System and method for routing data over an internet protocol security network

US 20070165638A1
Filed: 01/13/2006
Published: 07/19/2007
Est. Priority Date: 01/13/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method of communicating data over an Internet Protocol security network, the method comprising:

receiving packets for transmission over the Internet Protocol security network;

controlling order of processing of the packets;

determining whether each packet requires security features;

feeding the packets to a post-queue line interface module according to the order of processing of the packets;

allocating, in response to the determination that a packet requires security features, a sequence number to each packet in the order of feeding of packets to the post-queue line interface module;

providing said packet with appropriate security features; and

transmitting said packet over the Internet Protocol security network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of routing data over an Internet Protocol security (IPSec) network, the method comprising: receiving packets for transmission over the IPSec network, controlling the order of processing of the packets, determining whether each packet requires security features, feeding of the packets to a post-queue line interface module according to the order of processing the packets and allocating a sequence number to each packet in the order of feeding of packets to the post-queue line interface module. A packet requiring security features are provided with such features, which may be AH or ESP protocol, before it is transmitted over the Internet Protocol security network. As the queueing of the packet is done before the packet is provided with security features, the quality of service of the IPSec network is improved with the packets being received at the anti-replay window according to the order of the allocated sequence numbers.

37 Citations

View as Search Results

17 Claims

1. A method of communicating data over an Internet Protocol security network, the method comprising:
- receiving packets for transmission over the Internet Protocol security network;
  
  controlling order of processing of the packets;
  
  determining whether each packet requires security features;
  
  feeding the packets to a post-queue line interface module according to the order of processing of the packets;
  
  allocating, in response to the determination that a packet requires security features, a sequence number to each packet in the order of feeding of packets to the post-queue line interface module;
  
  providing said packet with appropriate security features; and
  
  transmitting said packet over the Internet Protocol security network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein controlling the order of processing of the packets comprises:
    - identifying the level of priority of each packet, placing each packet in an appropriate queue in a traffic management module; and
      
      servicing the queue according to the level of priority of the queue.
  - 3. The method of claim 2 wherein determining whether each packet requires security features comprises accessing information on a security policy database.
  - 4. The method of claim 3 wherein the information on the security policy database comprises source and destination address fields and security protocol information.
  - 5. The method of claim 1 wherein the providing said packet with security features comprises accessing information on a Security Association database.
  - 6. The method of claim 5 comprising formatting of said packet and sending said packet with cryptographic keys obtained from the Security Association database to an embedded cryptography module.
  - 7. The method of claim 6 comprising hashing the formatted packet to sign the packet for integrity.
  - 8. The method of claim 7 comprising encrypting the formatted packet and prepending a header to the formatted packet.
  - 9. The method of claim 8 wherein the quality of service of transmitting the processed packets is improved as processed packets are received in the order of being transmitted over the Internet Protocol security network.

10. A system for routing data over an Internet Protocol security network, the system comprising:
- a traffic management module to control the order of processing of packets;
  
  a sequence number allocator to allocate sequence numbers to packets in the order of processing of packets in the traffic management module and feeding the packets to a post-queue line interface module;
  
  a post-queue line interface module to provide packets with the appropriate security features; and
  
  a transmitter to transmit packets over the Internet Protocol security network.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system of claim 10 wherein the traffic management module identifies the level of priority of each packet, places the packet in an appropriate queue and services the queue according to the level of priority of the queue.
  - 12. The system of claim 11 wherein the post-queue line interface module comprises a cryptography module and an embedded cryptography module to encrypt and to hash a packet.
  - 13. The system of claim 10 comprising a security policy database containing information for determining whether a packet requires security features.
  - 14. The system of claim 10 comprising a Security Association database containing cryptographic information.
  - 15. The system of claim 14 wherein the quality of service of transmitting the processed packets is improved as processed packets are received in the order of being transmitted over the Internet Protocol security network.

16. A machine-readable medium comprising instructions, which when executed by a machine, cause the machine to:
- receive packets for transmission over an Internet Protocol security network;
  
  control an order of processing of the packets;
  
  determine whether each packet requires security features;
  
  feed the packets to a post-queue line interface module according to the order of processing of the packets;
  
  allocate, in response to the determination that a packet requires security features, a sequence number to each packet in the order of feeding of packets to the post-queue line interface module;
  
  provide said packet with appropriate security features; and
  
  transmit said packet over the Internet Protocol security network.

17. A system for routing data over an Internet Protocol security network, the system comprising:
- means for controlling the order of processing of packets;
  
  means for allocating sequence numbers to packets in the order of processing of packets in the traffic management module and for feeding the packets to the post-queue line interface module;
  
  means for providing packets with the appropriate security features; and
  
  means for transmitting packets over the Internet Protocol security network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Tatar, Mohammed, Hasani, Naader

Application Number

US11/331,709
Publication Number

US 20070165638A1
Time in Patent Office

Days
Field of Search
US Class Current

370/392
CPC Class Codes

H04L 47/10   Flow control; Congestion co...

H04L 47/2408   for supporting different se...

H04L 47/2441   relying on flow classificat...

H04L 47/34   ensuring sequence integrity...

H04L 47/431   using padding or de-padding

H04L 49/90   Buffering arrangements

H04L 49/9094   Arrangements for simultaneo...

H04L 63/164   at the network layer

System and method for routing data over an internet protocol security network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for routing data over an internet protocol security network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links