Dynamic group creation and traffic flow registration under a group in a group key infrastructure

摘要

Upon detection of a new traffic flow, a registration node can dynamically register the new traffic flow with a key server policy manager by sending a registration request on behalf of the new traffic flow. A registration request indicates the new traffic flow should be protected by a security group. A registration request may also include a request to dynamically generate a new security group to protect the traffic flow. The registration request is received by a key server policy manager, which performs authentication and authorization checks of the requesting registration node, and determines whether to accept or reject the registration request. If accepted, the key server policy manager registers the new traffic flow by including a description of the traffic flow in a group policy of an existing security group or a newly created security group, depending on the registration request.

主权项

1. A method, comprising:
receiving a registration request to dynamically register a traffic flow, wherein
the registration request is sent from a registration node,the registration request is received at a key server policy manager,the key server policy manager and the registration node are communicatively coupled via a network, andthe registration request comprises a group identifier (ID); determining whether to accept the registration request; and performing the registration request, in response to a determination to accept the registration request, wherein the performing the registration request comprises
determining whether the group ID identifies a new security group that does not presently exist in the network, andin response to determining that the group ID identifies the new security group that does not presently exist in the network, creating the new security group identified by the group ID.