US2007022475A1PendingUtilityA1

Transmission of packet data over a network with a security protocol

Assignee: SSH COMM SECURITY CORPPriority: Jul 19, 2005Filed: Jul 18, 2006Published: Jan 25, 2007
Est. expiryJul 19, 2025(expired)· nominal 20-yr term from priority
H04L 63/0428H04L 63/061H04L 63/12H04L 63/166H04L 63/08H04L 9/32G06F 21/33
38
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method, device, system and computer program for providing a transport distribution scheme for a security protocol are disclosed. A first packet data connection is established to a remote node for transmitting packet data over a network with a security protocol. An authentication procedure is performed with the remote node via the first packet data connection for establishing a security protocol session with the remote node. At least one security parameter is negotiated with the remote node for transmitting packets through the first packet data connection. A second packet data connection is established to the remote node, and at least one security parameter is negotiated with the remote node for use with the second packet data connection. The first and second packet data connections are handled as packet data subconnections associated with the security protocol session.

Claims

exact text as granted — not AI-modified
1 . A method for transmitting packet data over a network with a security protocol, the method comprising: 
 establishing a first packet data connection to a remote node,    performing an authentication procedure with the remote node via the first packet data connection for establishing a security protocol session with the remote node,    negotiating at least one security parameter with the remote node for transmitting packets through the first packet data connection,    establishing a second packet data connection to the remote node,    negotiating at least one security parameter with the remote node for use with the second packet data connection, and    handling the first and second packet data connections as packet data subconnections associated with the security protocol session.    
   
   
       2 . The method as defined in  claim 1 , comprising negotiating use of packet data subconnections for the security protocol.  
   
   
       3 . The method as defined in  claim 2 , comprising negotiating use of each one packet data subconnection separately.  
   
   
       4 . The method as defined in  claim 2 , wherein a protocol extension mechanism of the security protocol is used for negotiating use of packet data subconnections for the security protocol.  
   
   
       5 . The method as defined in  claim 1 , comprising negotiating the at least one security parameter for use with the second packet data connection using the second packet data connection.  
   
   
       6 . The method as defined in  claim 1 , comprising: 
 transmitting at least one security protocol packet through the first packet data connection, and    transmitting at least one security protocol packet through the second packet data connection.    
   
   
       7 . The method as defined in  claim 1 , comprising including order information to each security protocol packet before transmission through a packet data subconnection.  
   
   
       8 . The method as defined in  claim 1 , wherein said at least one security parameter comprises at least one of an encryption algorithm, a key for an encryption algorithm, an integrity check algorithms, and a key for an integrity check algorithm.  
   
   
       9 . The method as defined in  claim 1 , comprising negotiation of at least one further parameter for a packet data connection.  
   
   
       10 . The method as defined in  claim 9 , wherein said at least one further parameter comprises a data compression mode parameter.  
   
   
       11 . The method as defined in  claim 1 , wherein the security protocol is the Secure Shell protocol.  
   
   
       12 . The method as defined in  claim 1 , wherein the first and second packet data connections are Transfer Control Protocol connections.  
   
   
       13 . The method as defined in  claim 1 , comprising selecting a packet data subconnection for transmitting a security protocol packet.  
   
   
       14 . The method as defined in  claim 13 , wherein selection is based at least on properties of the security protocol packet.  
   
   
       15 . The method as defined in  claim 14 , wherein the properties of the security protocol packet comprise at least one of type of data carried in the security protocol packet and cryptographic strength of security desired for the data carried in the security protocol packet.  
   
   
       16 . The method as defined in  claim 13 , wherein selection is based at least on properties of the packet data subconnections.  
   
   
       17 . The method as defined in  claim 16 , wherein the properties of the packet data subconnections comprise at least one of transport properties of a packet data subconnection and cryptographic strength of security provided by the security parameters of a packet data subconnection.  
   
   
       18 . The method as defined in  claim 1 , comprising: 
 determining a characteristic of a packet data stream transmitted within the security protocol session, and    selecting a packet data subconnection for transmitting the packet data stream based on the determined characteristic of the packet data stream.    
   
   
       19 . The method as defined in  claim 18 , wherein the characteristic is at least one of: level of compressibility of the packet data stream, cryptographic strength of encryption desired for the packet data stream, cryptographic strength of data integrity checking desired for the packet data stream.  
   
   
       20 . The method as defined in  claim 1 , comprising 
 determining a characteristic for at least two packet data subconnections, and    selecting a packet data subconnection for transmitting a security protocol packet at least partly on the basis of the characteristics of the at least two packet data subconnections.    
   
   
       21 . The method as defined in  claim 1 , comprising selecting packet data subconnections in turn for data to be transmitted with the security protocol.  
   
   
       22 . A communication system comprising: 
 means for establishing a first packet data connection to a remote node,    means for performing an authentication procedure with the remote node via the first packet data connection for establishing a security protocol session,    means for negotiating at least one security parameter with the remote node for transmitting packets through the first packet data connection,    means for establishing a second packet data connection to the remote node,    means for negotiating at least one security parameter with the remote node for use with the second packet data connection, and    means for handling the first and second packet data connections as packet data subconnections of the security protocol session.    
   
   
       23 . A device for a communications system comprising: 
 means for establishing a first packet data connection to a remote node,    means for performing an authentication procedure with the remote node via the first packet data connection for establishing a security protocol session,    means for negotiating at least one security parameter with the remote node for transmitting packets through the first packet data connection,    means for establishing a second packet data connection to the remote node,    means for negotiating at least one security parameter with the remote node for use with the second packet data connection, and    means for handling the first and second packet data connections as packet data subconnections of the security protocol session.    
   
   
       24 . The device as defined in  claim 23 , comprising a network node.  
   
   
       25 . The device as defined in  claim 23 , comprising a portable communications device.  
   
   
       26 . The device as defined in  claim 23 , comprising an edge node for a virtual private network.  
   
   
       27 . A computer program embedded on a computer-readable medium comprising program code configured to execute: 
 performing an authentication procedure with the remote node via a first packet data connection for establishing a security protocol session with the remote node,    negotiating at least one security parameter with the remote node for transmitting packets through the first packet data connection,    negotiating at least one security parameter with the remote node for use with a second packet data connection, and    handling the first and second packet data connections as packet data subconnections associated with the security protocol session.    
   
   
       28 . A system configured to: 
 establish a first packet data connection to a remote node,    perform an authentication procedure with the remote node via the first packet data connection for establishing a security protocol session,    negotiate at least one security parameter with the remote node for transmitting packets through the first packet data connection,    establish a second packet data connection to the remote node,    negotiate at least one security parameter with the remote node for use with the second packet data connection, and    handle the first and second packet data connections as packet data subconnections of the security protocol session.    
   
   
       29 . A device configured to: 
 establish a first packet data connection to a remote node,    perform an authentication procedure with the remote node via the first packet data connection for establishing a security protocol session,    negotiate at least one security parameter with the remote node for transmitting packets through the first packet data connection,    establish a second packet data connection to the remote node,    negotiate at least one security parameter with the remote node for use with the second packet data connection, and    handle the first and second packet data connections as packet data subconnections of the security protocol session.

Join the waitlist — get patent alerts

Track US2007022475A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.