WO2008039506A3 - Deploying group vpns and security groups over an end-to-end enterprise network and ip encryption for vpns - Google Patents

Deploying group vpns and security groups over an end-to-end enterprise network and ip encryption for vpns Download PDF

Info

Publication number
WO2008039506A3
WO2008039506A3 PCT/US2007/020811 US2007020811W WO2008039506A3 WO 2008039506 A3 WO2008039506 A3 WO 2008039506A3 US 2007020811 W US2007020811 W US 2007020811W WO 2008039506 A3 WO2008039506 A3 WO 2008039506A3
Authority
WO
WIPO (PCT)
Prior art keywords
network
security
vpns
group
encryption
Prior art date
Application number
PCT/US2007/020811
Other languages
French (fr)
Other versions
WO2008039506A2 (en
WO2008039506B1 (en
Inventor
Serge-Paul Carrasco
Original Assignee
Cipheroptics Inc
Serge-Paul Carrasco
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/529,560 external-priority patent/US8607301B2/en
Priority claimed from US11/656,077 external-priority patent/US8284943B2/en
Application filed by Cipheroptics Inc, Serge-Paul Carrasco filed Critical Cipheroptics Inc
Publication of WO2008039506A2 publication Critical patent/WO2008039506A2/en
Publication of WO2008039506A3 publication Critical patent/WO2008039506A3/en
Publication of WO2008039506B1 publication Critical patent/WO2008039506B1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/50Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]
    • H04L45/502Frame based
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer

Abstract

Group Virtual Private Networks (Group VPNs) are provided for different types of machines in a data processing network Security groups are defined by a security policy for each member, wherein security policies and encryption keys are deployed to members of a security group using an IP Security (IPSec) network infrastructure with authentication via VPN mechanisms The group VPNs provide a trusted Internet Protocol (IP) network that can leverage and co-exist with security access control technologies, such as endpoint security that controls client network access or application security that controls user access to enterprise applications Additionally, IPSec protocol application to data packets on the enterprise network environment provide security for the data packet forwarding through the network Encryption of IP traffic using IPSec at the edge of the enterprise network supports resilient BGP/MPLS IP VPN network designs In the system a network A (100A, 101 A, 170A) communicates with network B (100, 101 A, 170A) through a network (150).
PCT/US2007/020811 2006-09-27 2007-09-27 Deploying group vpns and security groups over an end-to-end enterprise network and ip encryption for vpns WO2008039506A2 (en)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US52955906A 2006-09-27 2006-09-27
US11/529,560 US8607301B2 (en) 2006-09-27 2006-09-27 Deploying group VPNS and security groups over an end-to-end enterprise network
US11/529,560 2006-09-27
US11/529,559 2006-09-27
US11/656,077 US8284943B2 (en) 2006-09-27 2007-01-22 IP encryption over resilient BGP/MPLS IP VPN
US11/656,077 2007-01-22

Publications (3)

Publication Number Publication Date
WO2008039506A2 WO2008039506A2 (en) 2008-04-03
WO2008039506A3 true WO2008039506A3 (en) 2008-08-28
WO2008039506B1 WO2008039506B1 (en) 2008-10-16

Family

ID=39230822

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/020811 WO2008039506A2 (en) 2006-09-27 2007-09-27 Deploying group vpns and security groups over an end-to-end enterprise network and ip encryption for vpns

Country Status (1)

Country Link
WO (1) WO2008039506A2 (en)

