WO2006010648A3 - Methods, apparatuses and computer-readable media for secure communication by establishing multiple secure connections - Google Patents

Methods, apparatuses and computer-readable media for secure communication by establishing multiple secure connections Download PDF

Info

Publication number
WO2006010648A3
WO2006010648A3 PCT/EP2005/010046 EP2005010046W WO2006010648A3 WO 2006010648 A3 WO2006010648 A3 WO 2006010648A3 EP 2005010046 W EP2005010046 W EP 2005010046W WO 2006010648 A3 WO2006010648 A3 WO 2006010648A3
Authority
WO
WIPO (PCT)
Prior art keywords
connections
secure
methods
established
apparatuses
Prior art date
Application number
PCT/EP2005/010046
Other languages
French (fr)
Other versions
WO2006010648A2 (en
Inventor
Vinod Choyi
Andrew Robison
Frederic Gariador
Original Assignee
Cit Alcatel
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cit Alcatel filed Critical Cit Alcatel
Priority to CN2005800321073A priority Critical patent/CN101027888B/en
Priority to EP05783746.0A priority patent/EP1774750B1/en
Priority to MX2007000931A priority patent/MX2007000931A/en
Publication of WO2006010648A2 publication Critical patent/WO2006010648A2/en
Publication of WO2006010648A3 publication Critical patent/WO2006010648A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/04Network layer protocols, e.g. mobile IP [Internet Protocol]

Abstract

Methods and systems for secure communications are provided. Secure end-to-end connections are established as separate multiple secure connections (11,13), illustratively between a first system (10) and an intermediate system (12) and between a second system (14) and an intermediate system (12). The multiple secure connections (11, 13) may be bound, by binding Internet Protocol Security Protocol (IPSec) Security Associations (SAs) for the multiple connections, for example, to establish the end-to-end connection. In the event of a change in operating conditions which would normally require the entire secure connection to be re-established, only one of the multiple secure connections which form the end-to-end connection is re-established. Separation of end-to-end connections in this manner may reduce processing resource requirements and latency normally associated with re-establishing secure connections.
PCT/EP2005/010046 2004-07-26 2005-07-22 Methods, apparatuses and computer-readable media for secure communication by establishing multiple secure connections WO2006010648A2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN2005800321073A CN101027888B (en) 2004-07-26 2005-07-22 Method for managing secure connection between access system and remote system, intermediate system and communication system
EP05783746.0A EP1774750B1 (en) 2004-07-26 2005-07-22 Method, apparatuses and computer readable medium for establishing secure end-to-end connections by binding IPSec Security Associations
MX2007000931A MX2007000931A (en) 2004-07-26 2005-07-22 Methods, apparatuses and computer-readable media for secure communication by establishing multiple secure connections.

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/899,251 2004-07-26
US10/899,251 US7676838B2 (en) 2004-07-26 2004-07-26 Secure communication methods and systems

Publications (2)

Publication Number Publication Date
WO2006010648A2 WO2006010648A2 (en) 2006-02-02
WO2006010648A3 true WO2006010648A3 (en) 2006-06-22

Family

ID=35266929

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2005/010046 WO2006010648A2 (en) 2004-07-26 2005-07-22 Methods, apparatuses and computer-readable media for secure communication by establishing multiple secure connections

Country Status (6)

Country Link
US (1) US7676838B2 (en)
EP (1) EP1774750B1 (en)
CN (1) CN101027888B (en)
MX (1) MX2007000931A (en)
RU (1) RU2007106851A (en)
WO (1) WO2006010648A2 (en)

