Method and Apparatus for Updating Anti-Replay Window in Ipsec

US 20080295163A1
Filed: 11/10/2006
Published: 11/27/2008
Est. Priority Date: 02/09/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method of updating an anti-replay window in IPSec (Internet Protocol Security), comprising:

determining whether a difference between a sequence number extracted from a received packet and a maximum value of a sequence number of an anti-replay window is greater than a predetermined value;

if the difference is greater than the predetermined value, creating a first bit map based on a size of the anti-replay window and a second bit map based on the sequence number extracted from the received packet, respectively; and

comparing the number of bit values in the first bit map of packets received during a predetermined time with the number of bit values in the second bit map of the packets received during the predetermined time; and

updating the anti-replay window based on the result of the comparison.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for updating an anti-replay window in Internet Protocol Security (IPSec). The method includes determining whether a difference between a sequence number extracted from a received packet and a maximum value of a sequence number of an anti-replay window is greater than a predetermined value; if it is determined that the difference is greater than the predetermined value, creating a first bit map based on a size of the anti-replay window and a second bit map based on the sequence number extracted from the received packet, respectively; comparing the number of bit values in the first bit map of packets received during a predetermined time with the number of bit values in the second bit map of packets received during the predetermined time, and updating the anti-replay window.

Citations

31 Claims

1. A method of updating an anti-replay window in IPSec (Internet Protocol Security), comprising:
- determining whether a difference between a sequence number extracted from a received packet and a maximum value of a sequence number of an anti-replay window is greater than a predetermined value;
  
  if the difference is greater than the predetermined value, creating a first bit map based on a size of the anti-replay window and a second bit map based on the sequence number extracted from the received packet, respectively; and
  
  comparing the number of bit values in the first bit map of packets received during a predetermined time with the number of bit values in the second bit map of the packets received during the predetermined time; and
  
  updating the anti-replay window based on the result of the comparison.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 21)
- - 2. The method of claim 1, wherein the predetermined value is obtained by subtracting a minimum value of the sequence number of the anti-replay window from the maximum value of the sequence number of the anti-replay window.
  - 3. The method of claim 1, wherein the predetermined time is measured using a timer operating after creating the first bit map and the second bit map.
  - 4. The method of claim 1, wherein the first bit map comprises the anti-replay window and is larger than the maximum value of the sequence number of the anti-replay window by a predetermined amount.
  - 5. The method of claim 4, wherein the first bit map is double the size of the anti-replay window.
  - 6. The method of claim 4, wherein the second bit map has the sequence number extracted from the received packet as an intermediate value, and has the same size as the first bit map.
  - 7. The method of claim 1, wherein bit values of the packets respectively received are set to “
    - 1”
      
      in the first and second bit maps.
  - 8. The method of claim 7, wherein:
    - the comparing of the bit values comprises comparing the number of 1-bit values in the first bit map with the number of 1-bit values in the second bit map during the predetermined time; and
      
      the updating of the anti-replay window comprises updating the anti-replay window based on the bit map having the most 1-bit values.
  - 9. The method of claim 8, wherein the updating of the anti-replay value window comprises updating the anti-replay window using the maximum value of the sequence number of the first bit map comprising the 1-bit values as the maximum value of the sequence number of the anti-replay window, if the number of 1-bit values in the first bit map is more than the number of 1-bit values in the second bit map.
  - 10. The method of claim 8, wherein, if the number of 1-bit values in the second bit map is more than the number of 1-bit values in the first bit map, the updating of the anti-replay window comprises updating the anti-replay window using the maximum value of the sequence number of the second bit map comprising 1-bit values as the maximum value of the sequence number of the anti-replay window.
  - 11. The method of claim 1, further comprising:
    - updating the anti-replay window, using the sequence number extracted from the received packet as the maximum value of the sequence number of the anti-replay window, if the difference is not greater than the predetermined value and the sequence number extracted from the received packet is greater than the maximum value of the sequence number of the anti-replay window.
  - 12. The method of claim 1, further comprising:
    - discarding the received packet if the difference is not greater than the predetermined value and the sequence number extracted from the received packet is smaller than the minimum value of the sequence number of the anti-replay window.
  - 21. A computer-readable recording medium storing a computer program to execute the method of claim 1.

