SECURE NETWORK ARCHITECTURE
First Claim
1. A star-connected network having a number of peripheral nodes and a central control arrangement;
- whereineach peripheral node is restricted in terms of which types of direct communications it can set up across the network to being able to set up direct communications to the central control arrangement using a respective encrypted connection but not being able to set up communications directly with any other of the peripheral nodes unless at least it or the respective target peripheral node has received explicit authorization from the central control arrangement to establish or complete the direct communication; and
whereinthe central control arrangement comprises;
means for establishing an encrypted connection with each peripheral node;
means for exchanging control packets with two or more peripheral nodesusing two or more respective encrypted connections in order to set up an authorised connection between two peripheral nodes;
a database storing security policy information specifying what connections between peripheral nodes are allowable; and
authorisation means for authorising connections which are allowable according to the stored security policy information using the control packet exchanging means.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a star-connected network (C1-C4, P1-P8) having a number of peripheral nodes (P1-P8) and a central control arrangement (C1-C4). Each peripheral node has means for restricting communications across the network to the central control arrangement using a respective encrypted connection unless the peripheral node has received explicit authorisation from the control arrangement to set up a direct connection with another peripheral node. The central control arrangement comprises: means for establishing an encrypted connection with each peripheral node; means for exchanging control packets with two or more peripheral nodes using two or more respective encrypted connections in order to set up an authorised connection between two peripheral nodes; a database storing security policy information specifying what connections between peripheral nodes are allowable; and authorisation means for authorising connections which are allowable according to the stored security policy information using the control packet exchanging means.
196 Citations
13 Claims
-
1. A star-connected network having a number of peripheral nodes and a central control arrangement;
- wherein
each peripheral node is restricted in terms of which types of direct communications it can set up across the network to being able to set up direct communications to the central control arrangement using a respective encrypted connection but not being able to set up communications directly with any other of the peripheral nodes unless at least it or the respective target peripheral node has received explicit authorization from the central control arrangement to establish or complete the direct communication; and
whereinthe central control arrangement comprises; means for establishing an encrypted connection with each peripheral node; means for exchanging control packets with two or more peripheral nodes using two or more respective encrypted connections in order to set up an authorised connection between two peripheral nodes; a database storing security policy information specifying what connections between peripheral nodes are allowable; and authorisation means for authorising connections which are allowable according to the stored security policy information using the control packet exchanging means. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- wherein
-
10. A central control arrangement for a star-connected network having a number of peripheral nodes;
- the central control arrangement comprising;
means for establishing an encrypted connection with each peripheral node; means for exchanging control packets with two or more peripheral nodes using two or more respective encrypted connections in order to set up an authorised connection between two peripheral nodes; a database storing security policy information specifying what connections between peripheral nodes are allowable; and authorisation means for authorising connections which are allowable according to the stored security policy information using the control packet exchanging means.
- the central control arrangement comprising;
-
11. A method of operating a star-connected network having a number of peripheral nodes and a central control arrangement;
- the method comprising;
restricting communications across the network to communications between the central control arrangement and a peripheral node using a respective encrypted connection unless the peripheral node has received explicit authorisation to establish another connection from the central control arrangement; establishing an encrypted connection between two or more peripheral nodes and the central control arrangement; exchanging control packets with two or more peripheral nodes using two or more respective encrypted connections in order to set up an authorised connection between both or two of the peripheral nodes; storing security policy information specifying what connections between peripheral nodes are allowable; and authorising connections which are allowable according to the stored security policy information and transmitting corresponding authorisation messages from the central control arrangement to the respective peripheral nodes. - View Dependent Claims (12, 13)
- the method comprising;
Specification