Method and apparatus for securing layer 2 networks
First Claim
Patent Images
1. A system for providing secure Layer 2 networks comprising:
- a. a communication network having a network infrastructure;
the communication network spread over a geography such that nodes on the network that communicate using Layer 2 protocols such as Ethernet are grouped at Layer 2,b. at least one management and policy (MAP) server operable for communication within the network, wherein the MAP includes at least one policy for providing secure association (SA) within the network;
c. at least one key authority point (KAP);
d. a multiplicity of policy enforcement points (PEPs) having nodes distributed throughout the network;
wherein the KAP is operable to generate and manage key(s) communicated to the multiplicity of PEPs;
and wherein the multiplicity of PEPs enforce policies for secure communication between the nodes on the network and maintain transparency at Layer 2.
6 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for using a shared key architecture to enable secure Layer 2 meshed network security.
-
Citations
15 Claims
-
1. A system for providing secure Layer 2 networks comprising:
-
a. a communication network having a network infrastructure;
the communication network spread over a geography such that nodes on the network that communicate using Layer 2 protocols such as Ethernet are grouped at Layer 2,b. at least one management and policy (MAP) server operable for communication within the network, wherein the MAP includes at least one policy for providing secure association (SA) within the network; c. at least one key authority point (KAP); d. a multiplicity of policy enforcement points (PEPs) having nodes distributed throughout the network; wherein the KAP is operable to generate and manage key(s) communicated to the multiplicity of PEPs; and wherein the multiplicity of PEPs enforce policies for secure communication between the nodes on the network and maintain transparency at Layer 2. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for providing secure interactivity between points on a Layer 2 network comprising the steps of:
-
providing a communication network having a network infrastructure and a secure network topography between a multiplicity of policy enforcement points (PEPs) having nodes with any form of encryption associated therewith;
the nodes spread over a wide geographic area such that they form a metro ethernet network over Layer 2;a user providing at least one policy definition to a management and policy (MAP) server in communication with a key authority point (KAP); the KAP generating and distributing at least one key to the PEPs consistent with the MAP policy; the PEPs enforcing the policy at the nodes to provide secure communication across the network topography over the Layer 2 network. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system for securing communication between at least two subnetworks that are spread over a geography, the system comprising:
-
a. a multiplicity of nodes grouped to form at least two subnetworks such that the communication between subnetworks is carried out at Layer 2; b. a management and policy (MAP) server operable for communication with the at least two subnetworks, wherein the MAP includes at least one policy for providing secure association (SA) with the nodes on the subnetwork; c. at least one key authority point (KAP) operable for communication with the MAP; d. a multiplicity of policy enforcement points (PEPs);
such that at least one PEP is associated with each of the at least one subnetworks;wherein the universal KAP is operable to generate and manage key(s) communicated to the multiplicity of PEPs; and
wherein the multiplicity of PEPs encrypt the communication between the subnetworks such that the encrypted communication is transported over Layer 2 transparently.
-
Specification