摘要 |
Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. For large key sizes, the key may be derived using a derivation formula as follows: client_key-MSB=AES128(base_key_1, client_ID),(1) client_key-LSB=AES128(base_key_2, client_ID+pad), and(2) client_key=client_key_MSB∥︀client_key_LSB, where (1) and (2) are executed in parallel. The client key and a client identifier may be used so that end-to-end security may be achieved.
|