Rekeying A Security Association SA

    公开(公告)号:US20210273799A1

    公开(公告)日:2021-09-02

    申请号:US17321494

    申请日:2021-05-16

    Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, more processing time and power in the course of the IKE SA or the IPSec SA rekey.

    Rekeying a security association SA

    公开(公告)号:US11888982B2

    公开(公告)日:2024-01-30

    申请号:US17321494

    申请日:2021-05-16

    CPC classification number: H04L9/0891 H04L63/029 H04L63/164

    Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, more processing time and power in the course of the IKE SA or the IPSec SA rekey.

    Pre-Shared Key PSK Updating Method and Apparatus

    公开(公告)号:US20230163958A1

    公开(公告)日:2023-05-25

    申请号:US18158890

    申请日:2023-01-24

    CPC classification number: H04L9/0838 H04L9/085 H04L9/0861 H04L9/0891

    Abstract: A pre-shared key (PSK) updating method is disclosed. A first communication apparatus stores a first PSK for processing, within an aging periodicity of the first PSK, a packet exchanged between the first communication apparatus and a second communication apparatus. The first communication apparatus may receive, within the aging periodicity of the first PSK, a first protocol packet that is sent by the second communication apparatus and includes a first PSK key material for generating a second PSK. The second PSK is for processing, within an aging periodicity of the second PSK, a packet exchanged between the first communication apparatus and the second communication apparatus.

    Data transmission security protection method and network device

    公开(公告)号:US11146952B2

    公开(公告)日:2021-10-12

    申请号:US16278162

    申请日:2019-02-17

    Inventor: De Sheng Yun Qin

    Abstract: The method includes: receiving, by a first member device, a second EAPOL-MKA packet sent by a second member device; determining, by the first member device, a first cipher suite, and determining a first secure association key SAK corresponding to the first cipher suite; and sending, by the first member device, the first cipher suite and the first SAK to the second member device in CA. Based on the foregoing technical solution, a device in the CA may determine a cipher suite and a secure association key corresponding to the cipher suite that are used for MACsec secure data transmission. In addition, all devices in the CA support the determined cipher suite. In this way, a problem that the cipher suite needs to be re-determined because one or more devices do not support the cipher suite determined by the first device can be avoided.

    System, method and devices for MKA negotiation between the devices

    公开(公告)号:US10904368B2

    公开(公告)日:2021-01-26

    申请号:US16420959

    申请日:2019-05-23

    Abstract: Disclosed are a system, method and devices for simultaneous MACsec key agreement (MKA) negotiation between the devices. The present application controls a basic TLV message exchange between supplicant and authenticator in case of race condition to establish the secure association key (SAK) channel. The present application by controlling a basic TLV message exchange enables to establish a secure channel in race condition and achieves a high reliability of the product as this makes product launch MACsec services quickly and available for the service. Accordingly, when both sides (two supplicants) exchange hello with basic TLV at the same time, triggering the race condition, drops first message from the authenticator at supplicant and update the peer MN and the supplicant will not send reply. The authenticator when send next message (basic+potential peer TLV) with peer MN incremented by 1, the supplicant will respond with incremental message with live peer TLV.

    Method for internet key exchange protocol authentication using certificate and communication device

    公开(公告)号:US12212662B2

    公开(公告)日:2025-01-28

    申请号:US17946542

    申请日:2022-09-16

    Abstract: This application discloses a method for Internet key exchange protocol (IKE) authentication using a certificate. The method includes: A first device parses a certificate to obtain signature information in the certificate. The first device fills an AUTH payload field in an IKE identity authentication (AUTH) message based on the signature information in the certificate, where signature information indicated by the AUTH payload field matches the signature information in the certificate. The first device sends the IKE AUTH message to a second device. In the method for Internet key exchange protocol IKE authentication using a certificate provided in this application, the first device may automatically parse the signature information in the certificate, and fill the related field of the IKE AUTH message based on the signature information. Therefore, user configuration is simplified and product usability is improved.

    Rekeying a security association SA

    公开(公告)号:US11943209B2

    公开(公告)日:2024-03-26

    申请号:US17321499

    申请日:2021-05-17

    CPC classification number: H04L63/061 H04L63/0245 H04L63/029 H04L63/0435

    Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, more processing time and power in the course of the IKE SA or the IPSec SA rekey.

    Rekeying A Security Association SA

    公开(公告)号:US20210273928A1

    公开(公告)日:2021-09-02

    申请号:US17321499

    申请日:2021-05-17

    Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, more processing time and power in the course of the IKE SA or the IPSec SA rekey.

    REKEYING A SECURITY ASSOCIATION (SA)
    9.
    发明公开

    公开(公告)号:US20240223364A1

    公开(公告)日:2024-07-04

    申请号:US18392496

    申请日:2023-12-21

    CPC classification number: H04L9/0891 H04L63/029 H04L63/164

    Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, processing time, and power in the course of the IKE SA or the IPSec SA rekey.

    System, Method and Devices for MKA Negotiation Between the Devices

    公开(公告)号:US20210105348A1

    公开(公告)日:2021-04-08

    申请号:US17123631

    申请日:2020-12-16

    Abstract: Disclosed are a system, method and devices for simultaneous MACsec key agreement (MKA) negotiation between the devices. The present application controls a basic TLV message exchange between supplicant and authenticator in case of race condition to establish the secure association key (SAK) channel. The present application by controlling a basic TLV message exchange enables to establish a secure channel in race condition and achieves a high reliability of the product as this makes product launch MACsec services quickly and available for the service. Accordingly, when both sides (two supplicants) exchange hello with basic TLV at the same time, triggering the race condition, drops first message from the authenticator at supplicant and update the peer MN and the supplicant will not send reply. The authenticator when send next message (basic+potential peer TLV) with peer MN incremented by 1, the supplicant will respond with incremental message with live peer TLV.

Patent Agency Ranking