NEGOTIATION OF SECURITY PROTOCOLS AND PROTOCOL ATTRIBUTES IN SECURE COMMUNICATIONS ENVIRONMENT

US 20140317720A1
Filed: 09/30/2013
Published: 10/23/2014
Est. Priority Date: 01/31/2005
Status: Active Grant

First Claim

Patent Images

1. A method of communicatively connecting first and second endpoints, the method comprising:

transmitting from a first endpoint to a second endpoint a connection request, the connection request including an IP address of the second endpoint;

based at least in part on the IP address of the second endpoint, selecting IPsec from among a plurality of available security protocols to first attempt to use in forming a tunnel between the first and second endpoints; and

forming the tunnel between the first and second endpoints based on the connection request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods of communicatively connecting first and second endpoints are disclosed. One method includes transmitting from a first endpoint to a second endpoint a connection request, the connection request including an IP address of the second endpoint. The method further includes, based at least in part on the IP address of the second endpoint, selecting IPsec from among a plurality of available security protocols to first attempt to use in forming a tunnel between the first and second endpoints, and forming the tunnel between the first and second endpoints based on the connection request.

12 Citations

View as Search Results

20 Claims

1. A method of communicatively connecting first and second endpoints, the method comprising:
- transmitting from a first endpoint to a second endpoint a connection request, the connection request including an IP address of the second endpoint;
  
  based at least in part on the IP address of the second endpoint, selecting IPsec from among a plurality of available security protocols to first attempt to use in forming a tunnel between the first and second endpoints; and
  
  forming the tunnel between the first and second endpoints based on the connection request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein forming the tunnel comprises forming the tunnel using the IPsec protocol.
  - 3. The method of claim 2, wherein the first endpoint comprises a computing system having an operating system supporting a native IPsec implementation.
  - 4. The method of claim 3, wherein the second endpoint comprises a computing system having an operating system supporting a native IPsec implementation.
  - 5. The method of claim 2, wherein the tunnel is formed based on one or more attributes set at a user-level protocol service, the one or more attributes comprising IPsec attributes selected from a group of IPsec attributes consisting of:
    - encryption type;
      
      authentication mechanism;
      
      Elliptic Curve cryptography; and
      
      IKE version.
  - 6. The method of claim 1, wherein the second endpoint has an IPv6 address.
  - 7. The method of claim 1, wherein the second endpoint has an IPv4 address.
  - 8. The method of claim 7, wherein, upon determining that the first endpoint does not support IPsec, forming the tunnel using a second security protocol from among the plurality of available security protocols.
  - 9. The method of claim 8, wherein the second security protocol comprises the SecureParser proprietary security protocol.

10. A method of communicatively connecting endpoints in a network, the method comprising:
- selecting an IPsec security protocol from among a plurality of security protocols available at the first endpoint, wherein selecting the IPsec security protocol is based at least in part on an IP address of a second endpoint;
  
  transmitting from a first endpoint to a second endpoint a connection request, the connection request identifying the IPsec security protocol;
  
  forming an IPsec-based tunnel between the first and second endpoints;
  
  selecting an IPsec security protocol from among a plurality of security protocols available at the first endpoint, wherein selecting the IPsec security protocol is based at least in part on an IP address of a third endpoint;
  
  receiving an indication from the third endpoint that the third endpoint does not natively support the IPsec security protocol;
  
  forming a second tunnel between the first and third endpoints, wherein the second tunnel uses a second security protocol other than the IPsec security protocol.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein the IP address of the second endpoint is an IPv6 address.
  - 12. The method of claim 10, wherein the IP address of the third endpoint is an IPv4 address.
  - 13. The method of claim 12, wherein the second security protocol comprises the SecureParser proprietary security protocol.
  - 14. The method of claim 10, further comprising opening a tunnel between the first endpoint and a security appliance, the tunnel between the first endpoint and the security appliance uses the second security protocol.
  - 15. The method of claim 10, wherein the IPsec-based tunnel is formed based on one or more attributes set at a user-level protocol service, the one or more attributes comprising IPsec attributes selected from a group of IPsec attributes consisting of:
    - encryption type;
      
      authentication mechanism;
      
      Elliptic Curve cryptography; and
      
      IKE version.
  - 16. The method of claim 10, wherein the second endpoint comprises a computing system having a first operating system that natively supports the IPsec security protocol and the third endpoint comprises a computing system having a second operating system different from the first operating system and that lacks native IPsec support.
  - 17. The method of claim 16, wherein the first operating system and the second operating system are provided by different operating system developers.
  - 18. The method of claim 16, wherein the first operating system and the second operating system are different operating system versions provided by the same operating system developer.

19. A computer-readable storage device comprising computer-executable instructions stored thereon which, when executed, cause a computing system to perform a method of communicatively connecting to a remote endpoint, the method comprising:
- transmitting to a remote endpoint a connection request, the connection request including an IP address of the remote endpoint;
  
  based at least in part on the IP address of the remote endpoint, selecting IPsec from among a plurality of available security protocols to first attempt to use in forming a tunnel between the computing system and the remote endpoint; and
  
  forming the tunnel between the computing system and the remote endpoint based on the connection request.
- View Dependent Claims (20)
- - 20. The computer-readable storage device of claim 19, further comprising:
    - transmitting to a second remote endpoint a connection request, the connection request including an IP address of the second remote endpoint;
      
      based at least in part on the IP address of the remote endpoint, selecting an IPsec security protocol from among a plurality of available security protocols to first attempt to use in forming a tunnel between the computing system and the second remote endpoint;
      
      receiving an indication from the second remote endpoint that the second remote endpoint does not natively support the IPsec security protocol; and
      
      forming the tunnel between the computing system and the remote endpoint based on the connection request using a second security protocol of the plurality of available security protocols the second security protocol being a security protocol other than the IPsec security protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unisys Corporation
Original Assignee
Unisys Corporation
Inventors
Johnson, Robert A., Wild, Kathleen, Inforzato, Sarah K., Hinaman, Ted

Granted Patent

US 10,454,890 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/14
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/53   by executing in a restricte...

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0236   Filtering by address, proto...

H04L 63/0485   Networking architectures fo...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04L 63/205   involving negotiation or de...

H04L 69/18   Multiprotocol handlers, e.g...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0841   involving Diffie-Hellman or...

NEGOTIATION OF SECURITY PROTOCOLS AND PROTOCOL ATTRIBUTES IN SECURE COMMUNICATIONS ENVIRONMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

12 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

NEGOTIATION OF SECURITY PROTOCOLS AND PROTOCOL ATTRIBUTES IN SECURE COMMUNICATIONS ENVIRONMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links