ENHANCED APPROACH FOR TRANSMISSION CONTROL PROTOCOL AUTHENTICATION OPTION (TCP-AO) WITH KEY MANAGEMENT PROTOCOLS (KMPS)
First Claim
Patent Images
1. A method in a network element for supporting Transmission Control Protocol Authentication Option (TCP-AO) with a Key Management Protocol (KMP) to authenticate TCP segments over a TCP session, the method comprising the steps of:
- negotiating a first plurality of traffic keys to authenticate TCP segments over a first TCP session with a peer network element; and
protecting the first TCP session with the first negotiated traffic keys.
1 Assignment
0 Petitions
Accused Products
Abstract
A network element supports Transmission Control Protocol Authentication Option (TCP-AO) with a Key Management Protocol (KMP) to authenticate TCP segments over a TCP session. The network element negotiates multiple traffic keys to authenticate TCP segments over a TCP session with a peer network element, and protects the TCP session with the negotiated traffic keys.
-
Citations
25 Claims
-
1. A method in a network element for supporting Transmission Control Protocol Authentication Option (TCP-AO) with a Key Management Protocol (KMP) to authenticate TCP segments over a TCP session, the method comprising the steps of:
-
negotiating a first plurality of traffic keys to authenticate TCP segments over a first TCP session with a peer network element; and protecting the first TCP session with the first negotiated traffic keys. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A network element for supporting Transmission Control Protocol Authentication Option (TCP-AO) with a Key Management Protocol (KMP) to authenticate TCP segments over TCP sessions, comprising:
-
a set of one or more processors; a non-transitory computer-readable medium that stores instructions for a computer program that supports TCP-AO with a KMP to authenticate TCP segments over TCP sessions, the computer program including; an application configured to transmit and receive traffic over a set of one or more TCP sessions and request authentication of outgoing and incoming TCP segments for the set of TCP sessions; a KMP module configured to, for each of the set of TCP sessions, perform the following; negotiate a plurality of traffic keys with a peer network element, and populate the negotiated traffic keys into a data structure used by a TCP-AO module when authenticating the outgoing and incoming TCP segments for that TCP session; and the TCP-AO module configured to, for each of the set of TCP sessions, use the negotiated traffic keys for that TCP session for authenticating outgoing and incoming TCP segments of that TCP session. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A network element for supporting Transmission Control Protocol Authentication Option (TCP-AO) with a Key Management Protocol (KMP) to authenticate TCP segments over TCP sessions, comprising:
-
a set of one or more processors; and a non-transitory computer-readable medium that stores instructions that, when executed by the set of processors, cause the set of processors to perform operations including; negotiating a first plurality of traffic keys to authenticate TCP segments over a first TCP session with a peer network element; and protecting the first TCP session with the first negotiated traffic keys. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
Specification