公开(公告)号：US10999253B2

公开(公告)日：2021-05-04

申请号：US16046381

申请日：2018-07-26

Applicant: Juniper Networks, Inc.

Inventor： Naresh Chand ,  Ranjan Sinha

IPC: H04L29/06 ,  H04L12/841 ,  H04L29/08 ,  H04L12/46

Abstract: A network device identifies an Internet Protocol Security (IPsec) tunnel that connects the network device to a remote device and determines that dead peer detection (DPD) is enabled at the network device. The network device receives a first DPD request message from the remote device via the IPsec tunnel, and sends a first DPD response message to the remote device via the IPsec tunnel. The network device determines that a workload of the network device satisfies a threshold amount, and sends one or more encapsulating security payload (ESP) packets that include traffic flow confidentiality (TFC) payload data to the remote device via the IPsec tunnel. The network device determines that the workload of the network device does not satisfy the threshold amount. The network device receives a second DPD request message from the remote device and sends a second DPD response message to the remote device via the IPsec tunnel.

公开(公告)号：US12250302B2

公开(公告)日：2025-03-11

申请号：US18461845

申请日：2023-09-06

Applicant: Juniper Networks, Inc.

Inventor： Ranjan Sinha ,  Aswin Surendran ,  Priyabrata Saha

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/40

Abstract: In some implementations, a first network device may communicate, with a second network device, one or more internet key exchange (IKE) messages to exchange a first identifier associated with the first network device and a second identifier associated with the second network device, and to indicate that a post-quantum preshared key (PPK) is to be used as a shared key for an IKE security association (SA) between the first network device and the second network device. The first network device may obtain, from a key management entity (KME), a quantum key based on providing the second identifier to the KME, wherein the PPK is based on the quantum key. The first network device may communicate, with the second network device, one or more IKE authentication messages to exchange a third identifier associated with the quantum key and to confirm that the second network device successfully obtained the PPK.

公开(公告)号：US12052223B2

公开(公告)日：2024-07-30

申请号：US17301909

申请日：2021-04-19

Applicant: Juniper Networks, Inc.

Inventor： Naresh Chand ,  Ranjan Sinha

IPC: H04L9/40 ,  H04L47/28 ,  H04L67/1074 ,  H04L12/46

CPC classification number: H04L63/029 ,  H04L47/28 ,  H04L63/0485 ,  H04L67/1074 ,  H04L12/4633

Abstract: A network device identifies an Internet Protocol Security (IPsec) tunnel that connects the network device to a remote device and determines that dead peer detection (DPD) is enabled at the network device. The network device receives a first DPD request message from the remote device via the IPsec tunnel, and sends a first DPD response message to the remote device via the IPsec tunnel. The network device determines that a workload of the network device satisfies a threshold amount, and sends one or more encapsulating security payload (ESP) packets that include traffic flow confidentiality (TFC) payload data to the remote device via the IPsec tunnel. The network device determines that the workload of the network device does not satisfy the threshold amount. The network device receives a second DPD request message from the remote device and sends a second DPD response message to the remote device via the IPsec tunnel.

公开(公告)号：US20210243157A1

公开(公告)日：2021-08-05

申请号：US17301909

申请日：2021-04-19

Applicant: Juniper Networks, Inc.

Inventor： Naresh Chand ,  Ranjan Sinha

IPC: H04L29/06 ,  H04L12/841 ,  H04L29/08

Abstract: A network device identifies an Internet Protocol Security (IPsec) tunnel that connects the network device to a remote device and determines that dead peer detection (DPD) is enabled at the network device. The network device receives a first DPD request message from the remote device via the IPsec tunnel, and sends a first DPD response message to the remote device via the IPsec tunnel. The network device determines that a workload of the network device satisfies a threshold amount, and sends one or more encapsulating security payload (ESP) packets that include traffic flow confidentiality (TFC) payload data to the remote device via the IPsec tunnel. The network device determines that the workload of the network device does not satisfy the threshold amount. The network device receives a second DPD request message from the remote device and sends a second DPD response message to the remote device via the IPsec tunnel.

公开(公告)号：US11791994B1

公开(公告)日：2023-10-17

申请号：US17710100

申请日：2022-03-31

Applicant: Juniper Networks, Inc.

Inventor： Ranjan Sinha ,  Priyabrata Saha ,  Aswin Surendran

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/40

CPC classification number: H04L9/0852 ,  H04L9/083 ,  H04L63/06

Abstract: In some implementations, a first network device may communicate, with a second network device, one or more internet key exchange (IKE) messages to exchange a first identifier associated with the first network device and a second identifier associated with the second network device, and to indicate that a post-quantum preshared key (PPK) is to be used as a shared key for an IKE security association (SA) between the first network device and the second network device. The first network device may obtain, from a key management entity (KME), a quantum key based on providing the second identifier to the KME, wherein the PPK is based on the quantum key. The first network device may communicate, with the second network device, one or more IKE authentication messages to exchange a third identifier associated with the quantum key and to confirm that the second network device successfully obtained the PPK.