Migrating a network to tunnel-less encryption
US8307423B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 17, 2008 |
| Grant date | Nov 6, 2012 |
| Priority date | — |
| Expiry date | Sep 6, 2031 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/20
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method comprises, in a network comprising VPN gateway devices configured only for plaintext data communication, configuring a policy server with a security policy including DO NOT ENCRYPT statements temporarily overriding PERMIT statements defining which packets should be encrypted; selecting one sub-group of the VPN gateway devices in which tunnel-less encryption is not configured; configuring of the VPN gateway devices in the sub-group for tunnel-less encryption by: configuring each device in a passive mode of operation in which the device is configured to receive either encrypted packets or plaintext packets matching encryption policy; configuring local DO NOT ENCRYPT statements matching traffic that is currently being converted to ciphertext; removing, from the access control list of the policy server, DO NOT ENCRYPT statements referring to protected LAN CIDR blocks behind the VPN gateway devices in the selected sub-group; configuring the sub-group to send encrypted packets by removing, from each of the VPN gateway devices in the selected sub-group, the local DO NOT ENCRYPT statements for the CIDR blocks currently being converted and protected by the selected sub-group; repea…
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.