A Secure Virtual Network Layer and Virtual Network Manager that Establishes a Comprehensive Business Reporting and Security Infrastructure as an Integral Part of the Network
First Claim
1. A method for establishing a secure virtual service network on any physical network comprising:
- transmitting from a first computer to a third computer a request for a service located on a second network, wherein the first computer is located on a first network and operates as a gateway between the first network and a third network;
authenticating the request at the third computer;
determining at the third computer an authorization of a user at the first network to access a service located on the second network;
establishing a secure connection between the first computer and a second computer located on the second network, wherein the second computer operates as a gateway between the second network and the third network, after the successful authentication of said first computer by said third computer; and
providing a service to a user at said first network from said second network by way of said secure connection only if said third computer determines that said user is authorized to access said service.
0 Assignments
0 Petitions
Accused Products
Abstract
A Secure Service Network (SSN) in which at least two participants having a relationship are connected to a physical network by way of Secure Service Gateways and share information defined by one or more Service Definitions allowing for the creation of a secure Virtual Service Connection (VSC) between the participants in which the VSC is specific to the activity being performed and the participants provisioned for that activity. SSN enables the creation of a secure virtual network topology on any network transport that allows participants to exchange documents and transact business over the network real time, where all activity inherits a business and security infrastructure that is independent and in addition to the applications, devices, web services, users using the network.
93 Citations
49 Claims
-
1. A method for establishing a secure virtual service network on
any physical network comprising: -
transmitting from a first computer to a third computer a request for a service located on a second network, wherein the first computer is located on a first network and operates as a gateway between the first network and a third network;
authenticating the request at the third computer;
determining at the third computer an authorization of a user at the first network to access a service located on the second network;
establishing a secure connection between the first computer and a second computer located on the second network, wherein the second computer operates as a gateway between the second network and the third network, after the successful authentication of said first computer by said third computer; and
providing a service to a user at said first network from said second network by way of said secure connection only if said third computer determines that said user is authorized to access said service.
-
-
2. A method for establishing a secure virtual service network on
any physical network comprising: -
transmitting from a first computer to a third computer a request for a service located on a second network, wherein the first computer is located on a first network and operates as a gateway between the first network and a third network;
authenticating the request at the third computer;
determining at a second computer an authorization of a user at said first network to access a service located on the second network, wherein the second computer is located on the second network and operates as a gateway between the second network and the third network third computer;
establishing a secure connection between the first computer and the second computer after the successful authentication of said first computer by said third computer; and
providing a service to a user at said first network from said second network by way of said secure connection only if said second computer determines that said user is authorized to access said service.
-
-
3. A method for establishing a secure virtual network on any physical network comprising:
-
transmitting from a first computer to a third computer a request for a service located on a second network, wherein the first computer is located on a first network and operates as a gateway between the first network and a third network;
authenticating the request at the third computer;
determining at a second computer and at the third computer an authorization of a user at said first network to access a service located on the second network, wherein the second computer is located on the second network and operates as a gateway between the second network and the third network third computer;
establishing a secure connection between the first computer and the second computer after the successful authentication of said first computer by said third computer; and
providing a service to a user at said first network from said second network by way of said secure connection only if said second computer and said third computer determines that said user is authorized to access said service.
-
- 4. A method for the management and provisioning of a secure Virtual Service Network (VSN) topology on any physical network transport where the transport and any application or web service running over the transport is made secure through the implementation of integrated Authentication, Authorization, Encryption, Usage based billing, End to End Logging, Privacy, and Service Level Activity as a function of a connection on the network.
-
25. A method for incorporating geo-spatial and time data into a virtual network connection to effect strong security on a mixed user/application network where the security components effected includes one or more of:
- Authentication;
Authorization;
Encryption;
Non-Repudiation.
- Authentication;
-
26. A method for incorporating geo-spatial and time data into a virtual network connection to effect strong security and business reporting where business reporting includes one or more of the following:
- payload size;
billing by location;
response time.
