The operation of the Secure TCP can be explained with ``state transition machine''. The Secure TCP state transition machine is shown in Figure 4. In ``ESTABLISHED'' state, peer entities should deal with the Secure TCP segment. Exceptionally, in the state ``RECV ESTABLISHED'', the entity deals with a received TCP segment as the Secure TCP and a TCP segment will be sent as the classical TCP.
The entity A in the Figure 2 makes a following state transmission. The entity A begins in the state ``CLOSED''. First, A sends a SYN+NEGOs segment to B actively and move to the state ``SYN SENT''. Next, A receives a SYN+ACK+NEGOr+KEYs segment, sends ACK and traverses to the state ``RECV ESTABLISHED''. In this state, A can receive only a Secure TCP segment. Finally, A receives a ACK segment and moves to the state ``ESTABLISHED'', and then begins data transfer with the Secure TCP segment.
Figure 4: State Transition Machine