Internet protocol security framework utilizing predictive security association re-negotiation
First Claim
1. An apparatus for use in predicting exchanges of a specific quantity of communication traffic between network elements, said apparatus comprising:
- a digital processor operable on a periodic basis to calculate a weighted traffic flow per usage for a given network element, wherein said weighted traffic flow per usage corresponding to an average use of a network element per period multiplied by an average communications traffic quantity per use, said digital processor further including,a comparison mechanism for comparing a value of said weighted traffic flow per usage with a remainder value of said specific quantity of communications traffic, wherein an indication is given by said network element if said remainder value is less than said weighted traffic flow.
4 Assignments
0 Petitions
Accused Products
Abstract
The present invention is a methodology for predicting when current sets of encryption keys used in a high speed data network are about to expire. The invention allows network elements of a communication system to re-negotiate new sets of keys well in advance so as to prevent interruptions in communications traffic flow. In accordance with one exemplary embodiment of the invention, a weighted traffic flow per usage for a given network element is calculated on a periodic basis. The value of the weighted traffic flow per usage is compared with a remainder value of a specific quantity of communications traffic yet to be processed by the network element. If the remainder value is less than the weighted traffic flow value, an indication is given to the appropriate network element to renegotiate a new set of keys.
38 Citations
17 Claims
-
1. An apparatus for use in predicting exchanges of a specific quantity of communication traffic between network elements, said apparatus comprising:
-
a digital processor operable on a periodic basis to calculate a weighted traffic flow per usage for a given network element, wherein said weighted traffic flow per usage corresponding to an average use of a network element per period multiplied by an average communications traffic quantity per use, said digital processor further including, a comparison mechanism for comparing a value of said weighted traffic flow per usage with a remainder value of said specific quantity of communications traffic, wherein an indication is given by said network element if said remainder value is less than said weighted traffic flow. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of predicting exchanges of a specific quantity of communication traffic between network elements, said method comprising:
-
calculating, on a periodic basis, a weighted traffic flow per usage for a given network element, said weighted traffic flow per usage corresponding to an average use of a network element per period multiplied by an average communications traffic quantity per use; comparing a value of said weighted traffic flow per usage with a remainder value of said specific quantity of communications traffic; and giving an indication from said network element if said remainder value is less than said weighted traffic flow. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A method of predicting expiration of quantity based security associations between network elements, at least a portion of communications traffic exchanged between said network flowing over the public Internet, said method comprising:
-
calculating, on a periodic basis, a weighted traffic flow per usage for a given network element, said weighted traffic flow per usage corresponding to the average use of a security association per period multiplied by the average number of bytes processed per use; comparing a value of said weighted traffic flow per usage with a remainder value of one of said quantity based security associations; and renegotiating another security association with a corresponding one of said network elements if said remainder value is less than said weighted traffic flow. - View Dependent Claims (17)
-
Specification