Method of negotiating security parameters and authenticating users interconnected to a network
First Claim
1. A method for negotiating a set of security parameters usable by an initiator and a responder to create a secure path over a network for exchanging information, the method including a plurality of modes, comprising:
- conducting an internet key management and exchange protocol (TKE) main mode negotiation for establishing the secure path and selecting the set of security parameters including a security protocol;
conducting an internet key management and exchange protocol (IKE) quick mode negotiation for deriving a set of keys usable with the security protocol;
wherein a message is exchanged between the responder and the initiator before the completion of the IKE main mode negotiation, the message comprising at least part of the IKE quick mode negotiation, and the message including both a main mode pseudo random number and a separate quick mode pseudo random number; and
wherein a protocol security process establishes inbound and outbound protocol security associations.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.
42 Citations
16 Claims
-
1. A method for negotiating a set of security parameters usable by an initiator and a responder to create a secure path over a network for exchanging information, the method including a plurality of modes, comprising:
-
conducting an internet key management and exchange protocol (TKE) main mode negotiation for establishing the secure path and selecting the set of security parameters including a security protocol; conducting an internet key management and exchange protocol (IKE) quick mode negotiation for deriving a set of keys usable with the security protocol; wherein a message is exchanged between the responder and the initiator before the completion of the IKE main mode negotiation, the message comprising at least part of the IKE quick mode negotiation, and the message including both a main mode pseudo random number and a separate quick mode pseudo random number; and wherein a protocol security process establishes inbound and outbound protocol security associations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer storage medium encoding computer-readable instructions for negotiating a set of security parameters usable by an initiator and a responder to create a secure path over a network for exchanging information, the method including a plurality of modes, comprising:
-
conducting an internet key management and exchange protocol (11(E) main mode negotiation for establishing the secure path and selecting the set of security parameters including a security protocol; conducting an internet key management and exchange protocol (IKE) quick mode negotiation for deriving a set of keys usable with the security protocol;
wherein a message is exchanged between the responder and the initiator before completion of the IKE main mode negotiation, the message comprising at least part of the IKE quick mode negotiation, and the message including both a main mode pseudo random number and a separate quick mode pseudo random number; andwherein a protocol security process establishes protocol security associations. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method for negotiating a set of security parameters usable by an initiator and a responder to create a secure path over a network for exchanging information, the method comprising:
-
sending, from the initiator, a first message, wherein the first message comprises part of an internet key management and exchange protocol (IKE) main mode negotiation and the IKE main mode negotiation comprises establishing the secure path and selecting a set of security parameters including a security protocol; receiving, at the initiator, a second message, wherein the second message comprises at least part of the IKE main mode negotiation and at least part of an internet key management and exchange protocol (IKE) quick mode negotiation and the IKE quick mode negotiation comprises deriving a set of keys usable with the security protocol and wherein the second message includes both a main mode pseudo random number and a separate quick mode pseudo random number; sending, from the initiator, a third message after receiving the second message, wherein the third message comprises at least part of the IKE main mode negotiation; and wherein a protocol security process establishes inbound and outbound protocol security associations at the initiator.
-
-
16. A method for negotiating a set of security parameters usable by an initiator and a responder to create a secure path over a network for exchanging information, the method comprising:
-
receiving, at the responder, a first message, wherein the first message comprises at least part of an internet key management and exchange protocol (IKE) main mode negotiation and the IKE main mode negotiation comprises establishing the secure path and selecting a set of security parameters including a security protocol; sending, from the responder, a second message, wherein the second message comprises at least part of the IKE main mode negotiation and at least part of an internet key management and exchange protocol (IKE) quick mode negotiation and wherein the IKE quick mode negotiation comprises deriving a set of keys usable with the security protocol and wherein the second message includes both a main mode pseudo random number and a separate quick mode pseudo random number; and wherein a protocol security process establishes inbound and outbound protocol security associations.
-
Specification