US2015046694A1PendingUtilityA1

Method and apparatus for securely establishing l3-svc connections

Assignee: SOUND VIEW INNOVATIONS LLCPriority: Apr 1, 2004Filed: Sep 12, 2014Published: Feb 12, 2015
Est. expiryApr 1, 2024(expired)· nominal 20-yr term from priority
Inventors:Carl Rajsic
H04L 12/5601H04L 45/10H04L 63/0428H04L 63/20H04L 2012/5652H04L 69/325H04L 2012/5687H04L 2012/5667
54
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A system and method are provided for securely establishing Layer-3 SVCs or SPVCs across an ATM network. An originating multiservice switch that generates the connection setup message for the Layer-3 connection includes security information within the setup message, such as a Closed User Group Interlock Code. When the destination multiservice switch receives the setup message, it extracts the embedded security information and compares it with stored security information corresponding to the connection. The correspondence may be determined from the destination user. If the embedded security information matches the stored security information, the destination multiservice switch allows the connection to be established.

Claims

exact text as granted — not AI-modified
1 - 13 . (canceled) 
     
     
         14 - 30 . (canceled) 
     
     
         31 . A method of establishing a secure connection across a data network, the secure connection having a first endpoint at a port of a first multiservice switch (MSS) and a second endpoint at a port of a second MSS, the method comprising:
 receiving, at the second MSS, a setup message including an embedded security data value;   determining an anticipated security data value, wherein the anticipated security data value indicates an embedded security data value expected to be included in the setup message;   wherein the anticipated security value is determined from a membership of a calling user and a destination user;   wherein at least one of the embedded security data value and the anticipated security data value are encryption/decryption keys;   determining that the setup message passes the security check if the embedded security data value matches the anticipated security data value.   
     
     
         32 . The method of  31 , further comprising:
 if the embedded security data value does not match the anticipated security data value, determining that the setup message does not pass the security check.   
     
     
         33 . The method of  claim 31 , further comprising:
 upon determining that the setup message passes the security check, establishing a secure session based on the setup message.   
     
     
         34 . The method of  claim 31 , further comprising:
 upon determining that the setup message does not pass the security check, rejecting the setup message.   
     
     
         35 . The method of  claim 31 , wherein the call scenario is defined based on at least one of the following:
 an originating user, a terminating user, an originating MSS, a terminating MSS, an originating interface, a terminating interface, an originating IP address, and a terminating IP address.   
     
     
         36 . The method of  claim 31 , wherein:
 the call scenario is one of a plurality of potential scenarios, and each potential scenario of the potential scenarios is associated with different anticipated security data values.   
     
     
         37 . A method of establishing a secure connection across a data network, the secure connection having a first endpoint at a port of a first multiservice switch (MSS) and a second endpoint at a port of a second MSS, the method comprising:
 receiving, at the first MSS, a connection attempt;   generating, in response to the connection attempt, a setup message for establishing the secure connection;   determining a security data value wherein the security data value is an encryption/decryption key and wherein the security data value will be expected to be included in the setup message for the setup message to pass a security check performed by the second MSS, wherein the security check includes a comparison to an anticipated security value that is determined from a membership of a calling user and a destination user;   inserting the security data value into the setup message; and   transmitting the setup message toward the second MSS.   
     
     
         38 . The method of  claim 37 , wherein the call scenario is defined based on at least one of the following:
 an originating user and a terminating user.   
     
     
         39 . The method of  claim 37 , wherein the call scenario is defined on at least one of the first MSS and the second MSS. 
     
     
         40 . The method of  claim 37 , wherein the call scenario is defined based on an IP interface address. 
     
     
         41 . The method of  claim 37 , wherein:
 the call scenario is one of a plurality of potential scenarios, and each potential scenario of the plurality of potential scenarios is associated with different anticipated security data values.   
     
     
         42 . A multiservice switch (MSS) establishing a secure connection across a network, comprising:
 a port for receiving a setup message including an embedded security data value;   a call controller configured to determine an anticipated security data value, wherein the anticipated security data value indicates an embedded data value expected to be included in the setup message for the setup message to pass a security check;   wherein the anticipated security value is determined from a membership of a calling user and a destination user and wherein at least one of the embedded security data value and the anticipated security data value are encryption/decryption keys; and   a comparator configured to determine whether the embedded security data value matches the anticipated security data value;   wherein the call controller is further configured to, if the embedded security data value matches the anticipated security data value, determine that the setup message passes the security check.   
     
     
         43 . The MSS of  claim 42 , wherein the call controller is further configured to, upon determining that the setup message passes the security check, establish a secure session based on the setup message. 
     
     
         44 . The MSS of  claim 42 , wherein the call controller is further configured to:
 if the embedded security data value does not match the anticipated security data value, determine that the setup message does not pass the security check; and   upon determining that the setup message passes the security check, establish a secure session based on the setup message.   
     
     
         45 . The MSS  claim 42 , wherein the call scenario is defined based on at least one of the following:
 an originating user;   a terminating user;   an originating MSS;   a terminating interface;   an originating IP address; and   a terminating IP address.   
     
     
         46 . The MSS of  claim 42 , wherein:
 the call scenario is one of a plurality of potential scenarios; and   each potential scenario of the plurality of potential scenarios is associated with different anticipated with different anticipated security data values.   
     
     
         47 . The MSS of  claim 42 , further comprising an IP interface for receiving a connection attempt, wherein the call controller is further configured to:
 generate, in response to the connection attempt, a second setup message for establishing a second secure connection;   determine, based on a second call scenario, a security data value, wherein the security data value will be expected to be included in the second setup message for the second setup message to pass a security check performed by a second MSS;   inserting the security data value into the second setup message; and
 transmitting the second setup message toward the second MSS.

Join the waitlist — get patent alerts

Track US2015046694A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.