Method for negotiating multiple security associations in advance for usage in future secure communication

US 20060095767A1
Filed: 02/15/2005
Published: 05/04/2006
Est. Priority Date: 11/04/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for negotiating multiple security associations between at least two nodes, the method comprising:

identifying a protocol for a secured communication between the at least two nodes;

identifying at least one additional node that will require a subsequent secure communication with one of the at least two nodes;

determining a number of subsequent secure communication sessions between the identified nodes;

determining at least one set of security parameters for the secure communication session and the subsequent secure communication sessions; and

transmitting at least a subset of the security parameters to the additional nodes for use in subsequent secure communication sessions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention describes a novel security model in which security context is pre-negotiated and is used at future instances to secure messaging between nodes involved in sending and receiving data during the execution of the protocol. This anticipatory pre-negotiation of security context avoids expensive handshakes to establish security contexts that occur at future instances to secure sessions during the execution of the protocol.

18 Citations

View as Search Results

15 Claims

1. A method for negotiating multiple security associations between at least two nodes, the method comprising:
- identifying a protocol for a secured communication between the at least two nodes;
  
  identifying at least one additional node that will require a subsequent secure communication with one of the at least two nodes;
  
  determining a number of subsequent secure communication sessions between the identified nodes;
  
  determining at least one set of security parameters for the secure communication session and the subsequent secure communication sessions; and
  
  transmitting at least a subset of the security parameters to the additional nodes for use in subsequent secure communication sessions.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein transmitting the security parameters comprises transmitting the at least subset of the security parameters for the secure communication session and the subsequent secure communication sessions to all of the nodes during a single secure communication between the at least two nodes.
  - 3. The method of claim 1, wherein transmitting the at least a subset of the security parameters to each of the nodes comprises transmitting the at least subset of the security parameters for a secure communication between the at least two nodes during a first handshake message, and transmitting the at least subset of the security parameters for the subsequent secure communication sessions during the subsequent communication session.
  - 4. The method of claim 1, wherein transmitting the at least subset of the security parameters to each of the nodes comprises a server transmitting the at least subset of the security parameters for the secure communication sessions and the subsequent secure communication sessions to corresponding nodes.
  - 5. The method of claim 1, further comprising acquiring capabilities of the other nodes by one of the at least two nodes, such that the one of at least two nodes can negotiate the at least subset of the security parameters on behalf of the other nodes.
  - 6. The method of claim 1, wherein the at least one set of security parameters comprise a plurality of separate security parameters;
    - and transmitting at least a subset of the at least one set of security parameters to the additional nodes for use in subsequent secure communication sessions comprises transmitting the separate security parameters for use in the subsequent secure communications sessions.

7. A method for establishing secured communications for a first node, the method comprising:
- identifying a second node for a secured communication session;
  
  identifying at least one additional node that will be communicated with during subsequent secure communication sessions;
  
  determining a number of subsequent secured communications sessions with the second node and with the at least one additional node; and
  
  receiving at least a subset of security parameters for the secured communications sessions and the number of subsequent secured communication sessions.
- View Dependent Claims (8, 9, 10)
- - 8. The method of claim 7, further comprising transmitting the at least subset of the security parameters to the second node and at least one additional node during a single secure communication session.
  - 9. The method of claim 7, further comprising:
    - negotiating the at least subset of the security parameters with the second node during a first secure communication session; and
      
      transmitting the at least subset of the security parameters for a secure communication session with the at least one additional node during a subsequent secure communication session with the at least one additional node.
  - 10. The method of claim 7, wherein a server transmits the at least subset of the security parameters for the secure communication sessions to the first node and the second node and transmits the at least subset of the security parameters of the subsequent security sessions to the at least one additional node.

11. A system for negotiating multiple security associations between at least two nodes, the system comprising:
- a first identification module that identifies a protocol for a secured communication between the at least two nodes;
  
  a second identification module that identifies at least one additional node that will require a subsequent communication session with one of the at least two nodes;
  
  a first determination module that determines a number of subsequent secure communication sessions between the identified nodes;
  
  a second determination module that determines at least one set of security parameters for each the secure communication sessions and the subsequent secure communication sessions; and
  
  a transmitter that transmits at least a subset of the security parameters to each of the identified nodes for the secure communication session and the subsequent secure communication sessions, wherein the system is configured for secured communication between each of the nodes for the number of subsequent secure communication sessions.
- View Dependent Claims (12, 13)
- - 12. The system of claim 11, wherein the transmitter transmits the at least subset of the security parameters to all of the identified nodes during a single secure communication session.
  - 13. The system of claim 11, wherein the transmitter transmits the at least subset of the security parameters for a first secure communication between the at least two nodes to each of the at least two nodes during a first secure communication, and transmits the at least subset of the security parameters for a second communication between one of the at least two nodes to the at least one additional node, during a second secure communication with the at least one additional node.

14. An apparatus for negotiating multiple security associations between at least two nodes, the apparatus comprising:
- a first identification means for identifying a protocol for a secured communication between the at least two nodes;
  
  a second identification means for identifying at least one additional node that will require secure communication with one of the at least two nodes;
  
  a first determination means for determining a number of subsequent secure communication sessions between the identified nodes, wherein the number of subsequent secure communication sessions is based on a number of the at least one additional node;
  
  a second determination means for determining set at least one set of security parameters for the secure communication session and the subsequent communication sessions; and
  
  a transmitting means for transmitting at least a subset of the security parameters to each of the nodes, wherein the apparatus provides secured communication between the nodes for the number of subsequent secure communication sessions.

15. An apparatus for establishing secured communications, the apparatus comprising:
- an identification module, wherein the identification module identifies a first node and at least one additional node for a secured communication session between the first node and the at least one additional node;
  
  a determination module, wherein the determination module determines a number of secured communications sessions between the first node and the at least one additional node;
  
  a negotiation module, wherein the negotiation module negotiates at least one set of security parameters for the secured communication sessions between the first node and at least one additional node; and
  
  a transmitter module, wherein the transmitter module transmits to the first node and the at least one additional node, at least a subset of the security parameters for the secured communications sessions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Nokia Corporation
Inventors
Krishnamurthi, Govindarajan, Chan, Tat Keung

Application Number

US11/057,846
Publication Number

US 20060095767A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 63/166 at the transport layer

H04L 63/205 involving negotiation or de...

Method for negotiating multiple security associations in advance for usage in future secure communication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method for negotiating multiple security associations in advance for usage in future secure communication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links