Invention Grant
US08155130B2 Enforcing the principle of least privilege for large tunnel-less VPNs
有权
实施大型无隧道VPN的最小权限原则
- Patent Title: Enforcing the principle of least privilege for large tunnel-less VPNs
- Patent Title (中): 实施大型无隧道VPN的最小权限原则
-
Application No.: US12186044Application Date: 2008-08-05
-
Publication No.: US08155130B2Publication Date: 2012-04-10
- Inventor: David McGrew , Brian Weis , W. Scott Wainner
- Applicant: David McGrew , Brian Weis , W. Scott Wainner
- Applicant Address: US CA San Jose
- Assignee: Cisco Technology, Inc.
- Current Assignee: Cisco Technology, Inc.
- Current Assignee Address: US CA San Jose
- Agency: Hickman Palermo Truong & Becker LLP
- Agent Daniel D. Ledesma
- Main IPC: H04L12/28
- IPC: H04L12/28 ; H04L12/56 ; G04F7/00 ; G04F17/00 ; G04F15/16
Abstract:
Techniques for secure communication in a tunnel-less VPN are provided. A key server generates and provides, to each VPN gateway, different, yet mathematically-related keying material. A VPN gateway receives distinct keying material for each designated address block (e.g., subnet) behind the VPN gateway. In response to receiving a packet from one a source host whose address falls within one of the designated address blocks, the VPN gateway identifies the appropriate keying material. The VPN gateway determines an identifier for the address block that includes the destination address. The identifier and the identified keying material are used to generate a key. The VPN gateway encrypts the packet with the key and forwards the encrypted packet to the destination host.
Public/Granted literature
- US20100034207A1 ENFORCING THE PRINCIPLE OF LEAST PRIVILEGE FOR LARGE TUNNEL-LESS VPNs Public/Granted day:2010-02-11
Information query
