Architecture for virtual private networks

US 20060129792A1
Filed: 12/30/2005
Published: 06/15/2006
Est. Priority Date: 06/12/1997
Status: Active Grant

First Claim

Patent Images

1. A method for sending a data packet from a source in a local area network (LAN) to a destination outside the LAN comprising the steps of:

receiving a data packet enroute from the source in the LAN to the destination;

determining if the source in the LAN and the destination are members of a virtual private network, and if so;

determining an encryption algorithm for messages sent between members of the virtual private network by accessing a portion of a memory that maintains information identifying various encryption algorithms to be utilized for data packets sent between members of various virtual private networks;

determining a compression algorithm for messages sent between members of the virtual private network by accessing a portion of the memory that maintains information identifying various compression algorithms to be utilized for data packets sent between members of the various virtual private networks;

executing the determined encryption algorithm on at least a payload portion of the data packet;

executing the determined compression algorithm on at least the payload portion of the data packet; and

forwarding the encrypted and compressed data packet to the destination outside the LAN.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Protocols and architecture for secure virtual private networks. Intraenterprise data communications are supported in a secure manner over the Internet or other public network space with the implementation of secure virtual private networks. Members of a virtual private network group exchange data that may be compressed, encrypted and authenticated, if the exchange is between members of the group.

Citations

30 Claims

1. A method for sending a data packet from a source in a local area network (LAN) to a destination outside the LAN comprising the steps of:
- receiving a data packet enroute from the source in the LAN to the destination;
  
  determining if the source in the LAN and the destination are members of a virtual private network, and if so;
  
  determining an encryption algorithm for messages sent between members of the virtual private network by accessing a portion of a memory that maintains information identifying various encryption algorithms to be utilized for data packets sent between members of various virtual private networks;
  
  determining a compression algorithm for messages sent between members of the virtual private network by accessing a portion of the memory that maintains information identifying various compression algorithms to be utilized for data packets sent between members of the various virtual private networks;
  
  executing the determined encryption algorithm on at least a payload portion of the data packet;
  
  executing the determined compression algorithm on at least the payload portion of the data packet; and
  
  forwarding the encrypted and compressed data packet to the destination outside the LAN.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, wherein the compression algorithm is executed on at least the payload portion of the data packet before the encryption algorithm is executed on at least the payload portion of the data packet.
  - 3. The method according to claim 1, wherein if it is determined that the data packet is not being sent between members of the virtual private network, the data packet is not sent.
  - 4. The method according to claim 1, wherein if it is determined that the data packet is not being sent between members of the virtual private network, the data packet is not encrypted.
  - 5. The method according to claim 4, wherein if it is determined that the data packet is not being sent between members of the virtual private network, the data packet is not compressed.
  - 6. The method according to claim 1, wherein if it is determined that the data packet is not being sent between members of the virtual private network, the data packet is not compressed.
  - 7. The method according to claim 1, wherein said receiving step occurs within a virtual private network unit incorporated into a firewall device.
  - 8. The method according to claim 1, wherein said step of determining if the data packet is being sent between members of the virtual private network includes comparing at least a destination address of the data packet to a list of stored destination addresses.

9. A method for sending a data packet from a source in a local area network (LAN) to a destination outside the LAN comprising the steps of:
- receiving a data packet enroute from the source in the LAN to the destination;
  
  determining if the source in the LAN and the destination are members of a virtual private network, and if so;
  
  determining an authentication algorithm for messages sent between members of the virtual private network by accessing a portion of a memory that maintains information identifying various authentication algorithms to be utilized for data packets sent between members of various virtual private networks;
  
  determining a compression algorithm for messages sent between members of the virtual private network by accessing a portion of the memory that maintains information identifying various compression algorithms to be utilized for data packets sent between members of the various virtual private networks;
  
  executing the determined authentication algorithm on the data packet;
  
  executing the determined compression algorithm on at least the payload portion of the data packet; and
  
  forwarding the authenticated and compressed data packet to the destination outside the LAN.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method according to claim 9, wherein the compression algorithm is executed on at least the payload portion of the data packet before the authentication algorithm is executed on the data packet.
  - 11. The method according to claim 9, wherein if it is determined that the data packet is not being sent between members of the virtual private network, the data packet is not sent.
  - 12. The method according to claim 9, wherein if it is determined that the data packet is not being sent between members of the virtual private network, the data packet is not authenticated.
  - 13. The method according to claim 12, wherein if it is determined that the data packet is not being sent between members of the virtual private network, the data packet is not compressed.
  - 14. The method according to claim 9, wherein if it is determined that the data packet is not being sent between members of the virtual private network, the data packet is not compressed.
  - 15. The method according to claim 9, wherein said receiving step occurs within a virtual private network unit incorporated into a firewall device.
  - 16. The method according to claim 9, wherein said step of determining if the data packet is being sent between members of the virtual private network includes comparing at least a destination address of the data packet to a list of stored destination addresses.

