FI113597B - Method of sending messages over multiple communication connections - Google Patents

Description

11359 /

METHOD FOR SENDING MESSAGES THROUGH MULTIPLE CONNECTIONS

FIELD OF THE INVENTION

5

The present invention relates to a method for transmitting messages over multiple connections, in particular for transmitting secure messages.

10 BACKGROUND OF THE INVENTION

The Internet is a set of individual networks interconnected through network devices between them and acts as a single large network. Local area networks (LANs) are networks covering a relatively small geographic area 15, while Wide Area Network (WAN) links local area networks (LANs), thereby connecting geographically dispersed users.

The Open Systems Interconnection Reference Model (OSI), an Open Systems Interconnection Reference Model, describes how information from one computer software program:,: 20 passes through a network medium to another computer program application.

; ·: The OSI reference model is a concept consisting of seven layers, each defining:: certain network functions. It is now considered the preferred architectural model for communication between computers. The 7 layers of the Open System Interconnection Reference Model (OSI) are Layer 7 - Application Layer, Layer 6 - Presentation Layer, Layer 5 - 25 Session Layer, Layer 4 - Transport Layer, Layer 3 - Network Layer, Layer 2 - Data Link Layer and Layer 1 - Physical Layer.

I> · · ... ** The 7 layers of the OSI reference model can be divided into two categories, the upper layers and ·: *: the lower layers. The upper layers of the OSI model apply to applications and are generally implemented only in computer programs. Lower layers of the OSI model '; '; deal with the transport of information. The physical layer and the data link layer are implemented in: ': both hardware and software.

2 113597 The OSI model provides a concept for communication between computers, but the model itself is not a communication method. Communication itself is made possible by the use of communication protocols. In the context of networking, the protocol is a formal collection of rules and conventions that describe how a computer exchanges information in a network medium.

5

The protocol implements the functions of one or more OSI layers. Data link layer protocols, such as Ethernet, provide a service for sending and receiving packets using the physical medium in question, e.g., Ethernet. Network layer protocols, such as Internet Protocol (IP), provide a service for addressing network stations connected to a heterogeneous network and for transmitting and receiving packets between such network stations. The network layer provides a service that is ideally independent of the underlying physical medium, and thus network stations connected using different media can communicate. The network layer also provides a router service which ensures that packets sent per recipient use the optimal route. So-called routing protocols, such as RIP and OSPF for IP, are used to maintain routing information on specific network drives called routers.

: 20 Transport layer protocols provide more specialized application-oriented :: services, such as connection-oriented or offline information services, which may be reliable (secure data sharing) or unreliable. Transport Protocols: Usually provides a session multiplexing service that allows you to: maintain network session independent sessions, although network drives :: 25 only have one network address.

·: The Transmission Control Protocol (TCP) is a transport layer protocol that provides a reliable connection-oriented data stream service, while the User Datagram Protocol (UDP) is a transport layer protocol that:

30 provides an unreliable unlinked datagram service. Both TCP and UDP

* use the so-called port number for session multiplexing.

• 3 1 1 7 F Ο · 7 * I ^ ν>>

Session and presentation layer protocols provide highly specialized application-oriented services, such as conversions between different data formats, and provide reliable transmission-oriented communication. Finally, application layer protocols are very application specific and utilize other layers to provide services to application users.

The TCP / IP stack does not hold session and presentation layers. Instead, applications use transport layer protocols, such as TCP and UDP, directly.

10 Information transmitted from a software application of one computer system to a software application of another computer system passes through all OSI layers.

The Internet Protocol, IP, is a network layer (layer 3) protocol that contains address information and some management information that enables packet routing. IP is documented in RFC 791 and is the preferred network layer protocol in the Internet protocol system. Together with the Transmission Control Protocol (TCP), IP represents the core of Internet protocols. IP has two primary responsibilities; obtaining and partitioning the best available datagram distribution over the internet and reassembling datagrams: 20 to support data links with different packet sizes. IP packet contains address and more ·; i know.

• · • »·: ··: IP version 4 (IPv4) is currently a widely used version of Internet Protocol. Its main disadvantage is the small number of unambiguous public IP addresses. IP version 6:25 (IPv6) has a much larger address space that solves the most important issue currently known to IPv4. IPv6 also changes other things in the Internet Protocol, such as , how packet partitioning is done, but these changes are quite small Most protocols have different definitions of how they are used with IPv4 and IPv6: ·: There are different versions of IPSec and Mobile IP for use with IPv4 ' ': 30 and IPv6, however, such protocol changes are minor and do not: · generally change the main features of the protocol significantly.

