Method, apparatus and system for pre-establishing secure communication channels
First Claim
1. A method for pre-establishing a secure communication channel comprising the steps of:
- detecting one or more trigger events;
determining whether the secure communication channel will be needed in the future; and
establishing the secure communication channel before the secure communication channel is needed.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a method, apparatus and system for pre-establishing a secure communication channel by detecting one or more trigger events (302), determining whether the secure communication channel will be needed in the future (304) and establishing the secure communication channel before the secure communication channel is needed (308-316). The secure communication channel is established by sending a SA Query (308) and determining whether the SA Query matches one or more security policies (310). If the SA Query matches the one or more security policies, the present invention determines whether the SA Query matches a SA (314). If the SA Query does not match the SA, a SA is negotiated (318) and a SA Query successful message is returned (316). This method can be implemented as a computer program embodied on a computer readable medium wherein each step is executed by one or more code segments.
-
Citations
50 Claims
-
1. A method for pre-establishing a secure communication channel comprising the steps of:
-
detecting one or more trigger events;
determining whether the secure communication channel will be needed in the future; and
establishing the secure communication channel before the secure communication channel is needed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for pre-establishing a secure communication channel comprising the steps of:
-
receiving a security association query (“
SA Query”
) from a privileged application, the SA Query comprising a message indicating that a security association is needed;
determining whether the SA Query matches one or more security policies;
determining whether the SA Query matches a security association whenever the SA Query matches the one or more security policies;
sending a SA Negotiation Request to a key management exchange whenever the SA Query does not match the security association;
sending a SA Query successful message to the privileged application indicating that the secure communication channel has been pre-established whenever the SA Query matches the security association or a negotiated SA pair is received from the key management exchange; and
sending a SA Query failure message to the privileged application whenever the SA Query does not match the one or more security policies or a negotiation failure message is received from the key management exchange. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A computer program embodied on a computer readable medium for pre-establishing a secure communication channel comprising:
-
a code segment for detecting one or more trigger events;
a code segment for determining whether the secure communication channel will be needed in the future; and
a code segment for establishing the secure communication channel before the secure communication channel is needed. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer program embodied on a computer readable medium for pre-establishing a secure communication channel comprising:
-
a code segment for receiving a security association query (“
SA Query”
) from a privileged application, the SA Query comprising a message indicating that a security association is needed;
a code segment for determining whether the SA Query matches one or more security policies;
a code segment for determining whether the SA Query matches a security association whenever the SA Query matches the one or more security policies;
a code segment for sending a SA Negotiation Request to a key management exchange whenever the SA Query matches the security association;
a code segment for sending a SA Query successful message to the privileged application indicating that the secure communication channel has been pre-established whenever the SA Query matches the security association or a negotiated SA pair is received from the key management exchange; and
a code segment for sending a SA Query failure message to the privileged application whenever the SA Query does not match the one or more security policies or a negotiation failure message is received from the key management exchange. - View Dependent Claims (28, 29, 30, 31, 32)
-
-
33. An apparatus comprising:
-
a packet processor;
a packet security protocol instance operating within the packet processor; and
a privileged application operating within the packet processor that detects one or more trigger events, determines whether a secure communication channel will be needed in the future and sends a message to the packet security protocol instance to establish the secure communication channel before the secure communication channel is needed. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
-
47. A system comprising:
-
a first network;
a second network; and
a packet communications device communicably coupled to the first network and the second network, the packet communications device comprising a packet processor, a packet security protocol instance operating within the packet processor, and a privileged application operating within the packet processor that detects one or more trigger events, determines whether a secure communication channel will be needed in the future and sends a message to the packet security protocol instance to establish the secure communication channel before the secure communication channel is needed. - View Dependent Claims (48, 49, 50)
-
Specification