Abstract: A primary optical path in an optical network is established between first and second edge nodes of the optical network for communication between the first edge node and a primary customer network site coupled to the second edge node. A backup optical path through the optical network from the first edge node to a third edge node of the optical network other than the second edge node is determined for communication between the first edge node and a backup customer network site coupled to the third edge node of the optical network. The backup customer network site is designated to back up the primary customer network site. Communications are forwarded on the primary optical path from the first edge node toward the primary customer network site via the second edge node. Upon detection of a degradation or failure of the primary customer network site, communications are forwarded on the backup optical path from the first edge node toward the backup customer network site via the third edge node.

Abstract: A system, device, and method for receiver access control in an internet television system uses a push mechanism to distribute access control information froth a distribution device to an access device. The access device uses the access control information to make receiver access control decisions for a subsequently received request from a host to join a television channel multicast group.

Abstract: A system, device, and method for receiver access control in an interne television system uses a push mechanism to distribute access control information from a distribution device to an access device. The access device uses the access control information to make receiver access control decisions for a subsequently received request from a host to join a television channel multicast group.

Abstract: A system, device, and method for controlling access in a multicast communication network uses a distributed host authentication scheme to prevent unauthorized hosts from joining a shared multicast distribution tree. An authorized host is provided with access information for accessing the shared tree. Certain access information is also distributed to at least a designated device associated with the host, although the access information may be distributed to other devices as well. The designated device uses the access information to authenticate the host and establish a security agreement with the host. Other devices may use the access information to authenticate the host in the event that the designated device is unable to authenticate the host. An authenticated host is added to the shared tree, while a host that cannot be authenticated is prevented from joining the shared tree.

Abstract: A system, device, and method for managing alternate site switching in an optical communication system recovers from failures/degradations that are uncorrected by the core optical communication network. When an uncorrected failure/degradation is detected, communications for a protected end-system are switched from a primary end-system to a backup end-system. The backup end-system may be selected a priori, for example, during connection establishment, in order to reduce switching time once a decision has been made to switch communications from the primary end-system to the backup end-system. Provisions are made for completing the alternate site switching within a specified amount of time. Load balancing may be used to further reduce switching time from the primary end-system to the backup end-system. This alternate site switching augments the various protection mechanisms provided by the core optical communication network in order to provide end-to-end protection for the optical communication path.

Abstract: A system, device, and method for receiver access control in a multicast communication network uses a policy service to determine whether a subscriber device can be admitted to a multicast group. The subscriber device accesses the multicast communication network via an access device. The access device uses a policy service to obtain a policy decision from a policy server, where the policy decision indicates whether or not the subscriber device can be admitted to the multicast group. The access device enforces the policy decision by admitting the subscriber device to the multicast group if and only if the policy decision indicates that the subscriber device can be admitted to the multicast group.

Abstract: A method for managing encryption keys in a communication system having a plurality of communication devices includes establishing a set of cryptographic keys for secure communication. Each of the cryptographic keys is associated with a geographic region. A geographic region is determined for a communication device and at least one cryptographic key is distributed to the communication device based on the geographic region of the communication device. At least one cryptographic key may be used to derive further cryptographic keys associated with a set of sub-regions of the geographic region associated with the communication device.

Abstract: A system, device, and method for managing alternate site switching in an optical communication system recovers from failures/degradations that are uncorrected by the core optical communication network. When an uncorrected failure/degradation is detected, communications for a protected end-system are switched from a primary end-system to a backup end-system. The backup end-system may be selected a priori, for example, during connection establishment, in order to reduce switching time once a decision has been made to switch communications from the primary end-system to the backup end-system. Provisions are made for completing the alternate site switching within a specified amount of time. Load balancing may be used to further reduce switching time from the primary end-system to the backup end-system. This alternate site switching augments the various protection mechanisms provided by the core optical communication network in order to provide end-to-end protection for the optical communication path.

Abstract: A system, device, and method for receiver access control in a multicast communication network treats each subscriber location as a separate subnetwork having one and only one multicast receiver. An access device is situated at each subscriber location. Each access device connects to a separate port of a multicast distribution device. Each subscriber device accesses the multicast network through the access device that is situated at its subscriber location. Each access device acts as a proxy for its respective subscriber devices by joining and leaving multicast groups on behalf of the subscriber devices and acting as the sole multicast receiver for the subscriber location. The access devices run a multicast group management protocol for joining and leaving various multicast groups, and therefore the access devices appear to the multicast distribution device as the ultimate multicast receivers for multicast information.

