USRE46113EExpiredUtility

Technique for maintaining secure network connections

54
Assignee: CONSTELLATION TECH LLCPriority: Mar 3, 2004Filed: May 29, 2014Granted: Aug 16, 2016
Est. expiryMar 3, 2024(expired)· nominal 20-yr term from priority
H04W 12/02H04W 36/0033H04L 63/0428H04L 63/0272H04W 80/04H04L 63/164H04W 36/0011H04W 36/0019H04L 12/28H04L 9/00H04L 12/22H04L 9/32H04W 12/033
54
PatentIndex Score
1
Cited by
67
References
11
Claims

Abstract

A technique for maintaining secure network connections is disclosed. In one particular exemplary embodiment, the technique may be realized as a method for maintaining secure network connections. The method may comprise detecting a change of address associated with a first network element. The method may also comprise updating at least one first security configuration at the first network element. The method may further comprise transmitting at least one secure message from the first network element to a second network element, wherein the at least one secure message comprises information associated with the change of address. And the method may comprise updating at least one second security configuration at the second network element based at least in part on the at least one secure message.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A method for maintaining secure network connections, the method comprising:
 duplicating, at a third network element, a security association associated with a secure network connection between a first network element and a second network element, wherein a lookup of the security association associated with the secure network connection is not dependent on any destination address; and 
 in response to detecting failure of the second network element, replacing the second network element with the third network element in the secure network connection with the first network element, wherein the secure network connection between the first network element and the third network element is based on the duplicated security association; and 
 sending at least one secure message from the third network element to the first network element to notify the first network element that the secure network connection will be taken over by the third network element, the third network element communicating with the first network element without the third network element reestablishing another secure network connection with the first network element. 
 
     
     
       2. A method for maintaining secure network connections, the method comprising:
 configuring a plurality of security gateways such that a lookup of security associations is not dependent on any destination address; 
 sharing a security association among the plurality of security gateways; 
 a first of the security gateways detecting failure of a second of the security gateways involved in a secure network connection with a network device, wherein the secure network connection is associated with the security association; and 
 in response to detecting the failure, the first security gateway sending a message to the network device that the first security gateway is taking over the secure network connection, the first security gateway communicating with the network device without the first security gateway reestablishing another secure network connection with the network device. 
 
     
     
       3. A first security server comprising:
 a transceiver to receive information relating to at least one security association of a secure network connection between a mobile client and a second security server; and 
 a processor module to:
 monitor operation of the second security server; 
 in response to detecting failure of the second security server, send a message to the mobile client that the first security server is taking over the secure network connection; and 
 communicate with the mobile client using the at least one security association over the secure network connection between the first security server and the mobile client without reestablishing a new secure network connection with the mobile client. 
 
 
     
     
       4. The first security server according to  claim 3 , wherein communications between the mobile client and the first security server are based on a security architecture for the internet protocol (IPsec). 
     
     
       5. The method of  claim 1 , further comprising:
 during life of the secure network connection between the first and second network elements, the third network element receiving information relating to the security association of the secure network connection from the second network element. 
 
     
     
       6. The method of  claim 5 , wherein the first network element is a mobile client, and the second and third network elements are security servers. 
     
     
       7. The first security server according to  claim 3 , wherein a lookup of security associations is not dependent on any destination address. 
     
     
       8. The method of  claim 1 , wherein the first network element is a mobile client, and the second and third network elements are security servers. 
     
     
       9. The first security server of  claim 3 , wherein information relating to the at least one security association is duplicated at the first and second security servers. 
     
     
       10. The method of  claim 2 , wherein sharing the security association comprises sharing an IPsec security association among the plurality of security gateways. 
     
     
       11. A third network element comprising:
 a transceiver; and   a processor coupled to the transceiver and configured to:   duplicate a security association associated with a secure network connection between a first network element and a second network element, wherein a lookup of the security association associated with the secure network connection is not dependent on any destination address;   in response to detecting failure of the second network element, replace the second network element with the third network element in the secure network connection with the first network element, wherein the secure network connection between the first network element and the third network element is based on the duplicated security association; and   send, by the third network element, at least one secure message to the first network element to notify the first network element that the secure network connection will be taken over by the third network element, the third network element communicating with the first network element without the third network element reestablishing another secure network connection with the first network element.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.