Control channel security for realm specific internet protocol
First Claim
1. A network security system comprising:
- a private network having at least one host device;
a gateway connecting the private network to a public network, the gateway being in communication with the at least one host device; and
a control channel between the at least one host device and the gateway, the control channel having a first phase that negotiates a first security parameter and a second security parameter, the control channel also having a second phase that uses the first security parameter and the second security parameter for communication between the at least one host device and the gateway.
6 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for implementing security with RSIP are disclosed. In a first security system and method, authentication is provided with a combination of a userid and HMAC parameters. The userid parameter identifies the sender and the HMAC parameters are used with a shared key that only the sender and recipient know. Integrity is also provided by the HMAC parameters. Replay protection is provided by a replay counter, and reflection attacks are prevented by the fact that in the RSIP protocol, each entity plays the role of either a host or a gateway, and each RSIP control message can be sent by either a host or a gateway, but not both. Liveness is provided by a combination of the replay counters, userids, host and gateway cookies, and the shared key. The use of cookies allows the shared key to be used between two different sessions, even if the replay counter is reset. In a second security system and method, authentication is provided by a certificate exchange, with a combination of a userid and signed hash parameters. The userid parameter identifies the sender, and it is easy to verify that the signed hash has been signed by the proper sender. Integrity is also provided by the signed hash parameters.
-
Citations
20 Claims
-
1. A network security system comprising:
-
a private network having at least one host device;
a gateway connecting the private network to a public network, the gateway being in communication with the at least one host device; and
a control channel between the at least one host device and the gateway, the control channel having a first phase that negotiates a first security parameter and a second security parameter, the control channel also having a second phase that uses the first security parameter and the second security parameter for communication between the at least one host device and the gateway. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for network security between a private network and a public network, the method comprising the steps of:
-
providing at least one host device on the private network, and a gateway in communication with the at least one host device;
connecting the private network and the public network with the gateway;
setting up a control channel between the at least one host device and the gateway;
negotiating a first security parameter and a second security parameter in a first phase; and
using the first security parameter and the second security parameter in a second phase for communication between the at least one host device and the gateway. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification