Method and system for user created personal private network (PPN) with secure communications and data transfer
First Claim
1. A personalized private network (PPN), comprising:
- two or more participating parties (clients) with digital information devices each with an Internet or network oriented enabled set of objects that links the client to a computer network infrastructure to establish and maintain a secure connection between the client and the PPN client server of a PPN;
a PPN client server (PCS) that receives and responds to the requests or communications received from any actual or potential PPN client having, through a set of enabled objects, access to the computer network infrastructure;
a set of browser-based management objects (BBMO) that allow any actual or potential source participant (source client (SC)) that is capable of accessing a computer network infrastructure through a set of enabled objects to setup and maintain a PPN;
a set of browser-based management objects that allows any actual or potential recipient participant (recipient client (RC)) that is capable of accessing the computer network infrastructure through a set of enabled objects to establish and maintain a communication relationship with a source client and potentially a plurality of recipient clients of a PPN;
a set of browser-based information management objects that allows a plurality of recipient clients, that have been authorized by a source client, to access and participate in the transfer of communication and data though a PPN;
a customized infrastructure of PPN secure pipelines created by the PPN client server at the direction of the source client specifically to fulfill the point to point communications requirements defined by the source client;
an encryption process which utilizes the U.S. Government approved Advanced Encryption System (AES), or other encryption scheme, as the encrypted format, between the plurality of recipient clients and the source client on the established PPN;
where the keys to the encrypted format of the data transferred over all of the secure pipelines is keyed with a set of manually established key inputs and a set of automated key inputs that are combined according to a PPN based cryptographic algorithms to create a secure key access code;
a set of browser-based information management objects that allows the source client at his discretion to disconnect and terminate from access and participation on the PPN, any one or all of the plurality of, recipient clients on the established PPN;
a set of browser-based information management objects that allows the source client and the recipient participants to monitor the real-time communications access status and access rights to each RC and SC on an established PPN;
a set of browser-based information management objects that allows any authorized RC on a PPN to withdraw from an active connection, and also return to an active connection status on an established PPN;
a set of browser-based information management objects that operates an RC authentication system located at least partially within the secure PPN network, the secure PPN being configured to allow direct access to the PPN client server by an RC only after the RC is authenticated by the client authentication system;
a set of browser-based information management objects that operates a resource locator transformer which modifies non-secure resource locators in data being sent from the PPN client server to the RCs and SC by replacing them with corresponding secure resource locators; and
the physical components of a least one or more Recipient Clients (RCs);
one or more the PPN Client Server (PPNCS); and
one or more Source Clients (SCs) and the optional component, one or more Removable Storage Devices (RSDs).
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are provided for any individual with access to a network to create, operate and thereafter dismantle a personal private network (PPN) which is secure across all forms of media which facilitate digital data transfer, including but not limited to, both wireless and wireline based networks. In one embodiment, utilizing browser-based management objects and a PPN client server the present invention provides for any individual with access to the Internet or other types of networks to create, control and utilize his own PPN with any one or a plurality of authorized participants. This invention facilities this capability with the creation of secure pipelines between each authorized participant of the PPN, where, if necessary, to establish these secure pipelines, a tunnel under, around or through border servers and/or firewalls is created. Each PPN provides the authorized participants with complete freedom to communicate, to review information and to transfer data between participants with full and complete encryption security. The creation, operation and the dismantlement of a PPN is totally within the capabilities and control of the originating party, the source client, and requires no actions from any network or system administrators. Additionally, all of the PPN secure pipeline creation and infrastructure mapping for the enablement of the PPN, plus access controls and codes for authorizing participation and initiating participation and disconnection can be encased in a PPN secure access key.
