Internet protocols exist that govern packet-based communications between a host computing device and a client computing device. For example, in an Internet Protocol Security (IPsec) based virtual private network (VPN), packets relating to the exchange of keys used for encrypting and authenticating data, and packets relating to the exchange of the data itself are typically communicated between the host and client computing devices. In establishing a connection between the host and client computing devices, the keys associated with the connection are generally exchanged between the devices before the data is exchanged.
In some circumstances, multiple components (e.g. applications or application threads) residing on a client computing device may need to be in communication with one or more host computing devices within a given time period. Multiple connections between the host and client computing devices, over the same port or over different ports, may need to be established to facilitate such communications. To properly manage the connections, communications associated with the different components need to be kept separate, since they are potentially at different stages (e.g. of a key or data exchange).
Furthermore, the connections established between the host and client computing devices generally have limited lifetimes. This typically results in a periodic change of keys associated with each connection. Therefore, to properly manage the connections, communications protected by different security parameters (e.g. different keys), over one or multiple ports, also need to be kept separate.
The manner in which communications over multiple connections between a client computing device and one or more host computing devices in a VPN should be managed, however, is not explicitly addressed by current protocols commonly in use, such as IPsec.