip system
CN101141488A (en) * 2006-09-08 2008-03-12 华为技术有限公司 Multicast service agent implementing method and system and node discovering method

Also Published As

Publication number Publication date
CN101442419A (en) 2009-05-27
CN101442419B (en) 2010-12-08

Similar Documents

Publication Publication Date Title
US20220006627A1 (en) Quantum key distribution node apparatus and method for quantum key distribution thereof
WO2019128753A1 (en) Quantum key mobile service method with low delay
US8245028B2 (en) Method and apparatus for dynamic, seamless security in communication protocols
WO2018082345A1 (en) Quantum key relay method and device based on centralized management and control network
WO2019128785A1 (en) Quantum key relay method
US7773542B2 (en) Dual radio wireless mesh network access point
US10320760B2 (en) Method and system for mutating and caching content in a content centric network
KR101485279B1 (en) Switch equipment and data processing method for supporting link layer security transmission
US11350277B2 (en) Lattice mesh
Mehdizadeh et al. Lightweight decentralized multicast–unicast key management method in wireless IPv6 networks
JP5529344B2 (en) Method for building secure architecture, secret communication method and system
CN106209401A (en) A kind of transmission method and device
WO2009067951A1 (en) Method for determining multicasting proxy nodes, and method, device and system for multicasting
Sudarsono et al. An implementation of secure data exchange in wireless delay tolerant network using attribute-based encryption
WO2019201326A1 (en) Secure and reliable on-demand source routing in an information centric network
Alphonse et al. A method for obtaining authenticated scalable and efficient group key agreement for wireless ad-hoc networks
US20120216036A1 (en) Encryption methods and systems
KR20220148880A (en) Inter-node privacy communication method and network node
Chuah et al. Secure descriptive message dissemination in dtns
MS et al. Implementation of Protected Routing to Defend Byzantine Attacks for MANET's.
Chinnasamy et al. Secured distributed routing technique using extended DART and table elimination (ET-DART) technique in wireless sensor networks environment
Matsuzono et al. QKDN meets ICN: Efficient Secure In-Network Data Acquisition
JP2020057906A (en) Wireless LAN communication system, wireless LAN access point, and wireless LAN communication method
Arokiaraj et al. ACS: An efficient address based cryptography scheme for Mobile ad hoc networks security
Sureddi et al. Secure Mobile Ad Hoc Routing Using Confrontations (SMARUC) and Nodes Communication with CCM (Character Classification Model)-OKE (Optimal Key Exchange)-SSL (Secure Socket Layer) Model

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08855555

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08855555

Country of ref document: EP

Kind code of ref document: A1