13. An apparatus to update an anti-replay window in IPSec (Internet Protocol Security), the apparatus comprising:
- a determination unit to determine whether a difference between a sequence number extracted from a received packet and a maximum value of a sequence number of the anti-replay window is greater than a predetermined value;
  
  a bit map creating unit to create a first bit map based on a size of the anti-replay window and a second bit map based on the sequence number extracted from the received packet, respectively, if the difference is greater than the predetermined value; and
  
  an updating unit to compare the number of bit values in the first bit map of packets received during a predetermined time with the number of bit values in the second bit map of the packets received during a predetermined time, and to update the anti-replay window based on the result of the comparison.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The apparatus of claim 13, wherein the predetermined value is obtained by subtracting a minimum value of the sequence number of the anti-replay window from the maximum value of the sequence number.
  - 15. The apparatus of claim 13, wherein the predetermined time is measured through a timer operating after creating the first bit map and the second bit map.
  - 16. The apparatus of claim 13, wherein the first bit map includes the anti-replay window and is larger than the maximum value of the sequence numbers of the anti-replay window by a predetermined size.
  - 17. The apparatus of claim 16, wherein the second bit map has the sequence number extracted from the received packet as an intermediate value, and has the same size as the first bit map.
  - 18. The apparatus of claim 13, wherein bit values of the packets respectively received are set to “
    - 1”
      
      in the first and second bit maps.
  - 19. The apparatus of claim 18, wherein the updating unit compares the number of 1-bit values in the first bit map with the number of 1-bit values in the second bit map during the predetermined time, and updates the anti-replay window based on the bit map having the most 1-bit values.
  - 20. The apparatus of claim 13, wherein, if the determination unit determines that the difference is not greater than the predetermined value and the sequence number extracted from the received packet is less than the minimum value of the sequence numbers of the anti-replay window, the updating unit discards the received packet.

22. A method of updating an anti-replay window in Internet Protocol Security (IPSec), the method comprising:
- receiving a packet;
  
  if a difference between a sequence number of the packet and a maximum value of an anti-replay window is greater than a predetermined value, creating a first bit map based on a size of the anti-replay window and a second bit map based on the sequence number; and
  
  updating the anti-replay window based on the first bit map or the second bit map.
- View Dependent Claims (23, 24, 25)
- - 23. The method according to claim 22, wherein:
    - the updating of the anti-replay window comprises updating the anti-replay window based on the first bit map if a number of bit values of “
      
      1”
      
      in the first bit map is greater than a number of bit values of “
      
      1”
      
      in the second bit map; and
      
      the updating of the anti-replay window comprises updating the anti-replay window based on the second bit map if the number of bit values of “
      
      1”
      
      in the second bit map is greater than or equal to the number of bit values of “
      
      1”
      
      in the first bit map.
  - 24. The method according to claim 22, further comprising:
    - for a predetermined period of time prior to updating the anti-replay window, changing a bit value of the first map to “
      
      1”
      
      if a packet received during the predetermined period has a sequence number corresponding to the bit value of the first map, and changing a bit value of the second map to “
      
      1”
      
      if the packet received during the predetermined period has a sequence number corresponding to the bit value of the second map.
  - 25. The method according to claim 24, wherein the predetermined period of time is determined based on a communication characteristic.

26. An apparatus to perform Internet Protocol Security (IPSec) using an anti-replay window according to a status of sequence numbers of received packets, the apparatus comprising:
- a packet receiver to receive packets;
  
  a bit map creating unit to create a first bit map based on a size of the anti-replay window and a second bit map based on a sequence number of a packet received by the packet receiver, if a difference between the sequence number and a maximum value of the anti-replay window is greater than a predetermined value; and
  
  an updating unit to update the anti-replay window based on the first bit map or the second bit map.
- View Dependent Claims (27, 28, 29, 30, 31)
- - 27. The apparatus according to claim 26, further comprising:
    - a determination unit to determine whether the difference between the sequence number and the maximum value of the anti-replay window is greater than the predetermined value.
  - 28. The apparatus according to claim 26, further comprising:
    - a storage unit to store the first bit map and the second bit map.
  - 29. The apparatus according to claim 26, wherein, for a predetermined period of time prior to updating the anti-replay window, the updating unit changes a bit value of the first map from to “
    - 1”
      
      if a packet received during the predetermined period has a sequence number corresponding to the bit value of the first map, and changes a bit value of the second map to “
      
      1”
      
      if the packet received during the predetermined period has a sequence number corresponding to the bit value of the second map.
  - 30. The apparatus according to claim 29, wherein:
    - the updating unit updates the anti-replay window using the first bit map if a number of bit values of “
      
      1”
      
      in the first bit map is greater than a number of bit values of “
      
      1”
      
      in the second bit map; and
      
      the updating unit updates the anti-replay window using the second bit map if the number of bit values of “
      
      1”
      
      in the second bit map is greater than or equal to the number of bit values of “
      
      1”
      
      in the first bit map.
  - 31. The apparatus according to claim 29, further comprising:
    - a timer to determine when the predetermine time period begins and ends.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Kang, Song-Min

Application Number

US12/092,734
Publication Number

US 20080295163A1
Time in Patent Office

Days
Field of Search
US Class Current

726/13
CPC Class Codes

H04L 63/164 at the network layer

Method and Apparatus for Updating Anti-Replay Window in Ipsec

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Method and Apparatus for Updating Anti-Replay Window in Ipsec

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links