Secure network architecture
First Claim
1. A star-connected network having a number of peripheral nodes and a central control arrangement;
- whereineach peripheral node is restricted in terms of which types of direct communications it can set up across the network to being able to set up direct communications to the central control arrangement using a respective encrypted connection but not being able to set up communications directly with any other of the peripheral nodes unless at least it or the respective target peripheral node has received explicit authorization from the central control arrangement to establish or complete the direct communication; and
whereinthe central control arrangement comprises a processing system, including a computer processor, the processing system being configured to;
establish an encrypted connection with each peripheral node;
exchange control packets with two or more peripheral nodes using two or more respective encrypted connections in order to set up an authorized connection between two peripheral nodes;
store in a database, security policy information specifying what connections between peripheral nodes are allowable; and
authorize connections which are allowable according to the stored security policy information using the control packet exchange.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a star-connected network (C1-C4, P1-P8) having a number of peripheral nodes (P1-P8) and a central control arrangement (C1-C4). Each peripheral node has means for restricting communications across the network to the central control arrangement using a respective encrypted connection unless the peripheral node has received explicit authorisation from the control arrangement to set up a direct connection with another peripheral node. The central control arrangement comprises: means for establishing an encrypted connection with each peripheral node; means for exchanging control packets with two or more peripheral nodes using two or more respective encrypted connections in order to set up an authorised connection between two peripheral nodes; a database storing security policy information specifying what connections between peripheral nodes are allowable; and authorisation means for authorising connections which are allowable according to the stored security policy information using the control packet exchanging means.
34 Citations
12 Claims
-
1. A star-connected network having a number of peripheral nodes and a central control arrangement;
- wherein
each peripheral node is restricted in terms of which types of direct communications it can set up across the network to being able to set up direct communications to the central control arrangement using a respective encrypted connection but not being able to set up communications directly with any other of the peripheral nodes unless at least it or the respective target peripheral node has received explicit authorization from the central control arrangement to establish or complete the direct communication; and
whereinthe central control arrangement comprises a processing system, including a computer processor, the processing system being configured to; establish an encrypted connection with each peripheral node; exchange control packets with two or more peripheral nodes using two or more respective encrypted connections in order to set up an authorized connection between two peripheral nodes; store in a database, security policy information specifying what connections between peripheral nodes are allowable; and authorize connections which are allowable according to the stored security policy information using the control packet exchange. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- wherein
-
10. A central control arrangement for a star-connected network having a number of peripheral nodes;
- the central control arrangement comprising a processing system, including a computer processor, the processing system being configured to;
establish an encrypted connection with each peripheral node; exchange control packets with two or more peripheral nodes using two or more respective encrypted connections in order to set up an authorized connection between two peripheral nodes; store in a database, security policy information specifying what connections between peripheral nodes are allowable; and authorize connections which are allowable according to the stored security policy information using the control packet exchange.
- the central control arrangement comprising a processing system, including a computer processor, the processing system being configured to;
-
11. A method of operating a star-connected network having a number of peripheral nodes and a central control arrangement;
- the method comprising;
restricting communications across the network to communications between the central control arrangement and a peripheral node using a respective encrypted connection unless the peripheral node has received explicit authorization to establish another connection from the central control arrangement; establishing an encrypted connection between two or more peripheral nodes and the central control arrangement; exchanging control packets with two or more peripheral nodes using two or more respective encrypted connections in order to set up an authorized connection between both or two of the peripheral nodes; storing security policy information specifying what connections between peripheral nodes are allowable; and authorizing connections which are allowable according to the stored security policy information and transmitting corresponding authorization messages from the central control arrangement to the respective peripheral nodes. - View Dependent Claims (12)
- the method comprising;
Specification