Technique for generating control messages with reason information between nodes in a data network

US 7,228,421 B1
Filed: 06/27/2001
Issued: 06/05/2007
Est. Priority Date: 06/27/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for generating a control message to be transmitted from a first network device to a second network device in a data network, the control message relating to an action to be performed at the second network device, the method comprising:

determining a first control message to be generated, wherein the first control message corresponds to a security protocol control message;

identifying reason information relating to at least one reason for generating the first control message; and

generating the first control message, wherein the first control message includes explicit reason information relating to the identified at least one reason for generating the control message;

wherein the reason information includes at least one reason selected from a group of reasons consisting of;

a user initiated reason, an expired lifetime reason, and a no error reason;

wherein the first control message includes a first payload selected from a group consisting of;

a security association payload and a delete payload;

wherein the first payload includes the reason information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique is disclosed for generating control messages to be transmitted from a first network device to a second network device in a data network. A first control message to be generated at the first network device is determined. Reason information relating to at least one reason for generating the first control message is identified. The first control message is then generated at the first network device, and included the identified reason information. The first control message may be transmitted to at least one other network device in the network, including the second network device. When the first control message is received at the second network device, the reason information included in the first control message is identified. An appropriate response, based, at least in part, upon the reason information provided in the first control message, may then be determined and implemented at the second network device.

33 Citations

View as Search Results

47 Claims

1. A method for generating a control message to be transmitted from a first network device to a second network device in a data network, the control message relating to an action to be performed at the second network device, the method comprising:
- determining a first control message to be generated, wherein the first control message corresponds to a security protocol control message;
  
  identifying reason information relating to at least one reason for generating the first control message; and
  
  generating the first control message, wherein the first control message includes explicit reason information relating to the identified at least one reason for generating the control message;
  
  wherein the reason information includes at least one reason selected from a group of reasons consisting of;
  
  a user initiated reason, an expired lifetime reason, and a no error reason;
  
  wherein the first control message includes a first payload selected from a group consisting of;
  
  a security association payload and a delete payload;
  
  wherein the first payload includes the reason information.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein the first control message is formatted in accordance with an Internet Key Exchange protocol.
  - 3. The method of claim 1 wherein the first control message is formatted in accordance with an Internet Security Association Key Management Protocol.
  - 4. The method of claim 1 wherein the first control message corresponds to a control message used for modifying a security association.
  - 5. The method of claim 1 further comprising transmitting the first control message to the second network device to thereby cause the second network device to implement an appropriate action in response to the first control message.
  - 6. The method of claim 1:
    - wherein the security association payload is adapted to facilitate negotiation of a security association between a first network node and a second network node; and
      
      wherein the delete payload is adapted to facilitate deletion of a security association associated with a first network node and a second network node.

7. A method for communicating between nodes in a data network, the method comprising:
- receiving a first control message from a first node, the first control message corresponding to a security protocol control message, the first control message including explicit reason information relating to at least one reason for the generation of the first control message, the first control message including a first payload, the reason information being included in the first payload, the first payload being selected from a group consisting of;
  
  a security association payload and a delete payload, the reason information including at least one reason selected from a group of reasons consisting of;
  
  a user initiated reason, an expired lifetime reason, and a no error reason;
  
  identifying the reason information;
  
  determining an appropriate response to the first control message using at least said reason information; and
  
  implementing said appropriate response.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7 wherein the first control message is formatted in accordance with an Internet Key Exchange protocol.
  - 9. The method of claim 7 wherein the first control message is formatted in accordance with an Internet Security Association Key Management Protocol.
  - 10. The method of claim 7 wherein the first control message corresponds to a control message used for modifying a security association.
  - 11. The method of claim 7 further comprising:
    - implementing a first response to the first control message if the reason information includes a first reason code; and
      
      implementing a second response to the control message if the reason information includes a second reason code.
  - 12. The method of claim 7 wherein the control message relates to an action to be performed at a network device receiving the control message.
  - 13. The method of claim 7:
    - wherein the security association payload is adapted to facilitate negotiation of a security association between a first network node and a second network node; and
      
      wherein the delete payload is adapted to facilitate deletion of a security association associated with a first network node and a second network node.

