SYSTEM AND METHOD FOR PROTECTED SPOKE TO SPOKE COMMUNICATION USING AN UNPROTECTED COMPUTER NETWORK

US 20070271451A1
Filed: 05/22/2006
Published: 11/22/2007
Est. Priority Date: 05/22/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

registering a spoke with a hub;

updating a hub registration table with spoke registration information;

sending the updated hub registration table to a plurality of registered spokes;

using the updated hub registration table at a sending spoke to encrypt traffic to be sent to another spoke; and

using the updated hub registration table at a receiving spoke to decrypt traffic received from another spoke.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments of the disclosed subject matter provide methods and systems for improved efficiency and security in spoke-to-spoke network communication. Embodiments provide systems and methods for registering a spoke with a hub, updating a hub registration table with spoke registration information, sending the updated hub registration table to a plurality of registered spokes, using the updated hub registration table at a sending spoke to encrypt traffic to be sent to another spoke, and using the updated hub registration table at a receiving spoke to decrypt traffic received from another spoke.

41 Citations

View as Search Results

31 Claims

1. A method comprising:
- registering a spoke with a hub;
  
  updating a hub registration table with spoke registration information;
  
  sending the updated hub registration table to a plurality of registered spokes;
  
  using the updated hub registration table at a sending spoke to encrypt traffic to be sent to another spoke; and
  
  using the updated hub registration table at a receiving spoke to decrypt traffic received from another spoke.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as claimed in claim 1 including determining if a tunnel has been established with the receiving spoke.
  - 3. The method as claimed in claim 2 including sending the encrypted traffic via the tunnel, if a tunnel has been established with the receiving spoke.
  - 4. The method as claimed in claim 2 including, if a tunnel has not been established with the receiving spoke, obtaining a subnet and a corresponding public key value of the receiving spoke from the updated hub registration table, combining the public key value of the receiving spoke with a private key value of the sending spoke to form an encryption key, using the encryption key to create a tunnel to the receiving spoke, and sending the encrypted traffic via the tunnel.
  - 5. The method as claimed in claim 1 wherein registering a spoke with a hub further including providing spoke registration information including an IP address, a subnet, and a public key value for a registering spoke.
  - 6. The method as claimed in claim 5 including, if a tunnel has not been established with the receiving spoke, obtaining the subnet and the corresponding public key value of the receiving spoke from the updated hub registration table, combining the public key value of the receiving spoke with a private key value of the sending spoke to form an encryption key, using the encryption key to create a tunnel to the receiving spoke, and sending the encrypted traffic via the tunnel.
  - 7. The method as claimed in claim 1 wherein the hub maintains the updated hub registration table.
  - 8. The method as claimed in claim 1 wherein traffic to be sent to another spoke is encrypted using a Diffie-Hellman keyhub registration table.

9. A method comprising:
- registering a spoke with a hub by providing spoke registration information including an IP address, a subnet, and a public key value for a registering spoke;
  
  updating a hub registration table with the spoke registration information; and
  
  sending the updated hub registration table to a plurality of registered spokes.
- View Dependent Claims (10, 11)
- - 10. The method as claimed in claim 9 including determining if a tunnel has been established between a first spoke and a second spoke.
  - 11. The method as claimed in claim 10 including, if a tunnel has not been established between a first spoke and a second spoke, obtaining the subnet and the corresponding public key value of the second spoke from the updated hub registration table, combining the public key value of the second spoke with a private key value of the first spoke to form an encryption key, using the encryption key to create a tunnel between the first spoke and the second spoke, and sending encrypted traffic via the tunnel.

12. A method comprising:
- determining if a tunnel has been established between a first spoke and a second spoke; and
  
  if a tunnel has not been established between the first spoke and the second spoke, obtaining a subnet and a corresponding public key value of the second spoke from a hub registration table, combining the public key value of the second spoke with a private key value of the first spoke to form an encryption key, using the encryption key to create a tunnel between the first spoke and the second spoke, and sending encrypted traffic via the tunnel.
- View Dependent Claims (13, 14)
- - 13. The method as claimed in claim 12 wherein a hub maintains the hub registration table.
  - 14. The method as claimed in claim 12 wherein encrypted traffic to be sent via the tunnel is encrypted using a Diffie-Hellman key.

15. A method comprising:
- receiving encrypted traffic from a first spoke;
  
  determining if a tunnel has been established between the first spoke and a second spoke; and
  
  if a tunnel has not been established between the first spoke and the second spoke, obtaining an IP address of the first spoke and a corresponding public key value of the first spoke from a hub registration table, combining the public key value of the first spoke with a private key value of the second spoke to form a decryption key, using the decryption key to create a tunnel between the first spoke and the second spoke, and decrypting the encrypted traffic received via the tunnel.
- View Dependent Claims (16, 17)
- - 16. The method as claimed in claim 15 wherein a hub maintains the hub registration table.
  - 17. The method as claimed in claim 15 wherein the encrypted traffic is encrypted using a Diffie-Hellman key.

