Secured communications arrangement applying internet protocol security
First Claim
Patent Images
1. An endpoint comprising a computing system, the computing system including:
- a user level services component;
an input/output control (IOCTL) interface;
a kernel level callout driver interfaced to the user level services component via the IOCTL interface and configured to establish an IPsec tunnel with a remote endpoint;
a filter engine storing one or more filters defining endpoints authorized to communicate with the endpoint via the IPsec tunnel; and
a second kernel level driver interfaced to the user level services component via the IOCTL interface and residing between the kernel level callout driver and a network interface of the endpoint, the second kernel level driver configured to establish a secure tunnel using a second security protocol different from IPsec;
wherein the IPsec tunnel and secure tunnel are selectably established based on an addressing scheme of a network to which the endpoint is connected, the second kernel level driver configured to pass packets exchanged via the IPsec tunnel to the kernel level callout driver; and
wherein a user is associated with a community of interest, and wherein the user level services component manages storage of one or more community of interest keys including a key assigned to the community of interest associated with the user; and
wherein one or more community of interest keys are provided to the endpoint via the secure tunnel.
5 Assignments
0 Petitions
Accused Products
Abstract
A secure communications arrangement including an endpoint is disclosed. The endpoint includes a computing system. The computing system includes a user level services component and a kernel level callout driver interfaced to the user level services component and configured to establish an IPsec tunnel with a remote endpoint. The computing system also includes a filter engine storing one or more filters defining endpoints authorized to communicate with the endpoint via the IPsec tunnel. The computing system also includes a second kernel level driver configured to establish a secure tunnel using a second security protocol different from IPsec.
14 Citations
17 Claims
-
1. An endpoint comprising a computing system, the computing system including:
-
a user level services component; an input/output control (IOCTL) interface; a kernel level callout driver interfaced to the user level services component via the IOCTL interface and configured to establish an IPsec tunnel with a remote endpoint; a filter engine storing one or more filters defining endpoints authorized to communicate with the endpoint via the IPsec tunnel; and a second kernel level driver interfaced to the user level services component via the IOCTL interface and residing between the kernel level callout driver and a network interface of the endpoint, the second kernel level driver configured to establish a secure tunnel using a second security protocol different from IPsec; wherein the IPsec tunnel and secure tunnel are selectably established based on an addressing scheme of a network to which the endpoint is connected, the second kernel level driver configured to pass packets exchanged via the IPsec tunnel to the kernel level callout driver; and wherein a user is associated with a community of interest, and wherein the user level services component manages storage of one or more community of interest keys including a key assigned to the community of interest associated with the user; and wherein one or more community of interest keys are provided to the endpoint via the secure tunnel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A secure communications arrangement comprising:
-
an endpoint comprising a computing system, the computing system including; a user level services component; an input/output control (IOCTL) interface; a kernel level callout driver interfaced to the user level services component via the IOCTL interface and configured to establish an IPsec tunnel with a remote endpoint; a filter engine storing one or more filters defining endpoints authorized to communicate with the endpoint via the IPsec tunnel; and a second kernel level driver interfaced to the user level services component via the IOCTL interface and residing between the kernel level callout driver and a network interface of the endpoint, the second kernel level driver configured to establish a secure tunnel using a second security protocol different from Ipsec; wherein the IPsec tunnel and secure tunnel are selectably established based on an addressing scheme of a network to which the endpoint is connected, the second kernel level driver configured to pass packets exchanged via the IPsec tunnel to the kernel level callout driver; and an administration server configured to securely communicate with the endpoint via the secure tunnel established via the second kernel level driver, wherein the administration server is configured to provide one or more community of interest keys to the endpoint via the secure tunnel. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A secure communications arrangement comprising:
-
a first endpoint comprising a computing system, the computing system including; a user level services component; an input/output control (IOCTL) interface; a kernel level callout driver interfaced to the user level services component via the IOCTL interface and configured to establish an IPsec tunnel with a second endpoint; a filter engine storing one or more filters defining endpoints authorized to communicate with the first endpoint via the IPsec tunnel; and a second kernel level driver residing between the kernel level callout driver and a network interface of the endpoint, the second kernel level driver configured to the user level services component via the IOCTL interface and configured to establish a secure tunnel using a second security protocol different from IPsec; wherein the IPsec tunnel and secure tunnel are selectably established based on an addressing scheme of a network to which the endpoint is connected, the second kernel level driver configured to pass packets exchanged via the IPsec tunnel to the kernel level callout driver; the second endpoint comprising a second computing system, the second computing system including; a second user level services component; a second input/output control (IOCTL) interface; a second kernel level callout driver interfaced to the second user level services component via the second IOCTL interface and configured to establish an IPsec tunnel with the first endpoint; a second filter engine storing one or more filters defining endpoints authorized to communicate with the second endpoint via the IPsec tunnel; and a second kernel level driver interfaced to the user level services component via the second IOCTL interface and configured to establish a second secure tunnel using a second security protocol different from IPsec; a security appliance communicatively connected to the first endpoint via the secure tunnel and to the second endpoint via the second secure tunnel, in which the security appliance is configured to receive log events from the endpoint, wherein at least one of the log events is associated with the IPsec tunnel established with the first endpoint; and an administration server communicatively connected to the first and second endpoints and configured to provide community of interest keys to the first and second endpoints via the second secured tunnel.
-
Specification