Secure communication methods and systems
First Claim
1. A communication method comprising:
- establishing respective Internet Protocol Security (IPSec) Protocol Security Associations (SAs) for a secure connection between an access system and an intermediate system and a secure connection between the intermediate system and a remote system; and
binding the IPSec SAs to establish a secure connection between the access system and the remote system.
11 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for secure communications are provided. Secure end-to-end connections are established as separate multiple secure connections, illustratively between a first system and an intermediate system and between a second system and an intermediate system. The multiple secure connections may be bound, by binding Internet Protocol Security Protocol (IPSec) Security Associations (SAs) for the multiple connections, for example, to establish the end-to-end connection. In the event of a change in operating conditions which would normally require the entire secure connection to be re-established, only one of the multiple secure connections which form the end-to-end connection is re-established. Separation of end-to-end connections in this manner may reduce processing resource requirements and latency normally associated with re-establishing secure connections.
-
Citations
60 Claims
-
1. A communication method comprising:
-
establishing respective Internet Protocol Security (IPSec) Protocol Security Associations (SAs) for a secure connection between an access system and an intermediate system and a secure connection between the intermediate system and a remote system; and
binding the IPSec SAs to establish a secure connection between the access system and the remote system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for establishing a secure connection between an access system and a remote system, the system comprising:
-
a transceiver for communicating with the access system and the remote system; and
a processor configured to establish respective Internet Protocol Security (IPSec) Protocol Security Associations (SAs) for secure connections with the access system and the remote system through the transceiver, and to bind the IPSec SAs to establish the secure connection between the access system and the remote system. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer-readable medium storing a data structure comprising:
-
an identifier of an Internet Protocol Security (IPSec) Protocol Security Association (SA) for a secure connection between an intermediate system and an access system; and
an identifier of an IPSec SA for a secure connection between the intermediate system and a remote system, wherein the IPSec SAs are bound in the memory to thereby establish a secure connection between the access system and the remote system. - View Dependent Claims (24)
-
-
25. A method of managing a secure connection between an access system and a remote system, the secure connection comprising a secure connection between the access system and an intermediate system and a secure connection between the intermediate system and the remote system, the method comprising:
-
detecting a change in operating conditions of the access system; and
establishing a new secure connection between the access system and the intermediate system responsive to the detecting, whereby the secure connection between the access system and the remote system comprises the new secure connection between the access system and the intermediate system and the secure connection between the intermediate system and the remote system. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. An intermediate system for managing a secure connection between an access system and a remote system, the secure connection comprising a secure connection between the access system and the intermediate system and a secure connection between the intermediate system and the remote system, the intermediate system comprising:
-
a transceiver for communicating with the access system and the remote system; and
a processor configured to detect a change in operating conditions of the access system, and to establish a new secure connection between the access system and the intermediate system through the transceiver responsive to a detected change in operating conditions of the access system, whereby the secure connection between the access system and the remote system comprises the new secure connection between the access system and the intermediate system and the secure connection between the intermediate system and the remote system. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
-
-
49. A method of managing a secure connection between a first system and a second system, the secure connection comprising a first secure connection between the first system and an intermediate system and a second secure connection between the intermediate system and the second system, the method comprising:
-
detecting a change in operating conditions of the first system or the second system;
establishing a new secure connection between the first system and the intermediate system responsive to detecting a change in the operating conditions of the first system, whereby the secure connection between the first system and the second system comprises the new secure connection between the first system and the intermediate system and the second secure connection; and
establishing a new secure connection between the intermediate system and the second system responsive to detecting a change in the operating conditions of the second system, whereby the secure connection between the first system and the second system comprises the first secure connection and the new secure connection between the intermediate system and the second system. - View Dependent Claims (50, 51, 52, 53, 54)
-
-
55. An intermediate system for managing a secure connection between a first system and a second system, the secure connection comprising a first secure connection between the first system and the intermediate system and a second secure connection between the intermediate system and the second system, the intermediate system comprising:
-
a transceiver for communicating with the first system and the second system; and
a processor configured to detect a change in operating conditions of the first system or the second system, wherein the processor is further configured to;
establish a new secure connection between the first system and the intermediate system responsive to detecting a change in the operating conditions of the first system, whereby the secure connection between the first system and the second system comprises the new secure connection between the first system and the intermediate system and the second secure connection; and
establish a new secure connection between the intermediate system and the second system responsive to detecting a change in the operating conditions of the second system, whereby the secure connection between the first system and the second system comprises the first secure connection and the new secure connection between the intermediate system and the second system. - View Dependent Claims (56, 57, 58)
-
-
59. A method of managing a secure connection between a first system and a second system, the secure connection comprising a first secure connection between the first system and a first intermediate system, a second secure connection between the first intermediate system and a second intermediate system, and a third secure connection between the second intermediate system and the second system, the method comprising:
-
detecting a change in operating conditions of the first system or the second system;
establishing a new secure connection between the first system and the first intermediate system responsive to detecting a change in the operating conditions of the first system, whereby the secure connection between the first system and the second system comprises the new secure connection between the first system and the first intermediate system, the second secure connection, and the third secure connection; and
establishing a new secure connection between the second intermediate system and the second system responsive to detecting a change in the operating conditions of the second system, whereby the secure connection between the first system and the second system comprises the first secure connection, the second secure connection, and the new secure connection between the second intermediate system and the second system.
-
-
60. A communication system comprising:
-
first and second intermediate systems for managing a secure connection between a first system and a second system, the secure connection comprising a first secure connection between the first system and the first intermediate system, a second secure connection between the first intermediate system and the second intermediate system, and a third secure connection between the second intermediate system and the second system, the first intermediate system comprising;
a transceiver for communicating with the first system and the second intermediate system; and
a processor configured to;
detect a change in operating conditions of the first system; and
establish a new secure connection between the first system and the first intermediate system responsive to detecting a change in the operating conditions of the first system, whereby the secure connection between the first system and the second system comprises the new secure connection between the first system and the first intermediate system, the second secure connection, and the third secure connection, and the second intermediate system comprising;
a transceiver for communicating with the first intermediate system and the second system; and
a processor configured to;
detect a change in operating conditions of the second system; and
establish a new secure connection between the second intermediate system and the second system responsive to detecting a change in the operating conditions of the second system, whereby the secure connection between the first system and the second system comprises the first secure connection, the second secure connection, and the new secure connection between the second intermediate system and the second system.
-
Specification