Transporting keys between security protocols
First Claim
1. A method for providing network security given a remote network of a plurality of devices configured to engage in network security negotiation with a local network, the method comprising:
- by a key authorization point (KAP) located within the local network;
exchanging network security negotiating communications with each of the plurality of devices to establish a network security negotiation between each of the plurality of devices and the KAP;
creating a respective security policy in response to each network security negotiation established by the KAP; and
for each of the plurality of devices, deploying the respective security policy to a policy enforcement point (PEP) located within the local network and in a path between the KAP and each of the plurality of devices and to other PEPs located within the local network, so that each of the PEPs passes security negotiating communications being exchanged between the KAP and the plurality of devices, and encrypts and decrypts communications between the plurality of devices and the local network according to the deployed security policies.
12 Assignments
0 Petitions
Accused Products
Abstract
A method for providing network security comprising a step of configuring a remote network to engage network security negotiation with a local network. The method includes a step of configuring a first security policy of a security component within the local network to pass through a network security negotiating communication between the local network and the remote network, and a step of establishing a network security negotiation between the remote network and a security parameter generator via the security component. The security parameter generator can be located within the local network and configured to provide secure communication with the remote network.
45 Citations
17 Claims
-
1. A method for providing network security given a remote network of a plurality of devices configured to engage in network security negotiation with a local network, the method comprising:
-
by a key authorization point (KAP) located within the local network; exchanging network security negotiating communications with each of the plurality of devices to establish a network security negotiation between each of the plurality of devices and the KAP; creating a respective security policy in response to each network security negotiation established by the KAP; and for each of the plurality of devices, deploying the respective security policy to a policy enforcement point (PEP) located within the local network and in a path between the KAP and each of the plurality of devices and to other PEPs located within the local network, so that each of the PEPs passes security negotiating communications being exchanged between the KAP and the plurality of devices, and encrypts and decrypts communications between the plurality of devices and the local network according to the deployed security policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for providing network security given a remote network of a plurality of devices configured to engage in network security negotiation with a local network, the system comprising:
-
a policy enforcement point (PEP) located within the local network configured to pass security negotiating communications from the plurality of devices, and to encrypt and decrypt communications between the plurality of devices and the local network according to security policies, and a key authorization point (KAP) configured to; i) exchange network security negotiating communications with each of the plurality of devices to establish a network security negotiation between each of the plurality of devices and the KAP; ii) create a respective security policy in response to each network security negotiation established by the KAP, and iii) deploy the respective security policy to the PEP in a path between the KAP and each of the plurality of devices and to other PEPs located within the local network, so that each of the PEPs encrypts and decrypts communications between the plurality of devices and the local network according to the respective security policy. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
Specification