Architecture for virtual private networks
First Claim
Patent Images
1. A method for sending a data packet from a source in a local area network (LAN) to a destination outside the LAN comprising the steps of:
- receiving a data packet enroute from the source in the LAN to the destination;
determining if the source in the LAN and the destination are members of a virtual private network, and if so;
determining an encryption algorithm for messages sent between members of the virtual private network by accessing a portion of a memory that maintains information identifying various encryption algorithms to be utilized for data packets sent between members of various virtual private networks;
determining a compression algorithm for messages sent between members of the virtual private network by accessing a portion of the memory that maintains information identifying various compression algorithms to be utilized for data packets sent between members of the various virtual private networks;
executing the determined encryption algorithm on at least a payload portion of the data packet;
executing the determined compression algorithm on at least the payload portion of the data packet; and
forwarding the encrypted and compressed data packet to the destination outside the LAN.
10 Assignments
0 Petitions
Accused Products
Abstract
Protocols and architecture for secure virtual private networks. Intraenterprise data communications are supported in a secure manner over the Internet or other public network space with the implementation of secure virtual private networks. Members of a virtual private network group exchange data that may be compressed, encrypted and authenticated, if the exchange is between members of the group.
-
Citations
30 Claims
-
1. A method for sending a data packet from a source in a local area network (LAN) to a destination outside the LAN comprising the steps of:
-
receiving a data packet enroute from the source in the LAN to the destination;
determining if the source in the LAN and the destination are members of a virtual private network, and if so;
determining an encryption algorithm for messages sent between members of the virtual private network by accessing a portion of a memory that maintains information identifying various encryption algorithms to be utilized for data packets sent between members of various virtual private networks;
determining a compression algorithm for messages sent between members of the virtual private network by accessing a portion of the memory that maintains information identifying various compression algorithms to be utilized for data packets sent between members of the various virtual private networks;
executing the determined encryption algorithm on at least a payload portion of the data packet;
executing the determined compression algorithm on at least the payload portion of the data packet; and
forwarding the encrypted and compressed data packet to the destination outside the LAN. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for sending a data packet from a source in a local area network (LAN) to a destination outside the LAN comprising the steps of:
-
receiving a data packet enroute from the source in the LAN to the destination;
determining if the source in the LAN and the destination are members of a virtual private network, and if so;
determining an authentication algorithm for messages sent between members of the virtual private network by accessing a portion of a memory that maintains information identifying various authentication algorithms to be utilized for data packets sent between members of various virtual private networks;
determining a compression algorithm for messages sent between members of the virtual private network by accessing a portion of the memory that maintains information identifying various compression algorithms to be utilized for data packets sent between members of the various virtual private networks;
executing the determined authentication algorithm on the data packet;
executing the determined compression algorithm on at least the payload portion of the data packet; and
forwarding the authenticated and compressed data packet to the destination outside the LAN. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A virtual private network unit for sending a data packet from a source in a local area network (LAN) to a destination outside the LAN comprising:
-
an input for receiving a data packet enroute from the source in the LAN to the destination;
circuitry and software for determining if the source in the LAN and the destination are members of a virtual private network, and if so for;
determining an encryption algorithm for messages sent between members of the virtual private network by accessing a portion of a memory that maintains information identifying various encryption algorithms to be utilized for data packets sent between members of various virtual private networks;
determining a compression algorithm for messages sent between members of the virtual private network by accessing a portion of the memory that maintains information identifying various compression algorithms to be utilized for data packets sent between members of the various virtual private networks;
executing the determined encryption algorithm on at least a payload portion of the data packet;
executing the determined compression algorithm on at least the payload portion of the data packet; and
an output for forwarding the encrypted and compressed data packet to the destination outside the LAN. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A virtual private network unit for sending a data packet from a source in a local area network (LAN) to a destination outside the LAN comprising:
-
an input for receiving a data packet enroute from the source in the LAN to the destination;
circuitry and software for determining if the source in the LAN and the destination are members of a virtual private network, and if so for;
determining an authentication algorithm for messages sent between members of the virtual private network by accessing a portion of a memory that maintains information identifying various authentication algorithms to be utilized for data packets sent between members of various virtual private networks;
determining a compression algorithm for messages sent between members of the virtual private network by accessing a portion of the memory that maintains information identifying various compression algorithms to be utilized for data packets sent between members of the various virtual private networks;
executing the determined authentication algorithm on at least a payload portion of the data packet;
executing the determined compression algorithm on at least the payload portion of the data packet; and
an output for forwarding the authenticated and compressed data packet to the destination outside the LAN. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
Specification