Technique for maintaining secure network connections
First Claim
1. A method for maintaining secure network connections, the method comprising:
- duplicating, at a third network element, a security association associated with a secure network connection between a first network element and a second network element, wherein a lookup of the security association associated with the secure network connection is not dependent on any destination address; and
in response to detecting failure of the second network element, replacing the second network element with the third network element in the secure network connection with the first network element, wherein the secure network connection between the first network element and the third network element is based on the duplicated security association; and
sending at least one secure message from the third network element to the first network element to notify the first network element that the secure network connection will be taken over by the third network element, the third network element communicating with the first network element without the third network element reestablishing another connection with the first network element.
14 Assignments
0 Petitions
Accused Products
Abstract
A technique for maintaining secure network connections is disclosed. In one particular exemplary embodiment, the technique may be realized as a method for maintaining secure network connections. The method may comprise detecting a change of address associated with a first network element. The method may also comprise updating at least one first security configuration at the first network element. The method may further comprise transmitting at least one secure message from the first network element to a second network element, wherein the at least one secure message comprises information associated with the change of address. And the method may comprise updating at least one second security configuration at the second network element based at least in part on the at least one secure message.
-
Citations
10 Claims
-
1. A method for maintaining secure network connections, the method comprising:
-
duplicating, at a third network element, a security association associated with a secure network connection between a first network element and a second network element, wherein a lookup of the security association associated with the secure network connection is not dependent on any destination address; and in response to detecting failure of the second network element, replacing the second network element with the third network element in the secure network connection with the first network element, wherein the secure network connection between the first network element and the third network element is based on the duplicated security association; and sending at least one secure message from the third network element to the first network element to notify the first network element that the secure network connection will be taken over by the third network element, the third network element communicating with the first network element without the third network element reestablishing another connection with the first network element. - View Dependent Claims (5, 6, 8)
-
-
2. A method for maintaining secure network connections, the method comprising:
-
configuring a plurality of security gateways such that a lookup of security associations is not dependent on any destination address; sharing a security association among the plurality of security gateways; a first of the security gateways detecting failure of a second of the security gateways involved in a secure network connection with a network device, wherein the secure network connection is associated with the security association; and in response to detecting the failure, the first security gateway sending a message to the network device that the first security gateway is taking over the secure network connection, the first security gateway communicating with the network device without the first security gateway reestablishing another secure connection with the network device. - View Dependent Claims (10)
-
-
3. A first security server comprising:
-
a transceiver to receive information relating to at least one security association of a secure network connection between a mobile client and a second security server; and a processor module to; monitor operation of the second security server; in response to detecting failure of the second security server, send a message to the mobile client that the first security server is taking over the secure network connection; and communicate with the mobile client using the at least one security association over the secure network connection between the first security server and the mobile client without reestablishing a new connection with the mobile client. - View Dependent Claims (4, 7, 9)
-
Specification