| CPC H04L 63/062 (2013.01) [H04L 9/0891 (2013.01); H04L 12/4641 (2013.01); H04L 63/0428 (2013.01); H04L 63/166 (2013.01); H04L 69/14 (2013.01); H04L 69/22 (2013.01)] | 20 Claims |
|
1. A system for distributing keys to a plurality of sites in a multi-site network, comprising:
a multi-site key distribution controller (MSKDC);
a first site of a multi-site network comprising a first local key management node;
a second site of the multi-site network comprising a second local key management node, wherein each of the first and second local key management nodes are operative to establish secure connections with the MSKDC;
the MSKDC being configured to coordinate key distribution between sites of the multi-site network by:
receiving, from the first local key management node of the first site of the multi-site network, a request to distribute key material to the second site of the multi-site network, wherein the request includes a security channel identifier value associated with at least the first site; and
sending, to the second local key management node of the second site, the key material based on the security channel identifier;
wherein:
the first local key management node is operative to provide an encryption key based at least in part on the key material to one or more network devices at the first site;
the encryption key is used by the one or more network devices at the first site to encrypt packets sent from the first site;
the second local key management node is operative to provide the encryption key based at least in part on the key material to one or more network devices at the second site; and
the encryption key is used by the one or more network devices at the second site to decrypt encrypted packets sent from the first site.
|