Virtual private networks
First Claim
1. A secure communication method for allowing a mobile host to communicate with a correspondent host over a Virtual Private Network via a Security Gateway (SG), the method comprising the steps of:
- (1) negotiating one or more Security Associations (SAs) between the mobile host and a correspondent host of a Virtual Private Network (VPN);
(2) subsequently initiating a communication between the mobile host and the SG and sending an authentication certificate to the SG, the certificate containing at least the identity of a SA which will be used for subsequent communication between the mobile host and the correspondent host;
(3) sending data packets from the mobile host to the correspondent host using the identified SA, via the SG; and
(4) wherein said data packets are forwarded by the SG to the correspondent host only if they are authenticated by the SG.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure communication method for allowing a mobile host 1 to communicate with a correspondent host 4 over a Virtual Private Network. The method comprises negotiating one or more Security Associations (SAs) between the mobile host 1 and a correspondent host 4 of a Virtual Private Network (VPN). Subsequently, a communication is initiated between the mobile host 1 and a SG 3 and an authentication certificate sent to the SG 3, the certificate containing at least the identity of a SA which will be used for subsequent communication between the mobile host and the correspondent host. Data packets can then be sent from the mobile host 1 to the correspondent host 4 using the identified SA, via the SG 3. However, the data packets are forwarded by the SG 3 to the correspondent host 4 only if they are authenticated by the SG 3.
-
Citations
15 Claims
-
1. A secure communication method for allowing a mobile host to communicate with a correspondent host over a Virtual Private Network via a Security Gateway (SG), the method comprising the steps of:
-
(1) negotiating one or more Security Associations (SAs) between the mobile host and a correspondent host of a Virtual Private Network (VPN);
(2) subsequently initiating a communication between the mobile host and the SG and sending an authentication certificate to the SG, the certificate containing at least the identity of a SA which will be used for subsequent communication between the mobile host and the correspondent host;
(3) sending data packets from the mobile host to the correspondent host using the identified SA, via the SG; and
(4) wherein said data packets are forwarded by the SG to the correspondent host only if they are authenticated by the SG. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A Security Gateway (SG) of a Virtual Private Network, the SG enabling secure communication between a mobile host and a correspondent host, the SG comprising:
-
(1) means for negotiating one or more Security Associations (SAs) between the mobile host and the Security Gateway (SG);
(2) means for subsequently initiating a communication between the mobile host and the SG using a negotiated SA and for receiving an authentication certificate sent from the mobile host, the certificate containing at least the identity of the mobile host and an IP address of the mobile host;
(3) means for receiving data packets sent from the mobile host and for authenticating the data packets; and
(4) means for forwarding the data packets from the SG to said correspondent host providing that the received data packets are authenticated.
-
-
15. A secure communication method for allowing a mobile host to communicate with a correspondent host over a Virtual Private Network, the method comprising the steps of:
-
(1) negotiating one or more Security Associations (SAs) between the mobile host and a Security Gateway (SG) of a Virtual Private Network (VPN);
(2) subsequently initiating a communication between the mobile host and the SG using a negotiated SA and sending an authentication certificate to the SG, the certificate containing at least the identity of the mobile host and an IP address of the mobile host;
(3) sending data packets from the mobile host to the SG and authenticating the data packets at the SG; and
(4) providing that the received data packets are authenticated, forwarding the data packets from the SG to said correspondent host.
-
Specification