Patent attributes
Secure data transfers between communication nodes is performed using a group encryption key supplied by a remote management system. A first node transmits a request for secure communications with a second node to the remote management system using a control channel. The remote management system generates and encrypts a group encryption key usable by the first and second nodes and forwards the encrypted group encryption key to the first and second nodes using one or more control channels. The first and second communication nodes decrypt the group encryption key and use it to encrypt data transmitted between the nodes using a data transport network. In some implementations the securely communicating nodes may use encryption keys and/or techniques that prevent the remote management system from eavesdropping on the nodes' communications.