Families Citing this family (66)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9654200B2 (en) 2005-07-18 2017-05-16 Mutualink, Inc. System and method for dynamic wireless aerial mesh network
US9871767B2 (en) * 2005-07-18 2018-01-16 Mutualink, Inc. Enabling ad hoc trusted connections among enclaved communication communities
US20070153804A1 (en) * 2005-12-30 2007-07-05 Mcgee Andrew R Methods and systems for maintaining the address of Internet Protocol compatible devices
DE102006038599B3 (en) * 2006-08-17 2008-04-17 Nokia Siemens Networks Gmbh & Co.Kg Method for reactivating a secure communication connection
US8091126B2 (en) * 2006-08-18 2012-01-03 Microsoft Corporation Failure recognition
US8543808B2 (en) * 2006-08-24 2013-09-24 Microsoft Corporation Trusted intermediary for network data processing
US7840686B2 (en) * 2006-10-25 2010-11-23 Research In Motion Limited Method and system for conducting communications over a network
US20080137856A1 (en) * 2006-12-06 2008-06-12 Electronics & Telecommunications Research Institute Method for generating indirect trust binding between peers in peer-to-peer network
US8332639B2 (en) * 2006-12-11 2012-12-11 Verizon Patent And Licensing Inc. Data encryption over a plurality of MPLS networks
WO2008079375A1 (en) * 2006-12-22 2008-07-03 Telcordia Technologies, Inc. Flexible mobility framework for heterogeneous roaming in next generation wireless networks
US20080184123A1 (en) * 2007-01-26 2008-07-31 Shuqair Michel A D System And Method For Providing A Secure Connection Between A Computer And A Mobile Device
US8190897B2 (en) * 2007-12-13 2012-05-29 Motorola Solutions, Inc. Method and system for secure exchange of data in a network
US8635440B2 (en) * 2007-12-13 2014-01-21 Microsoft Corporation Proxy with layer 3 security
US8406748B2 (en) 2009-01-28 2013-03-26 Headwater Partners I Llc Adaptive ambient services
US8589541B2 (en) 2009-01-28 2013-11-19 Headwater Partners I Llc Device-assisted services for protecting network capacity
US8391834B2 (en) 2009-01-28 2013-03-05 Headwater Partners I Llc Security techniques for device assisted services
US8340634B2 (en) 2009-01-28 2012-12-25 Headwater Partners I, Llc Enhanced roaming services and converged carrier networks with device assisted services and a proxy
US8023425B2 (en) 2009-01-28 2011-09-20 Headwater Partners I Verifiable service billing for intermediate networking devices
US8346225B2 (en) 2009-01-28 2013-01-01 Headwater Partners I, Llc Quality of service for device assisted services
US8626115B2 (en) 2009-01-28 2014-01-07 Headwater Partners I Llc Wireless network service interfaces
US8402111B2 (en) 2009-01-28 2013-03-19 Headwater Partners I, Llc Device assisted services install
US8832777B2 (en) 2009-03-02 2014-09-09 Headwater Partners I Llc Adapting network policies based on device service processor configuration
US8548428B2 (en) 2009-01-28 2013-10-01 Headwater Partners I Llc Device group partitions and settlement platform
US8275830B2 (en) 2009-01-28 2012-09-25 Headwater Partners I Llc Device assisted CDR creation, aggregation, mediation and billing
US8850553B2 (en) * 2008-09-12 2014-09-30 Microsoft Corporation Service binding
US10264138B2 (en) 2009-01-28 2019-04-16 Headwater Research Llc Mobile device and service management
US10200541B2 (en) 2009-01-28 2019-02-05 Headwater Research Llc Wireless end-user device with divided user space/kernel space traffic policy system
US9572019B2 (en) 2009-01-28 2017-02-14 Headwater Partners LLC Service selection set published to device agent with on-device service selection
US10057775B2 (en) 2009-01-28 2018-08-21 Headwater Research Llc Virtualized policy and charging system
US10841839B2 (en) 2009-01-28 2020-11-17 Headwater Research Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US9270559B2 (en) 2009-01-28 2016-02-23 Headwater Partners I Llc Service policy implementation for an end-user device having a control application or a proxy agent for routing an application traffic flow
US9706061B2 (en) 2009-01-28 2017-07-11 Headwater Partners I Llc Service design center for device assisted services
US10783581B2 (en) 2009-01-28 2020-09-22 Headwater Research Llc Wireless end-user device providing ambient or sponsored services
US10715342B2 (en) 2009-01-28 2020-07-14 Headwater Research Llc Managing service user discovery and service launch object placement on a device
