Method for creating a virtual private network through a public network

US 20030021422A1
Filed: 07/29/2002
Published: 01/30/2003
Est. Priority Date: 07/30/2001
Status: Active Grant

First Claim

Patent Images

1. Method to create and use a virtual private network (VPN) having a plurality of units connected to a public network, each unit having security means which have at least a unique number UA, this method is characterized by the following steps:

to generate a right Dn associated to the unique number UAn, by the security means of a unit Un, to transfer this right Dn to the security means of at least one unit Um, to encrypt the data sent by unit Un and the description of the Dn right by a encryption data key KS, to receive the data encrypted by the second unit Um, present these data to the security means of the unit Um, verify if the Dn right is present and if this is the case, decrypt the data by the encryption data key KS.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The aim of this invention involves exchanging data between several computers or multimedia units through a public network guaranteeing at the same time the confidentiality of these data.

This aim is achieved by a creation and use method of a virtual private network (VPN) which has a plurality of units connected to a public network, each unit having security means which has a unique number UA1, this method is characterized by the following steps:

to generate a right Dn associated to the unique number UAn, by the security means of a unit Un,

to transfer this right Dn to the security means of at least one unit Um,

to encrypt the data sent by unit Un and the description of the Dn right by a encryption data key KS,

to receive the data encrypted by the second unit Um, present these data to the security means of the unit Um, verify if the Dn right is present and if this is the case, decrypt the data by the encryption data key KS.

8 Citations

19 Claims

1. Method to create and use a virtual private network (VPN) having a plurality of units connected to a public network, each unit having security means which have at least a unique number UA, this method is characterized by the following steps:
- to generate a right Dn associated to the unique number UAn, by the security means of a unit Un, to transfer this right Dn to the security means of at least one unit Um, to encrypt the data sent by unit Un and the description of the Dn right by a encryption data key KS, to receive the data encrypted by the second unit Um, present these data to the security means of the unit Um, verify if the Dn right is present and if this is the case, decrypt the data by the encryption data key KS.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. Method according to claim 1, characterized by the fact that the right Dn is associated to an identifier of the second unit Um, and that the security means of the second unit verifies if the right Dn is destined for them.
  - 3. Method according to claim 1, characterized by the fact that a network index Ra is associated with the right Dn by the unit Un, and that affiliation of the another unit Um is based on the criteria of the right Dn and the index Ra.
  - 4. Method according to claim 2, characterized by the fact that a network index Ra is associated with the right Dn by the unit Un, and that affiliation of the another unit Um is based on the criteria of the right Dn and the index Ra.
  - 5. Method according to claim 1, characterized by the fact that the encryption data key KS is a session key of symmetrical type and randomly generated, this key being encrypted by a first key Kn, this encryption session key KS being transmitted to the second unit Um.
  - 6. Method according to claim 1, characterized by the fact that the encryption data key KS is a first key Kn common to a set of security means.
  - 7. Method according to claim 5, characterized by the fact that the first key Kn is generated with the right Dn and transmitted to the participating units by means of a secret service key K0 common to the units.
  - 8. Method according to claim 6, characterized by the fact that the first key Kn is generated with the right Dn and transmitted to the participating units by means of a secret service key K0 common to the units.
  - 9. Method according to claim 1, characterized by the fact that the right Dn has a validity field, and includes the following steps:
    - to add, by the unit Un, an indication of the present date in encrypted form to the description of the right Dn, to receive this indication by the unit Um and verify by the security means of unit Um if this date is within the validity range of the right Dn.
  - 10. Method according to claim 2, characterized by the fact that the right Dn has a validity field, and includes the following steps:
    - to add, by the unit Un, an indication of the present date in encrypted form to the description of the right Dn, to receive this indication by the unit Um and verify by the security means of unit Um if this date is within the validity range of the right Dn.
  - 11. Method according to claim 5, characterized by the fact that the right Dn has a validity field, and includes the following steps:
    - to add, by the unit Un, an indication of the present date in encrypted form to the description of the right Dn, to receive this indication by the unit Um and verify by the security means of unit Um if this date is within the validity range of the right Dn.

12. Method of creation and use of a virtual private network (VPN) which comprises a plurality of units connected to a managing centre (MC) through a public network, each unit having security means which has at least a unique number UA, this method is characterized by the following steps:
- to request the creation of a network Rn through a unit Un at the managing centre (MC), to send a right Dn and a key Kn representing an network Rn to unit Un by the managing centre (MC), to request the registration of unit Um as part of the network Rn, at the managing center (MC), to transmit the right Dn and the key Kn to unit Um, to encrypt the data sent by unit Un and the description of the right Dn by a encryption data key KS, to receive the data encrypted by the second unit Um, to present these data to the security means of unit Um, to verify if the right Dn is present and if this is the case, to decrypt the data with the encryption data key Ks.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. Method according to claim 12, characterized by the fact that the encryption data key KS is of a symmetrical type and is generated randomly, this key is encrypted by the first Kn key, this encrypted session key being transmitted to the second unit Um.
  - 14. Method according to claim 12, characterized by the fact that the request of the registration of unit Um includes the following steps:
    - transmission of a part representing the right Dn by unit Un, presentation of this part of the right Dn at the managing centre by unit Um, verification of the managing centre (MC) that this part corresponds to the right Dn and transmission of the right Dn and the key Kn to unit Um if this is the case.
  - 15. Method according to claim 13, characterized by the fact that the request of the registration of unit Um includes the following steps:
    - transmission of a part representing the right Dn by unit Un, presentation of this part of the right Dn at the managing centre by unit Um, verification of the managing centre (MC) that this part corresponds to the right Dn and transmission of the right Dn and the key Kn to unit Um if this is the case.
  - 16. Method according to claim 12, characterized by the fact that the request of the inscription of the unit Um includes the following steps:
    - transmission of the identifier of unit Um to the managing centre (MC) by unit Um, transmission of the right Dn and the key Kn to unit Um by the managing centre.
  - 17. Method according to one of the claim 12, characterized by the fact that the managing centre (MC) sends a new key Kn′
    - to members of the same network Rn at a pseudo-random interval.
  - 18. Method according to one of the claim 13, characterized by the fact that the managing centre (MC) sends a new key Kn′
    - to members of the same network Rn at a pseudo-random interval.
  - 19. Method according to one of the claim 14, characterized by the fact that the managing centre (MC) sends a new key Kn′
    - to members of the same network Rn at a pseudo-random interval.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nagravision SA (Kudelski SA)
Original Assignee
Nagravision SA (Kudelski SA)
Inventors
Collet, Daniel

Granted Patent

US 7,251,825 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/277
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/065   for group communications cr...

H04L 63/104   Grouping of entities

Method for creating a virtual private network through a public network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

8 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Method for creating a virtual private network through a public network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others