Automatic configuration of devices for secure network communication

US 20030140223A1
Filed: 07/09/2002
Published: 07/24/2003
Est. Priority Date: 01/23/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method for pre-qualifying a node to participate in a system for automatically establishing secure communications through one or more networks, the method comprising the steps of:

receiving pre-qualification data from a node via a network;

comparing the pre-qualification data a benchmark;

creating an entry for the node in an account database if the pre-qualification data meet the benchmark;

generating a unique identifier for the node;

storing the unique identifier in a master node server database;

associating the unique identifier with a copy of node server operating software; and

delivering the copy of node server operating software to the node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are provided for automatically establishing secure communications through one or more networks. Execution of node server operating software is initiated on a first node server. A secure communication connection is authenticated between a first node server and a master control server having an account database. An account status of the first node server is verified by accessing the account database. In the master control server, a unique identification key pair is associated with the first node server. The identification key pair has a public key and a private key. The public key of the key pair is stored in a master node server database on the master control server. The private key of the key pair is stored in the first node server. At least a portion of the master node server database is sent to a second node server, including the public key associated with the first node server. At least a portion of the master node server database is sent to the first node server, including a public key associated with the second node server.

Citations

31 Claims

1. A method for pre-qualifying a node to participate in a system for automatically establishing secure communications through one or more networks, the method comprising the steps of:
- receiving pre-qualification data from a node via a network;
  
  comparing the pre-qualification data a benchmark;
  
  creating an entry for the node in an account database if the pre-qualification data meet the benchmark;
  
  generating a unique identifier for the node;
  
  storing the unique identifier in a master node server database;
  
  associating the unique identifier with a copy of node server operating software; and
  
  delivering the copy of node server operating software to the node.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the unique identifier is derived from the pre-qualification data.
  - 3. The method of claim 1, wherein the unique identifier comprises a signed certificate containing an unique identification key.
  - 4. The method of claim 1, wherein the unique identifier comprises an Internet Protocol address of the node.

5. A system for pre-qualifying a node to participate in a system for automatically establishing secure communications through one or more networks, the system comprising:
- a secure data exchange module configured to receive pre-qualification data from a node via a network;
  
  a control module configured to compare the pre-qualification data to a benchmark, create an entry for the node in an account database if the pre-qualification data meets the benchmark, generate a unique identifier for the node, and store the unique identifier in a master node server database; and
  
  a software manufacture module configured to associate the unique identifier with a copy of node server operating software deliver the copy of node server operating software to the node.
- View Dependent Claims (6, 7)
- - 6. The system of claim 5, wherein the unique identifier is derived from the pre-qualification data.
  - 7. The system of claim 5, further comprising a certification authority, wherein the unique identifier comprises a certificate generated and signed by the certification authority and containing at least one unique identification key.

8. A method for automatically enrolling in a system for establishing secure communications through one or more networks, the method comprising the steps of:
- initiating execution of node server operating software on first node server;
  
  authenticating a secure communication connection via a network between a first node server and a master control server having an account database;
  
  verifying an account status of the first node server by accessing the account database;
  
  associating, in the master control server, a unique identification key pair with the first node server, the identification key pair having a public key and a private key;
  
  storing the public key of the key pair in a master node server database on the master control server; and
  
  storing the private key of the key pair in the first node server.
- View Dependent Claims (9)
- - 9. The method of claim 8, further comprising the step of purging the private key from the master control server.

10. A method for automatically enrolling in a system for establishing secure communications through one or more networks, the method comprising the steps of:
- initiating execution of node server operating software on first node server;
  
  authenticating a secure communication connection via a network between a first node server and a master control server having an account database;
  
  verifying an account status of the first node server by accessing the account database;
  
  associating, in the master control server, a unique identification key pair with the first node server, the identification key pair having a public key and a private key;
  
  storing the public key of the key pair in a master node server database on the master control server;
  
  storing the private key of the key pair in the first node server;
  
  communicating to a second node server at least a portion of the master node server database, including the public key associated with the first node server; and
  
  communicating to the first node server at least a portion of the master node server database, including a public key associated with the second node server.
- View Dependent Claims (11)
- - 11. The method of claim 10, further comprising the steps of:
    - authenticating secure communication between the second node server and the first node server using the public key associated with the first node server; and
      
      authenticating secure communication between the first node server and the second node server using the public key associated with the second node server.

12. A system for automatically enrolling to establish secure communications through one or more networks, the system comprising:
- a first node server configured to initiate execution of node server operating software;
  
  a master control server having an account database;
  
  a secure tunnel adapter configured to authenticate a secure communication connection between the first node server and the master control server via a network;
  
  an automatic enrollment module in the master control server that verifies an account status of the first node server by accessing the account database;
  
  a key-issuing module in the master control server having a unique identification key pair associated with the first node server;
  
  a master node server database in the master control server for storing a public key of the key pair; and
  
  a private key database in the first node server for storing a private key of the key pair.

13. A method for automatically establishing secure communications through one or more networks, the method comprising the steps of:
- receiving data at a first node server via a network;
  
  if the data includes credentials of a second node server, determining whether a local node server database of the first node server has an entry for the second node server;
  
  if there is an entry for the second node server in the local node server database of the first node server, checking the credentials of the second node server using the local node server database of the first node server;
  
  if there is not an entry for the second node server in the local node server database of the first node server or the credentials of the second node server do not pass the checking step, requesting an update of the local node server database from a master node server database on a master control server and repeating the checking step; and
  
  determining whether to route the data through a secure tunnel adapter based on a result of the checking step.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, further comprising the step of, if the master control server is inaccessible, allowing the first node server to authenticate the second node server using credentials of the second node server that have not passed the checking step.
  - 15. The method of claim 13, further comprising the step of, if the master control server is inaccessible, allowing the first node server to authenticate the second node server using a digitally signed certificate previously received from the master control server.
  - 16. The method of claim 13, further comprising the step of modifying address information associated with the data to route the data through a selected one of the one or more networks.