US10484858B2 (en) 2009-01-28 2019-11-19 Headwater Research Llc Enhanced roaming services and converged carrier networks with device assisted services and a proxy
US9955332B2 (en) 2009-01-28 2018-04-24 Headwater Research Llc Method for child wireless device activation to subscriber account of a master wireless device
US10248996B2 (en) 2009-01-28 2019-04-02 Headwater Research Llc Method for operating a wireless end-user device mobile payment agent
US9980146B2 (en) 2009-01-28 2018-05-22 Headwater Research Llc Communications device with secure data path processing agents
US9392462B2 (en) 2009-01-28 2016-07-12 Headwater Partners I Llc Mobile end-user device with agent limiting wireless data communication for specified background applications based on a stored policy
US10326800B2 (en) 2009-01-28 2019-06-18 Headwater Research Llc Wireless network service interfaces
US9954975B2 (en) 2009-01-28 2018-04-24 Headwater Research Llc Enhanced curfew and protection associated with a device group
US9565707B2 (en) 2009-01-28 2017-02-07 Headwater Partners I Llc Wireless end-user device with wireless data attribution to multiple personas
US11218854B2 (en) 2009-01-28 2022-01-04 Headwater Research Llc Service plan design, user interfaces, application programming interfaces, and device management
US10779177B2 (en) 2009-01-28 2020-09-15 Headwater Research Llc Device group partitions and settlement platform
US10492102B2 (en) 2009-01-28 2019-11-26 Headwater Research Llc Intermediate networking devices
US10237757B2 (en) 2009-01-28 2019-03-19 Headwater Research Llc System and method for wireless network offloading
US10064055B2 (en) 2009-01-28 2018-08-28 Headwater Research Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US10798252B2 (en) 2009-01-28 2020-10-06 Headwater Research Llc System and method for providing user notifications
US10298386B1 (en) 2009-06-26 2019-05-21 Marvell International Ltd. Method and apparatus for secure communications in networks
US20110035809A1 (en) * 2009-08-10 2011-02-10 Fisher Frederick C Agent service
GB2474843B (en) * 2009-10-27 2012-04-25 Motorola Solutions Inc Method for providing security associations for encrypted packet data
US20110231654A1 (en) * 2010-03-16 2011-09-22 Gurudas Somadder Method, system and apparatus providing secure infrastructure
CN102223353A (en) 2010-04-14 2011-10-19 华为技术有限公司 Host identification protocol (HIP) safe channel multiplexing method and device thereof
US9350708B2 (en) * 2010-06-01 2016-05-24 Good Technology Corporation System and method for providing secured access to services
CN102420770B (en) * 2011-12-27 2014-03-12 汉柏科技有限公司 Method and equipment for negotiating internet key exchange (IKE) message
FR2992811A1 (en) * 2012-07-02 2014-01-03 France Telecom ESTABLISHING A SECURITY ASSOCIATION WHEN ATTACHING A TERMINAL TO AN ACCESS NETWORK
CA2905044C (en) * 2013-03-13 2020-04-21 Mutualink, Inc. Enabling ad hoc trusted connections among enclaved communication communities
WO2014159862A1 (en) 2013-03-14 2014-10-02 Headwater Partners I Llc Automated credential porting for mobile devices
CN103475647A (en) * 2013-08-23 2013-12-25 天津汉柏汉安信息技术有限公司 Method for preventing IPSEC (internet protocol security) tunnel re-negotiation from failing
US20150350247A1 (en) * 2014-05-30 2015-12-03 Apple Inc. Efficient secure instant messaging
EP3310099B1 (en) * 2015-07-15 2020-02-26 Huawei Technologies Co., Ltd. Ip address management method, device, ip address anchor and mobile node
RU2625046C2 (en) * 2015-12-18 2017-07-11 Федеральное государственное автономное образовательное учреждение высшего образования "Санкт-Петербургский политехнический университет Петра Великого" Method of multi-threaded network traffic protection and system for its implementation
EP3190747B1 (en) * 2016-01-08 2018-11-14 Apple Inc. Secure wireless communication between controllers and accessories
CN105743919B (en) * 2016-04-06 2018-12-21 致象尔微电子科技(上海)有限公司 Long-range control method, device and system
JP7362609B2 (en) 2018-03-16 2023-10-17 フイルメニツヒ ソシエテ アノニム Hydrogenation of carbonyls with tetradentate PNNP ligand ruthenium complexes
US11025592B2 (en) 2019-10-04 2021-06-01 Capital One Services, Llc System, method and computer-accessible medium for two-factor authentication during virtual private network sessions

