| 摘要 |
Techniques for enhancing security in networking environments, whereby a cryptographic node (306) negotiates a set of security parameters (a "security association") with an end node (301), on behalf of a routing node (an "edge router" 303), and then securely distributes the negotiated security parameters to the edge router (303) and/or to other edge routers (304) in the network. The disclosed negotiation techniques allow the end node (301) to physically move during the negotiation, yet still establish the security association, and the secure distribution enables the end node (301) to move seamlessly through the network yet continue communicating securely. The disclosed techniques may also be used advantageously in other environments, such as clustered server environments, and allow an end node (301) to communicate with multiple routing (303, 304) or server nodes for a variety of reasons (for example, during a hot-swap to a different server during fail-over or as a result of load balancing). |