11359 '4

In fixed networks, there are solutions to protect data and information sources from dissemination, to ensure the authenticity of data, and to protect systems from network-based attacks. IPSec is a technology that provides security.

5 IPSec security protocols (IPSec) provide the capability to secure messages across LANs, Unified and Public Remote Networks (WANs), and the Internet. IPSec can be used in various ways, such as building secure virtual private networks, securing secure access to a corporate network (remote access to IPSec), or securing communications from other organizations, ensuring authentication and confidentiality, and a key exchange mechanism. Although some applications already have built-in security protocols, using IPSec will further improve security.

IPSec can encrypt and / or authenticate traffic at the IP level. The traffic to the WAN 15 is typically encrypted and / or authenticated, and the traffic coming from the WAN is decrypted and decrypted. IPSec is defined by certain documents that contain rules for the IPSec architecture.

Two protocols are used to provide assurance at the IP level; an authentication protocol, -20, designated by the protocol header, Authentication Header (AH), and a combined *:: encryption / authentication protocol, designated by the protocol packet format,: Encapsulating Security Payload (ESP). Both AH and ESP are "'access management tools based on the distribution of encryption keys and traffic flows *" associated with these security protocols.

.- '25

Security Association (SA) is a key concept in IP authentication and i * confidentiality mechanisms. A security connection is a one-way communication between the sender and the recipient, which provides security services for the traffic it carries. If ': bidirectional relationship is required, two security connections are required.

J30; ' * *: The term IPSec connection is used in the following in place of an IPSec bundle: one or more security connections, or a bundle of one or more security connections IPSec-11359 for each direction. This term thus encompasses the protection of both one-way and two-way traffic. There is no position on the symmetry of the directions, i. the algorithms and IPSec changes used for each direction may be different.

5 The security connection is uniquely determined by three parameters. The first one, the Security Parameters Index (SPI), is assigned to this SA. The SPI is placed in the AH and ESP headers so that the recipient system can select the SA under which the received packet is processed. The IP destination address is another parameter, which is the destination destination address of the SA, which may be an end user 10 system or a network system such as a firewall or router. The third parameter, which is the security protocol identifier, indicates whether the connection is an AH or ESP security connection.

Both AH and ESP support the two methods used, transport and tunnel.

15

The transport method provides protection primarily for the upper layer protocols and extends to the payload portion of the IP packet. Typically, the transport method is used for end-to-end communication between two network stations. The transport method can be used in conjunction with the tunneling protocol (other than 20 IPSec tunneling).

A: The tunnel method provides protection for the entire IP packet and is commonly used to send messages through one or more components. The tunnel method is often used * when either or both ends of the SA are security gateways (security '/ 25 gateways), such as firewalls or routers that use IPSec.

By tunnel method, a set of networks behind firewalls ... network hosts can start secure communications without using IPSec. Unprotected packets produced by '..: network drives are tunnelled through external networks: IPSec software in firewall or backup routers by setting SA »*;' 30 tunnel method at the border of the regional grid.

1 1359: 6 To achieve this, after the AH or ESP fields have been added to the IP packet, the entire packet with its backup fields is used as the payload of a new external IP packet with a new external IP header. The entire original, or inner, packet passes through the tunnel from one point in the IP network to the other: no router along the road is able to 5 examine the inner IP packet. Because the original packet is unencapsulated, the new larger packet can have completely different source and destination addresses, which increases security. In other words, the first step in protecting the packet when using the tunnel method is to add a new IP header to the packet, so that the ΊΡ / payload package becomes ΊΡ / ΙΡ / payload. The next step is to secure the packet 10 using ESP or AH. In the case of ESP, the resulting packet is 'IP / ESP / IP / payload'. The entire inner package is covered by ESP or AH protection. AH also protects parts of the external header in addition to the entire inner package.

The IPSec tunneling method works, for example, if a network host produces 15 IP packets with a destination address on a host on another network, the packet is routed from the original network station to a Security GateVVay (SGW), firewall or other security router at the border of the first network. SGW filters all outgoing packets to determine the need for IPSec processing. If this packet from the first network station to the second network station requires IPSec, the firewall performs IPSec processing, which includes encapsulation of the packet into an external IP: header. The source IP address of this external IP header is this firewall and the destination address can be a firewall that forms the boundary of another LAN. This packet is now routed to the firewall of another network host so that the routers' only look at the external IP header. The outer IP header is removed by the firewall of the second [25 network hosts and the inner packet is delivered to the other network hub.