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020091921A1 (en) * 2001-01-05 2002-07-11 International Business Machines Corporation Establishing consistent, end-to-end protection for a user datagram
US20030191963A1 (en) * 2002-04-04 2003-10-09 Joel Balissat Method and system for securely scanning network traffic

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6377982B1 (en) * 1997-10-14 2002-04-23 Lucent Technologies Inc. Accounting system in a network
GB2365717B (en) * 2000-05-24 2004-01-21 Ericsson Telefon Ab L M IPsec processing
US6865681B2 (en) * 2000-12-29 2005-03-08 Nokia Mobile Phones Ltd. VoIP terminal security module, SIP stack with security manager, system and security methods
US7072657B2 (en) * 2002-04-11 2006-07-04 Ntt Docomo, Inc. Method and associated apparatus for pre-authentication, preestablished virtual private network in heterogeneous access networks
US7428226B2 (en) 2002-12-18 2008-09-23 Intel Corporation Method, apparatus and system for a secure mobile IP-based roaming solution

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020091921A1 (en) * 2001-01-05 2002-07-11 International Business Machines Corporation Establishing consistent, end-to-end protection for a user datagram
US20030191963A1 (en) * 2002-04-04 2003-10-09 Joel Balissat Method and system for securely scanning network traffic

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
DAS D: "IPSec-based delegation protocol and its application", DISTRIBUTED COMPUTING SYSTEMS, 2004. PROCEEDINGS. FTDCS 2004. 10TH IEEE INTERNATIONAL WORKSHOP ON FUTURE TRENDS OF SUZHOU, CHINA 26-28 MAY 2004, PISCATAWAY, NJ, USA,IEEE, 26 May 2004 (2004-05-26), pages 74 - 79, XP010710914, ISBN: 0-7695-2118-5 *
JEREMY DE CLERCQ YVES T'JOENS OLIVIER PARIDAENS ALCATEL CHANDRU SARGOR VIJAY SRINIVASAN COSINE COMMUNICATIONS: "BGP/IPsec VPN", IETF STANDARD-WORKING-DRAFT, INTERNET ENGINEERING TASK FORCE, IETF, CH, no. 1, February 2001 (2001-02-01), XP015012355, ISSN: 0000-0004 *

Also Published As

Publication number Publication date
RU2007106851A (en) 2008-09-10
EP1774750B1 (en) 2015-12-30
CN101027888B (en) 2012-09-05
CN101027888A (en) 2007-08-29
US20060020787A1 (en) 2006-01-26
WO2006010648A2 (en) 2006-02-02
US7676838B2 (en) 2010-03-09
MX2007000931A (en) 2007-04-13
EP1774750A2 (en) 2007-04-18

Similar Documents

Publication Publication Date Title
WO2006010648A3 (en) Methods, apparatuses and computer-readable media for secure communication by establishing multiple secure connections
WO2007121243A3 (en) System and method for traversing a firewall with multimedia communication
WO2006116396A3 (en) Voice over internet protocol system and method for processing of telephonic voice over a data network
WO2008132821A1 (en) Security gateway system and its method and program
WO2007127637A3 (en) Method and system for providing cellular assisted secure communications of a plurality of ad hoc devices
WO2010014747A3 (en) Network architecture for secure data communications
WO2008146296A3 (en) Network and computer firewall protection with dynamic address isolation to a device
WO2005017655A3 (en) System and methods for providing increases computer security
WO2012078689A3 (en) Multichannel connections in file system sessions
WO2007136937A3 (en) Implementation of reflexive access control lists on distributed platforms
WO2008043002A3 (en) Method and system for optimizing a jitter buffer
TW200603589A (en) Security gateway with SSL protection and method for the same
WO2008147475A3 (en) Providing a generic gateway for accessing protected resources
WO2006107674A3 (en) System, gateway and method for interfacing a radio system and an ip network
WO2004046844A3 (en) Faster authentication with parallel message processing
WO2011022195A3 (en) Switching communications between different networks based on device capabilities
EP2045967A3 (en) Systems and methods for seamless host migration
WO2005114947A8 (en) Firewall system
WO2008058254A3 (en) Network traffic controller (ntc)
GB2438780B (en) Method for out-of-band signaling for TCP connection setup
WO2007089717A3 (en) System and method for data transfer in a peer-to-peer hybrid communication network
WO2007103978A3 (en) Secure transaction computer network
WO2007045972A3 (en) Prioritized control packet delivery for transmission control protocol (tcp)
WO2003075121A3 (en) Firewall
TW200745954A (en) Single logical network interface for advanced load balancing and fail-over functionality

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 2005783746

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: MX/a/2007/000931

Country of ref document: MX

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 795/DELNP/2007

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 2007106851

Country of ref document: RU

WWE Wipo information: entry into national phase

Ref document number: 200580032107.3

Country of ref document: CN

WWP Wipo information: published in national office

Ref document number: 2005783746

Country of ref document: EP