Secured networks and endpoints applying internet protocol security
First Claim
1. A method of managing secure communications states in an endpoint within a secure network, the method comprising:
- in a disconnected state, transmitting from a first endpoint to a second endpoint a first message including an authorization token, the authorization token including one or more entries, each entry corresponding to a community of interest associated with a user of the first endpoint and including an encryption key and a validation key associated with the first endpoint and encrypted with a corresponding community of interest key and entering a pending state;
in the pending state, receiving from the second endpoint a second message including a second authorization token at the first endpoint, the second authorization token including one or more entries, each entry corresponding to a community of interest associated with the second endpoint and including an encryption key and a validation key associated with the second endpoint and encrypted with the corresponding community of interest key;
based on receipt of the second message, entering an open state and initializing a tunnel between the first and second endpoints using an IPsec-based secured connection; and
upon termination of the tunnel due to a termination or timeout message issued by at least one of the first and second endpoints, entering a closed state;
wherein a community of interest includes a plurality of users having common user rights and segregating user groups by way of assignment of different cryptographic keys used for each user group, and any message from by an unauthorized endpoint that is not a member of the community of interested are not responded to in any way.
4 Assignments
0 Petitions
Accused Products
Abstract
A method of managing secure communications states in an endpoint within a secure network is disclosed. The method includes, in a disconnected state, transmitting from a first endpoint to a second endpoint a first message including an authorization token. The method further includes, in the pending state, receiving from the second endpoint a second message including a second authorization token at the first endpoint. The method includes, based on the receipt of the second message, entering an open state and initializing a tunnel between the first and second endpoints using an IPsec-based secured connection. The method also includes, upon termination of the tunnel due to a termination or timeout message issued by at least one of the first and second endpoints, entering a closed state.
6 Citations
20 Claims
-
1. A method of managing secure communications states in an endpoint within a secure network, the method comprising:
-
in a disconnected state, transmitting from a first endpoint to a second endpoint a first message including an authorization token, the authorization token including one or more entries, each entry corresponding to a community of interest associated with a user of the first endpoint and including an encryption key and a validation key associated with the first endpoint and encrypted with a corresponding community of interest key and entering a pending state; in the pending state, receiving from the second endpoint a second message including a second authorization token at the first endpoint, the second authorization token including one or more entries, each entry corresponding to a community of interest associated with the second endpoint and including an encryption key and a validation key associated with the second endpoint and encrypted with the corresponding community of interest key; based on receipt of the second message, entering an open state and initializing a tunnel between the first and second endpoints using an IPsec-based secured connection; and upon termination of the tunnel due to a termination or timeout message issued by at least one of the first and second endpoints, entering a closed state; wherein a community of interest includes a plurality of users having common user rights and segregating user groups by way of assignment of different cryptographic keys used for each user group, and any message from by an unauthorized endpoint that is not a member of the community of interested are not responded to in any way. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An endpoint computing system comprising:
-
a processor; a memory communicatively connected to the processor and storing secured communications software, the secured communications software, when executed by the processor, causing the endpoint computing system to perform a method of managing secure communications states within a secure network, the method comprising; in a disconnected state, transmitting from the endpoint computing system to a second endpoint a first message including an authorization token, the authorization token including one or more entries, each entry corresponding to a community of interest associated with a user of the endpoint computing system and including an encryption key and a validation key associated with the endpoint computing system and encrypted with a corresponding community of interest key and entering a pending state; in the pending state, receiving from the second endpoint a second message including a second authorization token at the endpoint computing system, the second authorization token including one or more entries, each entry corresponding to a community of interest associated with the second endpoint and including an encryption key and a validation key associated with the second endpoint and encrypted with the corresponding community of interest key; based on receipt of the second message, entering an open state and initializing a tunnel between the endpoint computing system and the second endpoint using an IPsec-based secured connection; and upon termination of the tunnel due to a termination or timeout message issued by at least one of the endpoint computing system and the second endpoint, entering a closed state; wherein a community of interest includes a plurality of users having common user rights and segregating user groups by way of assignment of different cryptographic keys used for each user group, and any message from by an unauthorized endpoint that is not a member of the community of interested are not responded to in any way. - View Dependent Claims (16, 17)
-
-
18. A system comprising:
-
a first endpoint, the first endpoint including; a processor; a memory communicatively connected to the processor and storing secured communications software, the secured communications software, when executed by the processor, causing an endpoint computing system to perform a method of managing secure communications states within a secure network, the method comprising; in a disconnected state, transmitting from the first endpoint to a second endpoint a first message including an authorization token, the authorization token including one or more entries, each entry corresponding to a community of interest associated with a user of the first endpoint and including an encryption key and a validation key associated with the endpoint computing system and encrypted with a corresponding community of interest key and entering a pending state; in the pending state, receiving from the second endpoint a second message including a second authorization token at the first endpoint, the second authorization token including one or more entries, each entry corresponding to a community of interest associated with the second endpoint and including an encryption key and a validation key associated with the second endpoint and encrypted with the corresponding community of interest key, the second message further including a signature, an encryption value, and one or more response codes identifying a status of the second endpoint to the first endpoint; based on receipt of the second message, entering an open state and initializing a tunnel between the first endpoint and the second endpoint using an IPsec-based secured connection; and upon termination of the tunnel due to a termination or timeout message issued by at least one of the first endpoint and the second endpoint, entering a closed state; wherein the one or more response codes identify the second endpoint to the first endpoint as a proxy for a third endpoint; wherein a community of interest includes a plurality of users having common user rights and segregating user groups by way of assignment of different cryptographic keys used for each user group, and any message from by an unauthorized endpoint that is not a member of the community of interested are not responded to in any way. - View Dependent Claims (19, 20)
-
Specification