•> The ESP tunnel method encrypts and optionally authenticates the entire internal IP packet, including the internal IP header. In the tunnel method, AH authenticates '30 the entire inner IP packet, and selected portions of the outer IP header.

115 ^ o'7 • I U \ J S f The IPSec key management section contains the configuration and distribution of secret keys. The default IPSec automated key management protocol is ISAKMP / Oakley and is composed of the Oakley key definition protocol and the Internet Security Association and Key Management protocol (ISAKMP). Internet Key Exchange (IKE) is the newer name for the ISAKMP / Oakley protocol. IKE is based on the Diffie Hellman algorithm and supports, among other things, RSA signature authentication. IKE is based on the Diffie-Hellman algorithm but provides additional security and is common in the sense that it can be easily extended.

10 Routing means moving information from one source to another on the Internet. Usually at least one intermediate station is used during the trip. Routing involves both determining the optimal routing route and carrying the data packets. Routing algorithms launch and maintain routing tables that contain routing information. The routers communicate with each other and maintain their routing tables by sending various messages. A routing update message is one message that generally includes all or part of a routing table.

Usually, an IP packet is routed using the unicast paradigm. Unicast means that a packet is sent to a particular receiver using a single route. Multicasting.: 20 is a method of transmitting a particular packet to multiple "interested" recipients ·: (e.g., listeners of a particular multimedia stream), while broadcasting is a method of transmitting a packet to all local network stations (or to all network stations on a given network).

«* ♦ *» »: ...: 25 n-Casting (as the term is used throughout this document) is a method of transmitting a particular packet to a particular network station using multiple paths; especially it is ···: * unicasting n times. This is usually done to ensure that the receiver »I * • · '·; · * receives at least one copy of the packet in case one of the routers crashes. One application of n-"*: Casting is to ensure that the connectivity between two networks» · »30 (eg, business locations) is stable by running n-Casting on packets through networks used by various Internet Service Providers, ISPs. If one ISP crashes fti nla tnHannahit please contact mmi + boetnunt τΛ:. ~ —----- "- 11359: 7 8 to ensure that packets arrive at the destination network station when the network station is mobile and is switching from one network to another. In this case, the packet would undergo bicast, i.e., transmission to both networks, or, generally speaking, n-cast to all networks to which the mobile network station would potentially change.

5 The primary problem with n-casting is that it produces duplicate packages. A duplicate packet is any copy of a packet received after the initial first reception of said packet. For example, if a packet is transmitted three times, there is only one original receipt and two duplicate packets. There are no automatic methods for avoiding such duplicates and thus higher layer protocols receive and process duplicates. For example, TCP, which is a higher-layer protocol, performs poorly when it receives duplicate packets.

Another problem occurs when a mobile terminal (MT) intends to move from one wireless access network to another. Usually, the radio coverage of two or more networks with which the radio of a mobile terminal can communicate overlaps. Thus, for a certain time before moving to a new access network, the mobile terminal is able to communicate with both the current and the new network. The mobile terminal may not be able to decide what is the optimal migration time and thus it would be useful to be able to receive packets using both networks at the same time to avoid ... packet loss.

A well-known solution for mobile IP using the so-called mobile IP technology offers. * ··. 25 using this technique, so-called simultaneous bindings, which cause the home agent to perform n-casting of packets on the mobile terminal; ·. ·. through all registered networks.

The problem is that the mobile terminal receives duplicate packets when 30 simultaneous bindings are used. The higher-layer protocols receive duplicates (protocols above the IP layer) that rotate at the mobile terminal network station.

1 1359: 7 9

As discussed above, multiple transport and application protocols do not handle duplicate packages well. One important example is the Transmission Control Protocol (TCP), which has problems handling duplicate packets. For example, the so-called TCP fast retransmissions and fast recovery algorithms 5 work poorly with duplicate packets.

Stream Control Transmission Protocol (SCTP) is a recent transport layer protocol defined for the Internet Protocol. The SCTP allows a transport session to be associated with more than one IP address, i.e., the endpoints of transport session 10 are not necessarily individual addresses but groups of addresses. SCTP has its own duplicate blocking mechanism, which recognizes duplicate transmissions, regardless of the addresses at the transport session endpoints used to send the packet in question. However, this solution does not work well with all high-layer protocols and is not suitable for secure transmissions because each secure transmission 15 would require a separate connection to be set up.

