Method and apparatus for passing security configuration information between a client and a security policy server
First Claim
1. A method comprising:
- forming a request of a security policy server for security configuration information;
causing a security gateway to (a) receive the request in an Internet Security Association and Key Management Protocol (ISAKMP) network message, (b) treat the request received in the ISAKMP network message as opaque data, and (c) send the request to the security policy server;
receiving the security configuration information from the security gateway;
using the security configuration information to establish secure network communications;
wherein causing the security gateway to receive the ISAKMP network message comprises sending the ISAKMP network message to the security gateway;
wherein causing the security gateway to treat the request received in the ISAKMP network message as opaque data comprises associating the request with a tag in the ISAKMP network message sent to the security gateway, the tag indicating that the request is to be treated as opaque data; and
wherein the method is performed by a computing device.
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques for passing security configuration information between a security policy server and a client includes the client forming a request for security configuration information that configures the client for secure communications. The client is separated by an untrusted network from a trusted network that includes the security policy sever. A tag is generated that indicates a generic security configuration attribute. An Internet Security Association and Key Management Protocol (ISAKMP) configuration mode request message is sent to a security gateway on an edge of the trusted network connected to the untrusted network. The message includes the request in association with the tag. The gateway sends the request associated with the tag to the security policy server on the trusted network and does not interpret the request. The techniques allow client configuration extensions to be added by modifying the policy server or security client, or both, without modifying the gateway.
8 Citations
22 Claims
-
1. A method comprising:
-
forming a request of a security policy server for security configuration information; causing a security gateway to (a) receive the request in an Internet Security Association and Key Management Protocol (ISAKMP) network message, (b) treat the request received in the ISAKMP network message as opaque data, and (c) send the request to the security policy server; receiving the security configuration information from the security gateway; using the security configuration information to establish secure network communications; wherein causing the security gateway to receive the ISAKMP network message comprises sending the ISAKMP network message to the security gateway; wherein causing the security gateway to treat the request received in the ISAKMP network message as opaque data comprises associating the request with a tag in the ISAKMP network message sent to the security gateway, the tag indicating that the request is to be treated as opaque data; and wherein the method is performed by a computing device. - View Dependent Claims (2, 3, 4, 10, 11, 12, 13, 22)
-
-
5. A method comprising:
-
receiving, from a client, an Internet Security Association and Key Management Protocol (ISAKMP) network message comprising a request of a security policy server for security configuration information; wherein the ISAKMP network message comprises the request in association with a tag indicating that the request is to be treated as opaque data; treating the request received in the ISAKMP network message as opaque data; sending the request to the security policy server; receiving the security configuration information from the security policy server; treating the security configuration information as opaque data; sending the security configuration information to the client; and wherein the method is performed by a computing device. - View Dependent Claims (6, 7, 14, 15, 16)
-
-
8. A method comprising:
-
forming a response to a request from a client for security configuration information; and causing a security gateway to (a) receive the response in an Internet Security Association and Key Management Protocol (ISAKMP) network message, (b) treat the response received in the ISAKMP network message as opaque data, and (c) send the response to the client; wherein causing the security gateway to receive the ISAKMP network message comprises sending the ISAKMP network message to the security gateway; wherein causing the security gateway to treat the request received in the ISAKMP network message as opaque data comprises associating the request with a tag in the ISAKMP network message sent to the security gateway, the tag indicating that the request is to be treated as opaque data; and wherein the method is performed by a computing device. - View Dependent Claims (9, 17, 18)
-
-
19. A security gateway computing device configured to:
-
receive, from a client, an Internet Security Association and Key Management Protocol (ISAKMP) network message comprising a request of a security policy server for security configuration information; wherein the ISAKMP network message comprises the request in association with a tag indicating that the request is to be treated as opaque data; treat the request received in the ISAKMP network message as opaque data; send the request to the security policy server; receive the security configuration information from the security policy server; treat the security configuration information as opaque data; and send the security configuration information to the client.
-
-
20. A system comprising:
-
a client computing device configured to; form a request of a security policy server computing device for security configuration information; send the request to a security gateway computing device in an Internet Security Association and Key Management Protocol (ISAKMP) network message; and wherein the ISAKMP network message comprises the request in association with a tag indicating that the request is to be treated as opaque data; the security gateway computing device configured to; receive the ISAKMP network message from the client computing device; treat the request received in the ISAKMP network message in the ISAKMP network message as opaque data; send the request to the security policy server computing device; receive the security configuration information from the security policy server computing device; treat the security configuration information as opaque data; and send the security configuration information to the client computing device.
-
-
21. A system comprising:
-
a security gateway computing device configured to; receive, from a client, an Internet Security Association and Key Management Protocol (ISAKMP) network message comprising a request of a security policy server computing device for security configuration information; wherein the ISAKMP network message comprises the request in association with a tag indicating that the request is to be treated as opaque data; treat the request received in the ISAKMP network message as opaque data; send the request to the security policy server computing device; receive the security configuration information from the security policy server computing device; treat the security configuration information as opaque data; and send the security configuration information to the client; the security policy computing device configured to; form a response to the request from the client for security configuration information; and send the response to the security gateway computing device.
-
Specification