The Internet Protocol, or IP for short, is a widely used protocol that defines the structure and handling of so-called IP packets in packet-switched communications networks between computers. An IP packet consists of a header and a payload part, of which the header includes information that specifies the intended way of handling the packet while the payload part contains some (hopefully) useful payload data. Important parts of the IP packet header are the source and destination addresses that specify, where did the packet originate from and who is the intended recipient.
According to IP, it is possible to transmit so-called broadcast packets where a broadcast address of a network segment is used as the destination address. Such packets are meant to reach every computer that belongs to the network segment in question. Typical users of broadcast packets are instant messaging protocols, some protocols that are used for detecting whether there are peer nodes present in the network segment, and games. The essential details of using broadcast packets are available to the public in the document RFC 919, published in October 1984 by the Internet Society and IETF, where RFC comes from Request For Comments and IETF is Internet Engineering Task Force. Said document is incorporated herein by reference.
On the other hand a known feature of packet-switched computer networks is the constantly growing need for security. At the priority date of this patent application the de facto standard of securing IP-based communications is the IPsec (Internet Protocol security) protocol suite, a central concept of which is the SA (Security Association). An SA is a simplex logical “connection” that affords security services to the traffic carried by it. Setting up an SA invariably involves authentication of the communicating parties. As already the title suggests, an SA involves encryption on a level that provides good secrecy.
Problems arise if one tries to combine the concepts of network broadcasting and IPsec-based security. The broadcast address of a network segment does not identify anything that could be authenticated in the sense that setting up an SA would require. As a direct consequence it is impossible to set up an SA for the transmission of broadcast packets as they are presently known, which is another way of saying that IPsec-based security cannot be provided for the transmission of broadcast packets. In many security-conscious networks the use of IPsec is mandatory, which means that applications exploiting broadcast packets fail to operate over such networks.