SYSTEM AND METHOD FOR PROTECTED SPOKE TO SPOKE COMMUNICATION USING AN UNPROTECTED COMPUTER NETWORK
First Claim
Patent Images
1. A method comprising:
- registering a spoke with a hub;
updating a hub registration table with spoke registration information;
sending the updated hub registration table to a plurality of registered spokes;
using the updated hub registration table at a sending spoke to encrypt traffic to be sent to another spoke; and
using the updated hub registration table at a receiving spoke to decrypt traffic received from another spoke.
1 Assignment
0 Petitions
Accused Products
Abstract
Various embodiments of the disclosed subject matter provide methods and systems for improved efficiency and security in spoke-to-spoke network communication. Embodiments provide systems and methods for registering a spoke with a hub, updating a hub registration table with spoke registration information, sending the updated hub registration table to a plurality of registered spokes, using the updated hub registration table at a sending spoke to encrypt traffic to be sent to another spoke, and using the updated hub registration table at a receiving spoke to decrypt traffic received from another spoke.
41 Citations
31 Claims
-
1. A method comprising:
-
registering a spoke with a hub; updating a hub registration table with spoke registration information; sending the updated hub registration table to a plurality of registered spokes; using the updated hub registration table at a sending spoke to encrypt traffic to be sent to another spoke; and using the updated hub registration table at a receiving spoke to decrypt traffic received from another spoke. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
registering a spoke with a hub by providing spoke registration information including an IP address, a subnet, and a public key value for a registering spoke; updating a hub registration table with the spoke registration information; and sending the updated hub registration table to a plurality of registered spokes. - View Dependent Claims (10, 11)
-
-
12. A method comprising:
-
determining if a tunnel has been established between a first spoke and a second spoke; and if a tunnel has not been established between the first spoke and the second spoke, obtaining a subnet and a corresponding public key value of the second spoke from a hub registration table, combining the public key value of the second spoke with a private key value of the first spoke to form an encryption key, using the encryption key to create a tunnel between the first spoke and the second spoke, and sending encrypted traffic via the tunnel. - View Dependent Claims (13, 14)
-
-
15. A method comprising:
-
receiving encrypted traffic from a first spoke; determining if a tunnel has been established between the first spoke and a second spoke; and if a tunnel has not been established between the first spoke and the second spoke, obtaining an IP address of the first spoke and a corresponding public key value of the first spoke from a hub registration table, combining the public key value of the first spoke with a private key value of the second spoke to form a decryption key, using the decryption key to create a tunnel between the first spoke and the second spoke, and decrypting the encrypted traffic received via the tunnel. - View Dependent Claims (16, 17)
-
-
18. An apparatus comprising:
-
means for registering a spoke with a hub; means for updating a hub registration table with spoke registration information; means for sending the updated hub registration table to a plurality of registered spokes; means for using the updated hub registration table at a sending spoke to encrypt traffic to be sent to another spoke; and means for using the updated hub registration table at a receiving spoke to decrypt traffic received from another spoke. - View Dependent Claims (19, 20, 21, 22)
-
-
23. An apparatus comprising:
-
means for receiving encrypted traffic from a first spoke; means for determining if a tunnel has been established between the first spoke and a second spoke; and if a tunnel has not been established between the first spoke and the second spoke, means for obtaining an IP address of the first spoke and a corresponding public key value of the first spoke from a hub registration table, means for combining the public key value of the first spoke with a private key value of the second spoke to form a decryption key, means for using the decryption key to create a tunnel between the first spoke and the second spoke, and means for decrypting the encrypted traffic received via the tunnel. - View Dependent Claims (24, 25)
-
-
26. An article of manufacture comprising at least one machine readable storage medium having one or more computer programs stored thereon and operable on one or more computing systems to:
-
register a spoke with a hub; update a hub registration table with spoke registration information; send the updated hub registration table to a plurality of registered spokes; use the updated hub registration table at a sending spoke to encrypt traffic to be sent to another spoke; and use the updated hub registration table at a receiving spoke to decrypt traffic received from another spoke. - View Dependent Claims (27)
-
-
28. An article of manufacture comprising at least one machine readable storage medium having one or more computer programs stored thereon and operable on one or more computing systems to:
-
receive encrypted traffic from a first spoke; determine if a tunnel has been established between the first spoke and a second spoke; and if a tunnel has not been established between the first spoke and the second spoke, obtain an IP address of the first spoke and a corresponding public key value of the first spoke from a hub registration table, combine the public key value of the first spoke with a private key value of the second spoke to form a decryption key, use the decryption key to create a tunnel between the first spoke and the second spoke, and decrypt the encrypted traffic received via the tunnel. - View Dependent Claims (29)
-
-
30. A system comprising:
-
a hub to retain a hub registration table; and one or more spokes in data communication with the hub via a network, the spokes being programmed to; register with the hub; receive an updated hub registration table from the hub; use the updated hub registration table at a sending spoke to encrypt traffic to be sent to another spoke; and use the updated hub registration table at a receiving spoke to decrypt traffic received from another spoke. - View Dependent Claims (31)
-
Specification