PRIVATE NETWORK SYSTEM AND METHOD

US 20080134316A1
Filed: 10/15/2007
Published: 06/05/2008
Est. Priority Date: 10/13/2006
Status: Active Grant

First Claim

Patent Images

1. A method for forming a secure virtual private network (VPN) consisting of two or more linked entities having internet connectability where each entity has links with at least one other device on the VPN, said method comprising the steps of:

(a) providing a lookup device having a known address with an undatable index of entities known to be connectable to the VPN, which look up device accepts requests from known entities (“

joining entity”

) wishing to link to the VPN,(b) causing at least one pre-designated contact entity on the VPN to periodically poll the lookup device for received joining requests,(c) said lookup device receiving a request from a joining entity to connect to the VPN(d) in response to a poll for joining requests said lookup device notifying the polling contact entity of at least the address of each joining entity,(e) if the contact entity permits a connection to the VPN, the contact entity supplies at least its address to the lookup device which passes this to the joining entity,(f) the joining entity and contact entity establish a first link between them,(g) the joining entity and the contact entity conduct an authentication process over said first link,(h) and if the authentication process is successful the contact entity notifies the joining entity of at least the status of other entities belonging to the VPN and notifies all entities on the VPN that the joining device is joining the VPN,(i) said joining device using the status of other entities belonging to the VPN to calculate its node position in the VPN including the one or two neighbour entities it will connect to,(j) said one or two neighbour entities initiating a process of the type specified in steps (c) to (f) with said lookup entity to establish one or more second links with said joining entity and terminating said first link,(k) and said joining entity and at least one neighbour entity conducting a mutual authentication process which if successful sustains said one or more second links.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for forming a secure virtual private network (VPN) is described. The secure virtual private network consists of two or more linked entities having internet connectability where each entity has links with at least one other device on the VPN. The method comprising the steps of: providing a lookup device having a known address with an updatable index of entities known to be connectable to the VPN. Causing at least one pre-designated contact entity on the VPN to periodically poll the lookup device for received joining requests. The look up device accepts requests from known entities (“joining entity”) wishing to link to the VPN. The lookup device receives a request from a joining entity to connect to the VPN. In response to a poll for joining requests the lookup device notifies the polling contact entity of at least the address of each joining entity. If the contact entity permits a connection to the VPN, the contact entity supplies at least its address to the lookup device which passes this to the joining entity. The joining entity and contact entity establish a first link between them. The joining entity and the contact entity conduct an authentication process over the first link. If the authentication process is successful the contact entity notifies the joining entity of at least the status of other entities belonging to the VPN and notifies all entities on the VPN that the joining device is joining the VPN. The joining device uses the status of other entities belonging to the VPN to calculate its node position in the VPN including the one or two neighbour entities it will connect to. The one or two neighbour entities initiating a process of the type specified above to connect with the lookup entity to establish one or more second links with the joining entity and terminating the first link. The joining entity and at least one neighbour entity conducting a mutual authentication process which if successful sustains the one or more second links.

67 Citations

View as Search Results

19 Claims

1. A method for forming a secure virtual private network (VPN) consisting of two or more linked entities having internet connectability where each entity has links with at least one other device on the VPN, said method comprising the steps of:
- (a) providing a lookup device having a known address with an undatable index of entities known to be connectable to the VPN, which look up device accepts requests from known entities (“
  
  joining entity”
  
