Dynamic virtual private network system and methods

US 20030140131A1
Filed: 01/22/2002
Published: 07/24/2003
Est. Priority Date: 01/22/2002
Status: Active Grant

First Claim

Patent Images

1. Apparatus, comprising:

a plurality of internet protocol (IP) services aggregation switches for communicating between respective access networks and a core network, each of said IP services aggregation switches communicating with at least one respective user; and

a dynamic virtual private network (VPN) manager, for providing customer network management and policy server functions including a user interface enabling remote management of a VPN by a user;

said VPN having at least one of a defined quality of service (QoS) parameter, a defined security parameter and a corresponding billing rate, at least one of said QoS parameter and said security parameter being adapted in response to user commands provided to said dynamic VPN manager.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for dynamically managing Virtual Private Networks (VPNs) in a manner enabling subscriber access to VPN services on an as needed basis.

304 Citations

36 Claims

1. Apparatus, comprising:
- a plurality of internet protocol (IP) services aggregation switches for communicating between respective access networks and a core network, each of said IP services aggregation switches communicating with at least one respective user; and
  
  a dynamic virtual private network (VPN) manager, for providing customer network management and policy server functions including a user interface enabling remote management of a VPN by a user;
  
  said VPN having at least one of a defined quality of service (QoS) parameter, a defined security parameter and a corresponding billing rate, at least one of said QoS parameter and said security parameter being adapted in response to user commands provided to said dynamic VPN manager.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The apparatus of claim 1, wherein:
    - said dynamic VPN manager adapts at least one of said IP services aggregation switches to provide at least one of a guaranteed QoS parameter and a guaranteed security parameter to said VPN.
  - 3. The apparatus of claim 1, wherein said IP services aggregation switches communicate with said at least one respective user via a respective enhanced integrated access device (EIAD).
  - 4. The apparatus of claim 1, wherein:
    - said dynamic VPN manager adapts at least one of said enhanced integrated access devices (EIAD) to provide at least one of a guaranteed QoS parameter and a guaranteed security parameter to said VPN.
  - 5. The apparatus of claim 1, wherein said QoS parameter comprises at least one of a bandwidth parameter, a jitter parameter and a delay
  - 6. The apparatus of claim 1, wherein said security parameter comprises at least one of an encryption parameter, an authentication parameter and a filtering parameter.
  - 7. The apparatus of claim 1, wherein said VPN supports at least one of an interactive gaming application and a conferencing application.
  - 8. The apparatus of claim 1, wherein:
    - said dynamic VPN manager is responsive to a user command to establish an application profile for a VPN, said application profile defining at least one of a QoS parameter, a security parameter and a corresponding billing rate for said VPN during at least one time period said dynamic VPN manager adapting said at least one of a QoS parameter and a security parameter of said VPN according to said application profile.
  - 9. The apparatus of claim 1, wherein a command received from a user comprises a user selection of one of a plurality of VPNs to join.
  - 10. The apparatus of claim 1, wherein a command received from a user comprises a user selection of one of a plurality of applications based on VPNs to join.
  - 11. The apparatus of claim 9, wherein said plurality of VPNs have at least one of respective QoS requirements and security requirements, said QoS and security requirements having corresponding billing rates.
  - 12. The apparatus of claim 10, wherein said plurality of applications have at least one of respective QoS requirements and security requirements, said QoS and security requirements having corresponding billing rates.
  - 13. The apparatus of claim 1, wherein said dynamic VPN manager comprises:
    - an enhanced application portal (EAP), for providing said user interface to said VPN user and receiving therefrom VPN administration commands;
      
      a policy server, for communicating configuration parameters to network elements providing said VPN, said network configuration parameters determined according to VPN administration commands and profiles associated with said VPN administration commands; and
      
      a directory server, for storing VPN topology and operational parameters and providing said VPN topology and operational parameters to said policy server and said EAP, said VPN topology and operational parameters being updated by said EAP.
  - 14. The apparatus of claim 13, wherein said dynamic VPN manager further comprises:
    - at least one element management system (EMS) for managing a plurality of network elements forming said VPN.
  - 15. The apparatus of claim 1, wherein said apparatus is included within an internet service provider (ISP) network including said access networks and said core network, said dynamic VPN manager being included within a data center of said ISP.
  - 16. The apparatus of claim 1, wherein said VPN has associated with it a respective name;
    - said user being able to perform at least one of a VPN create, VPN modify, VPN store and VPN delete, command using said VPN name;
      
      said VPN modify command allows said user to modify at least one of said VPN'"'"'s topology, QoS parameter, and security parameter.
  - 17. The apparatus of claim 16, wherein said VPN is retrieved from storage, activated and deactivated using a corresponding VPN name.

