Decoupling access control from key management in a network

Assignee

• Sun Microsystems Inc. · US

Inventors

• Germano Caronni · Palo Alto, US
• Amit Gupta · Foster City, US
• Tom R. Markson · San Mateo, US
• Sandeep Kumar · Cupertino, US
• Christoph L. Schuba · Mountain View, US
• Glenn C. Scott · Portola Valley, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0272
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Methods and systems consistent with the present invention provide a Supernet, a private network constructed out of components from a public-network infrastructure. Supernet nodes can be located on virtually any device in the public network (e.g., the Internet), and both their communication and utilization of resources occur in a secure manner. As a result, the users of a Supernet benefit from their network infrastructure being maintained for them as part of the public-network infrastructure, while the level of security they receive is similar to that of a private network. The Supernet has an access control component and a key management component which are decoupled. The access control component implements an access control policy that determines which users are authorized to use the network, and the key management component implements the network's key management policies, which indicate when keys are generated and what encryption algorithm is used. Both access control and key management are separately configurable. Thus, the Supernet provides great flexibility by allowing different key management policies to be used with the same access control component.