US Patent 8448238 Network security as a service using virtual secure channels

Disclosed are methods, devices, and systems to provide an end-to-end secure transaction over a software defined network (SDN). In one embodiment, a machine-implemented method comprises opening an in-band virtual secure channel (VSC) or an out-of-band VSC over the SDN; authenticating, through the control plane of a switch managing the SDN, a user of a resource over the in-band VSC or the out-of-band VSC; authorizing the user, through the control plane, access to the resource over the in-band VSC or the out-of-band VSC; and accounting for a transaction conducted by the user accessing the resource, through the control plane, over the in-band VSC or the out-of-band VSC. In another embodiment, a switch to manage the SDN and to implement the method described herein is disclosed.