Method and apparatus for avoiding double-encryption in site-to-site IPsec VPN connections
US9712504B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Apr 22, 2015 |
| Grant date | Jul 18, 2017 |
| Priority date | — |
| Expiry date | Jul 6, 2035 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/164
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A system and a method are described that reduce or eliminate inefficiencies caused by double encryption in network tunnel communications. In particular, a set of virtual tunnels may be established that require a lower level of encryption in comparison to a full-encryption tunnel. Upon determining that a session is end-to-end encrypted, the system and method described herein may assign the session to one of the virtual tunnels instead of the full-encryption tunnel. By intelligently assigning sessions to virtual tunnels when encryption has already been applied, double encryption may be avoided, which will improve throughput and decrease processor usage. However, in cases where a session is not end-to-end encrypted, the full-encryption tunnel may be utilized to ensure secure communications are maintained between gateways.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.