Secure network architecture

Assignee

• BRITISH TELECOMMUNICATIONS public limited company · GB

Inventors

• Thomas J. Martin · Sanford, US
• Christopher Rutherford · Schaerbeek - Schaarbeek, BE
• Liwen He · Ipswich, GB
• Bryan Littlefair · Bury St Edmunds, GB
• Dinesh Kallath · London, GB

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/20
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

The present invention provides a star-connected network (C1-C4, P1-P8) having a number of peripheral nodes (P1-P8) and a central control arrangement (C1-C4). Each peripheral node has means for restricting communications across the network to the central control arrangement using a respective encrypted connection unless the peripheral node has received explicit authorization from the control arrangement to set up a direct connection with another peripheral node. The central control arrangement comprises: means for establishing an encrypted connection with each peripheral node; means for exchanging control packets with two or more peripheral nodes using two or more respective encrypted connections in order to set up an authorized connection between two peripheral nodes; a database storing security policy information specifying what connections between peripheral nodes are allowable; and authorization means for authorizing connections which are allowable according to the stored security policy information using the control packet exchanging means.