Transmission of packet data over a network with a security protocol
Abstract
A method, device, system and computer program for providing a transport distribution scheme for a security protocol are disclosed. A first packet data connection is established to a remote node for transmitting packet data over a network with a security protocol. An authentication procedure is performed with the remote node via the first packet data connection for establishing a security protocol session with the remote node. At least one security parameter is negotiated with the remote node for transmitting packets through the first packet data connection. A second packet data connection is established to the remote node, and at least one security parameter is negotiated with the remote node for use with the second packet data connection. The first and second packet data connections are handled as packet data subconnections associated with the security protocol session.
Claims
exact text as granted — not AI-modified1 . A method for transmitting packet data over a network with a security protocol, the method comprising:
establishing a first packet data connection to a remote node, performing an authentication procedure with the remote node via the first packet data connection for establishing a security protocol session with the remote node, negotiating at least one security parameter with the remote node for transmitting packets through the first packet data connection, establishing a second packet data connection to the remote node, negotiating at least one security parameter with the remote node for use with the second packet data connection, and handling the first and second packet data connections as packet data subconnections associated with the security protocol session.
2 . The method as defined in claim 1 , comprising negotiating use of packet data subconnections for the security protocol.
3 . The method as defined in claim 2 , comprising negotiating use of each one packet data subconnection separately.
4 . The method as defined in claim 2 , wherein a protocol extension mechanism of the security protocol is used for negotiating use of packet data subconnections for the security protocol.
5 . The method as defined in claim 1 , comprising negotiating the at least one security parameter for use with the second packet data connection using the second packet data connection.
6 . The method as defined in claim 1 , comprising:
transmitting at least one security protocol packet through the first packet data connection, and transmitting at least one security protocol packet through the second packet data connection.
7 . The method as defined in claim 1 , comprising including order information to each security protocol packet before transmission through a packet data subconnection.
8 . The method as defined in claim 1 , wherein said at least one security parameter comprises at least one of an encryption algorithm, a key for an encryption algorithm, an integrity check algorithms, and a key for an integrity check algorithm.
9 . The method as defined in claim 1 , comprising negotiation of at least one further parameter for a packet data connection.
10 . The method as defined in claim 9 , wherein said at least one further parameter comprises a data compression mode parameter.
11 . The method as defined in claim 1 , wherein the security protocol is the Secure Shell protocol.
12 . The method as defined in claim 1 , wherein the first and second packet data connections are Transfer Control Protocol connections.
13 . The method as defined in claim 1 , comprising selecting a packet data subconnection for transmitting a security protocol packet.
14 . The method as defined in claim 13 , wherein selection is based at least on properties of the security protocol packet.
15 . The method as defined in claim 14 , wherein the properties of the security protocol packet comprise at least one of type of data carried in the security protocol packet and cryptographic strength of security desired for the data carried in the security protocol packet.
16 . The method as defined in claim 13 , wherein selection is based at least on properties of the packet data subconnections.
17 . The method as defined in claim 16 , wherein the properties of the packet data subconnections comprise at least one of transport properties of a packet data subconnection and cryptographic strength of security provided by the security parameters of a packet data subconnection.
18 . The method as defined in claim 1 , comprising:
determining a characteristic of a packet data stream transmitted within the security protocol session, and selecting a packet data subconnection for transmitting the packet data stream based on the determined characteristic of the packet data stream.
19 . The method as defined in claim 18 , wherein the characteristic is at least one of: level of compressibility of the packet data stream, cryptographic strength of encryption desired for the packet data stream, cryptographic strength of data integrity checking desired for the packet data stream.
20 . The method as defined in claim 1 , comprising
determining a characteristic for at least two packet data subconnections, and selecting a packet data subconnection for transmitting a security protocol packet at least partly on the basis of the characteristics of the at least two packet data subconnections.
21 . The method as defined in claim 1 , comprising selecting packet data subconnections in turn for data to be transmitted with the security protocol.
22 . A communication system comprising:
means for establishing a first packet data connection to a remote node, means for performing an authentication procedure with the remote node via the first packet data connection for establishing a security protocol session, means for negotiating at least one security parameter with the remote node for transmitting packets through the first packet data connection, means for establishing a second packet data connection to the remote node, means for negotiating at least one security parameter with the remote node for use with the second packet data connection, and means for handling the first and second packet data connections as packet data subconnections of the security protocol session.
23 . A device for a communications system comprising:
means for establishing a first packet data connection to a remote node, means for performing an authentication procedure with the remote node via the first packet data connection for establishing a security protocol session, means for negotiating at least one security parameter with the remote node for transmitting packets through the first packet data connection, means for establishing a second packet data connection to the remote node, means for negotiating at least one security parameter with the remote node for use with the second packet data connection, and means for handling the first and second packet data connections as packet data subconnections of the security protocol session.
24 . The device as defined in claim 23 , comprising a network node.
25 . The device as defined in claim 23 , comprising a portable communications device.
26 . The device as defined in claim 23 , comprising an edge node for a virtual private network.
27 . A computer program embedded on a computer-readable medium comprising program code configured to execute:
performing an authentication procedure with the remote node via a first packet data connection for establishing a security protocol session with the remote node, negotiating at least one security parameter with the remote node for transmitting packets through the first packet data connection, negotiating at least one security parameter with the remote node for use with a second packet data connection, and handling the first and second packet data connections as packet data subconnections associated with the security protocol session.
28 . A system configured to:
establish a first packet data connection to a remote node, perform an authentication procedure with the remote node via the first packet data connection for establishing a security protocol session, negotiate at least one security parameter with the remote node for transmitting packets through the first packet data connection, establish a second packet data connection to the remote node, negotiate at least one security parameter with the remote node for use with the second packet data connection, and handle the first and second packet data connections as packet data subconnections of the security protocol session.
29 . A device configured to:
establish a first packet data connection to a remote node, perform an authentication procedure with the remote node via the first packet data connection for establishing a security protocol session, negotiate at least one security parameter with the remote node for transmitting packets through the first packet data connection, establish a second packet data connection to the remote node, negotiate at least one security parameter with the remote node for use with the second packet data connection, and handle the first and second packet data connections as packet data subconnections of the security protocol session.Join the waitlist — get patent alerts
Track US2007022475A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.