Method and apparatus for distributing group data in a tunneled encrypted virtual private network
First Claim
1. A method, comprising:
- receiving, in a data communications device, a packet that is to be transmitted to a plurality of destinations in a network;
identifying an encryption key for the packet based, at least in part, on a data stream associated with the packet and on a security information shared between the data communications device and members of the plurality of destinations in the network;
applying a security association to the packet using the security information to create a secured packet;
identifying a set of identified members of the plurality of destinations that are authorized to have the encryption key;
replicating the secured packet for the set of identified members of the plurality of destinations; and
transmitting a replicated secured packet from the data communications device to members of the plurality of destinations that are authorized to maintain the security association.
1 Assignment
0 Petitions
Accused Products
Abstract
A packet forwarding process, on a data communications device, forwards a packet to a plurality of destinations within a network from that data communications device using an “encrypt then replicate” method. The packet forwarding process receives a packet that is to be transmitted to the plurality of destinations, and applies a security association to the packet using security information shared between the data communications device, and the plurality of destinations, to create a secured packet. The secured packet contains a header that has a source address and a destination address. The source address is inserted into the header, and then the packet forwarding process replicates the secured packet, once for each of the plurality of destinations. After replication, the destination address is inserted into the header, and the packet forwarding process transmits each replicated secured packet to each of the plurality of destinations authorized to maintain the security association.
36 Citations
25 Claims
-
1. A method, comprising:
-
receiving, in a data communications device, a packet that is to be transmitted to a plurality of destinations in a network; identifying an encryption key for the packet based, at least in part, on a data stream associated with the packet and on a security information shared between the data communications device and members of the plurality of destinations in the network; applying a security association to the packet using the security information to create a secured packet; identifying a set of identified members of the plurality of destinations that are authorized to have the encryption key; replicating the secured packet for the set of identified members of the plurality of destinations; and transmitting a replicated secured packet from the data communications device to members of the plurality of destinations that are authorized to maintain the security association. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
-
2. (canceled)
-
13. A computerized device comprising:
-
a memory; a processor; a communications interface; an interconnection mechanism coupling the memory, the processor and the communications interface; where the memory is encoded with a packet forwarding application that when executed on the processor produces a packet forwarding process that causes the computerized device to forward a packet to a plurality of destinations within a network from that computerized device by performing the operations of; receiving a packet that is to be transmitted to the plurality of destinations; applying a security association to the packet using security information shared between the data communications device and the plurality of destinations to create a secured packet; replicating the secured packet for each of the plurality of destinations; and transmitting each replicated secured packet from the data communications device to each of the plurality of destinations authorized to maintain the security association. - View Dependent Claims (3, 4, 5, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer readable medium encoded with compute programming logic that when executed on a process in a computerized device produces a process that forwards a packet to a plurality of destinations within a network by causing the computerized device to perform the operations of:
-
receiving a packet that is to be transmitted to the plurality of destinations; applying a security association to the packet using security information shared between the data communications device and the plurality of destinations to create a secured packet; replicating the secured packet for each of the plurality of destinations; and transmitting each replicated secured packet from the data communications device to each of the plurality of destinations authorized to maintain the security association.
-
Specification