14. A computer program product for generating a control message to be transmitted from a first network device to a second network device in a data network, the control message relating to an action to be performed at the second network device, the computer program product comprising:
- a computer usable medium having computer readable code embodied therein, the computer readable code comprising;
  
  computer code for determining a first control message to be generated, wherein the first control message corresponds to a security protocol control message;
  
  computer code for identifying reason information relating to at least one reason for generating the first control message; and
  
  computer code for generating the first control message, wherein the first control message includes explicit reason information relating to the identified at least one reason for generating the control message;
  
  wherein the reason information includes at least one reason selected from a group of reasons consisting of;
  
  a user initiated reason, an expired lifetime reason, and a no error reason;
  
  wherein the first control message includes a first payload selected from a group consisting of;
  
  a security association payload and a delete payload;
  
  wherein the first payload includes the reason information.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The computer program product of claim 14 is formatted in accordance with an Internet Key Exchange protocol.
  - 16. The computer program product of claim 14 wherein the first control message is formatted in accordance with an Internet Security Association Key Management Protocol.
  - 17. The computer program product of claim 14 wherein the first control message corresponds to a control message used for modifying a security association.
  - 18. The computer program product of claim 14:
    - wherein the security association payload is adapted to facilitate negotiation of a security association between a first network node and a second network node; and
      
      wherein the delete payload is adapted to facilitate deletion of a security association associated with a first network node and a second network node.

19. A computer program product for communicating between nodes in a data network, the computer program product comprising:
- a computer usable medium having computer readable code embodied therein, the computer readable code comprising;
  
  computer code for receiving a first control message from a first node, the first control message corresponding to a security protocol control message, the first control message including explicit reason information relating to at least one reason for the generation of the first control message, the first control message including a first payload, the first payload including the reason information, the first payload being selected from a group consisting of;
  
  a security association payload and a delete payload;
  
  computer code for identifying the reason information, the reason information including at least one reason selected from a group of reasons consisting of;
  
  a user initiated reason, an expired lifetime reason, and a no error reason;
  
  computer code for determining an appropriate response to the first control message using at least said reason information; and
  
  computer code for implementing said appropriate response.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The computer program product of claim 19 wherein the first control message is formatted in accordance with an Internet Key Exchange protocol.
  - 21. The computer program product of claim 19 wherein the first control message is formatted in accordance with an Internet Security Association Key Management Protocol.
  - 22. The computer program product of claim 19 wherein the first control message corresponds to a control message used for modifying a security association.
  - 23. The computer program product of claim 19 further comprising:
    - computer code for implementing a first response to the first control message if the reason information includes a first reason code; and
      
      computer code for implementing a second response to the control message if the reason information includes a second reason code.
  - 24. The computer program product of claim 19 wherein the control message relates to an action to be performed at a network device receiving the control message.
  - 25. The computer program product of claim 19:
    - wherein the security association payload is adapted to facilitate negotiation of a security association between a first network node and a second network node; and
      
      wherein the delete payload is adapted to facilitate deletion of a security association associated with a first network node and a second network node.

26. A system for communicating between nodes in a data network, the system comprising:
- means for receiving a first control message from a first node, the first control message corresponding to a security protocol control message, the first control message including explicit reason information relating to at least one reason for the generation of the first control message, the reason information including at least one reason selected from a group of reasons consisting of;
  
  a user initiated reason, an expired lifetime reason, and a no error reason;
  
  means for identifying the reason information;
  
  means for determining an appropriate response to the first control message using at least said reason information; and
  
  means for implementing said appropriate response;
  
  wherein the first control message includes a first payload selected from a group consisting of;
  
  a security association payload and a delete payload;
  
  wherein the first payload includes the reason information.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33)
- - 27. The system of claim 26 wherein the first control message is formatted in accordance with an Internet Key Exchange protocol.
  - 28. The system of claim 26 wherein the first control message is formatted in accordance with an Internet Security Association Key Management Protocol.
  - 29. The system of claim 26 wherein the first control message corresponds to a control message used for modifying a security association.
  - 30. The system of claim 26 further comprising means for transmitting the first control message to the second network device to thereby cause the second network device to implement an appropriate action in response to the first control message.
  - 31. The system of claim 26 further comprising:
    - means for implementing a first response to the first control message if the reason information includes a first reason code; and
      
      means for implementing a second response to the control message if the reason information includes a second reason code.
  - 32. The system of claim 26 wherein the control message relates to an action to be performed at a network device receiving the control message.
  - 33. The system of claim 26:
    - wherein the security association payload is adapted to facilitate negotiation of a security association between a first network node and a second network node; and
      
      wherein the delete payload is adapted to facilitate deletion of a security association associated with a first network node and a second network node.

