Patent · US Active

Enforcing the principle of least privilege for large tunnel-less VPNs

US8155130B2 · kind B2 · utility

5Cited by

4References

22Claims

0Family size

Assignee

Cisco Technology, Inc. · US

Inventors

David McGrew · Poolesville, US
Brian Weis · San Jose, US
W. Scott Wainner · Sterling, US

Key dates

Filing date	Aug 5, 2008
Grant date	Apr 10, 2012
Priority date	—
Expiry date	Sep 14, 2029

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/0272
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Techniques for secure communication in a tunnel-less VPN are provided. A key server generates and provides, to each VPN gateway, different, yet mathematically-related keying material. A VPN gateway receives distinct keying material for each designated address block (e.g., subnet) behind the VPN gateway. In response to receiving a packet from one a source host whose address falls within one of the designated address blocks, the VPN gateway identifies the appropriate keying material. The VPN gateway determines an identifier for the address block that includes the destination address. The identifier and the identified keying material are used to generate a key. The VPN gateway encrypts the packet with the key and forwards the encrypted packet to the destination host.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.