Infrastructure Architecture for Secure Network Management with Peer to Peer Functionality

US 20070112578A1
Filed: 06/27/2006
Published: 05/17/2007
Est. Priority Date: 10/25/2002
Status: Active Grant

First Claim

Patent Images

1. A secure virtual network providing community nodes (2 or more participants) where the architecture of the network'"'"'s security and business management reporting is a result of the network architecture and where participants can maintain absolute security and control over their services independent of any other participant.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Architecture defining a secure virtual network of communities of two or more participants where security and business management reporting is a result of a network architecture and where participants can maintain absolute security and control over their services independent of any other participant according to implemented selection rules of the network architecture administration.

99 Citations

View as Search Results

37 Claims

1. A secure virtual network providing community nodes (2 or more participants) where the architecture of the network'"'"'s security and business management reporting is a result of the network architecture and where participants can maintain absolute security and control over their services independent of any other participant.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 23, 24, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 2. A network architecture of claim 1 where participant governance is one of participant control where each service provider can restrict access to their services independent of any other participant on the network.
  - 3. A network of claim 1 where virtual network gateways are managed via services where the gateway can be accessed via a service from a network provider where the service includes end to end comprehensive security and business reporting.
  - 4. A network of claim 2 and claim 3 where a participant on the network can restrict access to a gateway by the network provider through local access control.
  - 5. A network of claim 1 where comprehensive security includes:
    - the combination of mutual authentication, authorization, end to end encryption, end to end logging, and participant and service specific privacy.
  - 6. A network of claim 5 where encryption is effected through the use of a PKI infrastructure.
  - 7. A network of claim 5 where authentication is effected through the use of a PKI infrastructure as one or more component.
  - 8. A network of claim 5 where infrastructure services supporting PKI in the solution and as VSCs on the managed service network include:
    - certificate revocation, certificate signing, certificate verification, and optionally a directory of participants, certificate creation, certificate registration, and/or certificate renewal.
  - 9. A network of claim 5 where mutual authentication of all participants in a provisioned service is a prerequisite to establishing a VSC or VSN for the consumption of a service.
  - 10. A network of claim 9 where as a function of mutual authentication, a service specific SSL connection is established between the participants in the service.
  - 11. A network of claim 5 where authorization is effected through the extraction of identity from a digital certificate using a PKI infrastructure and the combination of identity and service definition are used for authorization control.
  - 12. A network of claim 1 where authentication is used to establish identity for all participants in an activity provisioned as a service.
  - 13. A network of claim 1 where comprehensive business reporting includes:
    - response time, request size, response size, participant (s) identity, error code, and status code.
  - 14. A network of claim 1 where transitive security and private business management reporting is supported through one or more network providers allowing for the bridging of trusted security and management reporting across 2 or more instances of the invention and among 3 or mare participants.
  - 15. A network of claim 1 where transitive security and private business management reporting is supported through one or more network providers allowing for the bridging of trusted security and management reporting between an instance of the invention and a trusted 3rd party network.
  - 16. A network of claim 1 where transitive security and private business management reporting is supported through one or more network providers allowing for the bridging of trusted security and management reporting between an instance of the invention and another certificate authority.
  - 17. A network of claim 1 where virtual network gateways are remotely managed via infrastructure services used by a network provider, where the participant using the gateway may control administration of that gateway via controlling access to it via the restriction of infrastructure services.
  - 18. A network of claim 1 or claim 17 where the installation and configuration of a new gateway is effected through an enrollment process and infrastructure services that create, distribute, and enroll new gateways on an instance of the managed service.
  - 23. A network of claim 1 where a unique ID is created for every service request and used to track activity associated with a service request on the virtual network topology.
  - 24. A network of claim 1 and 23 where a correlation ID in combination with a unique request ID is used to securely correlate multiple service requests in one or more virtual network connections.
  - 26. A network of claim 1 where a node on the virtual network is that of a virtual software node loaded on commodity hardware (e.g., PC, laptop, server, smart phone, PDA . . . etc.), a network appliance, and browser add on or plug in, an operation system function, a stand alone application, a single user gateway or a multi-user gateway, a card or module added to a network device (router, switch, hub, NIC card . . . etc).
  - 27. A network of claim 1 where web services can be securely created, distributed, provisioned, managed as services on the solution. Where the execution of a web service is accomplished within an isolated VSC specific to the service and the participants a service is provisioned to.
  - 28. A network of claim 27 and claim 5 where a request for a web service results in the creation of a service and participant specific VSC for that service.
  - 29. A network of claim 28 where mutual authentication, function and participant specific authorization, transport encryption (ie:
    - SSL) are at a minimum enforced for all web service activity.
  - 30. A network of claim 1 where participant service reporting is specific and private to the participants to a provisioned service and access is controlled by the owner of the service.
  - 31. A network of claim 1 where secure and private business management reporting and activity correlation is accomplished where:
    - a unique ID is created and assigned for each service request, a correlation ID is used to link multiple request together, and an optional origination ID is used to link activity back to a external system, application, device, user, credential, digital certificate(s) associated with the invocation of a service request.
  - 32. A network of claim 31 where unique IDs are logged at nodes of the network and those nodes leverage an infrastructure logging service to securely and privately report activity back to a management reporting service where the unique IDs are used to correlate activity, assure privacy, and enable SLA reporting across the entire virtual network.
  - 33. A network of claim 1 where a domain model and PKI infrastructure is used to create a virtual secure network comprised of mutually authenticated, authorized, and encrypted connections where security and management reporting is enforced by virtual nodes, resulting in a virtual network of 2 or more users using 1 or more services represented and managed by entries in a domain model.
  - 34. A network of claim 1 where a domain model is used to create a virtual secure network comprised of mutually authenticated, authorized, and encrypted connections where security and management reporting is enforced by virtual nodes, resulting in a virtual network of 2 or more users using 1 or more services represented and managed by entries in a domain model.
  - 35. A network of claim 33 and 34 where the result is one or more virtual secure networks comprised of web services where participants are web service providers and web service requestors.
  - 36. A network of claim 35 where a service registry is used by participants to securely create, register, manage, provision, and share web services across a broad community of users where a web service invocation can be executed in its own;
    - secure, private, and specific to 2 or more participants a service has been provisioned to;
      
