Scheme for determining transport level information in the presence of IP security encryption

US 7,000,120 B1
Filed: 12/23/1999
Issued: 02/14/2006
Est. Priority Date: 12/23/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method of permitting access to selected information normally included in a payload of a packet upon which encrypting security processing has been performed by a node in a packet switched network during transmission of the packet to another node, said method comprising:

prior to performing encrypting security processing on a payload of a packet, storing information corresponding to selected information normally included in a payload of said packet in a field in a header of said packet where said field is not subject to said encrypting security processing, said selected information including transport level information, said transport level information being useable by at least one intermediate nodes between said node and said another node in the packet switched network to provide value added services relative to the transmission;

performing said encrypting security processing on said payload of said packet; and

transmitting said packet including said header and said payload upon which encrypting security processing has been performed in the packet switched network, thereby permitting access to said selected information normally included in said payload of said packet via said header of said packet by a node in the packet switched network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus which permits access, by intermediate nodes between source and destination nodes, to selected information such as transport level information, normally included in a payload of a packet upon which encrypting security processing has been performed according to an encrypting security protocol. In the present invention, prior to performing encrypting security processing on the packet, according to the security protocol, information related to selected information normally included in a payload of the packet is stored in a field in the header of the packet where the field is not subject to the encrypting security processing. Thereafter, encrypting security processing according to the security protocol is performed on the packet. The packet including the header having stored therein information corresponding to the selected information normally included in the payload and the payload upon which encrypting security processing has been performed is then transmitted on the packet switched network to its destination. Since the information related to the selected information normally included in the payload of the packet is stored in the header of the packet, access to the selected information by the intermediate nodes between source and destination nodes in a packet switched network is possible.

Citations

24 Claims

1. A method of permitting access to selected information normally included in a payload of a packet upon which encrypting security processing has been performed by a node in a packet switched network during transmission of the packet to another node, said method comprising:
- prior to performing encrypting security processing on a payload of a packet, storing information corresponding to selected information normally included in a payload of said packet in a field in a header of said packet where said field is not subject to said encrypting security processing, said selected information including transport level information, said transport level information being useable by at least one intermediate nodes between said node and said another node in the packet switched network to provide value added services relative to the transmission;
  
  performing said encrypting security processing on said payload of said packet; and
  
  transmitting said packet including said header and said payload upon which encrypting security processing has been performed in the packet switched network, thereby permitting access to said selected information normally included in said payload of said packet via said header of said packet by a node in the packet switched network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method according claim 1, wherein said transport level information includes transport protocol information including Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Internet Control Message Protocol (ICMP) or port number information.
  - 3. A method according to claim 1, wherein said selected information is stored in a security protocol header of said header of said packet, said security protocol header not being subject to said encrypting security processing.
  - 4. A method according to claim 3, wherein said selected information is stored in a sequence number field of said security protocol header of said packet.
  - 5. A method according to claim 4, wherein said sequence number field is modified to include information representative of said selected information.
  - 6. A method according to claim 5, wherein leading bits of said sequence number field are used to provide information related to transport level information of said packet and remaining bits of said sequence number field are used to provide information regarding a sequence number of said packet.
  - 7. A method according to claim 6, wherein said transport level information includes a transport protocol ID identifying a particular transport protocol to be used and a port number ID identifying a particular port to be used.
  - 8. A method according to claim 1, wherein said encrypting security processing is performed according to the Encapsulating Security Payload (ESP) protocol.
  - 9. A method according to claim 1, wherein said encrypting security processing is performed according to the Authentication Header (AH) protocol.

