公开(公告)号：US20210075621A1

公开(公告)日：2021-03-11

申请号：US16568174

申请日：2019-09-11

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Roger G. Hathorn ,  Patricia G. Driever ,  Christopher J. Colonna ,  Mooheng Zee ,  Richard Mark Sczepczenski ,  Mikel William Welsh ,  John R. Flanagan

IPC分类号： H04L9/32 ,  H04L9/08

摘要： Provided are a computer program product, system and method embodiments for secure communication between an initiator and a responder over a network. The initiator sends a security association initialization message to the responder to establish a security association including key material used to generate a key for the security association. In response to receiving a security association initialization response to accept the security association, the initiator sends an authentication message to the responder to establish authentication between the responder and the initiator. In response to receiving an authentication message response to the authentication message, the initiator is programmed with the security association. An authentication done message is received from the responder after receiving the authentication message response. The initiator activates the security association to use the key to secure communication between the responder and initiator in response to receiving the authentication done message.

公开(公告)号：US11201749B2

公开(公告)日：2021-12-14

申请号：US16568174

申请日：2019-09-11

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Roger G. Hathorn ,  Patricia G. Driever ,  Christopher J. Colonna ,  Mooheng Zee ,  Richard Mark Sczepczenski ,  Mikel William Welsh ,  John R. Flanagan

IPC分类号： H04L29/06 ,  H04L9/32 ,  H04L9/08

摘要： Provided are a computer program product, system and method embodiments for secure communication between an initiator and a responder over a network. The initiator sends a security association initialization message to the responder to establish a security association including key material used to generate a key for the security association. In response to receiving a security association initialization response to accept the security association, the initiator sends an authentication message to the responder to establish authentication between the responder and the initiator. In response to receiving an authentication message response to the authentication message, the initiator is programmed with the security association. An authentication done message is received from the responder after receiving the authentication message response. The initiator activates the security association to use the key to secure communication between the responder and initiator in response to receiving the authentication done message.

公开(公告)号：US20210091943A1

公开(公告)日：2021-03-25

申请号：US16583173

申请日：2019-09-25

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Roger G. Hathorn ,  Patricia G. Driever ,  Christopher J. Colonna ,  Mooheng Zee ,  John R. Flanagan ,  Alol Antony Crasta ,  Mikel William Welsh

IPC分类号： H04L9/08 ,  H04W12/04 ,  H04L29/06 ,  H04W12/06 ,  G06F21/30

摘要： Provided are a computer program product, system, and method embodiments for reverting from a new security association to a previous security association in response to an error during a rekey operation. An initiator maintains a first security association with the responder having a first key to use to encrypt and decrypt data transmitted with the responder. The initiator initiates a rekey operation to establish a second security association with the responder using a second key. The initiator detects a failure of the rekey operation after the responder started using the second key for transmissions. A revert message is sent to the responder to revert back to using the first security association and first key in response to detecting the failure of the rekey operation.

公开(公告)号：US20210075627A1

公开(公告)日：2021-03-11

申请号：US16568176

申请日：2019-09-11

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Roger G. Hathorn ,  Patricia G. Driever ,  Christopher J. Colonna ,  Mooheng Zee ,  Mikel William Welsh ,  Richard Mark Sczepczenski ,  John R. Flanagan

IPC分类号： H04L9/32 ,  H04L9/08

摘要： Provided are a computer program product, system and method embodiments for secure communication between an initiator and a responder over a network. The responder receives, from the initiator, a security association initialization message to establish a security association with the responder including key material used to generate a key for the security association. The responder receives an authentication message from the initiator to program the responder to establish authentication between the responder and the initiator after establishing the security association. The responder sends an authentication message response to the initiator to establish authentication with the responder in response to the authentication message. The responder sends an authentication done message to the initiator after sending the authentication message response to cause the initiator to activate using the security association and the key to encrypt and decrypt communication between the responder and initiator.

