Browse Prior Art Database

KICE - Kerberose IPSec Configuration Exchange

IP.com Disclosure Number: IPCOM000015834D
Original Publication Date: 2002-Sep-23
Included in the Prior Art Database: 2003-Jun-21

Publishing Venue

IBM

Abstract

KICE Kerberose IPSec Configuration Exchange This invention, Kerberose IPSec Configuration Exchange (KICE), is a method of imbedding the IPSec configuration and secret session key, within the Kerberose client authentication method to be used by the client starting the communication and the target (peer) to which the client wants to communicate with. The primary roadblock users experience when setting up a Virtual Private Network with IPSec is the configuration. IPSec was intended to be very flexible, which lead to a large variety of configuration options. This along with the problem of sharing some configuration variables, such as encryption keys, in a safe, out of band, manner. This problem has lead to the addition to security certificates, which simplify the configuration in one manner but complicate it in another, i.e. the creation and management of the security certificates and certificate issuers. Because of these configuration problems, the mainstay security technologies like kerberose remain popular. Their ease of use comes from being a client server (token server) based. Therefore the server provides a single point of authentication control. Whereas IPSec is peer to peer, and thus each peer must contain the configuration on all of the peers it will communicate with. The kerberose method only requires that the client authenticate with the kerberose server. If a client is trusted by a kerberose server then the other clients trust this client. This scheme will be illustrate later as the idea of this invention unfolds.