Method of negotiating security parameters and authenticating users interconnected to a network
First Claim
1. A method for negotiating a set of security parameters usable by an initiator and a responder to create a secure path over a network for exchanging information, the method including a plurality of modes, comprising:
- conducting a main mode negotiation for establishing the secure path and selecting the set of security parameters including a security protocol;
conducting a quick mode negotiation for deriving a set of keys usable with the security protocol;
wherein at least a portion of the quick mode occurs during the main mode and a quick mode pseudo random number is exchanged between the responder and the initiator; and
wherein a protocol security process establishes inbound and outbound protocol security associations.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.
49 Citations
25 Claims
-
1. A method for negotiating a set of security parameters usable by an initiator and a responder to create a secure path over a network for exchanging information, the method including a plurality of modes, comprising:
-
conducting a main mode negotiation for establishing the secure path and selecting the set of security parameters including a security protocol;
conducting a quick mode negotiation for deriving a set of keys usable with the security protocol;
wherein at least a portion of the quick mode occurs during the main mode and a quick mode pseudo random number is exchanged between the responder and the initiator; and
wherein a protocol security process establishes inbound and outbound protocol security associations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for a first computer to dynamically discover a security policy of a second computer, wherein the first computer and the second computer are communicatively coupled to a computer network, comprising:
-
receiving, at the second computer, a request message from the first computer, wherein the request fails to conform to the security policy of the second computer;
sending, from the second computer to the first computer, a response message with a payload that identifies a subset of the security policy of the second computer; and
initiating, by the first computer, a security negotiation by sending a message including a proposed set of security parameters conforming to the security policy of the second computer. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method for executing a security policy at a first network device wherein the first network device is communicatively coupled to a second network device over a computer network, comprising:
-
initiating a first security negotiation at the first network device by sending a first message with a first proposed set of security parameters;
determining, at the first network device, that the first security negotiation is unsuccessful and identifying a basis for the unsuccessful security negotiation;
initiating a second security negotiation, at the first network device by sending a second message with a second set of proposed security parameters. - View Dependent Claims (16, 17)
-
-
18. A computer-readable medium for executing computer-readable instructions for negotiating a set of security parameters usable by an initiator and a responder to create a secure path over a network for exchanging information, the method including a plurality of modes, comprising:
-
conducting a main mode negotiation for establishing the secure path and selecting the set of security parameters including a security protocol;
conducting a quick mode negotiation for deriving a set of keys usable with the security protocol;
wherein at least a portion of the quick mode occurs during the main mode and a quick mode pseudo random number is exchanged between the responder and the initiator; and
wherein a protocol security process establishes protocol security associations. - View Dependent Claims (19, 20, 21, 22)
-
-
23. A computer-readable medium for executing computer-readable instructions for executing a security policy at a first network device wherein the first network device is communicatively coupled to a second network device over a computer network, comprising:
-
initiating a first security negotiation at the first network device by sending a first message with a first proposed set of security parameters;
determining, at the first network device, that the first security negotiation is unsuccessful and identifying a basis for the unsuccessful security negotiation;
initiating a second security negotiation at the first network device by sending a second message with a second set of proposed security parameters. - View Dependent Claims (24, 25)
-
Specification