System for negotiating security association on application layer
First Claim
Patent Images
1. A method for computer-aided negotiation of a security association on an application layer between a first computer and a second computer, the first computer and the second computer being coupled to one another via a telecommunication network, comprising:
- transmitting a list of possible security associations between the first computer and the second computer from the first computer to the second computer in a message according to a protocol of the application layer, a security parameter index being included for and assigned to each security association in the list, each security parameter index identifying a corresponding security association in the list, respectively determining cryptographic parameters for a cryptographically protected communication link in a network layer to be set up using the security association, selecting a security association by the second computer, and transmitting to the first computer at least one of the security association selected by the second computer and an indication of the security association selected by the second computer.
1 Assignment
0 Petitions
Accused Products
Abstract
A first computer sends a list of possible security associations to a second computer in a message according to a protocol of an application layer, a security parameter index being contained in the message for each security association. The second computer selects a security association and transmits it or an indication of the security association selected by it to the first computer.
50 Citations
26 Claims
-
1. A method for computer-aided negotiation of a security association on an application layer between a first computer and a second computer, the first computer and the second computer being coupled to one another via a telecommunication network, comprising:
-
transmitting a list of possible security associations between the first computer and the second computer from the first computer to the second computer in a message according to a protocol of the application layer, a security parameter index being included for and assigned to each security association in the list, each security parameter index identifying a corresponding security association in the list, respectively determining cryptographic parameters for a cryptographically protected communication link in a network layer to be set up using the security association, selecting a security association by the second computer, and transmitting to the first computer at least one of the security association selected by the second computer and an indication of the security association selected by the second computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for computer-aided negotiation of a security association on an application layer between a first computer and a second computer, the first computer and the second computer being coupled to one another via a telecommunication network, comprising:
a processor in each of the first computer and the second computer programmed to transmit from the first computer to the second computer a list of possible security associations between the first computer and the second computer in a message according to a protocol of the application layer, including a security parameter index assigned to and identifying each security association in the list, the security association respectively determining cryptographic parameters used for a cryptographically protected communication link in a network layer to be set up using the security association, to select a security association by the second computer, and to transmit from the second computer to the first computer at least one of the security association selected by the second computer and an indication of the security association selected by the second computer.
-
20. A computer, coupled to a remote computer via a telecommunication network, for negotiating a security association on an application layer between said computer and the remote computer, comprising:
a processor programmed to transmit to the remote computer a list of possible security associations between the computer and the remote computer in a message according to a protocol of the application layer, including a security parameter index assigned to and identifying each security association in the list, the security association respectively determining cryptographic parameters used for a cryptographically protected communication link in a network layer to be set up using the security association, and to receive from the remote computer at least one of a selected security association and an indication of the selected security association selected by the remote computer from the list of security associations. - View Dependent Claims (21, 22)
-
23. A computer, coupled to a remote computer via a telecommunication network, for negotiating a security association on an application layer between the remote computer and said computer, comprising:
a processor programmed to receive a message according to a protocol of the application layer, the message including a list of possible security associations between the remote computer and the computer and a security parameter index assigned to and identifying each security association, the security association being used for respectively determining cryptographic parameters used for a cryptographically protected communication link in a network layer, to be set up using the security association, to select a security association, and to transmit to the remote computer at least one of the security association and an indication of the security association. - View Dependent Claims (24, 25)
-
26. At least one computer readable medium storing at least one program to control at least one processor to perform a method for computer-aided negotiation of a security association on an application layer between a first computer and a second computer, the first computer and the second computer being coupled to one another via a telecommunication network, said method comprising:
-
transmitting a list of possible security associations between the first computer and the second computer from the first computer to the second computer in a message according to a protocol of the application layer, a security parameter index being included for and assigned to each security association in the list, each security parameter index identifying a corresponding security association in the list, respectively determining cryptographic parameters for a cryptographically protected communication link in a network layer to be set up using the security association, selecting a security association by the second computer, and transmitting to the first computer at least one of the security association selected by the second computer and an indication of the security association selected by the second computer.
-
Specification