Transmission of packet data over a network with a security protocol

Abstract

A method, device, system and computer program for providing a transport distribution scheme for a security protocol are disclosed. A first packet data connection is established to a remote node for transmitting packet data over a network with a security protocol. An authentication procedure is performed with the remote node via the first packet data connection for establishing a security protocol session with the remote node. At least one security parameter is negotiated with the remote node for transmitting packets through the first packet data connection. A second packet data connection is established to the remote node, and at least one security parameter is negotiated with the remote node for use with the second packet data connection. The first and second packet data connections are handled as packet data subconnections associated with the security protocol session.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS [0001] The present application claims the benefit of priority from Finnish Patent Application No. FI 20050769, filed Jul. 19, 2005, the entire contents of which is incorporated herein by reference. BACKGROUND OF THE INVENTION [0002] 1. Field of the Invention [0003] The present invention relates to transmission of packet data over a network. In particular the present invention relates to transmission of packet data over a network with a security protocol. [0004] 2. Description of the Related Art [0005] Data transmission over packet data networks, in particularly over Internet Protocol (IP) based networks, is very common nowadays. There are, however, risks in using the Internet or other public data networks for communications. IP-based networks face threats such as viruses, malicious crackers and eavesdroppers. [0006] Virus-scanning software and firewalls are widely used to prevent unauthorized access to internal networks from public networks. W...

AI Technical Summary

Benefits of technology

[0015] In accordance with an embodiment, there is provided a method for transmitting packet data over a network with a security protocol. In the method a first packet data connection is first established to a remote node, whereafter an authentication procedure is performed with the remote node via the first packet data connection for establishing a security protocol session with the remote node. At least one security parameter is then negotiated with the remote node for transmitting packets through the first packet data connection. A second packet data connection is also established to the remote node, and at least one security parameter is negotiated with the remote node for use with the second packet data connection. The first and second packet data connections are handled as packet data subconnections associated with the security protocol session.

Problems solved by technology

There are, however, risks in using the Internet or other public data networks for communications.

IP-based networks face threats such as viruses, malicious crackers and eavesdroppers.

When the TCP connection carrying the Secure Shell protocol packets is slow or the TCP connection goes via overloaded networks, the throughput of the Secure Shell protocol is quite low.

Furthermore, if some TCP packets carrying Secure Shell protocol packets are lost and need to be retransmitted, it takes a while before the Secure Shell protocol recovers.

This is at least partly due to the fact that the flow control of the Secure Shell is disturbed and the data buffers of the Secure Shell session may be filled.

A further problem is that in an overloaded network, a TCP connection used by the Secure Shell protocol may be slower than TCP connection on the average.

It may be quite difficult to find encryption parameters to provide a suitable compromise.

There are thus various problems relating to providing a Secure Shell session over a TCP connection or other reliable packet data protocol connection.

Images