METHOD AND DEVICE FOR NETWORK COMMUNICATION MANAGEMENT

US 20140082719A1
Filed: 03/14/2013
Published: 03/20/2014
Est. Priority Date: 09/19/2012
Status: Active Grant

First Claim

Patent Images

1. A method for managing one or more secure gateway virtual private network, VPN, devices in a secure VPN for cryptographically separated and tunnelled VPN communication, the method comprising:

receiving (401) VPN configuration data provided by a management system; and

encapsulating the received VPN configuration data and a domain type forming one or more data packets, said domain type identifying an administrative network domain for cryptographically separated and tunnelled management communication with a hardware separated administrative controller of said one or more secure gateway VPN devices, exclusively for management of said one or more secure gateway VPN devices by means of said VPN configuration data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and device for managing one or more secure gateway virtual private network, VPN, devices (104, 105) in a secure VPN for cryptographically separated and tunnelled VPN communication. VPN configuration data provided by a management system (110) is received (401); and the received VPN configuration data and a domain type encapsulating (402,403), wherein said domain type identifying an administrative network domain for cryptographically separated and tunnelled management communication with a hardware separated administrative controller (121) of said one or more secure gateway VPN devices (104, 105), exclusively for management of said one or more secure gateway VPN devices (104, 105).

Citations

23 Claims

1. A method for managing one or more secure gateway virtual private network, VPN, devices in a secure VPN for cryptographically separated and tunnelled VPN communication, the method comprising:
- receiving (401) VPN configuration data provided by a management system; and
  
  encapsulating the received VPN configuration data and a domain type forming one or more data packets, said domain type identifying an administrative network domain for cryptographically separated and tunnelled management communication with a hardware separated administrative controller of said one or more secure gateway VPN devices, exclusively for management of said one or more secure gateway VPN devices by means of said VPN configuration data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 20, 21, 22, 23)
- - 2. The method of claim 1, further comprising:
    - establishing the cryptographically separated and tunnelled management communication with the hardware separated administrative controller of said one or more secure gateway VPN devices; and
      
      communicating (404) the data packets including the encapsulated VPN configuration data and domain type to the hardware separated administrative controller of said one or more of the secure gateway VPN devices by means of the cryptographically separated and tunnelled management communication over a virtual administrative network defining the administrative network domain for management of the one or more of the secure gateway VPN devices according to the VPN configuration data.
  - 3. The method of claim 1, wherein encapsulating the received VPN configuration data and the domain type comprises:
    - preparing data packets including a data filed with the VPN configuration data, a domain type identifying the administrative network domain, a header filed with a header and a trailer filed with a trailer.
  - 4. The method of claim 1, wherein encapsulating the received VPN configuration data and the domain type further comprises:
    - protecting the integrity of the VPN configuration data and the domain type.
  - 5. The method of claim 4, wherein protecting the integrity of the VPN configuration data and the domain type further comprises:
    - generating a digital signature of the data packets using certificates.
  - 6. The method of claim 4, wherein protecting the integrity of the VPN configuration data and the domain type further comprises:
    - calculating a hash value of the VPN configuration data and the domain type; and
      
      encrypting the domain type, the VPN configuration data, and the hash value filed by using a secret key.
  - 7. The method of claim 6, further comprising:
    - preparing data packets including a Key ID field indicating to the receiving secure gateway VPN device which key to be used for decryption.
  - 8. The method of claim 4, wherein protecting the integrity of the VPN configuration data and the domain type further comprises:
    - calculating a keyed hash value of the VPN configuration data and the domain type; and
      
      encrypting the VPN configuration data and the domain type by using a secret key.
  - 20. A computer program comprising program instructions for causing a computer to perform the method of claim 1, when said program is run on a computer.
  - 21. A computer program on a carrier and comprising computer executable instructions for causing a computer to perform the method according to claim 1, when said program is run on a computer.
  - 22. The computer program according to claim 21, wherein said carrier is a record medium, computer memory, read-only memory, computer-readable medium or an electrical carrier signal.
  - 23. A computer program product comprising a computer-readable medium, having thereon:
    - computer program code means, when said program is loaded, to make the computer execute the method of claim 1.

9. A method for managing secure gateway virtual private network, VPN, devices in a secure VPN for cryptographically separated and tunnelled VPN communication, the method comprising:
- receiving data packets comprising encapsulated VPN configuration data and a domain type, said domain type identifying an administrative network domain for cryptographically separated and tunnelled management communication with a hardware separated administrative controller of said one or more secure gateway VPN devices, exclusively for management of one or more secure gateway VPN devices;
  
  extracting the VPN configuration data and the domain type from the data packets;
  
  identifying the domain type;
  
  if the domain type is identified to be the administrative network domain, configuring the one or more secure gateway VPN devices according to the received VPN configuration data.