- payload size;
-
31. A method for the creation and management of infrastructure VSCs allowing the creation of a virtual network topology using any physical network connection wherein the infrastructure VSCs include one or more of the following services on the network that are specific to the provisioning of the service to one or more participants:
- Access Control List service for authorization verification of a request for a service;
Certificate Revocation List for the digital certificate status and revocation;
Logging service for the consistent logging of network activity across all network participants but specific to each and every VSC and the participants it is provisioned to;
Discovery service for the identification of available services specific to a participant or activity on the Virtual Network Topology;
Geo-Spatial correlation service for establishing a spatial reference for activities on a Virtual Network Topology;
A Certificate Generation service allowing the creation of a digital certificate for use by one or more participants on the network;
Certificate signing service for supporting registration and PKI lifecycle management associated with users and nodes on a Virtual Network Topology;
SSG node generation service for the creation of a Software Package that can be downloaded and registered to a Virtual Network Topology;
User Authentication service allowing the validation of a credential presented by a user/device on a Virtual Network Topology and a service repository service that allows for the management of service definition in a repository on the network.
- Access Control List service for authorization verification of a request for a service;
-
33. A method for the creation, management, and provisioning of a secure virtual network topology where the default security model is “
- deny all—
explicitly grant”
for all virtual network communications where, at a minimum, the following is enforced as a function of a connection;
transport encryption;
mutual authentication of all parties to a connection;
service specific authorization and;
end to end logging inclusive of correlation IDs for all service activity. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 24, 27, 28, 29, 30, 32, 36, 37, 48)
- deny all—
-
34. A method for the creation, management, and provisioning of a secure virtual service connection (VSC) that includes the following as a function of a connection:
- service definition;
mutual authentication of all parties to a connection;
service specific authorization;
transport encryption;
end to end logging inclusive of correlation IDs for all service activity.
- service definition;
-
35. A method for the creation, management, and provisioning of a secure service definition where the service may be one or more of the following exposed through a VSC;
- (1) application proxied through an SSN;
(2) a function in an application exposed through the SSN;
(3) a web service exposed through the SSN; and
(4) a streaming connection exposed through the SSN.
- (1) application proxied through an SSN;
-
38. A method for the enablement and business reporting in support of federated security on a virtual network topology where predefined relationship and control models are supported and enforced by an SSN layered on top of a traditional network infrastructure.
-
39. A Global Gateway Computer located on a third network for managing the provisioning, reporting, and implementation of a secure virtual network topology for secure communications from a first network to a second network, said Global Gateway Computer Comprising:
-
an input for receiving a request for a service from a first computer, wherein the first computer is located in the first network and operates as a gateway between the first network and the third network, and wherein the service is provided by the second network;
a processor for authenticating the request and for determining if the first computer is authorized to use the service; and
an output for transmitting a message to the first computer that facilitates the establishment of a peer to peer secure connection between the first computer and a second computer upon the successful authentication of the first computer and if the user is authorized to use the service, wherein the second computer is located on the second network and operates as a gateway between the second network and the third network.
-
-
40. A secure virtual network topology comprising:
-
a first computer gateway to a third network, wherein the first computer gateway is located on a first network, a second computer gateway to the third network, wherein the second computer gateway is located on a second network, a global computer, wherein the global computer is located on the third network, a transmitter at said first computer gateway for transmitting a request to the global computer for a service that is provided by the second network, an input at said global computer for receiving the request, a processor at said global computer for authenticating the request and for making a determination that a requester is authorized to access the service, a peer to peer connection between the first computer gateway and the second computer gateway established after the authentication of the request by the global computer; and
a second processor on said second network for providing the service to the requester upon the determination that the requester is authorized to access the service.