-
Citations
23 Claims
-
1. A personalized private network (PPN), comprising:
-
two or more participating parties (clients) with digital information devices each with an Internet or network oriented enabled set of objects that links the client to a computer network infrastructure to establish and maintain a secure connection between the client and the PPN client server of a PPN;
a PPN client server (PCS) that receives and responds to the requests or communications received from any actual or potential PPN client having, through a set of enabled objects, access to the computer network infrastructure;
a set of browser-based management objects (BBMO) that allow any actual or potential source participant (source client (SC)) that is capable of accessing a computer network infrastructure through a set of enabled objects to setup and maintain a PPN;
a set of browser-based management objects that allows any actual or potential recipient participant (recipient client (RC)) that is capable of accessing the computer network infrastructure through a set of enabled objects to establish and maintain a communication relationship with a source client and potentially a plurality of recipient clients of a PPN;
a set of browser-based information management objects that allows a plurality of recipient clients, that have been authorized by a source client, to access and participate in the transfer of communication and data though a PPN;
a customized infrastructure of PPN secure pipelines created by the PPN client server at the direction of the source client specifically to fulfill the point to point communications requirements defined by the source client;
an encryption process which utilizes the U.S. Government approved Advanced Encryption System (AES), or other encryption scheme, as the encrypted format, between the plurality of recipient clients and the source client on the established PPN;
where the keys to the encrypted format of the data transferred over all of the secure pipelines is keyed with a set of manually established key inputs and a set of automated key inputs that are combined according to a PPN based cryptographic algorithms to create a secure key access code;
a set of browser-based information management objects that allows the source client at his discretion to disconnect and terminate from access and participation on the PPN, any one or all of the plurality of, recipient clients on the established PPN;
a set of browser-based information management objects that allows the source client and the recipient participants to monitor the real-time communications access status and access rights to each RC and SC on an established PPN;
a set of browser-based information management objects that allows any authorized RC on a PPN to withdraw from an active connection, and also return to an active connection status on an established PPN;
a set of browser-based information management objects that operates an RC authentication system located at least partially within the secure PPN network, the secure PPN being configured to allow direct access to the PPN client server by an RC only after the RC is authenticated by the client authentication system;
a set of browser-based information management objects that operates a resource locator transformer which modifies non-secure resource locators in data being sent from the PPN client server to the RCs and SC by replacing them with corresponding secure resource locators; and
the physical components of a least one or more Recipient Clients (RCs);
one or more the PPN Client Server (PPNCS); and
one or more Source Clients (SCs) and the optional component, one or more Removable Storage Devices (RSDs). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method of providing secure pipeline connections between a source client'"'"'s digital information device and one or more recipient client'"'"'s digital information device, comprising:
-
through the use of a set of browser-based management objects, receiving, at the PPN client server, information regarding the source client digital device and the one or more recipient client'"'"'s digital devices sufficient to facilitate establishment of a secure pipeline connection between a source client'"'"'s digital information device and one or more recipient clients'"'"' digital information devices;
by first creating an end-to-end secure private digital data link between a source client'"'"'s digital information device and the PPN client server; and
second by creating a second end-to-end secure private digital data link between the one or more recipient clients'"'"' digital information devices and the PPN client server; and
thereby establishing a secure, private pipeline connections between the parties that is functionally administered as to the establishment, the addition and the deletion of clients and maintenance of the security by an PPN client server, who'"'"'s actions are directed by the creating client the source client.
-
-
18. A data processing system which utilizes mini-web browsers operating on the digital information device of a participating individual'"'"'s digital network access device for providing a connection between an initiating computer or digital network access device and one or more recipient computers or digital network access devices, comprising:
-
a PPN client server that receives information regarding the requests of these accessing devices, thought the use of a set of browser-based management objects, to facilitate the establishment and on-going operations of a secure connections between these multiple computers and digital network access devices;
one initiating computer or digital network access devices;
one or more recipient computers or digital network access devices; and
an end-to-end secure digital data transfer link between the initiating computer or digital network access device and one or more recipient computers or digital network access devices.
-
-
19. A computer-readable medium containing instructions for controlling a computer network to perform a method for providing a connection and a secure pipeline between a source computer and a response computer, or a plurality of response computers, where the term computer means any device which will function to provide access to a network infrastructure and will support the operation of a mini-web browser and the use of a set of browser-based management objects, the method comprising:
-
receiving, at a third computer, also known as an PPN client server, a set of browser based management objects information provided by the source and the response computer'"'"'s mini-browsers, browser-based management objects and additional information received by the web browser operated by the PPN client server regarding the source and the response computers such as to facilitate the establishment of a secure connection between the source computer and the one or more response computers;
using such information and specific browser-based management object'"'"'s information to create, first an end-to-end secure link between the source computer and PPN client server;
next, to create a second end-to-end secure links between the one or more response computers and the PPN client server;
thereafter, to merge these multiple end-to-end secure links into a network of secure pipelines and create a personal private network (PPN) which is serviced by the PPN client server, a set of browser-based management objects and directed by the source computer; and
to maintain and operate the PPN until directed by the source computer or other events to dismantle the network.
-
-
20. A system for enabling an individual user to establish and control the member participants of a network between a first processor (the digital information device within the control of the PPN network creating user) and a second processor (the digital information device within the control of the PPN network recipient user), wherein the first and second processors are separate from said system and are each identifiable by a name, said system comprising:
-
a tunneling interface that provides for one or more processors separate from the system a set of names that includes the name of the first processor, receives information indicating on behalf of the first processor a selection of one or more of the names in the set of names, receives information indicating a consent on behalf of the first processor for enabling a tunnel extending from the first processor to the second processor, and receives information indicating a consent on behalf of the second processor for enabling a tunnel extending from the second processor to the first processor, wherein the indication of consent on behalf of the second processor includes selecting the name of the first processor; and
a controller that determines a first virtual address for the first processor and a second virtual address for the second processor such that the first and second virtual addresses uniquely identify the first and second processors, respectively, and are routable through the network, and that provides to each of the first and second processors the first and second virtual addresses to enable one or more tunnels between the first and the second processors. - View Dependent Claims (21, 22, 23)
-
Specification