Re-encrypting policy enforcement point
First Claim
1. A network security method for providing local network security and remote network security comprising:
- decrypting an encrypted packet according to a first security policy to yield a decrypted packet;
establishing a local secure connection to an end node on a local network according to a second security policy in an event a source of the decrypted packet and a destination of the decrypted packet belong to a same security group, and the destination of the decrypted packet is on the local network; and
establishing a remote secure connection to a remote network according to a third security policy in an event the source of the decrypted packet and the destination of the decrypted packet belong to a same security group, and the destination of the decrypted packet is the remote network.
12 Assignments
0 Petitions
Accused Products
Abstract
Providing end-to-end security poses many challenges to security solutions. In Internet Security (IPsec), securing data locally and remotely, as well as reducing the number of security associations and polices needed to secure that data are such challenges. The provided method and apparatus answer theses challenges by i) decrypting an encrypted packet according to a first policy, ii) establishing a local secure connection to an end node on a local network according to a second security policy in an event a source and a destination of the packet belong to a same security group, and the destination of the packet is on the local network, and iii) establishing a remote secure connection to a remote network according to a third security policy in an event the source and the destination of the packet belong to a same security group, and the destination of the packet is the remote network.
57 Citations
20 Claims
-
1. A network security method for providing local network security and remote network security comprising:
-
decrypting an encrypted packet according to a first security policy to yield a decrypted packet; establishing a local secure connection to an end node on a local network according to a second security policy in an event a source of the decrypted packet and a destination of the decrypted packet belong to a same security group, and the destination of the decrypted packet is on the local network; and establishing a remote secure connection to a remote network according to a third security policy in an event the source of the decrypted packet and the destination of the decrypted packet belong to a same security group, and the destination of the decrypted packet is the remote network. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
2. The method of claim I wherein the establishing the local secure connection to the end node includes encrypting the decrypted packet with a set of local security parameters.
-
12. A network security apparatus for securing a local network and a remote network comprising:
-
a de-encryptor which decrypts an encrypted packet to yield a decrypted packet; a local securer communicatively coupled to the de-encryptor which establishes a secure connection to an end node on a local network according to a first security policy in an event a source of the decrypted packet and a destination of the decrypted packet belong to a same security group, and the destination of the decrypted packet is on the local network; and a remote securer communicatively coupled to the de-encryptor which establishes a secure connection to a remote network according to a second security policy in an event the source of the decrypted packet and the destination of the decrypted packet belong to a same security group, and the destination of the decrypted packet is the remote network. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program product comprising a computer usable medium having a computer usable program code for providing local network security and remote network security, the computer program product including;
-
computer useable program code for decrypting an encrypted packet according to a first security policy to yield a decrypted packet; computer useable program code for establishing a local secure connection to an end node on a local network according to a second security policy in an event a source of the decrypted packet and a destination of the decrypted packet belong to a same security group, and the destination of the decrypted packet is on the local network; and computer useable program code for establishing a remote secure connection to a remote network according to a third security policy in an event the source of the decrypted packet and the destination of the decrypted packet belong to a same security group, and the destination of the decrypted packet is the remote network.
-
Specification