18. An apparatus comprising:
- means for registering a spoke with a hub;
  
  means for updating a hub registration table with spoke registration information;
  
  means for sending the updated hub registration table to a plurality of registered spokes;
  
  means for using the updated hub registration table at a sending spoke to encrypt traffic to be sent to another spoke; and
  
  means for using the updated hub registration table at a receiving spoke to decrypt traffic received from another spoke.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The apparatus as claimed in claim 18 including means for determining if a tunnel has been established with the receiving spoke.
  - 20. The apparatus as claimed in claim 19 including means for sending the encrypted traffic via the tunnel, if a tunnel has been established with the receiving spoke.
  - 21. The apparatus as claimed in claim 19 including, if a tunnel has not been established with the receiving spoke, means for obtaining a subnet and a corresponding public key value of the receiving spoke from the updated hub registration table, means for combining the public key value of the receiving spoke with a private key value of the sending spoke to form an encryption key, means for using the encryption key to create a tunnel to the receiving spoke, and means for sending the encrypted traffic via the tunnel.
  - 22. The apparatus as claimed in claim 18 wherein the means for registering a spoke with a hub further including means for providing spoke registration information including an IP address, a subnet, and a public key value for a registering spoke.

23. An apparatus comprising:
- means for receiving encrypted traffic from a first spoke;
  
  means for determining if a tunnel has been established between the first spoke and a second spoke; and
  
  if a tunnel has not been established between the first spoke and the second spoke, means for obtaining an IP address of the first spoke and a corresponding public key value of the first spoke from a hub registration table, means for combining the public key value of the first spoke with a private key value of the second spoke to form a decryption key, means for using the decryption key to create a tunnel between the first spoke and the second spoke, and means for decrypting the encrypted traffic received via the tunnel.
- View Dependent Claims (24, 25)
- - 24. The apparatus as claimed in claim 23 wherein a hub maintains the hub registration table.
  - 25. The apparatus as claimed in claim 23 wherein the encrypted traffic is encrypted using a Diffie-Hellman key.

26. An article of manufacture comprising at least one machine readable storage medium having one or more computer programs stored thereon and operable on one or more computing systems to:
- register a spoke with a hub;
  
  update a hub registration table with spoke registration information;
  
  send the updated hub registration table to a plurality of registered spokes;
  
  use the updated hub registration table at a sending spoke to encrypt traffic to be sent to another spoke; and
  
  use the updated hub registration table at a receiving spoke to decrypt traffic received from another spoke.
- View Dependent Claims (27)
- - 27. The article of manufacture as claimed in claim 26 being further operable to determine if a tunnel has been established with the receiving spoke and, if a tunnel has not been established with the receiving spoke, obtaining a subnet and a corresponding public key value of the receiving spoke from the updated hub registration table, combining the public key value of the receiving spoke with a private key value of the sending spoke to form an encryption key, using the encryption key to create a tunnel to the receiving spoke, and sending the encrypted traffic via the tunnel.

28. An article of manufacture comprising at least one machine readable storage medium having one or more computer programs stored thereon and operable on one or more computing systems to:
- receive encrypted traffic from a first spoke;
  
  determine if a tunnel has been established between the first spoke and a second spoke; and
  
  if a tunnel has not been established between the first spoke and the second spoke, obtain an IP address of the first spoke and a corresponding public key value of the first spoke from a hub registration table, combine the public key value of the first spoke with a private key value of the second spoke to form a decryption key, use the decryption key to create a tunnel between the first spoke and the second spoke, and decrypt the encrypted traffic received via the tunnel.
- View Dependent Claims (29)
- - 29. The article of manufacture as claimed in claim 28 wherein the encrypted traffic is encrypted using a Diffie-Hellman key.

30. A system comprising:
- a hub to retain a hub registration table; and
  
  one or more spokes in data communication with the hub via a network, the spokes being programmed to;
  
  register with the hub;
  
  receive an updated hub registration table from the hub;
  
  use the updated hub registration table at a sending spoke to encrypt traffic to be sent to another spoke; and
  
  use the updated hub registration table at a receiving spoke to decrypt traffic received from another spoke.
- View Dependent Claims (31)
- - 31. The system according to claim 30 being further operable to determine if a tunnel has been established with the receiving spoke and, if a tunnel has not been established with the receiving spoke, obtaining a subnet and a corresponding public key value of the receiving spoke from the updated hub registration table, combining the public key value of the receiving spoke with a private key value of the sending spoke to form an encryption key, using the encryption key to create a tunnel to the receiving spoke, and sending the encrypted traffic via the tunnel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Fluhrer, Scott

Granted Patent

US 7,962,743 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/0891   Revocation or update of sec...

SYSTEM AND METHOD FOR PROTECTED SPOKE TO SPOKE COMMUNICATION USING AN UNPROTECTED COMPUTER NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

41 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR PROTECTED SPOKE TO SPOKE COMMUNICATION USING AN UNPROTECTED COMPUTER NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links