Data encryption over a plurality of MPLS networks
First Claim
Patent Images
1. A method comprising:
- negotiating, by a first encryption device, an encryption protocol with a second encryption device;
negotiating, by the first encryption device, a label switched path (LSP) label with the second encryption device;
storing, by the first encryption device, the LSP label;
storing, by the first encryption device, information identifying the encryption protocol in association with the LSP label;
receiving, by the first encryption device, data from a trusted client device;
encrypting, by the first encryption device, the data with the negotiated encryption protocol based on the information identifying the encryption protocol;
applying, by the first encryption device, the LSP label to the encrypted data based on the information identifying the encryption protocol being stored in association with the LSP label; and
transmitting, by the first encryption device, the encrypted data to the second encryption device through a Multiprotocol Label Switching (MPLS) network.
2 Assignments
0 Petitions
Accused Products
Abstract
A network device negotiates an encryption protocol with another network device, receives data from a trusted client device, encrypts the received data with the negotiated encryption protocol, and applies a label switched path (LSP) label to the encrypted data for transmission to the network device through an untrusted Multiprotocol Label Switching (MPLS) network.
24 Citations
14 Claims
-
1. A method comprising:
-
negotiating, by a first encryption device, an encryption protocol with a second encryption device; negotiating, by the first encryption device, a label switched path (LSP) label with the second encryption device; storing, by the first encryption device, the LSP label; storing, by the first encryption device, information identifying the encryption protocol in association with the LSP label; receiving, by the first encryption device, data from a trusted client device; encrypting, by the first encryption device, the data with the negotiated encryption protocol based on the information identifying the encryption protocol; applying, by the first encryption device, the LSP label to the encrypted data based on the information identifying the encryption protocol being stored in association with the LSP label; and transmitting, by the first encryption device, the encrypted data to the second encryption device through a Multiprotocol Label Switching (MPLS) network. - View Dependent Claims (2, 3)
-
-
4. A network device comprising:
a microprocessor to; transmit a request to a second network device to negotiate an encryption protocol, negotiate a label switched path (LSP) label with the second network device, select the encryption protocol based on a response from the second network device, store the LSP label, store information identifying the encryption protocol in association with the LSP label, receive data from a trusted client device, encrypt the data with the encryption protocol based on the information identifying the encryption protocol, apply the LSP label to the encrypted data based on the information identifying the encryption protocol being stored in association with the LSP label, and transmit the encrypted data to the second network device through an untrusted Multiprotocol Label Switching (MPLS) network. - View Dependent Claims (5)
-
6. The network device of clam 4, where the microprocessor is further to:
switch the encrypted data to an output port before transmitting the encrypted data.
-
7. A system comprising:
a first network device to; negotiate a first encryption protocol and a first label switched path (LSP) label with a second network device, store the first LSP label, store first information identifying the first encryption protocol in association with the first LSP label, receive data from a trusted network, encrypt the data with the first encryption protocol based on the first information identifying the first encryption protocol, apply the first LSP label to the encrypted data based on the first LSP label that is stored in association with the information identifying the encryption protocol, and transmit the encrypted data to the second network device. - View Dependent Claims (8, 9, 10, 11, 12)
-
13. A network device comprising:
a microprocessor to; negotiate a first encryption protocol with a first network device, negotiate a first label switched path (LSP) label with the first network device, store the first LSP label, store information identifying the first encryption protocol in association with the first LSP label, negotiate a second encryption protocol with a second network device, negotiate a second LSP label with the second network device, receive encrypted data from the first network device, the encrypted data including the first LSP label, decrypt the encrypted data with the first encryption protocol based on the information identifying the first encryption protocol that is stored in association with the first LSP label, re-encrypt the decrypted data with the second encryption protocol, apply the second LSP label to the re-encrypted data, and transmit the re-encrypted data to the second network device. - View Dependent Claims (14)
Specification