The following is a list of useful references for understanding the technology behind the invention.

20

REFERENCES

'*' IP in general, UDP and TCP: • 1 [RFC768] • »J. Postel, User Datagram Protocol, RFC 768, August 1980. ftp://ftP.isi.edu/in-notes/rfc768.txt i [ RFC791] 30 J. Postel, Internet Protocol, RFC 791, September 1981.

ftp://ftD.isi.edu/in-notes/rfc791 .txt »1 1359: 7 10 (RFC792] J. Postel, Internet Control Message Protocol, RFC 792, September 1981. ftp://ftp.isi.edu /in-notes/rfc792.txt 5 [RFC793] J. Postel, Transmission Control Protocol, RFC 793, September 1981. ftp://ftp.isi.edu/in-notes/rfc793.txt [RFC826] 10 DC Plummer, An Ethernet Address Resolution Protocol, RFC 826, November 1982.

ftp://ftp.isi.edu/in-notes/rfc826.txt [RFC2460]

15 S. Deering, R. Hinden, Internet Protocol, Version 6 (IPv6) Specification, RFC

2460, December 1998.

Mobile IP; IP-IP; DHCP: 20 [RFC2002] \\ C. Perkins, IP Mobility Support, RFC 2002, October 1996.

* '· "Ftp://ftp.isi.edu/in-notes/rfc2002.txt • · * •» * ·: ··: [RFC2003] ·: * · 25 C. Perkins, IP Encapsulation Within IP, RFC 2003, October 1996.

ftp://ftp.isi.edu/in-notes/rfc2003.txt • · * [RFC2131] R. Drams, Dynamic Host Configuration Protocol, RFC 2131, March 1997.

30 ftp://ftp.isi.edu/in-notes/rfc2131 .txt [RFC3115]: G. Dommety, and K. Leung, Mobile IP Vendor / Organization-Specific Extensions,: RFC 3115, April 2001.

117κΟ '^ II \ J y ftp://ftD.isi.edu/in-notes/rfc3115.txt [M0BILEIPv6] DB Johnson, C. Perkins, Mobility Support in IPv6, Work in Progress (Internet-5 Draft is available) , July 2000.

[DHCPV6] J. Bound, M. Carney, C. Perking, R.Droms, Dynamic Host Configuration Protocol for IPv6 (DHCPv6), Work in Progress (Internet-Draft is Available), June 10, 2001.

IPsec Standards: [RFC2401]

15 S. Kent, and R. Atkinson, Security Architecture for the Internet Protocol, RFC

2401, November 1998. ftp://ftp.isi.edu/in-notes/rfc24Q1.txt [RFC2402] 20 S. Kent, and R. Atkinson, IP Authentication Header, RFC 2402, November 1998.

: /. ftp://ftp.isi.edu/in-notes/rfc2402.txt: /: [RFC2403]

·: ··: C. Madson, R. Glenn, The Use of HMAC-MD5-96 within ESP and AH, RFC

*: ··: 25 2403, November 1998.

• · · · · [RFC2404] C. Madson, R. Glenn, The Use of HMAC-SHA-1 -96 within ESP and AH, RFC ,. 2404, November 1998.

v 30 [RFC2405] C. Madson, N. Doraswamy, The ESP DES-CBC Cipher Algorithm With Explicit IV, RFC 2405, November 1998.

1 1359: 7 12 [RFC2406] S. Kent, and R. Atkinson, IP Encapsulating Security Payload (ESP), RFC 2406, November 1998.

ftp://fto.isi.edu/in-notes/rfc2406.txt 5 [RFC2407] D. Piper, The Internet IP Security Domain of Interpretation for ISAKMP, RFC 2407, November 1998.

ftp://ftp.isi.edu/in-notes/rfc2407.txt 10 [RFC2408] D. Maughan, M. Schneider, M. Schertler, and J. Turner, Internet Security Association and Key Management Protocol (ISAKMP), RFC 2408, November 1998.

15 ftp://ftp.isi.edu/in-notes/rfc2408.txt [RFC2409] D. Harkins, and D. Carrel, The Internet Key Exchange (IKE), RFC 2409, November 1998.

20 ftp://ftp.isi.edu/in-notes/rfc2409.txt * · i [RFC2410]

: R. Glenn, S. Kent, The NULL Encryption Algorithm and Its Use With IPsec, RFC

: ': 2410, November 1998.

