Mechanism for securely extending a private network

US 7,376,113 B2
Filed: 04/01/2005
Issued: 05/20/2008
Est. Priority Date: 04/01/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

establishing a secure communication path with a destination device; and

preparing information received from a source device for transmission to the destination device, the received information (i) undergoing Layer 3 (L3) encryption prior to encapsulation into a message for transmission to the destination device if the received information constitutes control information, and (ii) optionally undergoing L3 encryption prior to encapsulation into the message when the received information constitutes data; and

preparing information received from a remote connection device by (i) determining when the information received from the remote connection device is destined for a client device and (ii) conducting L3 decryption on the information received from the remote connection device when the information received from the remote connection device is not destined for the client device, the information received from the remote connection device being either management or control information.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment of the invention, a method for securely extending a private network to include one or more remote access points (APs) comprises a first operation of establishing a secure communication path with a destination device. Then, the information received from a source device is prepared for transmission to the destination device. This involves the received information undergoing Layer 3 (L3) encryption prior to encapsulation into a message for transmission to the destination device if the received information constitutes control information. If the received information constitutes data, the received information optionally undergoes L3 encryption, since the payload data might be already L2 encrypted by the source device, prior to encapsulation into the message.

63 Citations

View as Search Results

12 Claims

1. A method comprising:
- establishing a secure communication path with a destination device; and
  
  preparing information received from a source device for transmission to the destination device, the received information (i) undergoing Layer 3 (L3) encryption prior to encapsulation into a message for transmission to the destination device if the received information constitutes control information, and (ii) optionally undergoing L3 encryption prior to encapsulation into the message when the received information constitutes data; and
  
  preparing information received from a remote connection device by (i) determining when the information received from the remote connection device is destined for a client device and (ii) conducting L3 decryption on the information received from the remote connection device when the information received from the remote connection device is not destined for the client device, the information received from the remote connection device being either management or control information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the destination device is the remote connection device being an Ethernet switch.
  - 3. The method of claim 1, wherein the preparing of the received information further undergoes L3 encryption prior to encapsulation into the message when the received information constitutes management information.
  - 4. The method of claim 1, wherein the preparing of the received information constituting data is encapsulated without undergoing L3 encryption since the data has undergone Layer 2 (L2) encryption by the source device.
  - 5. The method of claim 1 further comprisingreceiving information destined for the client device;
    - extracting a portion of the information;
      
      optionally conducting L3 decryption of the portion of information; and
      
      generating a message including the portion of the information for transmission to the client device.
  - 6. The method of claim 1, wherein the L3 encryption is in accordance with Internet Protocol Security (IPsec).
  - 7. The method of claim 1, wherein the preparing of information received from the remote communication device further comprises (iii) extracting and optionally conducting L3 decryption on the information when the information received from the remote communication device is destined for the client device.
  - 8. The method of claim 1 further comprising applying the management or control information to perform an event.
  - 9. The method of claim 8 further comprising sending a reply signal after the event has been completed.

10. In communication with a remote connection device, a remote network interface comprising:
- a data transfer device; and
  
  a remote access point adapted to operate with the data transfer device to establish a secure communication path in accordance a Layer 3 (L3) security protocol with the remote connection device, the remote access point being configured to perform L3 cryptographic operations on received management information and control information and configured to optionally perform L3 cryptographic operations on received data, the remote access point comprises;
  
  a wireless transceiver adapted to support communications with a client device,at least one wired port adapted to alternatively support communications with the client device,a port adapted to support communications with the remote connection device, anda processor coupled to the wireless transceiver, the at least one wired port and the port, processor including (i) a plurality of Ethernet media access controllers (MACs), each of the Ethernet MACs uniquely coupled to one of a group including the port and the at least one wired port, and (ii) a wireless MAC coupled to the wireless transceiver.
- View Dependent Claims (11, 12)
- - 11. The remote network interface of claim 10, wherein the data transfer device is a modem.
  - 12. The remote network interface of claim 10, wherein the remote access point configured to perform L3 cryptographic operations on the received management information and control information and refraining from performing L3 cryptographic operations on received data when the data is already Layer 2 (L2) encrypted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Aruba Networks Incorporated (Hewlett-Packard Enterprise Company)
Inventors
Taylor, John Richard, Iyer, Pradeep J., Chou, Randy
Primary Examiner(s)
Anderson; Matthew
Assistant Examiner(s)
Aminzay; Shaima Q.

Application Number

US11/096,567
Publication Number

US 20060221916A1
Time in Patent Office

1,145 Days
Field of Search

370/338, 370/299, 370/401, 370/465, 370/466, 370/474, 370/476, 455/410, 455/411, 709/227, 709/229, 709/230, 709/236, 709/238, 713/184, 713/151, 713/152, 713/160
US Class Current

370/338
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/164   at the network layer

H04W 12/03   Protecting confidentiality,...

Mechanism for securely extending a private network

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Mechanism for securely extending a private network

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links