公开(公告)号：WO2009080462A3

公开(公告)日：2009-09-24

申请号：PCT/EP2008066824

申请日：2008-12-04

Applicant: IBM ,  IBM UK ,  JONG WUCHIEH JAMES ,  MEYER CHRISTOPHER ,  OVERBY LINWOOD HUGH JR

Inventor： JONG WUCHIEH JAMES ,  MEYER CHRISTOPHER ,  OVERBY LINWOOD HUGH JR

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  H04L63/062 ,  H04L63/164

Abstract: A method, network element, and computer storage program product, are provided for selectively loading a communication network security enforcement point ('SEP') with security association ('SA') information for inspection of encrypted data in a secure, end-to-end communications path. At least one encrypted data packet is received. It is determined that SA information for decrypting the at least one encrypted data packet fails to exist locally at the SEP. A request is sent to a communication network key server for SA information associated with the at least one encrypted data packet. The SA information associated with the at least one encrypted data packet is received from the communication network key server.

Abstract translation: 提供了一种方法，网络元件和计算机存储程序产品，用于选择性地加载具有安全关联（'SA'）信息的通信网络安全执行点（'SEP'），用于在安全， 终端通信路径。 至少收到一个加密的数据包。 确定用于解密所述至少一个加密数据分组的SA信息在SEP处本地存在。 向通信网络密钥服务器发送请求以获取与至少一个加密数据分组相关联的SA信息。 从通信网络密钥服务器接收与至少一个加密数据分组相关联的SA信息。

公开(公告)号：DE602007009935D1

公开(公告)日：2010-12-02

申请号：DE602007009935

申请日：2007-01-29

Applicant: IBM

Inventor： OVERBY LINWOOD HUGH JR ,  WIERBOWSKI DAVID JOHN ,  PORTER JOYCE ANNE ,  JONG WUCHIEH JAMES

IPC: H04L29/06 ,  H04L29/12

公开(公告)号：CA2636882C

公开(公告)日：2015-03-24

申请号：CA2636882

申请日：2007-01-29

Applicant: IBM

Inventor： OVERBY JR LINWOOD HUGH ,  WIERBOWSKI DAVID JOHN ,  PORTER JOYCE ANNE ,  JONG WUCHIEH JAMES

IPC: H04L29/06 ,  H04L29/12

Abstract: The invention determines if a security association (SA) extends end-to-end between a source node originating a connection and a destination node. In such a case, there will be no ambiguities in routing due to network address translation, and the SA is allowed. In the preferred embodiment, both end nodes of a security connection test themselves and the remote node for gateway status to determine if any ambiguities might exist in network routing due to the presence of a network address translator.

公开(公告)号：CA2636882A1

公开(公告)日：2007-08-23

申请号：CA2636882

申请日：2007-01-29

Applicant: IBM

Inventor： WIERBOWSKI DAVID JOHN ,  PORTER JOYCE ANNE ,  OVERBY JR LINWOOD HUGH ,  JONG WUCHIEH JAMES

IPC: H04L29/06 ,  H04L29/12

Abstract: The invention determines if a security association (SA) extends end-to-end between a source node originating a connection and a destination node. In such a case, there will be no ambiguities in routing due to network address translation, and the SA is allowed. In the preferred embodiment, both end nodes of a security connection test themselves and the remote node for gateway status to determine if any ambiguities might exist in network routing due to the presence of a network address translator.