·; = 25 O [RFC2411] R. Thayer, N. Doraswamy, R. Glenn, IP Security Document Roadmap, RFC., I i * 2411, November 1998.

: -: 30 * * * 13 1 1 * ς O '' I! ^ ✓ [RFC2412] H. Orman, The OAKLEY Key Determination Protocol, RFC 2412, November 1998.

5 NAT: [RFC2694] P. Srisuresh, G. Tsirtsis, P. Akkiraju, and A. Heffernan, DNS Extensions to Network Address Translators (DNS_ALG), RFC 2694, September 1999.

10 [RFC3022] P. Shisuresh, K. Egevang, Traditional IP Network Address Translator (Traditional NAT), RFC 3022, January 2001. fto: //ftD.isi.edu/in-notes/rfc3022.txt 15

OBJECT OF THE INVENTION

The invention relates to a method which solves the problems associated with duplicate packets.

t *: 25 DESCRIPTION OF THE INVENTION • »

In the method of the invention, the message is sent and received more '. t over a single secure communication link in a communication network comprising at least »two computers between which communication links are provided. Outgoing message; '30 is processed on the sending computer for secure transmission and the secure I ♦ message is assigned an identifier. The processed message is sent from the first computer ':: to the second computer over said at least two secure communication links. The other 14 1Ί 3 5 9 7 computer receives and accepts the first of the messages, while all subsequent messages with the same ID as the one already accepted and received are rejected.

The secure communication link between the two computers is an IPSec connection, whereby one or both computers can be either the end point of the entire connection (where the message is sent), i.e.. a non-router network drive, or it can be a router for one or more networks.

The transport method can be used with IPSec if both computers are non-router network drives, while the IPSec tunnel method can be used if 10 one or both computers are routers. The IPSec tunnel method can be used instead of the transport method. The IPSec transport method together with the tunneling protocol, such as the Layer 2 Tunneling Protocol (L2TP), can be used instead of the IPSec tunneling method. Thus, the IPSec methods are interchangeable.

15

In the method, a particular packet may be transmitted over multiple communication links and possibly multiple times over the same link.

In the invention, the IPSec security connection (SA) definition is modified to exclude the IPSec j 20 tunnel endpoint (s) from the IPSec SA definition itself.

: This allows the same SA to be used to send packets through different v 'paths. This means that in SA, which is normally defined by the SPI, the destination address and: protocol (ESP / AH) are defined, the identification is now defined by the SPI and protocol <: (ESP / AH). The address field is either ignored or attached to the address layout.

Using IPSec replay protection technology based on the IPSec serial number field and the replay protection window, duplicate packets are identified and discarded by the invention at the receiving IPSec endpoint.

30 This occurs because, according to said technology, messages having the same sequence number and the same SPI are received only once. In the prior art, it was not possible to assign the same serial number to packets that were sent via different routing because SAs were always inseparably defined by both addresses and SPI (and protocol).

Since the same SA is used in the invention to perform n-casting 5 of IPSec packets, each n-cast packet has the same serial number and the same SPI and thus participates in the same replay protection process. Only one of the n-cast packets is accepted at the receiving IPSec tunnel endpoint.

The invention described uses the same logical SA in each security connection. Although the 10 assigned tunnel endpoint addresses are different in different communication links, the invention allows packets to be accepted from multiple tunnel endpoint addresses if IPSec processing is otherwise successful (i.e., decryption and authentication are performed properly).

The invention is specifically intended for the network layer (layer 3), which is advantageous because the solution is independent of the transport and application protocols used. Thus, it utilizes all higher-layer protocols, including, for example, TCP, UDP and SCTP.

; .: The 20 SCTP protocol supports transport sessions associated with the address set as session * i endpoints. However, the current IPSec does not directly support such a model. The method of the invention can be used in combination with SCTP. This allows e.g.

"• 'i use the same logical SA to use for traffic protection any SCTP

between endpoints without the need for a separate IPSec connection for each '·. ,: 25 address pairs.

..There are solutions for handling duplicate packets in transport layer, '' 'application layer and other layers that are higher than network layer.

The invention is intended to operate in a network layer, i. to improve the quality of network service in transit and higher layers. By the invention 'j'; has the following benefits. First, the Transport layer and the higher layers are not aware of the protection of duplicate packets. This is important because many protocols do not

1 I

11359/16 provide your own protection against duplicates. Some protocols provide a method for handling duplicates, but the performance of such packets may be significantly lower in some protocols, such as TCP. Second, protection against duplicate packets applies to all protocols that use the invention, regardless of the protocol in question. Third, the invention can be implemented e.g. in the form of an add-on for a particular operating system. There is no need to change the existing program code for the TCP protocol, for example.

