Tham khảo tài liệu 'advances in satellite communications part 8', kỹ thuật - công nghệ, cơ khí - chế tạo máy phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả | 94 Advances in Satellite Communications GSAKMP operates under the assumption there is at least one PKI Public Key Infrastructure for the group to trust. GSAKMP relies on such PKI while creating and verifying security policy rules. The public key of the GO must be known in advance to all GMs. Upon creation of a new multicast group the GO starts the process with the creation of a Policy Token PT describing the rules for access control and authorizations for that group. The token is signed by the GO. The token contains identification for the PT and group access control rules dictating who can have access to the group keys authorization rules stating who can be a SGCKS mechanisms for handling security . Security Protocol Key Creation Method Key encryption algorithm Signature etc. After a PT is created and signed it is sent by the GO to a potential GCKS. The latter verifies the signature and based on the rules specified in the PT decides whether it can act as a GCKS for the new group. If it can then the new group is established and all GMs have to register with the GCKS see Fig. 5 . Upon receiving each registration request the GCKS verifies the signature of the requesting GM and checks whether it is authorized to join the group. If the checks succeeds the GM receives a Key download message. On its part a GM has to verify the GCKS has the authority to manage the group. Eventually by using the information in the message a GM can set up both REKEY and DATA SAs. If the GM has no need to send data to the group and it is planning to act as a receiver only it will have no need to send a Request to join message and the Key download message is simply sent to the GM after its registration. Controller Member Request To Join Key Download Policy Token r Notincation - ACK NACK Shared Keyed Group Session Fig. 5. GM registration in GSAKMP from Harney et al. 2006 A rekeying is required whenever a GM joins or leaves the group and such operation will involve the GO. The latter is .