Controlling session keys through in-band signaling

摘要

The present invention employs in-band signaling between PTEs to provision and control session keys, which are used by the PTEs for encrypting and decrypting traffic that is carried from one PTE to another over a transport network. In operation, a first PTE will receive incoming traffic from a first edge network, map the traffic to frames, encrypt the traffic with a session key, and send the frames with the encrypted traffic over the transport network to a second PTE. The second PTE will extract the encrypted traffic from the frames, decrypt the encrypted traffic with a session key, and send the recovered traffic over a second edge network toward an intended destination. If symmetric encryption is employed, the session key used by the first PTE to encrypt the traffic will be identical to the session key used by the second PTE to decrypt the traffic.

主权项

1. A method of operating a local transport node to enable secure delivery of encrypted traffic via frames over a transport network comprising:
communicating via in-band signaling with a remote transport node over a transport network to select a session key, the in-band signaling being provided in at least one frame of a first group of frames, the in-band signaling comprising at least one session key message bearing on selection of the session key, the session key message being encrypted by a master key when being transported between the local transport node and the remote transport node over the transport network, the master key being used to additionally encrypt authentication messages sent between the local transport node and the remote transport node, the authentication messages being unrelated to selection of the session key; receiving first traffic from a first network; encrypting the first traffic with the session key to generate encrypted first traffic; and transmitting the encrypted first traffic toward the remote transport node over the transport network in at least one frame of a second group of frames.