The advantages of the invention are that the complete IPSec processing only needs to be performed once, although the same packet was transmitted several times. In addition, n-Casting according to the invention does not produce duplicate packets on networks located behind security gateways. In addition, with the invention, the strength of the coupling positions is significantly increased.

15

Examples of scenarios in which the invention can be used are fixed networks where the IPSec link is between proxy computers connected to the network drive terminals. The invention can also be used in mobile networks where duplicate messages must be sent through two access network routers as the mobile terminal moves from one network to another.

•; In particular, it is stated that the invention can be applied to both versions of IPv4 and IPv6.

·. In a later mentioned alternative, the method is applied to the mobile terminal problem when switching from a first access network served by a first ·· access router (AR1) to a second access network served by a second access router (AR2), which is described in the prior art section.

; v: In this embodiment, the IPSec packets that are targeted to the mobile terminal are transmitted through both AR1 and AR2. Duplicates are eliminated using the IPSec replication protection mechanism on the mobile terminal, i. using an IPSec serial number and 30 playback windows. The serial number is the same for every n-casting copy, so that the higher layer protocols of the mobile terminal never see duplicates.

) I

17 1 1 7 Γ o I f ^.

IPSec SA is still between the mobile terminal and the network station that sent the message or server, if one exists.

When the invention utilizes modified IPSec processing, it means that the secure communication link otherwise conforms to the IPSec standard except for the new method that defines and generates IPSec SA, which is however a very important and inventive change and has a beneficial effect, that it allows you to send secure messages over multiple links, while avoiding duplicates. A new type of secure connection is called modified IPSec when using this method to establish a secure communication link because the described change in IPSec processing requires a change in the IPSec processing code. The magnitude is very small, in most cases less than a few hundred lines of code, which is why in this embodiment the secure communication link is called modified IPSec.

15

In the following, the invention will be described with reference to the following figures. However, the invention is not intended to be limited to their details.

20 FIGURES

Figure 1 illustrates a network for transmitting standard prior art IPSec messages.

Figure 2 illustrates a network for transmitting messages over multiple links.

Figure 3 illustrates a method according to the invention applied to the network "" of Figure 2: applied.

Figure 4 illustrates a network using the method of Figure 5.

Figure 5 illustrates another embodiment of the invention.

1 Ή ^ ο · „Ί3 I I o J χ

DETAILED DESCRIPTION

Figure 1 illustrates a network in which two networks are interconnected using an IPSec tunnel between security gateways SGW1 and SGW2 (IPSec network stations). IPSec SA 5 relates to the (static) addresses used by SGW1 and SGW2 for their communication, i. their public addresses.

The problem in this scenario is that the IPSec tunnel packets file through a single route on the network between SGW1 and SGW2 (e.g., public Internet). If the 10 routers on the route crash, it will take some time before the route is recalculated. If there is no other router to replace the failed one, the entire route will crash and the connection between the networks will be lost.

In Figure 2, each packet may be transmitted over a plurality of independent proxy networks 15; eg ISP contracts can be made. Assuming that ISPs use independent packet routing mechanisms (at least to some extent), networks would be more resistant if used concurrently.

The problem with using standard IPSec in this scenario is that a particular packet: 20 is sent through separate IPSec tunnels - one tunnel for each ISP network - and the packets are thus amplified in SGW2. There is no actual mechanism for separating duplicates caused by 3-casting, in this example. IPSec packets are also processed (encrypted and / or authenticated)., ..: three times in this example, using considerable computing.

25

In the invention, all duplicate messages are transmitted using the same logical IPSec • ''; SAs, although they are transmitted via different routes.

• · I I>: v. Fig. 3 illustrates the method of the invention used in Fig. 2. 30 online. Network station X sends a specific packet message (step 1 of Figure 3) '. through security passage 1 followed by the following steps.

»T 1 1 · * · · · i · 11359; 19

The packet message is first received by SGW1 and goes through IPSec processing. The IPSec procedure implies that the packet must be tunneled by IPSec using triple sending. The packet is subjected to IPSec processing (tunnel method) and the previously unused serial number is marked on the tunnel packet (step 2).

