IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0585727
(2012-08-14)
|
등록번호 |
US-8650390
(2014-02-11)
|
발명자
/ 주소 |
- Sun, Chih-Tiang
- Yum, Kiho
- Matthews, Abraham R.
|
출원인 / 주소 |
|
대리인 / 주소 |
Hamilton, DeSanctis & Cha LLP
|
인용정보 |
피인용 횟수 :
8 인용 특허 :
74 |
초록
▼
Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers is provided. According to one embodiment, a request to establish an IP connection between two locations of a subscribe
Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers is provided. According to one embodiment, a request to establish an IP connection between two locations of a subscriber is received at a service management system (SMS) of the service provider. A tunnel is established between service processing switches coupled in communication through a public network. First and second packet routing nodes within the service processing switches are associated with the first and second locations, respectively. An encryption configuration decision is bound with a routing configuration of the packet routing nodes, by, when the request is to establish a secure IP connection, configuring, the packet routing nodes to cause all packets transmitted to the other location to be encrypted and to cause all packets received from the other location to be decrypted.
대표청구항
▼
1. A method comprising: receiving, at a service management system (SMS) of a managed security service provider, a request to establish an Internet Protocol (IP) connection between a first location of a first subscriber of a plurality of subscribers of the managed security service provider and a seco
1. A method comprising: receiving, at a service management system (SMS) of a managed security service provider, a request to establish an Internet Protocol (IP) connection between a first location of a first subscriber of a plurality of subscribers of the managed security service provider and a second location of the first subscriber; andestablishing a tunnel between a first service processing switch of the managed security service provider and a second service processing switch of the managed security service provider coupled in communication with the first service processing switch through a public network by associating a first packet routing node within the first service processing switch with the first location;associating a second packet routing node within the second service processing switch with the second location;binding an encryption configuration decision associated with the request with a routing configuration of the first packet routing node, by, when the request is to establish a secure IP connection, configuring, the first packet routing node (i) to cause all packets transmitted from the first location to the second location to be encrypted prior to transmission through the public network by inserting an encryption node of the first service processing switch into a first path between the first location and the second location and (ii) to cause all packets received from the second location to be decrypted after transmission through the public network by inserting a decryption node of the first service processing switch into a second path between the second location and the first location; andbinding the encryption configuration decision with a routing configuration of the second packet routing node, by, when the request is to establish a secure IP connection, configuring, the second packet routing node (i) to cause all packets transmitted from the second location to the first location to be encrypted prior to transmission through the public network by inserting an encryption node of the second service processing switch into the second path and (ii) to cause all packets received from the first location to be decrypted after transmission through the public network by inserting a decryption node of the second service processing switch into the first path. 2. The method of claim 1, wherein the first packet routing node comprises a virtual router of a plurality of virtual routers running within the first service processing switch. 3. The method of claim 1, wherein the second packet routing node comprises a virtual router of a plurality of virtual routers running within the second service processing switch. 4. The method of claim 1, wherein the request to establish the IP connection is received by the SMS from a customer network management (CNM) system of the first subscriber. 5. The method of claim 1, wherein the request to establish the IP connection is received by the SMS via a user interface associated with the SMS. 6. A system operable by a managed security service provider, the system comprising: a service management system (SMS) configured to operate within a service provider network;a first service processing switch configured to operate within the service provider network;a second service processing switch configured to operate within the service provider network and to be coupled to the first service processing switch via a public network;wherein the SMS is further configured to: receive a request to establish an Internet Protocol (IP) connection between a first location of a first subscriber of a plurality of subscribers of the managed security service provider and a second location of the first subscriber; andcause a tunnel to be established between the first service processing switch and the second service processing switch by causing a first packet routing node within the first service processing switch to be associated with the first location; causing a second packet routing node within the second service processing switch to be associated with the second location;causing an encryption configuration decision associated with the request to be bound with a routing configuration of the first packet routing node, by, when the request is to establish a secure IP connection, configuring, the first packet routing node (i) to cause all packets transmitted from the first location to the second location to be encrypted prior to transmission through the public network by inserting an encryption node of the first service processing switch into a first path between the first location and the second location and (ii) to cause all packets received from the second location to be decrypted after transmission through the public network by inserting decryption node of the first service processing switch into a second path between the second location and the first location; andcausing the encryption configuration decision to be bound with a routing configuration of the second packet routing node, by, when the request is to establish a secure IP connection, configuring, the second packet routing node (i) to cause all packets transmitted from the second location to the first location to be encrypted prior to transmission through the public network by inserting an encryption node of the second service processing switch into the second path and (ii) to cause all packets received from the first location to be decrypted after transmission through the public network by inserting a decryption node of the second service processing switch into the first path. 7. The system of claim 6, wherein the first packet routing node comprises a virtual router of a plurality of virtual routers running within the first service processing switch. 8. The system of claim 6, wherein the second packet routing node comprises a virtual router of a plurality of virtual routers running within the second service processing switch. 9. The system of claim 6, wherein the request to establish the IP connection is received by the SMS from a customer network management (CNM) system of the first subscriber. 10. The system of claim 6, wherein the request to establish the IP connection is received by the SMS via a user interface associated with the SMS. 11. A non-transitory computer-readable storage medium tangibly embodying a set of instructions, which when executed by one or more processors of a service management system (SMS) of a managed security service provider, cause the one or more processors to perform a method comprising: receiving a request to establish an Internet Protocol (IP) connection between a first location of a first subscriber of a plurality of subscribers of the managed security service provider and a second location of the first subscriber; andcausing to be established a tunnel between a first service processing switch of the managed security service provider and a second service processing switch of the managed security service provider coupled in communication with the first service processing switch through a public network by causing a first packet routing node within the first service processing switch to be associated with the first location; causing a second packet routing node within the second service processing switch to be associated with the second location;causing an encryption configuration decision associated with the request to be bound with a routing configuration of the first packet routing node, by, when the request is to establish a secure IP connection, configuring, the first packet routing node (i) to cause all packets transmitted from the first location to the second location to be encrypted prior to transmission through the public network by inserting encryption node of the first service processing switch into a first path between the first location and the second location and (ii) to cause all packets received from the second location to be decrypted after transmission through the public network by inserting a decryption node of the first service processing switch into a second path between the second location and the first location; andcausing the encryption configuration decision to be bound with a routing configuration of the second packet routing node, by, when the request is to establish a secure IP connection, configuring, the second packet routing node (i) to cause all packets transmitted from the second location to the first location to be encrypted prior to transmission through the public network by inserting an encryption node of the second service processing switch into the second path and (ii) to cause all packets received from the first location to be decrypted after transmission through the public network by inserting a decryption node of the second service processing switch into the first path. 12. The non-transitory computer-readable medium of claim 11, wherein the first packet routing node comprises a virtual router of a plurality of virtual routers running within the first service processing switch. 13. The non-transitory computer-readable medium of claim 11, wherein the second packet routing node comprises a virtual router of a plurality of virtual routers running within the second service processing switch. 14. The non-transitory computer-readable medium of claim 11, wherein the request to establish the IP connection is received by the SMS from a customer network management (CNM) system of the first subscriber. 15. The non-transitory computer-readable medium of claim 11, wherein the request to establish the IP connection is received by the SMS via a user interface associated with the SMS.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.