公开(公告)号：US11303441B2

公开(公告)日：2022-04-12

申请号：US16583178

申请日：2019-09-25

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Roger G. Hathorn ,  Patricia G. Driever ,  Christopher J. Colonna ,  Mooheng Zee ,  Mikel William Welsh ,  Alol Antony Crasta ,  John R. Flanagan

IPC分类号： H04L9/08 ,  H04L29/06 ,  H04W12/069 ,  H04W12/0433

摘要： Provided are a computer program product, system, and method embodiments for reverting from a new security association to a previous security association in response to an error during a rekey operation. The responder maintains a first security association with the initiator having a first key to use to encrypt and decrypt messages transmitted with the initiator. The responder receives a message from the initiator for a rekey operation to establish a second security association with the initiator using a second key. The responder queues Input/Output (I/O) for transmission using the second key after completing the rekey operation. After activating the second security association, the responder receives a revert message from the initiator to revert back to using the first security association and first key in response to a failure of the rekey operation.

公开(公告)号：US11206144B2

公开(公告)日：2021-12-21

申请号：US16568176

申请日：2019-09-11

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Roger G. Hathorn ,  Patricia G. Driever ,  Christopher J. Colonna ,  Mooheng Zee ,  Mikel William Welsh ,  Richard Mark Sczepczenski ,  John R. Flanagan

IPC分类号： H04L29/06 ,  H04L9/32 ,  H04L9/08

摘要： Provided are a computer program product, system and method embodiments for secure communication between an initiator and a responder over a network. The responder receives, from the initiator, a security association initialization message to establish a security association with the responder including key material used to generate a key for the security association. The responder receives an authentication message from the initiator to program the responder to establish authentication between the responder and the initiator after establishing the security association. The responder sends an authentication message response to the initiator to establish authentication with the responder in response to the authentication message. The responder sends an authentication done message to the initiator after sending the authentication message response to cause the initiator to activate using the security association and the key to encrypt and decrypt communication between the responder and initiator.

公开(公告)号：US11245521B2

公开(公告)日：2022-02-08

申请号：US16583173

申请日：2019-09-25

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Roger G. Hathorn ,  Patricia G. Driever ,  Christopher J. Colonna ,  Mooheng Zee ,  John R. Flanagan ,  Alol Antony Crasta ,  Mikel William Welsh

IPC分类号： H04L9/08 ,  G06F21/30 ,  H04L29/06 ,  H04W12/069 ,  H04W12/0433

摘要： Provided are a computer program product, system, and method embodiments for reverting from a new security association to a previous security association in response to an error during a rekey operation. An initiator maintains a first security association with the responder having a first key to use to encrypt and decrypt data transmitted with the responder. The initiator initiates a rekey operation to establish a second security association with the responder using a second key. The initiator detects a failure of the rekey operation after the responder started using the second key for transmissions. A revert message is sent to the responder to revert back to using the first security association and first key in response to detecting the failure of the rekey operation.

公开(公告)号：US20210091944A1

公开(公告)日：2021-03-25

申请号：US16583178

申请日：2019-09-25

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Roger G. Hathorn ,  Patricia G. Driever ,  Christopher J. Colonna ,  Mooheng Zee ,  Mikel William Welsh ,  Alol Antony Crasta ,  John R. Flanagan

IPC分类号： H04L9/08 ,  H04W12/04 ,  H04L29/06 ,  H04W12/06

摘要： Provided are a computer program product, system, and method embodiments for reverting from a new security association to a previous security association in response to an error during a rekey operation. The responder maintains a first security association with the initiator having a first key to use to encrypt and decrypt messages transmitted with the initiator. The responder receives a message from the initiator for a rekey operation to establish a second security association with the initiator using a second key. The responder queues Input/Output (I/O) for transmission using the second key after completing the rekey operation. After activating the second security association, the responder receives a revert message from the initiator to revert back to using the first security association and first key in response to a failure of the rekey operation.