METHOD AND ARRANGEMENT FOR SECURE TUNNELING OF DATA BETWEEN VIRTUAL ROUTERS

US 20020062344A1
Filed: 09/11/1998
Published: 05/23/2002
Est. Priority Date: 09/11/1998
Status: Active Grant

First Claim

Patent Images

1. A method for communicating data packets between a transmitting virtual router in a transmitting computer device and a receiving virtual router in a receiving computer device, the method comprising the steps of a) establishing a security association for the secure transmission of data packets between the transmitting computer device and the receiving computer device, b) identifying the transmitting virtual router and the receiving virtual router within said security association, c) in the transmitting computer device, using the identification of the transmitting virtual router within the security association in the selection of the security association for processing a data packet coming from the transmitting virtual router, d) in the receiving computer device, selecting the security association for processing a data packet coming from the transmitting computer device on the basis of values contained within the data packet, and e) in the receiving computer device, directing the data packet processed within the security association to the receiving virtual router on the basis of the identification of the receiving virtual router within the security association.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data packets are communicated between a transmitting virtual router in a transmitting computer device and a receiving virtual router in a receiving computer device. A security association is established for the secure transmission of data packets between the transmitting computer device and the receiving computer device. The transmitting virtual router and the receiving virtual router are identified within said security association. In the transmitting computer device, the security association for processing a data packet coming from the transmitting virtual router is selected on the basis of the identification of the transmitting virtual router within the security association. In the receiving computer device, the security association for processing a data packet coming from the transmitting computer device is selected on the basis of values contained within the data packet. In the receiving computer device, the data packet processed within the security association is directed to the receiving virtual router on the basis of the identification of the receiving virtual router within the security association.

Citations

13 Claims

1. A method for communicating data packets between a transmitting virtual router in a transmitting computer device and a receiving virtual router in a receiving computer device, the method comprising the steps of a) establishing a security association for the secure transmission of data packets between the transmitting computer device and the receiving computer device, b) identifying the transmitting virtual router and the receiving virtual router within said security association, c) in the transmitting computer device, using the identification of the transmitting virtual router within the security association in the selection of the security association for processing a data packet coming from the transmitting virtual router, d) in the receiving computer device, selecting the security association for processing a data packet coming from the transmitting computer device on the basis of values contained within the data packet, and e) in the receiving computer device, directing the data packet processed within the security association to the receiving virtual router on the basis of the identification of the receiving virtual router within the security association.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method according to claim 1, further comprising between steps c) and d) the step of performing a certain transform on the data packet to be transmitted to achieve tunneling between the transmitting computer device and the receiving computer device.
  - 3. A method according to claim 2, wherein said transform is the IPSEC AH transform.
  - 4. A method according to claim 2, wherein said transform is the IPSEC ESP transform.
  - 5. A method according to claim 1, wherein step b) corresponds to using a virtual network identifier to indirectly identify the transmitting virtual router and the receiving virtual router within said security association.
  - 6. A method according to claim 1, wherein step b) corresponds to using a transmitting virtual router identifier and a receiving virtual router identifier to directly identify the transmitting virtual router and the receiving virtual router within said security association.
  - 7. A method according to claim 1, wherein steps a) and b) correspond to using the IKE protocol for establishing a security association between the transmitting computer device and the receiving computer device.
  - 8. A method according to claim 7, wherein the use of the IKE protocol comprises the step of exchanging the information identifying the transmitting virtual router and the receiving virtual router between the transmitting computer device and the receiving computer device as part of the IKE phase 2 identity payloads.
  - 9. A method according to claim 1, additionally comprising the steps of inserting the information identifying the transmitting virtual router and the receiving virtual router into a data packet to be transmitted from the transmitting computer device to the receiving computer device, and indicating within the security association the presence of said information in the data packet.
  - 10. A method according to claim 1, additionally comprising the step of inserting the information identifying the transmitting virtual router and the receiving virtual router into a data packet to be transmitted from the transmitting computer device to the receiving computer device so that its presence in the data packet is detectable in the receiving computer by analysing the contents of the data packet.

11. A method for transmitting data packets from a transmitting virtual router in a transmitting computer device to a receiving computer device, the method comprising the steps of a) establishing a security association for the secure transmission of data packets between the transmitting computer device and the receiving computer device, b) identifying the transmitting virtual router within said security association, and c) in the transmitting computer device, using the identification of the transmitting virtual router within the security association in the selection of the security association for processing a data packet coming from the transmitting virtual router.

12. A method for receiving data packets from a transmitting computer device in a receiving virtual router in a receiving computer device, the method comprising the steps of a) establishing a security association for the secure transmission of data packets between the transmitting computer device and the receiving computer device, b) identifying the transmitting virtual router and the receiving virtual router within said security association, c) in the receiving computer device, selecting the security association for processing a data packet coming from the transmitting computer device on the basis of values contained within the data packet, and d) in the receiving computer device, directing the data packet processed within the security association to the receiving virtual router on the basis of the identification of the receiving virtual router within the security association.

13. A networked computer device for securely processing transmittable data packets, comprising a number of virtual routers, means for establishing a security association for the secure transmission of data packets between the computer device and some other networked computer device, means for identifying a certain virtual router to be used in association with an established security association, and means for associating a piece of information identifying said certain virtual router with said established security association.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Inside Secure SA
Original Assignee
SSH Communications Security Corp. (SSH Communications Security Oyj)
Inventors
KIVINEN, TERO, YLONEN, TATU

Granted Patent

US 6,438,612 B1
Time in Patent Office

Days
Field of Search
US Class Current

709/204
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/164   at the network layer

METHOD AND ARRANGEMENT FOR SECURE TUNNELING OF DATA BETWEEN VIRTUAL ROUTERS

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND ARRANGEMENT FOR SECURE TUNNELING OF DATA BETWEEN VIRTUAL ROUTERS

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links