-
-
41. A secure virtual network topology comprising:
-
a first computer gateway to a third network, wherein the first computer gateway is located on a first network, a second computer gateway to the third network, wherein the second computer gateway is located on a second network, a global computer, wherein the global computer is located on the third network, a transmitter at said first computer gateway for transmitting a request to the global computer for a service that is provided by the second network, an input at said global computer for receiving the request, a processor at said global computer gateway for authenticating the request;
a peer to peer connection between the first computer gateway and the second computer gateway established after the authentication of the request by the global computer;
a second processor at said second computer gateway for making a second determination that a requester is authorized to access the service, and a third processor on said second network for providing the service to the requester upon the determination by the second computer gateway that the requester is authorized to access the service.
-
-
42. A secure virtual network topology comprising:
-
a first computer gateway to a third network, wherein the first computer gateway is located on a first network, a second computer gateway to the third network, wherein the second computer gateway is located on a second network, a global computer, wherein the global computer is located on the third network, a transmitter at said first computer gateway for transmitting a request to the global computer for a service that is provided by the second network, an input at said global computer for receiving the request, a processor at said global computer gateway for authenticating the request and for making a first determination that a requester is authorized to access the service;
a peer to peer connection between the first computer gateway and the second computer gateway established after the authentication of the request by the global computer;
a second processor at said second computer gateway for making a second determination that a requester is authorized to access the service, and a third processor on said second network for providing the service to the requester upon the determination by the second computer gateway and the global computer that the requester is authorized to access the service.
-
-
43. A Secure Virtual Network Topology Apparatus comprised of components that include one or more Secure Service Gateways linked together by way of a physical network connection that is wired or wireless and operating in a proxy and/or and service mode including one or more of:
- an Optional Global Secure Service Gateway;
Network Functions to include;
Service Repository;
VSC domain controller and administration model;
Service Management, Provisioning, Billing and Reporting Console;
one or more governance models;
Network Infrastructure Services and Reporting; and
participant and service provisioning specific reporting and billing.
- an Optional Global Secure Service Gateway;
-
44. A Secure Service Gateway comprised of one or more of the following:
- a security proxy with port level firewall;
a service implementation; and
an integration framework.
- a security proxy with port level firewall;
-
45. A Secure Virtual Network Topology Apparatus comprised of one or more of the following:
- A network of SSGs;
one or more infrastructure and management services and functions used across SSGs in a network;
a reporting and aggregation process for integration data from multiple SSGs in a network in a secure and auditable fashion;
a VSC provisioning process where VSCs are provisioned across multiple SSGs connected on a network for use by specific network participants linked to one or more SSGs.
- A network of SSGs;
-
46. A SSG that can securely register as a new participant on an instance of an SSN where the registration and provisioning process is automated once the SSG is attached to a physical network connection that has access to an instance of an SSN.
-
47. A Virtual Network Topology Manager that includes management and service functions running on two or more physical devices that implement one or more of the following infrastructure services on a physical network in VSCs to facilitate the creation and management of business service VSCs on any physical network:
- (1) Access Control List service for authorization verification of a request for a service;
(2) Certificate Revocation List for the digital certificate status and revocation;
(3) Logging service for the consistent logging of network activity across all network participants but specific to each and every VSC and the participants it is provisioned to;
(4) Discovery service for the identification of available services specific to a participant or activity on the Virtual Network Topology;
(5) Geo-Spatial correlation service for establishing a spatial reference for activities on a Virtual Network Topology;
(6) a Certificate Generation service allowing the creation of a digital certificate for use by one or more participants on the network;
(7) Certificate signing service for supporting registration and PKI lifecycle management associated with users and nodes on a Virtual Network Topology; and
(8) SSG node generation service for the creation of a Software Package that can be downloaded and registered to a Virtual Network Topology.
- (1) Access Control List service for authorization verification of a request for a service;
-
49. A device or software module that represents a node in a secure virtual network where that node supports multiple concurrent and separate secure connections wherein a connection comprises authentication, authorization, encryption for each connection that is specific to the provisioning of a connection to a participant on a virtual network and further including an operation of the node in one or more of the modes;
- (1) a single user gateway and (2) a gateway for multiple users.
Specification