The IPSec processed packet is then transmitted through each connection. In Figure 3, this is illustrated by the fact that the packet is transmitted in step 3 through ISP 1, in step 3 'through ISP2 and in step 3' through ISP 3. SGW2 will then receive all of these packages. In fact, this may happen so that only some of the packets will be received by SGW2 due to e.g. poor communication.

In the method of sending packet messages over a particular connection, the external source address is a secure communication link (local tunnel endpoint address), and possibly the outer destination address is modified for each ISP network. Each packet is 15 identical except for external addresses which are modified for multiple sending, n-casting. However, each such packet has the same serial number as given in step 2. Note that IPSec (Encryption and / or Authentication) is performed only once, no matter how many times the packet is transmitted.

20 The IPSec AH change authenticates the address fields of the outer IP header and therefore requires special processing. The AH authentication value can be recalculated for each n-copy transmission - the value changes as the outer addresses change - or else the implementation does not take into account the external addresses for AH authentication. What 25 of these processing options are used can either be configured manually or negotiated when setting up a security connection using eg IKE. ESP; ' · '; the change is sufficient for almost all purposes, especially if the tunnel method is used.

. . The tri-transmitted packets pass through IPSec networks independently and SGW2 takes; 30 against all or some of them. If the connection is poor, it is of course possible that '. all disappear. However, the likelihood that all packets will be lost is significantly less than if multiple sending, n-casting, were not used.

20 1 17 1; ο: I I O \ J s;

The first tri-transmitted packet received by SGW2 is accepted after the IPSec check, i. verifying the serial number relative to the SPI on the current IPSec security connection (SA). The first of these packets received by SGW 2 is accepted because the packet serial number has not been used before 5 because SGW2 has not received a packet having that serial number before.

This means that SGW2 forwards the first accepted packet to network station Y in step 5, which in this example is assumed to be transmitted through ISP1.

10

The rest of the packets sent three times also arrive at SGW2, but are discarded because they are duplicates, i. because they have the same serial number as the first packet that had this SPI, they will not be accepted and will therefore be rejected in step 5 'and step 5'.

15

Thus, IPSec processing is performed only in SGW2 and the packet is sent through YG at least once to SG. IPSec serial number verification should preferably be done before IPSec processing (decryption and / or authentication). The possibility that at least one of the multiple packets sent to Y is received; 20 increases with the number of connections available.

The method of Figure 5 is used in the network of Figure 4. 4. | The network according to FIG. 4 comprises a network station X served by a server in FIG. 4 which is called;; ··: called a SERVER and is connected to at least two networks, NETWORK01 and: NETWORK02. The mobile terminal MT receives messages transmitted from the network station X through the network 1 via the first access router AR1. When the mobile terminal MT moves (indicated by an arrow in Figure 4) to another network, NETWORK02, the handover is made such that the mobile terminal ': begins to receive messages via the second access router AR2 instead of the first.

: 30 In Figure 5, the network station X transmits a message to the mobile terminal MT. The message is being routed. through a server called "" SERVER "in Figure 4, which shares the IPSec tunnel method with the SA mobile terminal. When the mobile terminal is sometimes unable to determine 11359 "21 because it is optimal to switch AR1 usage to AR2, it is useful to receive packets from network station X over both networks at the same time. This improves the likelihood that all packets will be received at least once radio coverage is 5 weak or unpredictable.

In step 2, the IPSec processing is performed on the packet message and a unique serial number is assigned to the message. The message shown in step 2 is forwarded through both routers AR1 and AR2 in step 3 and respectively. 3 'and further of these in steps 4 and 4' 10 for the mobile terminal.

Only the first of the messages coming to the mobile terminal arrives up to the higher protocols and is received (step 5). Another packet having the same serial number and the same SPI is discarded in step 5 'before it reaches the higher protocols and thus the higher layer protocols never see duplicates.

IPSec SA can be configured manually or using any key exchange protocol. With the current IPSec key exchange protocol, IKE can handle duplicate packets if they occur, so that it is possible to send multiple IKEs per se with careful implementation. However, multiple transmission of IKE is not a requirement for multiple transmission of IPSec packets.

. The automatic negotiation of IPSec Multiple Send using 25 eg IKE requires some kind of plug-in detectors. IKE has so-called Vendor ID payload fields, which are used for extension purposes in IKE.

: '' [; Automatic conferences may include, but are not limited to: ► '»· · ·. 30 Whether multiple posting is accepted or not; this also means that both parties agree on how IPSec tunnel endpoint address processing is performed when packets are received. 11359 of both; The modified IPSec SA definition must be supported by 22 parties for the purpose of multiple upload, n-casting. In the case of AH, network stations may negotiate how external IP addresses are handled, i. is an AH authenticator that is recalculated many times for each packet transmitted, or is an external IP-5 address that is not considered for AH authentication calculation purposes.

