Using non 5-tuple information with IPSec

US 20070011448A1
Filed: 07/06/2005
Published: 01/11/2007
Est. Priority Date: 07/06/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method of communicating over a network using IPSec security protocol, the method comprising acts of:

A) receiving 5-tuple information and session information;

B) determining whether to allow a first connection between a first device and a second device based on at least a portion of the session information; and

C) establishing a security association for the first connection based on at least a portion of the session information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of communicating using IPSec security protocol. Security associations are provided for a connection based on session information that may include user information and/or information related to an application running on the device. One or more filters determine whether or not to accept a connection based on session information.

48 Citations

View as Search Results

20 Claims

1. A method of communicating over a network using IPSec security protocol, the method comprising acts of:
- A) receiving 5-tuple information and session information;
  
  B) determining whether to allow a first connection between a first device and a second device based on at least a portion of the session information; and
  
  C) establishing a security association for the first connection based on at least a portion of the session information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the session information comprises a user identifier identifying a user associated with the first device.
  - 3. The method of claim 1, wherein the act C comprises:
    - establishing security associations for a plurality of connections between the first device and the second device based on a plurality of user identifiers identifying a plurality of users associated with the first device.
  - 4. The method of claim 1, wherein the session information comprises a peer identifier identifying a user associated with the second device.
  - 5. The method of claim 1, wherein the session information comprises at least one security rule.
  - 6. The method of claim 5, wherein the security rule requires encryption for a connection.
  - 7. The method of claim 1, further comprising acts of:
    - D) receiving a communication from the second device; and
      
      E) determining updated session information at least partially based on the communication received in the act D; and
      
      F) updating the session information to include the updated session information.
  - 8. The method of claim 7, wherein the updated session information comprises a peer identifier identifying a user of the second device.
  - 9. The method of claim 7, further comprising an act of:
    - G) communicating with the second device at least partially based on the security association, the security association being selected at least partially based on the updated session information.
  - 10. The method of claim 1, wherein the act C further comprises:
    - selecting, at least partially based on the session information, the security association for the first connection from a set of existing security associations associated with connections between the first device and at least one other device.
  - 11. The method of claim 10, wherein the session information comprises a user identifier, and wherein the security association is selected from the set of existing security associations at least partially based on the user identifier.
  - 12. The method of claim 10, wherein the session information comprises an application identifier, and wherein the security association is selected from the set of existing security associations at least partially based on the application identifier.
  - 13. The method of claim 1, wherein the act C comprises providing a security association that is different from the security associations in the set of existing security associations.

14. A computer-readable medium having computer-executable instructions for performing steps comprising:
- A) receiving 5-tuple information and session information;
  
  B) determining whether to allow a first connection between a first device and a second device based on at least a portion of the session information; and
  
  C) establishing a security association for the first connection based on at least a portion of the session information.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer-readable medium of claim 14, further comprising an application state table comprising at least a portion of the session information.
  - 16. The computer-readable medium of claim 14, further having computer-executable instructions for performing a step comprising:
    - D) providing different security associations for respective users of the first device for a plurality of connections between the first device and at least one other device.
  - 17. The computer-readable medium of claim 14, further having computer-executable instructions for performing a step comprising:
    - D) providing the security association for a plurality of connections between the first device and at least one other device, the plurality of connections being associated with similar or identical session information.
  - 18. The computer-readable medium of claim 14, wherein the step C comprises:
    - providing the security association for a plurality of connections associated with a same user.
  - 19. The computer-readable medium of claim 14, wherein the step C comprises:
    - providing the security association for a plurality of connections associated with similar or identical security rules.
  - 20. The computer-readable medium of claim 14, wherein the number of connections between the first device and at least one other device is greater than the number of security associations associated with the connections.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Swander, Brian, Chhabra, Avnish

Application Number

US11/175,923
Publication Number

US 20070011448A1
Time in Patent Office

Days
Field of Search
US Class Current

713/151
CPC Class Codes

H04L 63/0227 Filtering policies mail mes...

H04L 63/164 at the network layer

Using non 5-tuple information with IPSec

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Using non 5-tuple information with IPSec

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links