18542247. END-TO-END NETWORK ENCRYPTION FROM CUSTOMER ON-PREMISE NETWORK TO CUSTOMER VIRTUAL CLOUD NETWORK USING CUSTOMER-MANAGED KEYS simplified abstract (Oracle International Corporation)
END-TO-END NETWORK ENCRYPTION FROM CUSTOMER ON-PREMISE NETWORK TO CUSTOMER VIRTUAL CLOUD NETWORK USING CUSTOMER-MANAGED KEYS
Organization Name
Oracle International Corporation
Inventor(s)
Nachiketh Rao Potlapally of McLean VA (US)
Pradeep Vincent of Bothell WA (US)
Jagwinder Singh Brar of Bellevue WA (US)
END-TO-END NETWORK ENCRYPTION FROM CUSTOMER ON-PREMISE NETWORK TO CUSTOMER VIRTUAL CLOUD NETWORK USING CUSTOMER-MANAGED KEYS - A simplified explanation of the abstract
This abstract first appeared for US patent application 18542247 titled 'END-TO-END NETWORK ENCRYPTION FROM CUSTOMER ON-PREMISE NETWORK TO CUSTOMER VIRTUAL CLOUD NETWORK USING CUSTOMER-MANAGED KEYS
Simplified Explanation
The abstract describes a method for end-to-end encryption of a virtual cloud network using a VPN tunnel terminated at a host network headend device. The encryption keys are secured in hardware and managed by the customer. The network headend device decrypts data packets from the customer device and routes them to a virtual machine in the virtual cloud network after encrypting them with a second key.
- Simplified Explanation:
- End-to-end encryption of virtual cloud network using VPN tunnel terminated at host network headend device. - Encryption keys secured in hardware and managed by customer. - Network headend device decrypts data packets from customer device and routes them to virtual machine after encrypting with second key.
- Potential Applications:
- Secure data transmission in virtual cloud networks - Protection of sensitive information in cloud computing environments
- Problems Solved:
- Ensures data privacy and security in virtual cloud networks - Prevents unauthorized access to transmitted data
- Benefits:
- Enhanced data protection - Secure communication within virtual cloud networks - Customer-managed encryption keys for added security
- Potential Commercial Applications:
- Securing Virtual Cloud Networks for Enhanced Data Protection
- Potential Commercial Applications:
- Possible Prior Art:
- Existing methods of VPN tunneling for secure data transmission - Hardware-based encryption key management systems
- Unanswered Questions:
- How does the hardware-based encryption key management system ensure the security of the keys?
- The abstract mentions that the encryption keys are secured in hardware, but it does not provide details on the specific mechanisms used to ensure the security of these keys. Further information on the encryption key storage and access control mechanisms would be helpful.
- What are the specific encryption algorithms used in this method?
- While the abstract describes the encryption and decryption process, it does not mention the specific encryption algorithms employed. Understanding the encryption algorithms used can provide insights into the level of security offered by this method.
Original Abstract Submitted
For end-to-end encryption of a virtual cloud network, a VPN tunnel from a customer device is terminated at a host network headend device using encryption keys secured in hardware and managed by the customer. The network headend device can be a card in a bare-metal server with one or more network virtualization devices. The network headend device is configured to receive a first key provisioned by a customer; receive a first data packet sent from a device of the customer; and decrypt the first data packet using the first key to obtain information. A network virtualization device is configured to receive the information from the network headend device; ascertain that the information is to be sent to a virtual machine in a virtual cloud network; ascertain that data in the virtual cloud network is configured to be encrypted; and encrypt the information with a second key to generate a second data packet before routing the second data packet to the virtual machine.