      virtual network connection.
  - 37. A network of claim 1 where more than 1 PKI infrastructure or CA is supported in one of the following areas:
    - payload encryption, identity verification, transport encryption, and identity authorization.

19. A network wherein authentication is accomplished via a digital certificate infrastructure including PKI where a Certificate Revocation service is used to remove a participant and/or gateway from the network.

20. A network where authorization is accomplished via an Access Control List (ACL) service used to confirm authorization of a service specific to the identities of all participants and the provisioning of a service to those identities by the service provider.

21. A network where authorization is accomplished via an Access Control List (ACL) service used to confirm authorization of a service specific to the identities of all participants and the provisioning of a service to those identities by the service provider and where a 2 stage ACL process is implemented in a manner where participants can further restrict access to their services through an ACL they administer but can not grant access not included in the 3^rdparty ACL.

22. A network wherein of mutual authentication and authorization where a service specific SSL tunnel is created as a result of a request for a service that has been provisioned to one or more participants where the SSL tunnel is created specific to that request and disposed of when the request is completed and where the identity of and access rights of the participants is validate prior to the execution of a service provisioned to the network by a service provider participant.

25. A network for the creation of an encrypted virtual network connection where prerequisite to a connection is the validation of the identity of all participants in the activity and authorization validation specific to the provisioning of an activity to one or more requesters a service has been provisioned to.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Randall Orkis, William M. Randle
Original Assignee
Randall Orkis, William M. Randle
Inventors
Randle, William, Orkis, Randall

Granted Patent

US 8,327,436 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 63/0272 Virtual private networks

Infrastructure Architecture for Secure Network Management with Peer to Peer Functionality

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

99 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Infrastructure Architecture for Secure Network Management with Peer to Peer Functionality

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

99 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links