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8938782B2 (en) * 2010-03-15 2015-01-20 Symantec Corporation Systems and methods for providing network access control in virtual environments
CN104247367B (en) * 2012-03-30 2017-08-04 华为技术有限公司 Lift IPsec performances and anti-eavesdrop security
US9344403B2 (en) 2013-03-15 2016-05-17 Tempered Networks, Inc. Industrial network security
US10270809B2 (en) 2013-12-02 2019-04-23 Akamai Technologies, Inc. Virtual private network (VPN)-as-a-service with delivery optimizations while maintaining end-to-end data security
US9729580B2 (en) 2014-07-30 2017-08-08 Tempered Networks, Inc. Performing actions via devices that establish a secure, private network
US9300635B1 (en) 2015-06-15 2016-03-29 Tempered Networks, Inc. Overlay network with position independent insertion and tap points
CN107086958B (en) * 2016-02-16 2020-02-18 中国移动通信集团江苏有限公司 Data transmission method, wap gateway and system
US9729581B1 (en) 2016-07-01 2017-08-08 Tempered Networks, Inc. Horizontal switch scalability via load balancing
CN106230793A (en) * 2016-07-22 2016-12-14 安徽皖通邮电股份有限公司 A kind of MPLSVPN of realization operates in the method on the IPVPN of encryption
US10069726B1 (en) 2018-03-16 2018-09-04 Tempered Networks, Inc. Overlay network identity-based relay
US10116539B1 (en) 2018-05-23 2018-10-30 Tempered Networks, Inc. Multi-link network gateway with monitoring and dynamic failover
US10158545B1 (en) 2018-05-31 2018-12-18 Tempered Networks, Inc. Monitoring overlay networks
US10911418B1 (en) 2020-06-26 2021-02-02 Tempered Networks, Inc. Port level policy isolation in overlay networks
US11070594B1 (en) 2020-10-16 2021-07-20 Tempered Networks, Inc. Applying overlay network policy based on users
US10999154B1 (en) 2020-10-23 2021-05-04 Tempered Networks, Inc. Relay node management for overlay networks
CN113676469A (en) * 2021-08-17 2021-11-19 盐城工学院 Enterprise network security management method
CN117353959A (en) * 2022-06-29 2024-01-05 深圳市中兴微电子技术有限公司 Data transmission method, electronic device and computer storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020067725A1 (en) * 2000-12-06 2002-06-06 Naoki Oguchi Virtual network construction method, system, and relaying apparatus
US20060187942A1 (en) * 2005-02-22 2006-08-24 Hitachi Communication Technologies, Ltd. Packet forwarding apparatus and communication bandwidth control method
US20060198368A1 (en) * 2005-03-04 2006-09-07 Guichard James N Secure multipoint internet protocol virtual private networks

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020067725A1 (en) * 2000-12-06 2002-06-06 Naoki Oguchi Virtual network construction method, system, and relaying apparatus
US20060187942A1 (en) * 2005-02-22 2006-08-24 Hitachi Communication Technologies, Ltd. Packet forwarding apparatus and communication bandwidth control method
US20060198368A1 (en) * 2005-03-04 2006-09-07 Guichard James N Secure multipoint internet protocol virtual private networks

Also Published As

Publication number Publication date
WO2008039506A2 (en) 2008-04-03
WO2008039506B1 (en) 2008-10-16

Similar Documents

Publication Publication Date Title
WO2008039506A3 (en) Deploying group vpns and security groups over an end-to-end enterprise network and ip encryption for vpns
Quinn et al. Problem statement for service function chaining
US7809126B2 (en) Proxy server for internet telephony
US8625599B2 (en) Method and system for dynamic secured group communication
Gupta et al. Authentication/confidentiality for OSPFv3
Jahan et al. Application specific tunneling protocol selection for Virtual Private Networks
WO2003060671A3 (en) Communication security system
Chavez et al. Techniques for the dynamic randomization of network attributes
WO2009146300A1 (en) Regional virtual vpn
WO2014142985A1 (en) Emulate vlans using macsec
WO2008108821A2 (en) Virtual security interface
Mendonca et al. A flexible in-network IP anonymization service
Liyanage et al. A scalable and secure VPLS architecture for provider provisioned networks
Liyanage et al. Securing virtual private LAN service by efficient key management
Liyanage et al. Secure hierarchical VPLS architecture for provider provisioned networks
Quinn et al. RFC 7498: Problem Statement for Service Function Chaining
Liyanage et al. Secure virtual private LAN services: An overview with performance evaluation
Liyanage et al. Secure hierarchical virtual private LAN services for provider provisioned networks
Fancy et al. An evaluation of alternative protocols-based Virtual Private LAN Service (VPLS)
Adeyinka Analysis of IPsec VPNs performance in a multimedia environment
Singh et al. A Novel approach for the Analysis & Issues of IPsec VPN
Ashraf et al. SECURE INTER-VLAN IPv6 ROUTING: IMPLEMENTATION & EVALUATION.
Liyanage et al. Enhancing security, scalability and flexibility of virtual private LAN services
Jee et al. Security in Network Virtualization: A Survey
Nacht The spectrum of modern firewalls

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07852436

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07852436

Country of ref document: EP

Kind code of ref document: A2