Agile network protocol for secure communications using secure domain names

US 10,511,573 B2
Filed: 06/17/2016
Issued: 12/17/2019
Est. Priority Date: 10/30/1998
Status: Expired due to Term

First Claim

Patent Images

1. A device, comprising:

a first communication interface connected to a first link having a first bandwidth;

a second communication interface connected to a second link having a second bandwidth, wherein the first bandwidth is greater than the second bandwidth;

memory storing instructions for a link guard function; and

one or more processors configured to execute the instructions to;

receive, via the first communication interface, a packet transmitted over the first link, the packet being destined for a node on the second link, wherein the node on the second link comprises an edge server;

determine that the first bandwidth of the first link is greater than the second bandwidth of the second link;

cryptographically authenticate the packet responsive to determining that the first bandwidth of the first link is greater than the second bandwidth of the second link;

determine, based on a result of cryptographically authenticating the packet, whether the packet belongs to a virtual private network;

when it is determined that the packet belongs to the virtual private network, transmitting the packet on the second link with a first quality of service; and

when it is determined that the packet does not belong to the virtual private network, transmitting the packet on the second link with a second quality of service that is lower than the first quality of service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network device comprises a storage device storing an application program for a secure communications service, and at least one processor configured to execute the application program for the secure communications service so as to enable the network device to send a request to look up a network address of a second device based on an identifier associated with the second device, receive an indication that the second device is available for the secure communications service, the indication including the requested network address and provisioning information for a secure communication link, connect to the second device over the secure communication link, using the received network address of the second device and the provisioning information for the secure communication link, and communicate at least one of video data and audio data with the second device using the secure communications service via the secure communication link.

365 Citations

12 Claims

1. A device, comprising:
- a first communication interface connected to a first link having a first bandwidth;
  
  a second communication interface connected to a second link having a second bandwidth, wherein the first bandwidth is greater than the second bandwidth;
  
  memory storing instructions for a link guard function; and
  
  one or more processors configured to execute the instructions to;
  
  receive, via the first communication interface, a packet transmitted over the first link, the packet being destined for a node on the second link, wherein the node on the second link comprises an edge server;
  
  determine that the first bandwidth of the first link is greater than the second bandwidth of the second link;
  
  cryptographically authenticate the packet responsive to determining that the first bandwidth of the first link is greater than the second bandwidth of the second link;
  
  determine, based on a result of cryptographically authenticating the packet, whether the packet belongs to a virtual private network;
  
  when it is determined that the packet belongs to the virtual private network, transmitting the packet on the second link with a first quality of service; and
  
  when it is determined that the packet does not belong to the virtual private network, transmitting the packet on the second link with a second quality of service that is lower than the first quality of service.
- View Dependent Claims (2, 5, 6, 7, 8)
- - 2. The device of claim 1, wherein the device is a node of an internet service provider.
  - 5. The device of claim 1, wherein the virtual private network is a first virtual private network of a plurality of virtual private networks.
  - 6. The device of claim 5, wherein to determine whether the packet belongs to the virtual private network comprises the one or more processors to execute the instructions to determine an Internet Protocol Security (IPSEC) of the packet.
  - 7. The device of claim 5, wherein to determine whether the packet belongs to the virtual private network comprises the one or more processors to execute the instructions to access a table indicating individual ones of the plurality of virtual private networks.
  - 8. The device of claim 1, wherein the one or more processors are further configured to execute the instructions to:
    - receive, via the first communication interface, a second packet transmitted over the first link, the packet being destined for a node on the second link;
      
      determine, based at least in part on the first link having the greater bandwidth than the second link, that a link guard function is to be implemented;
      
      cryptographically authenticate the packet based at least in part on determining that the link guard function is to be implemented;
      
      determine, based on a result of cryptographically authenticating the packet, that the second packet does not belong to any of a plurality of virtual private networks; and
      
      discard the second packet.

3. A method, comprising:
- receiving, at a first communication interface connected to a first link, a packet destined for a node on a second link, the first link having a greater bandwidth than second link, wherein the node on the second link comprises an edge server;
  
  determining, based at least in part on the first link having the greater bandwidth than the second link, that a link guard function is to be implemented;
  
  cryptographically authenticating the packet based at least in part on determining that the link guard function is to be implemented;
  
  determining, based on a result of cryptographically authenticating the packet, whether the packet belongs to a virtual private network;
  
  when it is determined that the packet belongs to the virtual private network, transmitting the packet on the second link with a first quality of service; and
  
  when it is determined that does not belong to the virtual private network, transmitting the packet on the second link via a second communication interface with a second quality of service that is lower than the first quality of service.
- View Dependent Claims (4, 9, 10, 11, 12)
- - 4. The method of claim 3, performed by a node of an internet service provider.
  - 9. The method of claim 3, wherein the virtual private network is a first virtual private network of a plurality of virtual private networks.
  - 10. The method of claim 9, wherein determining whether the packet belongs to the virtual private network comprises determining an Internet Protocol Security (IPSEC) of the packet.
  - 11. The method of claim 9, wherein determining whether the packet belongs to the virtual private network comprises accessing a table indicating individual ones of the plurality of virtual private networks.
  - 12. The method of claim 3, further comprising:
    - receiving, via the first communication interface, a second packet transmitted over the first link, the packet being destined for a node on the second link;
      
      determining, based at least in part on the first link having the greater bandwidth than the second link, that a link guard function is to be implemented;
      
      cryptographically authenticating the packet based at least in part on determining that the link guard function is to be implemented;
      
      determining, based on a result of cryptographically authenticating the packet, that the second packet does not belong to any of a plurality of virtual private networks; and
      
      discarding the second packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VirnetX Inc. (Virnetx Holding Corporation)
Original Assignee
VirnetX Inc. (Virnetx Holding Corporation)
Inventors
Larson, Victor, Short, III, Robert Dunham, Munger, Edmund Colby, Williamson, Michael
Primary Examiner(s)
Lynch, Sharon S

Application Number

US15/185,760
Publication Number

US 20160294793A1
Time in Patent Office

1,278 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/606   by securing the transmissio...

G06F 8/61   Installation

H04L 2101/30   Types of network names

H04L 2101/604   Address structures or formats

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 45/24   Multipath

H04L 45/28   using route fault recovery

H04L 61/30   Managing network names, e.g...

H04L 61/35   involving non-standard use ...

H04L 61/4511   using domain name system [DNS]

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5038   for local use, e.g. in LAN ...

H04L 61/5076   Update or notification mech...

H04L 61/5092   by self-assignment, e.g. pi...

H04L 61/59   using proxies for addressing

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/04   for providing a confidentia...

H04L 63/0407   wherein the identity of one...

H04L 63/0421 : Anonymous communication, i....

H04L 63/0428 : wherein the data content is...

H04L 63/0435 : wherein the sending and rec...

H04L 63/0478 : applying multiple layers of...

H04L 63/0485 : Networking architectures fo...

H04L 63/08 : for authentication of entit...

H04L 63/0853 : using an additional device,...

H04L 63/0876 : based on the identity of th...

H04L 63/0884 : by delegation of authentica...

H04L 63/10 : for controlling access to d...

H04L 63/105 : Multiple levels of security

H04L 63/1408 : by monitoring network traff...

H04L 63/1416 : Event detection, e.g. attac...

H04L 63/1458 : Denial of Service

H04L 63/1466 : Active attacks involving in...

H04L 63/164 : at the network layer

H04N 7/15 : Conference systems

View All

Agile network protocol for secure communications using secure domain names

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

365 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Agile network protocol for secure communications using secure domain names

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

365 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links