Mechanism for securely extending a private network
First Claim
1. A method comprising:
- establishing a secure communication path with a destination device; and
preparing information received from a source device for transmission to the destination device, the received information (i) undergoing Layer 3 (L3) encryption prior to encapsulation into a message for transmission to the destination device if the received information constitutes control information, and (ii) optionally undergoing L3 encryption prior to encapsulation into the message when the received information constitutes data; and
preparing information received from a remote connection device by (i) determining when the information received from the remote connection device is destined for a client device and (ii) conducting L3 decryption on the information received from the remote connection device when the information received from the remote connection device is not destined for the client device, the information received from the remote connection device being either management or control information.
6 Assignments
0 Petitions
Accused Products
Abstract
According to one embodiment of the invention, a method for securely extending a private network to include one or more remote access points (APs) comprises a first operation of establishing a secure communication path with a destination device. Then, the information received from a source device is prepared for transmission to the destination device. This involves the received information undergoing Layer 3 (L3) encryption prior to encapsulation into a message for transmission to the destination device if the received information constitutes control information. If the received information constitutes data, the received information optionally undergoes L3 encryption, since the payload data might be already L2 encrypted by the source device, prior to encapsulation into the message.
63 Citations
12 Claims
-
1. A method comprising:
-
establishing a secure communication path with a destination device; and preparing information received from a source device for transmission to the destination device, the received information (i) undergoing Layer 3 (L3) encryption prior to encapsulation into a message for transmission to the destination device if the received information constitutes control information, and (ii) optionally undergoing L3 encryption prior to encapsulation into the message when the received information constitutes data; and preparing information received from a remote connection device by (i) determining when the information received from the remote connection device is destined for a client device and (ii) conducting L3 decryption on the information received from the remote connection device when the information received from the remote connection device is not destined for the client device, the information received from the remote connection device being either management or control information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. In communication with a remote connection device, a remote network interface comprising:
-
a data transfer device; and a remote access point adapted to operate with the data transfer device to establish a secure communication path in accordance a Layer 3 (L3) security protocol with the remote connection device, the remote access point being configured to perform L3 cryptographic operations on received management information and control information and configured to optionally perform L3 cryptographic operations on received data, the remote access point comprises; a wireless transceiver adapted to support communications with a client device, at least one wired port adapted to alternatively support communications with the client device, a port adapted to support communications with the remote connection device, and a processor coupled to the wireless transceiver, the at least one wired port and the port, processor including (i) a plurality of Ethernet media access controllers (MACs), each of the Ethernet MACs uniquely coupled to one of a group including the port and the at least one wired port, and (ii) a wireless MAC coupled to the wireless transceiver. - View Dependent Claims (11, 12)
-
Specification