| CPC H04L 63/0478 (2013.01) [H04L 12/4633 (2013.01)] | 20 Claims |
|
1. A method comprising:
receiving, at a first device, a packet to be sent, over a network and in an encrypted tunnel, to a second device;
generating, at the first device, an initialization vector (IV) for the packet based at least in part on a packet number (PN) associated with the packet;
constructing, at the first device, a security header based at least in part on the PN;
encrypting, at the first device, the packet based at least in part on the IV and information associated with a security association (SA) assigned to the packet to generate an encrypted packet, including:
replacing, at the first device, user data in the packet with encrypted user data,
inserting, at the first device, an integrity checksum value (ICV) into the packet, and
inserting, at the first device, the security header into the packet; and
transmitting, from the first device, the encrypted packet to the second device in the encrypted tunnel over the network.
|