  ) wishing to link to the VPN,(b) causing at least one pre-designated contact entity on the VPN to periodically poll the lookup device for received joining requests,(c) said lookup device receiving a request from a joining entity to connect to the VPN(d) in response to a poll for joining requests said lookup device notifying the polling contact entity of at least the address of each joining entity,(e) if the contact entity permits a connection to the VPN, the contact entity supplies at least its address to the lookup device which passes this to the joining entity,(f) the joining entity and contact entity establish a first link between them,(g) the joining entity and the contact entity conduct an authentication process over said first link,(h) and if the authentication process is successful the contact entity notifies the joining entity of at least the status of other entities belonging to the VPN and notifies all entities on the VPN that the joining device is joining the VPN,(i) said joining device using the status of other entities belonging to the VPN to calculate its node position in the VPN including the one or two neighbour entities it will connect to,(j) said one or two neighbour entities initiating a process of the type specified in steps (c) to (f) with said lookup entity to establish one or more second links with said joining entity and terminating said first link,(k) and said joining entity and at least one neighbour entity conducting a mutual authentication process which if successful sustains said one or more second links.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. A method according to claim 1 including an initial registration step whereby entities register with the lookup device for access to one or more desired VPNs and only entities which are so registered are subsequently recognised or known to the lookup device, said registration step comprising:
    - the entity sending to the lookup device registration information including at least a username, a password, and the lookup device storing said registration information for identification purposes when a registered entity sends a VPN joining request to the lookup device.
  - 3. A method according to claim 2 wherein said registration step includes the lookup device sending to registering entities a security key to allow such entities to access security keys unique to VPN for which registration has been made and the other entities registered for that VPN.
  - 4. A method according to claim 3 wherein in step (h) the contact entity further notifies the joining entity of the entity identifiers of other entities belonging to the VPN.
  - 5. A method according to claim 4 wherein in step (i) said joining entity additionally uses the entity identifiers of other entities belonging to the VPN to calculate its node position.
  - 6. A method according to claim 5 wherein said entity identifier is an address.
  - 7. A method according to claim 1 wherein said authentication process consists of each of the two entities challenging the other using a key unique to the purported identity of the other entity, each challenge comprising a transmission to the other entity, a response from the other entity and verification by the challenging entity that the response is correct.
  - 8. A method according to claim 6 wherein said authentication process consists of each of the two entities challenging the other using a key unique to the purported identity of the other entity, each challenge comprising a transmission to the other entity, a response from the other entity and verification by the challenging entity that the response is correct.
  - 9. A method according to claim 7 wherein each challenge between a first entity and a second entity comprises the steps of:
    - (a) the first entity generates a random sequence of data, stores it and encrypts it with the public key of the second entity and sends the resultant cyphertext to the second entity,(b) the second entity receives the cyphertext from the first entity, decrypts it using the private key of the second entity, encrypts the resultant plaintext with the public key of the first entity and sends it to the first entity, and(c) the first entity receives the cyphertext from the second entity, decrypts it using the private key of the first entity compares the resultant plaintext with said stored random sequence of data and if there is a match accepts that the second entity is authenticated.
  - 10. A method according to claim 8 wherein each challenge between a first entity and a second entity comprises the steps of:
    - (a) the first entity generates a random sequence of data, stores it and encrypts it with the public key of the second entity and sends the resultant cyphertext to the second entity,(b) the second entity receives the cyphertext from the first entity, decrypts it using the private key of the second entity, encrypts the resultant plaintext with the public key of the first entity and sends it to the first entity, and(c) the first entity receives the cyphertext from the second entity, decrypts it using the private key of the first entity compares the resultant plaintext with said stored random sequence of data and if there is a match accepts that the second entity is authenticated.
  - 11. A method according to claim 9 wherein data traffic between entities connected to a VPN is encrypted using a symmetric key and said symmetric key is said random sequence of data.
  - 12. A method according to claim 10 wherein data traffic between entities connected to a VPN is encrypted using a symmetric key and said symmetric key is said random sequence of data.
  - 13. A method according to claim 11 wherein said authentication process is periodically repeated and the periodically generated random data sequences are used as a dynamic symmetric session key.
  - 14. A method according to claim 12 wherein said authentication process is periodically repeated and the periodically generated random data sequences are used as a dynamic symmetric session key.
  - 15. A method according to claim 14 wherein said entities are devices having a processor that can be connected to the internet.
  - 16. A method according to claim 15 wherein said devices include computers, PDAs, PPC, mobile telephones or smartphones, and embedded devices.

17. Computer software for forming a secure virtual private network (VPN) consisting of two or more linked entities having internet connectability where each entity has links with at least one other entity on the VPN and a lookup device connected to the internet having a known address with an updatable index of entities known to be connectable to the VPN, said software residing on each said entity and comprising:
- (a) a routine for connecting to said lookup device and making a request to said lookup device to join to the VPN,(b) a routine for polling the lookup device for received joining requests,(c) a routine for receiving from the lookup device at least the address of each joining entity,(d) a routine for matching the address of each joining entity with stored criteria,(e) a routine which allows matched entities to establish a first link between them,(f) an authentication routine which enables entities which have established a first link to mutually authenticate the identity of the other,(g) a routine which if the authentication process is successful notifies the joining entity of at least the status of other entities belonging to the VPN and notifies all entities on the VPN that the joining device is joining the VPN,(h) a routine which uses the status of other entities belonging to the VPN to calculate the node position in the VPN and the one or two neighbour entities that the entity on which the routine resides will connect to,(i) a routine which through said lookup device establishes one or more second links with said one or more neighbouring entities in said VPN and ends said first link,(j) a routine which invokes said authentication routine to conduct mutual authentication between said linked neighbouring entities and which if successful sustains said one or more second links.
- View Dependent Claims (18, 19)
- - 18. One or more computer-readable media comprising computer-readable software as claimed in claim 17.
  - 19. An electromagnetic signal carrying computer-readable software as claimed in claim 17.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quipa Holdings Limited
Original Assignee
Quipa Holdings Limited
Inventors
Devonshire, Karyn, Lobb, Jason

Granted Patent

US 8,196,181 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/15
CPC Class Codes

G06F 9/548   Object oriented; Remote met...

H04L 61/4535   using an address exchange p...

H04L 63/0272   Virtual private networks

H04L 63/065   for group communications cr...

H04L 63/0869   for achieving mutual authen...

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/1046   Joining mechanisms

H04L 67/1093   Some peer nodes performing ...

H04L 67/14   Session management for real...

PRIVATE NETWORK SYSTEM AND METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

67 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

PRIVATE NETWORK SYSTEM AND METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links