Security system for a data communications network
First Claim
1. Method for setting up communication parameters in a virtual private network node for connecting to at least one other node in the virtual private network comprising at least the steps of reading information from a hardware token for determining how to connect to a packet data network, reading information from the hardware token for determining how to obtain configuration information for the virtual private network node, connecting to a packet data network on the basis of information read from the hardware token, obtaining configuration information for the virtual private network node on the basis of information read from the hardware token, and using obtained configuration information for setting up the communication parameters.
13 Assignments
0 Petitions
Accused Products
Abstract
This invention discloses a method for configuring a security-aware networking device in manner which is secure and still easy for users and administrators.
142 Citations
19 Claims
-
1. Method for setting up communication parameters in a virtual private network node for connecting to at least one other node in the virtual private network comprising at least the steps of
reading information from a hardware token for determining how to connect to a packet data network, reading information from the hardware token for determining how to obtain configuration information for the virtual private network node, connecting to a packet data network on the basis of information read from the hardware token, obtaining configuration information for the virtual private network node on the basis of information read from the hardware token, and using obtained configuration information for setting up the communication parameters.
-
9. Method for setting up a secured communications network, which net work comprises at least two security nodes connected to a packet data network, comprising at least the steps of
producing configuration information for the security nodes, storing said produced configuration information, inserting a part of configuration information corresponding to a certain security node into a certain hardware token, reading of configuration information from said certain hardware token by said certain security node, obtaining the rest of produced configuration information for said certain security node by said certain security node on the basis of data read from said certain hardware token, and setting of communication parameters within said certain security node on the basis of said obtained configuration information.
-
16. Method for producing and distributing configuration data for a virtual private network, which network comprises at least two security nodes connected to a packet data network, comprising at least the steps of
producing configuration information for the security nodes; -
and for each security node for which configuration information was produced, storing a part of said produced configuration information of the security node in a hardware token corresponding to the security node, encrypting at least a part of configuration information corresponding to the security node, digitally signing said at least a part of configuration information, and storing said encrypted and digitally signed configuration information in a memory means accessible to a distribution entity.
-
-
18. A system for managing configuration information of a secure communications network, said secure communications network having a plurality of security nodes connected to a packet data network, comprising at least
a first computer node, a configuration management entity in said first computer node, a second computer node, a distribution entity in said second computer node, a memory means accessible by said distribution entity, connected to said first computer node, means for inserting information in a hardware token, computer software code means for generating configuration information, computer software code means for encrypting a set of configuration information, computer software code means for digitally signing a set of configuration information, computer software code means for causing a set of configuration information to be stored in said memory means, computer software code means in said distribution entity for receiving a request for configuration information from a security node a nd for transmitting a set of configuration information as a response to receiving a request for configuration information.
-
19. A security device for a secured communications network which security device has at least two network interfaces, a memory module and a processor, comprising at least
a hardware token reader for connecting to a hardware token and for reading information from a hardware token, computer software code means for reading information from a hardware token, computer software code means for transmitting a request of configuration information to a network address, computer software code means for receiving a set of configuration information, computer software code means for decrypting a received set of configuration information, computer software code means for verifying authenticity of a received set of configuration information on the basis of a security item obtained from a hardware token, and computer software code means for setting of communication parameters on the basis of a received set of configuration information.
Specification