18. A dynamic virtual private network (VPN) manager, comprising:
- an enhanced application portal (EAP), for providing said user interface to said VPN user and receiving therefrom VPN administration commands;
  
  a policy server, for communicating configuration parameters to network elements providing said VPN, said network configuration parameters determined according to VPN administration commands and profiles associated with said VPN administration commands; and
  
  a directory server, for storing VPN topology and operational parameters and providing said VPN topology and operational parameters to said policy server and said EAP, said VPN topology and operational parameters being updated by said EAP.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 31, 32)
- - 19. The dynamic VPN manager of claim 18, further comprising:
    - at least one element management system (EMS) for managing a plurality of network elements forming said VPN.
  - 20. The dynamic VPN manager of claim 18, wherein a managed VPN has associated with it at least one of a defined quality of service (QoS) parameter, a defined security parameter and corresponding billing rate, at least one of said QoS parameter and said security parameter being adapted in response to said VPN administration commands.
  - 21. The dynamic VPN manager of claim 18, wherein:
    - said dynamic VPN manager is included within a Universal Mobile Telecommunications Services (UMTS) packet transport network, said access networks comprising Gateway Generalized Packet Radio Service support nodes (GGSNs), said user accessing said UMTS packet transport network said dynamic VPN manager causing communications with said user communication device to be routed through a GGSN geographically proximate said user communications device.
  - 22. The dynamic VPN manager of claim 21, wherein said determination of geographic location is made during an authentication procedure.
  - 23. The dynamic VPN manager of claim 18, wherein:
    - said apparatus is included within a CDMA-2000 packet transport network, said access networks comprising home agents, said user accessing said CDMA-2000 packet transport network with a communications device nominally assigned to a home agent;
      
      said dynamic VPN manager causing communications with said user communication device to be routed through a home agent geographically proximate said user communications device.
  - 24. The apparatus of claim 23, wherein said determination of geographic location is made during an authentication procedure.
  - 31. The method of claim 21, wherein said VPN supports at least one application having associated with it at least one of respective QoS requirements and security requirements, said QoS and security requirements having corresponding billing rates.
  - 32. The method of claim 31, wherein said application comprises at least one of an interactive gaming application and a conferencing application.

25. A method, comprising:
- receiving, from an authorized user, a request to modify a parameter of a virtual private network (VPN);
  
  retrieving a profile associated with said user request; and
  
  providing configuration parameters to at least one network element in response to said user request and said profile associated with said user request, said network element adapted by said configuration parameter to satisfy said parameter of said VPN.
- View Dependent Claims (26, 27, 28, 29, 30, 33, 34)
- - 26. The method of claim 25, wherein said user request is received via an enhanced application portal.
  - 27. The method of claim 25, wherein said parameter to be modified comprises a quality of service (QoS) parameter, said QoS parameter adapting a data flow through a network such that a minimum QoS level is guaranteed to at least a portion of said VPN traversing said network.
  - 28. The method of claim 25, wherein:
    - said parameter to be modified comprises a security parameter, said security parameter adapting a data flow through a network such that a minimum security level is guaranteed to at least a portion of said VPN traversing said network.
  - 29. The method of claim 27, wherein said QoS parameter comprises at least one of a bandwidth parameter, a jitter parameter, a delay parameter.
  - 30. The method of claim 28, wherein said security parameter comprises at least one of an encryption parameter, an authentication parameter and a filtering parameter.
  - 33. The method of claim 27, wherein said VPN has associated with it a respective name;
    - said user being able to perform at least one of a VPN create, VPN modify, VPN store and VPN delete command using said VPN name;
      
      said VPN modify command allows said user to modify at least one of
  - 34. The method of claim 33, wherein said VPN is retrieved from storage, activated and deactivated using a corresponding VPN name.

35. An application programming interface (API) for use by an application to perform VPN management activities, said API performing the functions of:
- receiving, from an authorized user, a request to activate, deactivate, join, leave or modify a parameter of a virtual private network (VPN);
  
  retrieving a profile associated with said user request; and
  
  providing configuration parameters to at least one network element in response to said user request or said profile associated with said user request, said network element adapted by said configuration parameter to satisfy said parameter of said VPN.
- View Dependent Claims (36)
- - 36. The API of claim 35, wherein said application executes on an enhanced application portal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent USA, Inc. (Nokia Corporation)
Original Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Inventors
Vasireddy, S. Rao, Chandrashekhar, Uma, Richman, Steven H., Johnson, Kenneth J., El-Sayed, Mohamed L., McGee, Andrew R.

Granted Patent

US 7,818,409 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/20   for managing network securi...

Dynamic virtual private network system and methods

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

304 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic virtual private network system and methods

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

304 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links