10. An administration gateway device for managing one or more secure gateway virtual private network, VPN, devices in a secure VPN for cryptographically separated and tunnelled VPN communication, the administration gateway comprising:
- a first communication interface adapted to receive VPN configuration data provided by a management system; and
  
  an administrative gateway controller operatively connected to the first communication interface and a second communication interface, wherein the administrative gateway controller is adapted to;
  
  encapsulate the received VPN configuration data and a domain type, said domain type identifying an administrative network domain for cryptographically separated and tunnelled management communication with a hardware separated administrative controller of said one or more secure gateway VPN devices, exclusively for management of said one or more secure gateway VPN devices by means of the VPN configuration data.
- View Dependent Claims (11)
- - 11. The administration gateway device of claim 10, wherein the administrative gateway controller is operatively connected to a second communication interface and is further adapted to establish the cryptographically separated and tunnelled management communication with the hardware separated administrative controller of said one or more secure gateway VPN devices;
    - andthe second communication interface is adapted to communicate the encapsulated VPN configuration data and domain type to the hardware separated administrative controller of said one or more of the secure gateway VPN devices by means of the cryptographically separated and tunnelled management communication over a virtual administrative network (106) defining the administrative network domain exclusively for management of the one or more of the secure gateway VPN devices according to the VPN configuration data.

12. A secure gateway virtual private network, VPN, device for cryptographically separated and tunnelled VPN communication comprising:
- a first communication interface adapted to receive data packets comprising encapsulated VPN configuration data and a domain type, said domain type identifying an administrative network domain for cryptographically separated and tunnelled management communication, via the cryptographically separated and tunnelled management communication separate from said cryptographically separated and tunnelled VPN communication, exclusively for management of the secure gateway VPN device by means of the VPN configuration data;
  
  a hardware separated administrative controller operatively connected to the first communication interface and adapted to;
  
  identify only the administrative network domain and to only extract configuration data from data packets of the administrative network domain; and
  
  configure the secure gateway VPN device according to the received VPN configuration data, if the domain type is an administrative network domain.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The secure gateway virtual private network, VPN, device according to claim 12, comprising a plain text side controller operatively connected to the first communication interface and adapted to only identify plain text data packets of a red domain received by the first communication interface and forward the data packets to a red network via a red communication interface of the secure gateway VPN device, wherein data packets of any other domain type than the red domain are blocked.
  - 14. The secure gateway virtual private network, VPN, device according to claim 12, wherein the encapsulated VPN configuration data and the domain type forming data packets including a data filed with the VPN configuration data, a domain type identifying the administrative network domain, a header filed with a header and a trailer filed with a trailer.
  - 15. The secure gateway virtual private network, VPN, device according to claim 12, wherein the received VPN configuration data and the domain type forming data packets protecting the integrity of the VPN configuration data and the domain type.
  - 16. The secure gateway virtual private network, VPN, device according to claim 12, wherein the integrity of the VPN configuration data and the domain type is protected by a digital signature of the data packets using certificates.
  - 17. The secure gateway virtual private network, VPN, device according to claim 12, wherein the integrity of the VPN configuration data and the domain type is protected by a hash value calculated of the VPN configuration data and the domain type;
    - and wherein the domain type, the VPN configuration data, and the hash value filed are encrypted by means of a secret key and forming part of the data packets.
  - 18. The secure gateway virtual private network, VPN, device according to claim 17, wherein the data packets comprises a Key ID field indicating to the receiving secure gateway VPN device which key to be used for decryption.
  - 19. The secure gateway virtual private network, VPN, device according to claim 12, wherein the integrity of the VPN configuration data and the domain type is protected by a keyed hash value of the VPN configuration data and the domain type;
    - and the PN configuration data and the domain type are encrypted by means of a secret key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Advenica AB
Original Assignee
Advenica AB
Inventors
Persson, Lars, Dellenvall, Jonas, Eriksson, Roger

Granted Patent

US 9,015,825 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/15
CPC Class Codes

H04L 12/462   LAN interconnection over a ...

H04L 12/4633   Interconnection of networks...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 41/0803   Configuration setting

H04L 41/28   Restricting access to netwo...

H04L 63/0272   Virtual private networks

H04L 63/20   for managing network securi...

METHOD AND DEVICE FOR NETWORK COMMUNICATION MANAGEMENT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND DEVICE FOR NETWORK COMMUNICATION MANAGEMENT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links