Multipoint server for providing secure, scaleable connections between a plurality of network devices
First Claim
Patent Images
1. A method comprising:
- at a multi-point server not comprised in a plurality of devices, said plurality of devices comprising a first device, a second device and a third device;
responsive to a detected mismatch in a sequence number of a communication between said first device and said second device, via a phase two restart message, restarting a first secure point-to-point connection between said first device and said second device, said first secure point-to-point connection established between said first device and said second device via at least one common encryption parameter, said at least one common encryption parameter provided to each of said plurality of devices, said at least one common encryption parameter provided responsive to a request from said third device for a second secure point-to-point connection between said third device, said second device, and said third device, said plurality of devices identified to one another.
7 Assignments
0 Petitions
Accused Products
Abstract
A method and system for implementing secure communications between a plurality of devices are provided. The method and system generally include the provision of at least one common encryption parameter to each of the plurality of devices, as well as an identification of the plurality of devices to one another. This information can be maintained and shared by interaction of the plurality of devices with a designated server device. In this way, a secure, point-to-point connection between at least two of the plurality of devices can be established.
-
Citations
20 Claims
-
1. A method comprising:
at a multi-point server not comprised in a plurality of devices, said plurality of devices comprising a first device, a second device and a third device;
responsive to a detected mismatch in a sequence number of a communication between said first device and said second device, via a phase two restart message, restarting a first secure point-to-point connection between said first device and said second device, said first secure point-to-point connection established between said first device and said second device via at least one common encryption parameter, said at least one common encryption parameter provided to each of said plurality of devices, said at least one common encryption parameter provided responsive to a request from said third device for a second secure point-to-point connection between said third device, said second device, and said third device, said plurality of devices identified to one another. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
14. A method comprising:
via a contacted server device administering a virtual private network, providing information to each of a plurality of authenticated devices of said virtual private network, said information comprising a common encryption parameter and a list of all devices of said virtual private network, said common encryption parameter adapted for use in concurrent separate and distinct point-to-point connection between;
a first device and a second device of said virtual private network, said point-to-point connection between said first device and said second device not comprising said server device;
said second device and a third device of said virtual private network, said point-to-point connection between said second device and said third device not comprising said first device or said server device, said second device not initiating a request for a point-to-point connection; and
said first device and said third device, said point-to-point connection between said first device and said third device not comprising said second device or said server device. - View Dependent Claims (15, 16, 17, 18, 19)
-
20. A method comprising:
responsive to a first security association between a server and a first device of a plurality of devices, establishing an IPsec session between said first device and a second device based on an encryption secret key, said IPsec session based upon a determined encryption secret key associated with said first device as part of said first security association, said IPsec session based upon a negotiated second security association between said server and said second device, said encryption secret key communicated to said second device as part of said second security association, said server adapted to, responsive to a detected mismatch in a sequence number between said first device and said second device, via a phase two restart message, restart said IPSec session between said first device and said second device.
Specification