1. Field of the Invention
The present invention relates to data communication by a multicast system, particularly, a system for identifying a user by individually authenticating the user using a specified authentication server.
This application is based on Japanese Patent Application No. 2000-73064 filed in Japan, the contents of which are incorporated herein by reference.
2. Description of Related Art Including Information Disclosed Under 37 CFR 1.97 and 37 CFR 1.98
A multicast system has a concept synthesizing the concepts of both a unicast system and a broadcast system. Without sending multicast data to a specific host (unicast) or to all hosts on a network (broadcast), a data packet in the multicast data is sent to any number of hosts at the same time. It is known that when a sender sends data to a multicast group address, anyone who requires to receive the data can receive the data. Furthermore, a data stream protecting method using encryption is well-known, that is, the data packet is encrypted at the sender's side and the encrypted data packet is decrypted at the receiver's side.
Generally, a secret key cryptosystem is used to encrypt the data packet. An example of a conventional data flow protecting method in a multicast system is disclosed in Japanese Unexamined Patent Application, First Publication, Nos. Hei 11-27252 (JP 11-27252) and Hei 11-127197 (JP 11-127197). JP 11-27252 discloses that a pair of keys which is used for data encryption/decryption (public key/secret key) is stored in a key management device and the multicast system is introduced into a decryption key distribution. JP 11-127197 discloses that any keys which are used for a user authentication (public key/private key) are stored in a domain name server or a certification authority.
Furthermore, JP 11-127197 discloses a data flow protecting method in a conventional multicast system, in which a routing element controls the retrieval of a public key installed in the domain name server by a multicast router when a user sends a join request to the multicast system and the determination of whether or not the user should be authenticated. If the user is not authenticated by the routing element, the unauthenticated user is not permitted access.
In the multicast technique in JP 11-27252, there is a problem in that a decryption key can be acquired by an unspecified and large number of users and any user which has the decryption key can decrypt the encrypted data after a release time. In JP 11-127197, since only a user who is permitted transmission of data can acquire the encryption key, the unreliable transmitted data can be prevented. However, an unspecified and large number of users who are hierarchically placed equal to or lower than a router can acquire decryption keys, and any user which has the decryption key can decrypt the encrypted data. Therefore, there is a problem in that any user, regardless of being registered in the certificated server, can transmit and receive the multicast data.
Furthermore, in multicast data communication, one problem is raised in that at the present time, the sender cannot identify users who transmit and receive the multicast data, and therefore, the sender cannot answer to users individually. As a result, a host on the network informs a local multicast router of group membership information using an IGMP (Internet Group Management Protocol), and the local multicast router transfers only the necessary packets in the group membership information to a local machine. The multicast router only has to select a packet of a host group to be sent to a subnet of the multicast router, therefore, neither a manager nor the participants can know a specific user who participates in the multicast communication or the number of participants.
Furthermore, another problem is raised in that the users are not aware of important multicast data that may be stolen. If participants are identified, maintenance for each user can be conducted using broadcast/conference functions by the multicast communication.