Strong anti-replay protection for IP traffic sent point to point or multi-cast to large groups
US7748034B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 12, 2005 |
| Grant date | Jun 29, 2010 |
| Priority date | — |
| Expiry date | Aug 4, 2028 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/121
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A mechanism for providing strong anti-replay protection at a security gateway in a network for protection against an attacker duplicating encrypted packets. The mechanism assigns a unique sequence number to each encrypted packet and a time stamp. A receiving security gateway rejects packets that have a duplicative sequence number or that is too old to protect itself against replay attacks. Each security gateway checks off the sequence numbers as they are received knowing that the sending security gateway assigns sequence numbers in an increasing order. The receiving security gateway remembers the value of the highest sequence number that it has already seen as well as up to N additional sequence numbers. Any packet with a duplicative sequence number is discarded. In addition to the sequence number, each packet also has an associated time stamp that corresponds to an epoch during which it should be received. If the packet is received after the epoch has expired, the packet is rejected.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.