Dynamic group creation and traffic flow registration under a group in a group key infrastructure
First Claim
1. A method, comprising:
- receiving a registration request to dynamically register a traffic flow, whereinthe registration request is sent from a registration node,the registration request is received at a key server policy manager,the key server policy manager and the registration node are communicatively coupled via a network, andthe registration request comprises a group identifier (ID);
determining whether to accept the registration request; and
performing the registration request, in response to a determination to accept the registration request, wherein the performing the registration request comprisesdetermining whether the group ID identifies a new security group that does not presently exist in the network, andin response to determining that the group ID identifies the new security group that does not presently exist in the network, creating the new security group identified by the group ID.
1 Assignment
0 Petitions
Accused Products
Abstract
Upon detection of a new traffic flow, a registration node can dynamically register the new traffic flow with a key server policy manager by sending a registration request on behalf of the new traffic flow. A registration request indicates the new traffic flow should be protected by a security group. A registration request may also include a request to dynamically generate a new security group to protect the traffic flow. The registration request is received by a key server policy manager, which performs authentication and authorization checks of the requesting registration node, and determines whether to accept or reject the registration request. If accepted, the key server policy manager registers the new traffic flow by including a description of the traffic flow in a group policy of an existing security group or a newly created security group, depending on the registration request.
25 Citations
21 Claims
-
1. A method, comprising:
-
receiving a registration request to dynamically register a traffic flow, wherein the registration request is sent from a registration node, the registration request is received at a key server policy manager, the key server policy manager and the registration node are communicatively coupled via a network, and the registration request comprises a group identifier (ID); determining whether to accept the registration request; and performing the registration request, in response to a determination to accept the registration request, wherein the performing the registration request comprises determining whether the group ID identifies a new security group that does not presently exist in the network, and in response to determining that the group ID identifies the new security group that does not presently exist in the network, creating the new security group identified by the group ID. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method, comprising:
-
detecting a new traffic flow at a registration node, wherein the new traffic flow is identified by a new traffic flow identifier (ID), and the new traffic flow ID does not match any traffic flow IDs present in existing group policies configured at the registration node; and sending a registration request to a key server policy manager, wherein the registration request comprises a request to dynamically register the new traffic flow, the new traffic flow identifier, and a group ID that identifies a security group that should protect the new traffic flow. - View Dependent Claims (8, 9, 21)
-
-
10. A system comprising:
-
one or more processors; and one or more memories coupled to the one or more processors and configured to store instructions executable by the one or more processors, the instructions configured to implement a policy manager configured to receive a registration request to dynamically register a traffic flow, wherein the registration request is sent from a registration node, the policy manager and the registration node are communicatively coupled via a network, and the registration request comprises a group identifier (ID), determine whether to accept the registration request, and perform the registration request, in response to a determination to accept the registration request, wherein the policy manager is further configured to determine whether the group ID identifies a new security group that does not presently exist in the network, and in response to a determination that the group ID identifies the new security group that does not presently exist in the network, create the new security group identified by the group ID. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus comprising:
-
a line card configured to receive a registration request to dynamically register a traffic flow, wherein the registration request is sent from a registration node, the registration node and the line card are communicatively coupled via a network, and the registration request comprises a group identifier (ID); and a control module coupled to the line card, the control module configured to determine whether to accept the registration request, and perform the registration request, in response to a determination to accept the registration request, wherein the control module is further configured to determine whether the group ID identifies a new security group that does not presently exist in the network, and in response to a determination that the group ID identifies the new security group that does not presently exist in the network, create the new security group identified by the group ID.
-
-
20. An apparatus comprising:
-
a line card configured to receive packets; and a control module coupled to the line card, the control module configured to detect packets of a new traffic flow, wherein the new traffic flow is identified by a new traffic flow identifier (ID), and the new traffic flow ID does not match any traffic flow IDs present in existing group policies configured at a registration node, and send a registration request to a key server policy manager, wherein the registration request comprises a request to dynamically register the new traffic flow, the new traffic flow identifier, and a group identifier (ID) that identifies a security group that should protect the new traffic flow.
-
Specification