17. A system for automatically establishing secure communications through one or more networks, the system comprising:
- a master control server having a master node server database storing credentials for participating nodes;
  
  a first node server configured to receive data via a network, the first node server having a local node server database;
  
  an algorithmic processing module for determining, when the data received by the first node server includes credentials of a second node server, whether the local node server database of the first node server has an entry for the second node server and for routing the data through a secure tunnel adapter based on the determination, wherein if there is an entry for the second node server in the local node server database of the first node server, the algorithmic processing module checks the credentials of the second node server using the local node server database of the first node server, and if there is not an entry for the second node server in the local node server database of the first node server or the credentials of the second node server do not pass the checking step, the algorithmic processing module requests an update of the local node server database from the master node server database on a master control server and repeats the checking step.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein, if the master control server is inaccessible, the algorithmic processing module allows the first node server to authenticate the second node server using credentials of the second node server that have not passed the checking step.
  - 19. The system of claim 17, wherein, if the master control server is inaccessible, the algorithmic processing module allows the first node server to authenticate the second node server using a digitally signed certificate previously received from the master control server.
  - 20. The system of claim 17, wherein the algorithmic processing module modifies address information associated with the data to route the data through a selected one of the one or more networks.

21. Computer code for pre-qualifying a node to participate in a system for automatically establishing secure communications through one or more networks, the computer code comprising code for:
- receiving pre-qualification data from a node via a network;
  
  comparing the pre-qualification data a benchmark;
  
  creating an entry for the node in an account database if the pre-qualification data meet the benchmark;
  
  generating a unique identifier for the node;
  
  storing the unique identifier in a master node server database;
  
  associating the unique identifier with a copy of node server operating software; and
  
  delivering the copy of node server operating software to the node.
- View Dependent Claims (22, 23)
- - 22. The computer code of claim 21, wherein the unique identifier is derived from the pre-qualification data.
  - 23. The computer code of claim 21, wherein the unique identifier comprises a signed certificate containing an unique identification key.

24. Computer code for automatically enrolling in a system for establishing secure communications through one or more networks, the computer code comprising code for:
- initiating execution of node server operating software on first node server;
  
  authenticating a secure communication connection via a network between a first node server and a master control server having an account database;
  
  verifying an account status of the first node server by accessing the account database;
  
  associating, in the master control server, a unique identification key pair with the first node server, the identification key pair having a public key and a private key;
  
  storing the public key of the key pair in a master node server database on the master control server; and
  
  storing the private key of the key pair in the first node server.
- View Dependent Claims (25)
- - 25. The computer code of claim 24, further comprising code for purging the private key from the master control server.

26. Computer code for automatically establishing secure communications through one or more networks, the computer code comprising code for:
- initiating execution of node server operating software on first node server;
  
  authenticating a secure communication connection via a network between a first node server and a master control server having an account database;
  
  verifying an account status of the first node server by accessing the account database;
  
  associating, in the master control server, a unique identification key pair with the first node server, the identification key pair having a public key and a private key;
  
  storing the public key of the key pair in a master node server database on the master control server;
  
  storing the private key of the key pair in the first node server;
  
  sending to a second node server at least a portion of the master node server database, including the public key associated with the first node server; and
  
  sending to the first node server at least a portion of the master node server database, including a public key associated with the second node server.
- View Dependent Claims (27)
- - 27. The computer code of claim 26, further comprising code for:
    - authenticating secure communication between the second node server and the first node server using the public key associated with the first node server; and
      
      authenticating secure communication between the first node server and the second node server using the public key associated with the second node server.

28. Computer code for automatically establishing secure communications through one or more networks, the computer code comprising code for:
- receiving data at a first node server via a network;
  
  if the data includes credentials of a second node server, determining whether a local node server database of the first node server has an entry for the second node server;
  
  if there is an entry for the second node server in the local node server database of the first node server, checking the credentials of the second node server using the local node server database of the first node server;
  
  if there is not an entry for the second node server in the local node server database of the first node server or the credentials of the second node server do not pass the checking step, requesting an update of the local node server database from a master node server database on a master control server; and
  
  determining whether to route the data through a secure tunnel adapter based on a result of the checking step.
- View Dependent Claims (29, 30, 31)
- - 29. The computer code of claim 28, further comprising code for, if the master control server is inaccessible, allowing the first node server to authenticate the second node server using credentials of the second node server that have not passed the checking step.
  - 30. The computer code of claim 28, further comprising code for, if the master control server is inaccessible, allowing the first node server to authenticate the second node server using a digitally signed certificate previously received from the master control server.
  - 31. The computer code of claim 28, further comprising code for modifying address information associated with the data to route the data through a selected one of the one or more networks.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bowlight Corporation
Original Assignee
Bowlight Corporation
Inventors
Desideri, Robert

Application Number

US10/190,502
Publication Number

US 20030140223A1
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/20   for managing network securi...

Automatic configuration of devices for secure network communication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic configuration of devices for secure network communication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links