10. A packet switched network comprising:
- a network; and
  
  a plurality of nodes interconnected to each other by said network to permit communication between said nodes using packets;
  
  wherein at least one node transmits a packet to another node in a manner to permit access to selected information normally included in a payload of said packet upon which encrypting security processing has been performed during said transmission of said packet from said at least one node to said another node, said selected information including transport level information, said transport level information being useable by at least one intermediate nodes between said at least one node and said another node in the network to provide value added services relative to the transmission;
  
  wherein the at least one node, prior to performing encrypting security processing on a payload of a packet, stores information corresponding to selected information normally included in a payload of said packet in a field in a header of said packet where said field is not subject to said encrypting security processing, performs said encrypting security processing on said payload of said packet, and transmits said packet including said header and said payload upon which encrypting security processing has been performed, thereby permitting access to said selected information normally included in said payload of said packet via said header of said packet during transmission of said packet from said at least one node to said another node.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. A packet switched network according to claim 10, wherein said transport level information includes transport protocol information including Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Internet Control Message Protocol (ICMP) or port number information.
  - 12. A packet switched network according to claim 10, wherein said selected information is stored in a security protocol header of said header of said packet, said security protocol header not being subject to said encrypting security processing.
  - 13. A packet switched network according to claim 12, wherein said selected information is stored in a sequence number field of said security protocol header of said packet.
  - 14. A packet switched network according to claim 13, wherein said sequence number field is modified to include information representative of said selected information.
  - 15. A packet switched network according to claim 14, wherein leading bits of said sequence number field are used to provide information related to transport level information of said packet and remaining bits of said sequence number field are used to provide information regarding a sequence number of said packet.
  - 16. A packet switched network according to claim 15, wherein said transport level information includes a transport protocol ID identifying a particular transport protocol to be used and a port number ID identifying a particular port to be used.
  - 17. A packet switched network according to claim 10, wherein said encrypting security processing is performed according to the Encapsulating Security Payload (ESP) protocol.
  - 18. A packet switched network according to claim 10, wherein said encrypting security processing is performed according to the Authentication Header (AH) protocol.

19. A method of permitting access to selected information normally included in a payload of a packet upon which encrypting security processing has been performed by a node in a packet switched network during transmission of the packet to another node, said method comprising:
- prior to performing encrypting security processing on a payload of a packet, storing information corresponding to selected information normally included in a payload of said packet in a field in a header of said packet where said field is not subject to said encrypting security processing, said selected information including transport level information, said transport level information being useable by at least one intermediate node between said node and said another node in the packet switched network to provide value added services relative to the transmission;
  
  performing said encrypting security processing on said payload of said packet; and
  
  transmitting said packet including said header and said payload upon which encrypting security processing has been performed in the packet switched network, thereby permitting access to said selected information normally included in said payload of said packet via said header of said packet by a node in the packet switched network; and
  
  wherein said value added services comprise differentiated services.

20. A method of permitting access to selected information normally included in a payload of a packet upon which encrypting security processing has been performed by a node in a packet switched network during transmission of the packet to another node, said method comprising:
- prior to performing encrypting security processing on a payload of a packet, storing information corresponding to selected information normally included in a payload of said packet in a field in a header of said packet where said field is not subject to said encrypting security processing, said selected information including transport level information, said transport level information being useable by at least one intermediate node between said node and said another node in the packet switched network to provide value added services relative to the transmission;
  
  performing said encrypting security processing on said payload of said packet; and
  
  transmitting said packet including said header and said payload upon which encrypting security processing has been performed in the packet switched network, thereby permitting access to said selected information normally included in said payload of said packet via said header of said packet by a node in the packet switched network; and
  
  wherein said value added services comprise management of nodes for metering.

21. A method of permitting access to selected information normally included in a payload of a packet upon which encrypting security processing has been performed by a node in a packet switched network during transmission of the packet to another node, said method comprising:
- prior to performing encrypting security processing on a payload of a packet, storing information corresponding to selected information normally included in a payload of said packet in a field in a header of said packet where said field is not subject to said encrypting security processing, said selected information including transport level information, said transport level information being useable by at least one intermediate node between said node and said another node in the packet switched network to provide value added services relative to the transmission;
  
  performing said encrypting security processing on said payload of said packet; and
  
  transmitting said packet including said header and said payload upon which encrypting security processing has been performed in the packet switched network, thereby permitting access to said selected information normally included in said payload of said packet via said header of said packet by a node in the packet switched network; and
  
  wherein said value added services comprise policing of at least one of the nodes.

