End-to-end IP security
US7739728B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jan 11, 2006 |
| Grant date | Jun 15, 2010 |
| Priority date | — |
| Expiry date | Apr 17, 2029 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/061
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
End-to-end security is established automatically for network communications. In one embodiment a first host is associated with a policy manager that determines, for the first host, whether a secure session is permissible. If the secure session is determined to be permissible then the policy manager signals to intermediate devices in order to prompt establishment of SA/DA pinholes. In an alternative embodiment a neutral policy broker determines, for both first and second hosts, whether the secure session is permissible and signals to the intermediate devices to establish the pinholes if the secure session is permissible. In another embodiment the end-to-end session includes back-to-back tunnel mode sessions linked by at least one intermediate device. The intermediate device is operative to decrypt and re-encrypt traffic in the session, and may be configured by a policy manager or policy broker. Further, another security association can be nested in one or more segments of the session in a manner that permits one host to access a third host or secure resource which is shielded from the second host.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.