17. A virtual private network unit for sending a data packet from a source in a local area network (LAN) to a destination outside the LAN comprising:
- an input for receiving a data packet enroute from the source in the LAN to the destination;
  
  circuitry and software for determining if the source in the LAN and the destination are members of a virtual private network, and if so for;
  
  determining an encryption algorithm for messages sent between members of the virtual private network by accessing a portion of a memory that maintains information identifying various encryption algorithms to be utilized for data packets sent between members of various virtual private networks;
  
  determining a compression algorithm for messages sent between members of the virtual private network by accessing a portion of the memory that maintains information identifying various compression algorithms to be utilized for data packets sent between members of the various virtual private networks;
  
  executing the determined encryption algorithm on at least a payload portion of the data packet;
  
  executing the determined compression algorithm on at least the payload portion of the data packet; and
  
  an output for forwarding the encrypted and compressed data packet to the destination outside the LAN.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The virtual private network unit according to claim 17, wherein said circuitry and software compresses the data packet prior to encrypting the data packet.
  - 19. The virtual private network unit according to claim 17, wherein if said circuitry and software determines that the data packet is not being sent between members of the virtual private network, said circuitry and software does send the data pack to the destination.
  - 20. The virtual private network unit according to claim 17, wherein if said circuitry and software determines that the data packet is not being sent between members of the virtual private network, said circuitry and software does not encrypt the data packet.
  - 21. The virtual private network unit according to claim 20, wherein if said circuitry and software determines that the data packet is not being sent between members of the virtual private network, said circuitry and software does not compress the data packet.
  - 22. The virtual private network unit according to claim 17, wherein if said circuitry and software determines that the data packet is not being sent between members of the virtual private network, said circuitry and software does not compress the data packet.
  - 23. The virtual private network unit according to claim 17, wherein said circuitry and software are part of a firewall device.

24. A virtual private network unit for sending a data packet from a source in a local area network (LAN) to a destination outside the LAN comprising:
- an input for receiving a data packet enroute from the source in the LAN to the destination;
  
  circuitry and software for determining if the source in the LAN and the destination are members of a virtual private network, and if so for;
  
  determining an authentication algorithm for messages sent between members of the virtual private network by accessing a portion of a memory that maintains information identifying various authentication algorithms to be utilized for data packets sent between members of various virtual private networks;
  
  determining a compression algorithm for messages sent between members of the virtual private network by accessing a portion of the memory that maintains information identifying various compression algorithms to be utilized for data packets sent between members of the various virtual private networks;
  
  executing the determined authentication algorithm on at least a payload portion of the data packet;
  
  executing the determined compression algorithm on at least the payload portion of the data packet; and
  
  an output for forwarding the authenticated and compressed data packet to the destination outside the LAN.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The virtual private network unit according to claim 24, wherein said circuitry and software compresses the data packet prior to authenticating the data packet.
  - 26. The virtual private network unit according to claim 24, wherein if said circuitry and software determines that the data packet is not being sent between members of the virtual private network, said circuitry and software does send the data pack to the destination.
  - 27. The virtual private network unit according to claim 24, wherein if said circuitry and software determines that the data packet is not being sent between members of the virtual private network, said circuitry and software does not authenticate the data packet.
  - 28. The virtual private network unit according to claim 27, wherein if said circuitry and software determines that the data packet is not being sent between members of the virtual private network, said circuitry and software does not compress the data packet.
  - 29. The virtual private network unit according to claim 24, wherein if said circuitry and software determines that the data packet is not being sent between members of the virtual private network, said circuitry and software does not compress the data packet.
  - 30. The virtual private network unit according to claim 24, wherein said circuitry and software are part of a firewall device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Derek Palma, Henk J. Bots, John Lawler, William E. Hunt
Original Assignee
Derek Palma, Henk J. Bots, John Lawler, William E. Hunt
Inventors
Hunt, William E., Bots, Henk J., Palma, Derek, Lawler, John

Granted Patent

US 7,617,527 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/1
CPC Class Codes

H04L 12/46   Interconnection of networks

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 2212/00   Encapsulation of packets

H04L 61/00   Network arrangements, proto...

H04L 61/45   Network directories; Name-t...

H04L 63/0272   Virtual private networks

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 69/04   Protocols for data compress...

H04L 9/40   Network security protocols

Architecture for virtual private networks

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Architecture for virtual private networks

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links