Optimizing utilization of security parameter index (spi) space
US-2019166109-A1 · May 30, 2019 · US
Randomized SPI for distributed IPsec
US12348486B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12348486-B2 |
| Application number | US-202418610074-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 19, 2024 |
| Priority date | Oct 25, 2019 |
| Publication date | Jul 1, 2025 |
| Grant date | Jul 1, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method and computer readable software for providing randomized Security Parameter Index (SPI) for distributed Internet Protocol security (IPsec) are disclosed. In one embodiment a method includes designating each IPsec node with a unique node identifier, the IPsec node; performing a hash function on a random SPI to provide a randomized SPI; and assigning the randomized SPI to an IPsec tunnel associated with an IPsec node.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method for providing randomized Security Parameter Index (SPI) for distributed Internet Protocol security (IPsec) in a cellular telecommunications network, comprising: designating each IPsec node with a unique node identifier; performing a hash function on a random SPI to provide a randomized SPI, wherein the random SPI is a generated number over SPI space, the random SPI having a length corresponding to a full space available for use by the SPI space, and wherein the hashing is performed using a hash collision resistant algorithm; assigning the randomized SPI to an IPsec tunnel associated with the each IPsec node; splitting an IPsec subsystem into multiple IPsec virtual nodes, each of the multiple IPsec virtual node being a logical unit that will be associated with a set of IPsec tunnels, and distributing tunnels associated with the split IPsec subsystem among the multiple IPsec virtual nodes, wherein the multiple IPsec virtual nodes are thereby configured to act in a failover configuration in a cellular telecommunications network. 2. The method of claim 1 , further comprising assigning to a load balancer an IPsec node associated with the incoming IPsec packet, then forwarding the packet to the assigned IPsec node. 3. The method of claim 1 , further comprising generating the randomized SPI uniformly for statistically uniform distribution of SPIs over IPsec nodes. 4. The method of claim 1 , wherein a plurality of the IPsec nodes are eNodeBs in a Long Term Evolution (LTE) telecommunications network, and wherein the IPsec tunnels provide traffic security between the eNodeBs and an LTE core network. 5. The method of claim 1 , further comprising using a modulo operation on the randomized SPI to designate the unique node identifier. 6. The method of claim 1 , further comprising, at an IPsec terminating node, assigning the randomized SPI to the IPsec tunnel associated with the each IPsec node. 7. The method of claim 1 , further comprising, at an IPsec terminating node, splitting the IPsec subsystem into multiple IPsec virtual nodes each associated with a set of IPsec tunnels with a random SPI generated using random numbers having lengths equal to the full space available for use by the SPI space. 8. The method of claim 1 , wherein a first IPsec terminating node and a second IPsec terminating node are nodes in a Long Term Evolution (LTE) telecommunications network. 9. A non-transitory computer-readable medium containing instructions for randomized Security Parameter Index (SPI) for distributed Internet Protocol security (IPsec), which, when executed, cause a system to perform steps comprising: designating each IPsec node with a unique node identifier; performing a hash function on a random SPI to provide a randomized SPI wherein the random SPI is a generated number over SPI space, the random SPI having a length corresponding to a full space available for use by the SPI space, and wherein the hashing is performed using a hash collision resistant algorithm; assigning the randomized SPI to an IPsec tunnel associated with the each IPsec node; splitting an IPsec subsystem into multiple IPsec virtual nodes, each of the multiple IPsec virtual node being a logical unit that will be associated with a set of IPsec tunnels, and distributing tunnels associated with the split IPsec subsystem among the multiple IPsec virtual nodes, wherein the multiple IPsec virtual nodes are thereby configured to act in a failover configuration in a cellular telecommunications network. 10. The computer-readable medium of claim 9 , the steps further comprising assigning to a load balancer a node associated with the incoming IPsec packet, then forwarding the packet to the IPsec node. 11. The computer-readable medium of claim 9 , wherein a plurality of the IPsec nodes are eNodeBs in a Long Term Evolution (LTE) telecommunications network, and wherein the IPsec tunnels provide traffic security between the eNodeBs and an LTE core network. 12. The computer-readable medium of claim 9 , the steps further comprising using a modulo operation on the randomized SPI to designate the unique node identifier. 13. The computer-readable medium of claim 9 , the steps further comprising generating the randomized SPI uniformly to ensure statistically uniform distribution of SPIs over IPsec nodes.
Assignees
Inventors
Classifications
Firewall traversal, e.g. tunnelling or, creating pinholes · CPC title
Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up · CPC title
Hash functions, e.g. MD5, SHA, HMAC or f9 MAC · CPC title
based on a hash applied to IP addresses or costs · CPC title
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12348486B2 cover?
- A method and computer readable software for providing randomized Security Parameter Index (SPI) for distributed Internet Protocol security (IPsec) are disclosed. In one embodiment a method includes designating each IPsec node with a unique node identifier, the IPsec node; performing a hash function on a random SPI to provide a randomized SPI; and assigning the randomized SPI to an IPsec tunnel …
- Who is the assignee on this patent?
- Parallel Wireless Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0236. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 01 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).