Centralized deployment of IPSec policy information
US6697857B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 9, 2000 |
| Grant date | Feb 24, 2004 |
| Priority date | — |
| Expiry date | Jun 4, 2022 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/20
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method of network security policy administration for a network client uses a finite state machine to maintain the security policy information of the network client. Security policy information may originate in a remote source such a directory storage as well as, or alternatively, locally in cache and local store locations. The finite state machine has four states, Initial, DS, Cache, and Local, and transitions between states responsive to the availability of security policy information from the various policy information sources. Furthermore, security policy updates occur via a differencing mechanism, wherein only filters that have changed are updated, minimizing impact on unchanged policy filters and the traffic protected by them, and minimizing lulls in policy coverage.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.