34. A system for generating a control message to be transmitted to a network device in a data network, the control message relating to an action to be performed at the network device, the system comprising:
- at least one CPU;
  
  memory; and
  
  at least one interface for communication with the network device;
  
  the system being configured or designed to determine a first control message to be generated, wherein the first control message corresponds to a security protocol control message;
  
  the system being further configured or designed to identify reason information relating to at least one reason for generating the first control message; and
  
  the system being further configured or designed to generate the first control message, wherein the first control message includes explicit reason information relating to the identified at least one reason for generating the control message;
  
  wherein the reason information includes at least one reason selected from a group of reasons consisting of;
  
  a user initiated reason, an expired lifetime reason, and a no error reason;
  
  wherein the first control message includes a first payload selected from a group consisting of;
  
  a security association payload and a delete payload;
  
  wherein the first payload includes the reason information.
- View Dependent Claims (35, 36, 37, 38, 39)
- - 35. The system of claim 34 wherein the first control message is formatted in accordance with an Internet Key Exchange protocol.
  - 36. The system of claim 34 wherein the first control message is formatted in accordance with an Internet Security Association Key Management Protocol.
  - 37. The system of claim 34 wherein the first control message corresponds to a control message used for modifying a security association.
  - 38. The system of claim 34 being further configured or designed to transmit the first control message to a second network device to thereby cause the second network device to implement an appropriate action in response to the first control message.
  - 39. The system of claim 34:
    - wherein the security association payload is adapted to facilitate negotiation of a security association between a first network node and a second network node; and
      
      wherein the delete payload is adapted to facilitate deletion of a security association associated with a first network node and a second network node.

40. A system for communicating between nodes in a data network, the system comprising:
- at least one CPU;
  
  memory, andat least one interface for communicating with at least one network device, wherein the first control message corresponds to a security protocol control message;
  
  the system being configured or designed to receive a first control message from a first node, the first control message corresponding to a security protocol control message, the first control message including explicit reason information relating to at least one reason for the generation of the first control message, the first control message including a first payload, the first payload including the reason information, the first payload being selected from a group consisting of;
  
  a security association payload and a delete payload, wherein the first payload includes the reason information, the reason information including at least one reason selected from a group of reasons consisting of;
  
  a user initiated reason, an expired lifetime reason, and a no error reason;
  
  the system being further configured or designed to identify the reason information;
  
  the system being further configured or designed to determine an appropriate response to the first control message using at least said reason information; and
  
  the system being further configured or designed to implement said appropriate response.
- View Dependent Claims (41, 42, 43, 44, 45)
- - 41. The system of claim 40 wherein the first control message is formatted in accordance with an Internet Key Exchange protocol.
  - 42. The system of claim 40 wherein the first control message is formatted in accordance with an Internet Security Association Key Management Protocol.
  - 43. The system of claim 40 wherein the first control message corresponds to a control message used for modifying a security association.
  - 44. The system of claim 40 further comprising:
    - the system being further configured or designed to implement a first response to the first control message if the reason information includes a first reason code; and
      
      the system being further configured or designed to implement a second response to the control message if the reason information includes a second reason code.
  - 45. The system of claim 40:
    - wherein the security association payload is adapted to facilitate negotiation of a security association between a first network node and a second network node; and
      
      wherein the delete payload is adapted to facilitate deletion of a security association associated with a first network node and a second network node.

46. A method for generating a control message to be transmitted from a first network device to a second network device in a data network, the control message relating to an action to be performed at the second network device, the method comprising:
- determining a first control message to be generated, wherein the first control message corresponds to a security protocol control message;
  
  identifying reason information relating to at least one reason for generating the first control message; and
  
  generating the first control message, wherein the first control message includes explicit reason information relating to the identified at least one reason for generating the control message;
  
  wherein the reason information includes at least one reason selected from a group of reasons consisting of;
  
  a user initiated reason, an expired lifetime reason, and a no error reason;
  
  wherein the first control message includes a first payload which includes the reason information.

47. A system for generating a control message to be transmitted to a network device in a data network, the control message relating to an action to be performed at the network device, the system comprising:
- at least one CPU;
  
  memory; and
  
  at least one interface for communicating with the network device;
  
  the system being configured or designed to determine a first control message to be generated, wherein the first control message corresponds to a security protocol control message;
  
  the system being further configured or designed to identify reason information relating to at least one reason for generating the first control message; and
  
  the system being further configured or designed to generate the first control message, wherein the first control message includes explicit reason information relating to the identified at least one reason for generating the control message;
  
  wherein the reason information includes at least one reason selected from a group of reasons consisting of;
  
  a user initiated reason, an expired lifetime reason, and a no error reason;
  
  wherein the first control message includes a first payload which includes the reason information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Vilhuber, Jan, Huang, Geoffrey
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Cervetti; David Garcia

Application Number

US09/894,115
Time in Patent Office

2,169 Days
Field of Search

709223-224, 709227-229, 714/1, 714/43, 714/51, 714/55, 713/153, 713/171, 713/168, 713/150, 713/152, 713/160
US Class Current

713/171
CPC Class Codes

H04L 63/20 for managing network securi...

Technique for generating control messages with reason information between nodes in a data network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

33 Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

Technique for generating control messages with reason information between nodes in a data network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links