What is the maximum number of packets that are received for each received packet, i. value 'n' in n-casting. A value of 5 indicates that up to five packets may be generated while a particular packet is being processed.

10 addresses used for n-casting. Dynamically selected ones can also be used.

The method of the invention can be extended in several ways. For example, in a VPN (Virtual Private Network) scenario, security gateways can only use 15 specific connections available and only start using more when there are problems with the connection. For example, security gateways could be used for public Internet access in a number of cases, but when a measured packet rejection rate rises above a certain threshold, a borrowed line connection is introduced (which is more expensive but also more reliable). Essentially, the sender has to choose how large the n, 20 casting operation would be.

ί i

The graph can also be expanded to include traffic types. For example, suppose we have a fast but unreliable general Internet connection between SGW1 and SGW2 and also a slow but more reliable connection. All traffic would be sent through 25 Internet connections but only important traffic through a reliable connection.

Determining how many times and through which connection a particular packet is transmitted is not essential to the invention. Several algorithms have been introduced and there are many others that fit specific needs.

ί-one; 30

When packets are sent over a particular network, it is possible that inside the network the router will produce duplicate packets either accidentally or intentionally. Thus, for example, if the packet is transmitted three times, it may be received more than three times due to such duplicates. The invention automatically addresses this case using the same serial number mechanism.

It is also possible and useful to send a packet over a given connection more than once to increase the probability of receiving. This may be the case when a particular traffic stream is important but has a much lower data rate than the connection.

An IPSec transport method application is also possible. Then, the sender and the 10 recipients do not care about the source and / or destination IP addresses of the IPSec SA when processing the packet. SPIs are selected by ensuring that there are no conflicts with the SPI. Of course, the IPSec transport method can be combined with an external tunneling protocol, such as the Layer 2 Tunneling Protocol (L2TP).

The invention may be used in IP networks, e.g., IPv4 and IPv6 networks, but is by no means specific to these and may be used with different versions of IP or the like and also future versions of IPSec.

When packets are transmitted multiple times, a particular packet may be transmitted over several different links and possibly multiple times over the same link, thereby increasing the likelihood of being received over a particular link.

The invention is not limited to any particular transmission medium. Wireless networks »». * ··. such as GSM or cdma2000, can be used simultaneously with wireless Ethernet * · «25 (IEEE 802.11, also known as WLAN), Ethernet wired networks or Bluetooth networks, for example.

• · • * *

The invention can be used in various network topologies. In one scenario, there are only two network stations between which a message is transmitted and an IPSec SA set up between these network stations. In a different scenario, there could be two network stations or networks with security gateways in between, whereby IPSec SA would be set up between the security gateways.

11359Γ 24

A third example of a scenario is one in which the invention could be used to have, for example, only one security gateway for a network and a network station on the other side. In that case, IPSec SA would be set up between the network station and the security gateway.

Claims (9)

A method for sending and receiving messages over more than one secure communication link in a communication network comprising at least two computers between which the communication links are established, characterized by a) processing a message at said first computer for secure transmission and signing an identity b) sending the processed message from the first date to the second date over said at least two secure communication links to the second date, c) accepting and receiving the first of the messages sent in step b), which received by the second computer; Method according to claim 1, characterized in that the secure communication link between said two computers is an IPSec connection, the. one or both of which may either be the end point of the complete connection over which the message is transmitted, i.e. a non-router, or can act as a router for one or more networks. Method according to claim 2, characterized in that the transport model or the tunnel model is used for the IPSec connection, if both computers are endpoints of the connection. <* Method according to claim 3, characterized in that the IPSec v. Tunnel model is used if one or both of the computers function as a router. 30 Method according to claim 3, characterized in that a separate tunnel protocol can be used with the IPSec transport model. 11359 / Method according to claim 5, characterized in that the separate tunnel protocol is the Layer 2 Tunneling protocol (L2TP). Method according to any of claims 1-6, characterized in that in the method, a given packet can be transmitted through each communication link only once and / or several times. Method according to any of claims 1-7, characterized in that the secure communication link formed in step a) is a modified IPSec SA, as defined by the Security Parameter Index (SPI) field and protocol (AH or ESP) and possibly a set of destination addresses. ». r · »» · »· · • * • · I · * • · • · •»