END-TO-END NETWORK ENCRYPTION FROM CUSTOMER ON-PREMISE NETWORK TO CUSTOMER VIRTUAL CLOUD NETWORK USING CUSTOMER-MANAGED KEYS

Organization Name

oracle international corporation

Inventor(s)

Nachiketh Rao Potlapally of McLean VA (US)

Pradeep Vincent of Bothell WA (US)

Jagwinder Singh Brar of Bellevue WA (US)

END-TO-END NETWORK ENCRYPTION FROM CUSTOMER ON-PREMISE NETWORK TO CUSTOMER VIRTUAL CLOUD NETWORK USING CUSTOMER-MANAGED KEYS - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240129280 titled 'END-TO-END NETWORK ENCRYPTION FROM CUSTOMER ON-PREMISE NETWORK TO CUSTOMER VIRTUAL CLOUD NETWORK USING CUSTOMER-MANAGED KEYS

Simplified Explanation

The abstract describes a method for end-to-end encryption of a virtual cloud network using a VPN tunnel terminated at a host network headend device. The encryption keys are secured in hardware and managed by the customer. The network headend device decrypts data packets from the customer device and encrypts them before routing to the virtual machine in the cloud network.

• The VPN tunnel from a customer device is terminated at a host network headend device using encryption keys secured in hardware and managed by the customer.
• The network headend device decrypts data packets from the customer device using the first key provisioned by the customer and encrypts them with a second key before routing to the virtual machine in the virtual cloud network.

Potential Applications

This technology can be applied in secure communication between customer devices and virtual machines in a virtual cloud network, ensuring data privacy and confidentiality.

Problems Solved

1. Ensures end-to-end encryption of data in a virtual cloud network. 2. Provides a secure method for managing encryption keys in hardware.

Benefits

1. Enhanced data security and privacy. 2. Efficient management of encryption keys by the customer.

Potential Commercial Applications

Securing communication in virtual cloud networks for industries such as finance, healthcare, and government agencies.

Possible Prior Art

Prior art may include existing methods of VPN tunnel termination and encryption in virtual cloud networks.

Unanswered Questions

How does this technology compare to other encryption methods in terms of performance and security?

This article does not provide a comparison with other encryption methods in terms of performance and security. Further research and testing may be needed to evaluate the effectiveness of this technology in comparison to existing encryption methods.

What are the potential vulnerabilities of this encryption system and how can they be mitigated?

The article does not address potential vulnerabilities of the encryption system or how they can be mitigated. Future studies should focus on identifying and addressing any weaknesses in the system to ensure robust data security.

Original Abstract Submitted

for end-to-end encryption of a virtual cloud network, a vpn tunnel from a customer device is terminated at a host network headend device using encryption keys secured in hardware and managed by the customer. the network headend device can be a card in a bare-metal server with one or more network virtualization devices. the network headend device is configured to receive a first key provisioned by a customer; receive a first data packet sent from a device of the customer; and decrypt the first data packet using the first key to obtain information. a network virtualization device is configured to receive the information from the network headend device; ascertain that the information is to be sent to a virtual machine in a virtual cloud network; ascertain that data in the virtual cloud network is configured to be encrypted; and encrypt the information with a second key to generate a second data packet before routing the second data packet to the virtual machine.