System and method for selectively confirming digital certificates in a virtual private network
First Claim
1. A method of establishing a secure communication path between two computer systems comprising:
- creating a communication path to exchange data such as identification data and digital certification data between the two systems;
determining, based on the identification data, whether to confirm the digital certification data; and
creating a secure communication path, without confirming the digital certification data if it is determined the digital certification data should not be confirmed, or after confirming the digital certification data if it is determined that the digital certification data should be confirmed.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for providing multiple virtual private networks (VPNs) from a computer system. Configuration information is maintained for connections, or tunnels, established between a local computer system and a number of remote computer systems. The configuration information includes information about the endpoints, or local-remote computer pairs, policies used to determine preferred access methods for connecting a given pair of computers, pre-shared keys, and digital certificates for providing keys to encrypt and decipher data. A local-remote pair is selected from an endpoints table. A policy corresponding to the selected local-remote pair is selected determining the access method(s) to be attempted in securely connecting the two computer systems. If an access method uses a digital certificate, the corresponding information is retrieved from a digital certificate table. The decision whether to check the digital certification has been revoked is stored in the endpoints table.
54 Citations
20 Claims
-
1. A method of establishing a secure communication path between two computer systems comprising:
-
creating a communication path to exchange data such as identification data and digital certification data between the two systems;
determining, based on the identification data, whether to confirm the digital certification data; and
creating a secure communication path, without confirming the digital certification data if it is determined the digital certification data should not be confirmed, or after confirming the digital certification data if it is determined that the digital certification data should be confirmed. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An information handling system comprising:
-
one or more processors;
a memory accessible by the processors;
a nonvolatile storage accessible by the processors;
a network interface connecting the information handling system to a computer network; and
a network security tool to create a secure path between computer systems, the network security tool including;
means for creating a non-secure communication path to exchange data such as identification data and digital certification data between the two systems;
means for determining, based on the identification data, whether to confirm the digital certification data; and
means for creating a secure communication path, without confirming the digital certification data if it is determined the digital certification data should not be confirmed, or after confirming the digital certification data if it is determined that the digital certification data should be confirmed. - View Dependent Claims (9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20)
-
-
14. A computer program product stored on a computer operable medium for providing one or more secure connections from a computer system, said computer program product comprising:
-
means for creating a non-secure communication path to exchange data such as identification data and digital certification data between the two systems;
means for determining, based on the identification data, whether to confirm the digital certification data; and
means for creating a secure communication path, without confirming the digital certification data if it is determined the digital certification data should not be confirmed, or after confirming the digital certification data if it is determined that the digital certification data should be confirmed.
-
Specification