Security system for a data communications network
First Claim
1. Method for setting up a secured communications network, which network comprises at least two security nodes connected to a packet data network, comprising at least the steps ofproducing configuration information for the security nodes,encrypting at least a part of configuration information,digitally signing said at least a part of configuration information,storing said encrypted and digitally signed configuration information in a memory means accessible to a distribution entityinserting a part of configuration information corresponding to at least one of said at least two security nodes into a certain hardware token,storing a public and secret key pair in the hardware token for use in authenticating the security nodes and for decryption of configuration information,storing a certificate in the hardware token for authenticating a management entity and checking of a digital signature of the configuration data,reading of configuration information from said certain hardware token by said at least one security node,obtaining the rest of produced configuration information for said at least one security node by said at least one security node on the basis of data read from said certain hardware token,setting of communication parameters within said at least one security node on the basis of said obtained configuration information.
13 Assignments
0 Petitions
Accused Products
Abstract
A method is presented for setting up communication parameters in a virtual private network node for connecting to at least one other node in the virtual private network. The method may include reading information from a hardware token for determining how to connect to a packet data network; reading information from the hardware token for determining how to obtain configuration information for the virtual private network node; connecting to a packet data network on the basis of information read from the hardware token; obtaining configuration information for the virtual private network node on the basis of information read from the hardware token; and using obtained configuration information for setting up the communication parameters.
-
Citations
18 Claims
-
1. Method for setting up a secured communications network, which network comprises at least two security nodes connected to a packet data network, comprising at least the steps of
producing configuration information for the security nodes, encrypting at least a part of configuration information, digitally signing said at least a part of configuration information, storing said encrypted and digitally signed configuration information in a memory means accessible to a distribution entity inserting a part of configuration information corresponding to at least one of said at least two security nodes into a certain hardware token, storing a public and secret key pair in the hardware token for use in authenticating the security nodes and for decryption of configuration information, storing a certificate in the hardware token for authenticating a management entity and checking of a digital signature of the configuration data, reading of configuration information from said certain hardware token by said at least one security node, obtaining the rest of produced configuration information for said at least one security node by said at least one security node on the basis of data read from said certain hardware token, setting of communication parameters within said at least one security node on the basis of said obtained configuration information.
-
8. Method for producing and distributing configuration data for a virtual private network, which network comprises at least two security nodes connected to a packet data network, comprising at least the steps of
producing configuration information for the security nodes; and for each security node for which configuration information was produced, storing a part of said produced configuration information of the security node in a hardware token corresponding to the security node, encrypting at least a part of configuration information corresponding to the security node, storing a public and secret key pair in the hardware token for use in authenticating the security node and for decrypting of configuration information, storing a certificate in the hardware token for authenticating a management entity and checking of the digital signature of configuration data. digitally signing said at least a part of configuration information, and storing said encrypted and digitally signed configuration information in a memory means accessible to a distribution entity. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
17. A system for managing configuration information of a secure communications network, said secure communications network having a plurality of security nodes connected to a packet data network, comprising at least
a first computer node, a configuration management entity in said first computer node, a second computer node, a distribution entity in said second computer node, a memory means accessible by said distribution entity, connected to said first computer node, means for inserting information in a hardware token, computer software code means for generating configuration information, computer software code means for encrypting a set of configuration information, computer software code means for digitally signing a set of configuration information, computer software code means for causing a set of encrypted and digitally signed configuration information to be stored in said memory means, computer software code means for causing a public and secret key pair to be stored in the hardware token for use in authenticating the security node and for decrypting of configuration information, computer software code means for causing a certificate to be stored in the hardware token for authenticating a management entity and checking of the digital signature of configuration data, and computer software code means in said distribution entity for receiving a request for configuration information from a security node and for transmitting a set of configuration information as a response to receiving a request for configuration information.
Specification