SYSTEM AND METHOD FOR SECURE CLOUD SERVICE DELIVERY WITH PRIORITIZED SERVICES IN A NETWORK ENVIRONMENT
First Claim
1. A method, comprising:
- receiving a request for a cloud capability set during an Internet Key Exchange (IKE) negotiation associated with a virtual private network (VPN) tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities;
mapping the request to one or more cryptographic modules that can support the cloud capability set; and
offloading the VPN tunnel to the one or more cryptographic modules.
1 Assignment
0 Petitions
Accused Products
Abstract
An example method includes receiving a request for a cloud capability set during an Internet Key Exchange negotiation associated with a virtual private network (VPN) tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities, mapping the request to one or more cryptographic modules that can support the cloud capability set, and offloading the VPN tunnel to the one or more cryptographic modules. The request can be an Internet Security Association and Key Management Protocol (ISAKMP) packet listing the one or more cloud capabilities in a private payload. The method may further include splitting the VPN tunnel between the cryptographic modules if no single cryptographic module can support substantially all the cloud capabilities in the cloud capability set. In some embodiments, the request is compared with a service catalog comprising authorized cloud capabilities.
136 Citations
20 Claims
-
1. A method, comprising:
-
receiving a request for a cloud capability set during an Internet Key Exchange (IKE) negotiation associated with a virtual private network (VPN) tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities; mapping the request to one or more cryptographic modules that can support the cloud capability set; and offloading the VPN tunnel to the one or more cryptographic modules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus, comprising:
-
a memory configured to store data; and a processor operable to execute instructions associated with the data, wherein the processor and the memory cooperate, such that the apparatus is configured for; receiving a request for a cloud capability set during an IKE negotiation associated with a VPN tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities; mapping the request to one or more cryptographic modules that can support the cloud capability set; and offloading the VPN tunnel to the one or more cryptographic modules. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. Logic encoded in non-transitory media that includes code for execution and when executed by a processor is operable to perform operations, comprising:
-
receiving a request for a cloud capability set during an IKE negotiation associated with a VPN tunnel between a subscriber and a cloud, wherein the cloud capability set comprises one or more cloud capabilities; mapping the request to one or more cryptographic modules that can support the cloud capability set; and offloading the VPN tunnel to the one or more cryptographic modules. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification