METHOD, SYSTEM AND APPARATUS PROVIDING SECURE INFRASTRUCTURE
First Claim
Patent Images
1. A method for generating an secure service layer upon non-secured network infrastructure, comprising:
- receiving a service request associated with a desired IPSec service, the service request information including at least an identification of a secure network to be protected;
selecting at least one routing device including a boundary device for use as a Secure Gateway (SEG);
providing a secure networking service to terminate secure traffic from the secure network at a first portion of the boundary device;
providing a secure networking service to terminate tunneled public traffic from a non-secure network at a second portion of the boundary device;
creating an interface to appropriately group tunneled traffic and corresponding secure traffic to form secure network traffic paths, wherein each group is associated with a respective encapsulation identifier.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for automatically providing secure network infrastructure over non-secure network infrastructure such as by automatically generating IPSec tunnels through non-secure networks, terminating the IPSec tunnels at a boundary device and creating appropriate services to bridge traffic between the IPSec tunnels and a secure network. Various embodiments provide rapid provisioning of secure network infrastructure, a Secure Gateway (SEG) embodiment adapted to particular customer requirements and various business methodologies.
35 Citations
40 Claims
-
1. A method for generating an secure service layer upon non-secured network infrastructure, comprising:
-
receiving a service request associated with a desired IPSec service, the service request information including at least an identification of a secure network to be protected; selecting at least one routing device including a boundary device for use as a Secure Gateway (SEG); providing a secure networking service to terminate secure traffic from the secure network at a first portion of the boundary device; providing a secure networking service to terminate tunneled public traffic from a non-secure network at a second portion of the boundary device; creating an interface to appropriately group tunneled traffic and corresponding secure traffic to form secure network traffic paths, wherein each group is associated with a respective encapsulation identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A computer readable medium including software instructions which, when executed by a processor, perform a method for generating a secure service layer upon non-secured network infrastructure, comprising:
-
receiving a service request associated with a desired IPSec service, the service request information including at least an identification of a secure network to be protected; selecting at least one routing device including a boundary device for use as a Secure Gateway (SEG); providing a secure networking service to terminate secure traffic from the secure network at a first portion of the boundary device; providing a secure networking service to terminate tunneled public traffic from a non-secure network at a second portion of the boundary device; creating an interface to appropriately group tunneled traffic and corresponding terminated secure traffic to form secure network traffic paths, wherein each group is associated with a respective encapsulation identifier.
-
-
39. A computer program product, wherein a computer is operative to process software instructions which adapt the operation of the computer such that computer performs perform a method for generating a secure service layer upon non-secured network infrastructure, comprising:
-
receiving a service request associated with a desired IPSec service, the service request information including at least an identification of a secure network to be protected; selecting at least one routing device including a boundary device for use as a Secure Gateway (SEG); providing a secure networking service to terminate secure traffic from the secure network at a first portion of the boundary device; providing a secure networking service to terminate tunneled public traffic from a non-secure network at a second portion of the boundary device; creating an interface to appropriately group tunneled traffic and corresponding secure traffic to form secure network traffic paths, wherein each group is associated with a respective encapsulation identifier.
-
-
40. A Secure Gateway (SEG), comprising:
-
a first plurality of ports accepting traffic associated with a non-secure network; a second plurality of ports accepting traffic associated with a secure network; and a boundary device adapted to provide a secure networking service to terminate secure traffic from the secure network at a first portion, adapted to a secure networking service to terminate tunneled public traffic from the non-secure network at a second portion, and adapted to create an interface to appropriately group tunneled traffic and corresponding secure traffic to form secure network traffic paths, wherein each group is associated with a respective encapsulation identifier.
-
Specification