MULTI-DOMAIN DYNAMIC GROUP VIRTUAL PRIVATE NETWORKS
First Claim
1. A system that facilitates secure communication of data, comprising:
- a security component associated with a network in a first domain that obtains a subset of keying material and a subset of crypto-policy information associated with a disparate network in a disparate domain and facilitates the encryption of the data in accordance with the subset of keying material and the subset of crypto-policy information; and
a routing component that is associated with the security component and transmits the encrypted data from the network in the first domain to the disparate network in the disparate domain.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and/or methods of secure communication of information between multi-domain virtual private networks (VPNs) are presented. A dynamic group VPN (DGVPN) can reside in one domain and a disparate DGVPN can reside in a disparate domain. An administrative security authority (ASA) can be employed in each domain. Each ASA can generate and exchange respective keying material and crypto-policy information to be used for inter-domain communications when routing data from a member in one DGVPN to a member(s) in the disparate DGVPN, such that an ASA in one domain can facilitate encryption of data in accordance with the policy of the other domain before the data is sent to the other domain. Each ASA can establish a key server to generate the keying material and crypto-policy information associated with its local DGVPN, and such material and information can be propagated to intra-domain members.
47 Citations
20 Claims
-
1. A system that facilitates secure communication of data, comprising:
-
a security component associated with a network in a first domain that obtains a subset of keying material and a subset of crypto-policy information associated with a disparate network in a disparate domain and facilitates the encryption of the data in accordance with the subset of keying material and the subset of crypto-policy information; and a routing component that is associated with the security component and transmits the encrypted data from the network in the first domain to the disparate network in the disparate domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method that facilitates communication of data, comprising:
-
receiving keying material and crypto-policy information, associated with a first domain, from another domain, the keying material and the crypto-policy information are associated with the other domain; encrypting data packets in accordance with the crypto-policy information, the data packets are encrypted in the first domain; and transmitting the encrypted data packets from the first domain to the other domain. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A system, comprising:
-
means for obtaining key information and cryptographic information from at least one of a key server associated with a first domain or a disparate key server associated with a different domain; means for encrypting data in accordance with the key information and the cryptographic information; means for routing the data from a member in the first domain to another member associated with at least one of the first domain or the different domain; and means for decrypting the data in accordance with the key information and the cryptographic information.
-
Specification