Abstract: A system, device, and method for controlling access in a multicast communication network uses a centralized host authentication scheme to prevent unauthorized hosts from joining a shared multicast distribution tree. Each authorized host is allocated a unique authentication key, which is used by the designated router to encode the PIM join message and by the rendezvous point router to authenticate the PIM join message. If the PIM join message is authentic, then each PIM router from the rendezvous point router to the designated router establishes appropriate multicast routes to route multicast packets to the host. If the PIM join message is not authentic, then multicast packets are prevented from reaching the host.

Abstract: A system, device, and method for receiver access control in a multicast communication network uses a policy service to determine whether a subscriber device can be admitted to a multicast group. The subscriber device accesses the multicast communication network via an access device. The access device uses a policy service to obtain a policy decision from a policy server, where the policy decision indicates whether or not the subscriber device can be admitted to the multicast group. The access device enforces the policy decision by admitting the subscriber device to the multicast group if and only if the policy decision indicates that the subscriber device can be admitted to the multicast group.

Abstract: The present invention is a method and apparatus for securing a session in a system having application and network layers. The session is managed by a session manager. Security components used in the session are provided by a security storage. The session manager coordinates a mapping of a conference session at the application layer to a multicast session at the network layer using the security components provided by the security storage.

Abstract: A system and method for trading licenses that convey rights to digital works. An offer to sell a license is received from a first party, and a bid to buy the license is received from a second party. If the bid meets the requirements of the offer, then a transaction is effectuated wherein the second party acquires the rights signified by the license.

Abstract: A method and apparatus for distributed group key management for multicast security. According to one aspect of the invention, a common multicast group includes a number of key servers, as well as clients of those key servers that are currently members. In addition, there exists a server group key that is shared by the key servers and not by their clients to form a server multicast group within the common multicast group. A first of the key servers encrypts a message using the server group key. The message instructs the key servers regarding one or more keys used for encrypted communication between entities in the common multicast group. The encrypted message is then multicast to the rest of the key servers.

Abstract: A method and apparatus for distributed group key management for multicast security. According to one aspect of the invention, an initiator key server distributes to a plurality of key servers a first key set including an initial common group key and a replacement common group key. The initial common group key, but not the replacement common group key, is initially distributed to clients of the plurality of key servers that are currently members of a multicast group as a current common group key for multicast messages. Responsive to a need to re-key the current common group key of the multicast group, each of the key servers subsequently distributes to their clients that are currently members of the multicast group the previously distributed replacement common group key as the current common group key.

Abstract: A technique for detecting and locating a misbehaving router divides the network domain into multiple sectors and uses a two-level authentication scheme to allow a receiving device to authenticate that a particular packet originated in a particular sector. More specifically, an originating device includes a sector tag and a device tag in the packet. The sector tag is computed using a sector key known to all devices in the network domain, and allows any receiving device to authenticate the originating sector for the packet. The device tag is computed using a device key known only to the device and to a secure and trusted authority within the same sector. Upon receiving the packet, a receiving device authenticates the packet by computing a sector verification tag and comparing the sector verification tag to the sector tag in the packet. If the sector verification tag does not match the sector tag in the packet, then the receiving device drops the packet.

Abstract: A method and apparatus for secure data storage using distributed databases generates a first plurality of shares, using a first threshold scheme, based on a block of data, with at least a subset of the first plurality of shares being needed to re-create the block of data. The first plurality of shares are then distributed to a plurality of distributed databases.

Abstract: A method and apparatus for authenticating routing data in a network. In one embodiment, the described method includes the step of generating routing data that described a topology of the network. The routing data has a length equal to a routing data length. A variable output length (VOL) tag length is selected for the output of a VOL one-way function. The VOL one-way function is performed on the routing data, the routing data length and the adjustable VOL tag length to generate a VOL tag having a length equal to the VOL tag length. In one embodiment, the VOL tag is digitally signed using a private key of the box that generates the VOL tag. The routing data, the routing data length, the adjustable VOL tag length, the VOL tag and the signature are transferred in a packet from a first box, which is the box that generates the VOL tag, to a second box. The second box that receives the packet generates a comparison tag using the VOL one-way function based on data received from the packet.

Abstract: Threshold cryptography (secret sharing) is used for exchanging a secret between a server and a client over an unreliable network. Specifically, a secret is computationally divided into N shares using a threshold encryption scheme such that any M of the shares (M less than or equal to N) can be used to reconstruct the secret. The N shares are spread over a number of transmitted messages, with the assumption that some number of the messages including a total of at least M shares will be received by the client. Upon receiving at least M shares, the client uses the at least M shares to reconstruct the secret using the threshold encryption scheme.