Method and system for protecting data flow between pairs of branch nodes in a software-defined wide-area network

Assignee

• Versa Networks, Inc. · US

Inventors

• Apurva Mehta · Cupertino, US
• Ramasamy Ramanathan · Santa Clara, US
• Prasanna Siddalingaiah · Bengaluru, IN
• Manjunath Madhava Prabhu · Santa Clara, US
• Jayakrishnan Iyer · معلمی نژاد, US
• Shiva Shenoy · San Jose, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/083
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method for protecting data flows between pairs of branch nodes in a software-defined wide-area network (SD-WAN) is disclosed. In an embodiment, the method involves establishing secure connections between a SD-WAN controller and branch nodes in a plurality of branch nodes, wherein each branch node advertises a half-key to the SD-WAN controller via its secure connection, distributing advertised half-keys to branch nodes in the plurality of branch nodes via the established secure connections, wherein the advertised half-keys distributed to each branch node are the half-keys advertised by peer branch nodes of the branch node, and encrypting payloads for transmission from a first branch node in the plurality of branch nodes to a peer branch node in the plurality of branch nodes using a shared secret key, the shared secret key generated using the half-key of the first branch node and the distributed half-key of the peer branch node.