METHOD OF NEGOTIATING SECURITY PARAMETERS AND AUTHENTICATING USERS INTERCONNECTED TO A NETWORK
1 Assignment
0 Petitions
Accused Products
Abstract
A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.
-
Citations
39 Claims
-
1-14. -14. (canceled)
-
15. A method for executing a security policy at a first network device wherein the first network device is communicatively coupled to a second network device over a computer network, comprising:
-
initiating a first security negotiation at the first network device by sending a first message with a first set of proposed security parameters; determining, at the first network device, that the first security negotiation is unsuccessful and identifying a basis for the unsuccessful first security negotiation; and initiating a second security negotiation, at the first network device, by sending a second message with a second set of proposed security parameters based on the basis for the unsuccessful first security negotiation. - View Dependent Claims (16, 17, 26, 27, 28, 29, 30, 31)
-
-
18-22. -22. (canceled)
-
23. A computer storage medium for executing computer-readable instructions for executing a security policy at a first network device wherein the first network device is communicatively coupled to a second network device over a computer network, comprising:
-
initiating a first security negotiation at the first network device by sending a first message with a first set of proposed security parameters; determining, at the first network device, that the first security negotiation is unsuccessful and identifying a basis for the unsuccessful first security negotiation; and initiating a second security negotiation at the first network device by sending a second message with a second set of proposed security parameters based on the basis for the unsuccessful first security negotiation. - View Dependent Claims (24, 25, 32, 33, 34, 35, 36, 37, 39)
-
-
38. A system for executing a security policy at a first network device wherein the first network device is communicatively coupled to a second network device over a computer network, the system comprising:
-
one or more processing units; a memory coupled with and readable by the one or more processing units, the memory containing a series of instructions that, when executed by the one or more processing units, cause the one or more processing units to perform a method of executing a security policy comprising the steps of; receiving a packet; determining if the packet must be sent securely; if the packet must be sent securely, initiating a security policy, wherein initiating a security policy comprises; initiating a first security negotiation at a first network device by sending a first message with a first set of proposed security parameters; determining, at the first network device, that the first security negotiation is unsuccessful and identifying a basis for the unsuccessful first security negotiation; and initiating a second security negotiation at the first network device by sending a second message with a second set of proposed security parameters based on the basis for the unsuccessful first security negotiation.
-
Specification