Methods, systems, and computer program products for providing a virtual private gateway between user devices and various networks
First Claim
Patent Images
1. A method of operating a communication network, comprising:
- receiving traffic from a user device at a gateway device associated with a gateway service provider;
applying a traffic policy to the traffic at the gateway device, the traffic policy being associated with a secure network;
determining if the traffic is destined for the secure network;
routing the traffic to the secure network using a security protocol associated with the secure network responsive to determining that the traffic is destined for the secure network;
decrypting the traffic responsive to receiving the traffic using a first cryptographic technique;
encrypting the traffic using a second cryptographic technique different than the first cryptographic technique; and
routing the traffic to an unsecure network without passing through the secure network responsive to determining that the traffic is not destined for the secure network;
wherein the traffic encrypted using the first cryptographic technique cannot be decrypted using the second cryptographic technique;
wherein the secure network and the unsecure network are distinct physical networks separated from each other; and
wherein the user device is not part of the secure network and not part of the unsecure network.
1 Assignment
0 Petitions
Accused Products
Abstract
A communication network is operated by receiving traffic from a user device at a gateway device associated with a gateway service provider, which manages gateways to both secure and insecure networks. The gateway uses security policies to determine if traffic is destined to the secure or insecure network and applies appropriate policies which cause the traffic to be routed, dropped, or analyzed.
-
Citations
15 Claims
-
1. A method of operating a communication network, comprising:
-
receiving traffic from a user device at a gateway device associated with a gateway service provider; applying a traffic policy to the traffic at the gateway device, the traffic policy being associated with a secure network; determining if the traffic is destined for the secure network; routing the traffic to the secure network using a security protocol associated with the secure network responsive to determining that the traffic is destined for the secure network; decrypting the traffic responsive to receiving the traffic using a first cryptographic technique; encrypting the traffic using a second cryptographic technique different than the first cryptographic technique; and routing the traffic to an unsecure network without passing through the secure network responsive to determining that the traffic is not destined for the secure network; wherein the traffic encrypted using the first cryptographic technique cannot be decrypted using the second cryptographic technique; wherein the secure network and the unsecure network are distinct physical networks separated from each other; and wherein the user device is not part of the secure network and not part of the unsecure network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product for operating a communication network, comprising:
-
a non-transitory computer readable storage medium having computer readable program code embodied therein, the computer readable program code when executed by a processor causing the processor to perform operations comprising; receiving traffic from a user device at a gateway device associated with a gateway service provider; applying a traffic policy to the traffic at the gateway device, the traffic policy being associated with a secure network; determining if the traffic is destined for the secure network; routing the traffic to the secure network using a security protocol associated with the secure network responsive to determining that the traffic is destined for the secure network; decrypting the traffic responsive to receiving the traffic using a first cryptographic technique; encrypting the traffic using a second cryptographic technique different than the first cryptographic technique; and routing the traffic to an unsecure network without passing through the secure network responsive to determining that the traffic is not destined for the secure network; wherein the traffic encrypted using the first cryptographic technique cannot be decrypted using the second cryptographic technique; wherein the secure network and the unsecure network are distinct physical networks separated from each other; and wherein the user device is not part of the secure network and not part of the unsecure network.
-
-
12. A switching apparatus, comprising:
-
a processor; and a memory coupled to the processor and comprising computer readable program code that when executed by the processor causes the processor to perform operations comprising; receiving traffic from a user device at a gateway device associated with a gateway service provider; applying a traffic policy to the traffic at the gateway device, the traffic policy being associated with a secure network; determining if the traffic is destined for the secure network; routing the traffic to the secure network using a security protocol associated with the secure network responsive to determining that the traffic is destined for the secure network; decrypting the traffic responsive to receiving the traffic using a first cryptographic technique; encrypting the traffic using a second cryptographic technique different than the first cryptographic technique; and routing the traffic to an unsecure network without passing through the secure network responsive to determining that the traffic is not destined for the secure network; wherein the traffic encrypted using the first cryptographic technique cannot be decrypted using the second cryptographic technique; wherein the secure network and the unsecure network are distinct physical networks separated from each other; and wherein the user device is not part of the secure network and not part of the unsecure network. - View Dependent Claims (13, 14, 15)
-
Specification