Method for negotiating multiple security associations in advance for usage in future secure communication
First Claim
Patent Images
1. A method for negotiating multiple security associations between at least two nodes, the method comprising:
- identifying a protocol for a secured communication between the at least two nodes;
identifying at least one additional node that will require a subsequent secure communication with one of the at least two nodes;
determining a number of subsequent secure communication sessions between the identified nodes;
determining at least one set of security parameters for the secure communication session and the subsequent secure communication sessions; and
transmitting at least a subset of the security parameters to the additional nodes for use in subsequent secure communication sessions.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention describes a novel security model in which security context is pre-negotiated and is used at future instances to secure messaging between nodes involved in sending and receiving data during the execution of the protocol. This anticipatory pre-negotiation of security context avoids expensive handshakes to establish security contexts that occur at future instances to secure sessions during the execution of the protocol.
18 Citations
15 Claims
-
1. A method for negotiating multiple security associations between at least two nodes, the method comprising:
-
identifying a protocol for a secured communication between the at least two nodes;
identifying at least one additional node that will require a subsequent secure communication with one of the at least two nodes;
determining a number of subsequent secure communication sessions between the identified nodes;
determining at least one set of security parameters for the secure communication session and the subsequent secure communication sessions; and
transmitting at least a subset of the security parameters to the additional nodes for use in subsequent secure communication sessions. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for establishing secured communications for a first node, the method comprising:
-
identifying a second node for a secured communication session;
identifying at least one additional node that will be communicated with during subsequent secure communication sessions;
determining a number of subsequent secured communications sessions with the second node and with the at least one additional node; and
receiving at least a subset of security parameters for the secured communications sessions and the number of subsequent secured communication sessions. - View Dependent Claims (8, 9, 10)
-
-
11. A system for negotiating multiple security associations between at least two nodes, the system comprising:
-
a first identification module that identifies a protocol for a secured communication between the at least two nodes;
a second identification module that identifies at least one additional node that will require a subsequent communication session with one of the at least two nodes;
a first determination module that determines a number of subsequent secure communication sessions between the identified nodes;
a second determination module that determines at least one set of security parameters for each the secure communication sessions and the subsequent secure communication sessions; and
a transmitter that transmits at least a subset of the security parameters to each of the identified nodes for the secure communication session and the subsequent secure communication sessions, wherein the system is configured for secured communication between each of the nodes for the number of subsequent secure communication sessions. - View Dependent Claims (12, 13)
-
-
14. An apparatus for negotiating multiple security associations between at least two nodes, the apparatus comprising:
-
a first identification means for identifying a protocol for a secured communication between the at least two nodes;
a second identification means for identifying at least one additional node that will require secure communication with one of the at least two nodes;
a first determination means for determining a number of subsequent secure communication sessions between the identified nodes, wherein the number of subsequent secure communication sessions is based on a number of the at least one additional node;
a second determination means for determining set at least one set of security parameters for the secure communication session and the subsequent communication sessions; and
a transmitting means for transmitting at least a subset of the security parameters to each of the nodes, wherein the apparatus provides secured communication between the nodes for the number of subsequent secure communication sessions.
-
-
15. An apparatus for establishing secured communications, the apparatus comprising:
-
an identification module, wherein the identification module identifies a first node and at least one additional node for a secured communication session between the first node and the at least one additional node;
a determination module, wherein the determination module determines a number of secured communications sessions between the first node and the at least one additional node;
a negotiation module, wherein the negotiation module negotiates at least one set of security parameters for the secured communication sessions between the first node and at least one additional node; and
a transmitter module, wherein the transmitter module transmits to the first node and the at least one additional node, at least a subset of the security parameters for the secured communications sessions.
-
Specification