An automated-key management protocol that is commonly used in automated-keyed systems is the well-known Internet Key Exchange (IKE) protocol. IKE provides a standardized method for dynamically authenticating Internet Protocol Security (IPsec) entities, negotiating security services, and generating shared keys. IKE has evolved from many different protocols and can be thought of as having various distinct capabilities. Similarly, IPsec keying information (e.g., encryption keys) is used to encrypt and decrypt information exchanged between entities nodes. The keying information may be established and maintained either manually or automatically.
An important concept that appears in both the authentication and confidentiality mechanisms for IKE/IPsec is the Security Association (SA). Authentication mechanisms often utilize authentication security associations. An authentication security association is a logical connection between peers that affords security services to the traffic carried on it. The traffic carried on the authentication security association typically includes authentication related information. An authentication security association may be uniquely identified by several parameters which may include, for example, an Initiator Cookie, Responder Cookie, a local source address and a destination address.