22. A packet switched network comprising:
- a network; and
  
  a plurality of nodes interconnected to each other by said network to permit communication between said nodes using packets;
  
  wherein at least one node transmits a packet to another node in a manner to permit access to selected information normally included in a payload of said packet upon which encrypting security processing has been performed during said transmission of said packet from said at least one node to said another node, said selected information including transport level information, said transport level information being useable by at least one intermediate node between said at least one node and said another node in the network to provide value added services relative to the transmission;
  
  wherein the at least one node, prior to performing encrypting security processing on a payload of a packet, stores information corresponding to selected information normally included in a payload of said packet in a field in a header of said packet where said field is not subject to said encrypting security processing, performs said encrypting security processing on said payload of said packet, and transmits said packet including said header and said payload upon which encrypting security processing has been performed, thereby permitting access to said selected information normally included in said payload of said packet via said header of said packet during transmission of said packet from said node to said at least one another node; and
  
  wherein said value added services comprise differentiated services.

23. A packet switched network comprising:
- a network; and
  
  a plurality of nodes interconnected to each other by said network to permit communication between said nodes using packets;
  
  wherein at least one node transmits a packet to another node in a manner to permit access to selected information normally included in a payload of said packet upon which encrypting security processing has been performed during said transmission of said packet from said at last one node to said another node, said selected information including transport level information, said transport level information being useable by at least one intermediate node between said at least one node and said another node in the network to provide value added services relative to the transmission;
  
  wherein the at least one node, prior to performing encrypting security processing on a payload of a packet, stores information corresponding to selected information normally included in a payload of said packet in a field in a header of said packet where said field is not subject to said encrypting security processing, performs said encrypting security processing on said payload of said packet, and transmits said packet including said header and said payload upon which encrypting security processing has been performed, thereby permitting access to said selected information normally included in said payload of said packet via said header of said packet during transmission of said packet from said node to said at least one another node; and
  
  wherein said value added services comprise policing of at least one of the nodes.

24. A packet switched network comprising:
- a network; and
  
  a plurality of nodes interconnected to each other by said network to permit communication between said nodes using packets;
  
  wherein the at least one node transmits a packet to another node in a manner to permit access to selected information normally included in a payload of said packet upon which encrypting security processing has been performed during said transmission of said packet from said at least one node to said another node, said selected information including transport level information, said transport level information being useable by at least one intermediate node between said at least one node and said another node in the network to provide value added services relative to the transmission;
  
  wherein the at least one node, prior to performing encrypting security processing on a payload of a packet, stores information corresponding to selected information normally included in a payload of said packet in a field in a header of said packet where said field is not subject to said encrypting security processing, performs said encrypting security processing on said payload of said packet, and transmits said packet including said header and said payload upon which encrypting security processing has been performed, thereby permitting access to said selected information normally included in said payload of said packet via said header of said packet during transmission of said packet from said at least one node to said another node; and
  
  wherein said value added services comprise management of at least one node for metering.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
III Holdings 3, LLC (Intellectual Ventures LLC)
Original Assignee
Nokia Corporation
Inventors
Sengodan, Senthil, Koodli, Rajeev
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
Nalven, Andrew L

Application Number

US09/471,083
Time in Patent Office

2,245 Days
Field of Search

713/201, 713/153, 713/160, 713/154, 370/389, 370/473, 370/392
US Class Current

713/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/164   at the network layer

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/22   Parsing or analysis of headers

H04L 9/40   Network security protocols

Scheme for determining transport level information in the presence of IP security encryption

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Scheme for determining transport level information in the presence of IP security encryption

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links