Internet protocol security framework utilizing predictve security association re-negotiation
First Claim
1. An apparatus for use in predicting exchanges of a specific quantity of communication traffic between network elements, said apparatus comprising:
- a digital processor operable on a periodic basis to calculate a weighted traffic flow per usage for a given network element, said digital processor further including, a comparison mechanism for comparing a value of said weighted traffic flow per usage with a remainder value of said specific quantity of communications traffic yet to be processed by said network element, wherein an indication is given by said network element if said remainder value is less than said weighted traffic flow.
4 Assignments
0 Petitions
Accused Products
Abstract
The present invention is a methodology for predicting when current sets of encryption keys used in a high speed data network are about to expire. The invention allows network elements of a communication system to re-negotiate new sets of keys well in advance so as to prevent interruptions in communications traffic flow. In accordance with one exemplary embodiment of the invention, a weighted traffic flow per usage for a given network element is calculated on a periodic basis. The value of the weighted traffic flow per usage is compared with a remainder value of a specific quantity of communications traffic yet to be processed by the network element. If the remainder value is less than the weighted traffic flow value, an indication is given to the appropriate network element to renegotiate a new set of keys.
-
Citations
20 Claims
-
1. An apparatus for use in predicting exchanges of a specific quantity of communication traffic between network elements, said apparatus comprising:
-
a digital processor operable on a periodic basis to calculate a weighted traffic flow per usage for a given network element, said digital processor further including, a comparison mechanism for comparing a value of said weighted traffic flow per usage with a remainder value of said specific quantity of communications traffic yet to be processed by said network element, wherein an indication is given by said network element if said remainder value is less than said weighted traffic flow. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 14)
-
-
9. A method of predicting exchanges of a specific quantity of communication traffic between network elements, said method comprising:
-
calculating on a periodic basis a weighted traffic flow per usage for a given network element;
comparing a value of said weighted traffic flow per usage with a remainder value of said specific quantity of communications traffic yet to be processed by said network element; and
giving an indication from said network element if said remainder value is less than said weighted traffic flow. - View Dependent Claims (10, 11, 12, 13, 15, 16, 17, 19, 20)
-
-
18. A method of predicting expiration of quantity based security associations between network elements, at least a portion of communications traffic exchanged between said network flowing over the public Internet, said method comprising:
-
calculating on a periodic basis a weighted traffic flow per usage for a given network element;
comparing a value of said weighted traffic flow per usage with a remainder value of yet to be processed communications traffic of one of said quantity based security associations; and
renegotiating another security association with a corresponding one of said network elements if said remainder value is less than said weighted traffic flow.
-
Specification