VIRTUAL PRIVATE NETWORK SYSTEM AND NETWORK DEVICE THEREOF

US 20120023325A1
Filed: 08/25/2010
Published: 01/26/2012
Est. Priority Date: 07/20/2010
Status: Abandoned Application

First Claim

Patent Images

1. A virtual private network (VPN) system, comprising:

a first network device, configured for providing an encrypted connection setup request message, wherein the encrypted connection setup request message comprises an authentication information; and

a second network device, connected to the first network device through an Internet, configured for receiving the encrypted connection setup request message and forwarding the authentication information to an authentication server to perform a first authentication process and determines whether the first network device is authorized,wherein if the first network device is authorized, the second network device and the first network device directly exchange a set of VPN arguments and perform a second authentication process by exchanging the VPN arguments, so as to establish an IPSec VPN connection between the first network device and the second network device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A virtual private network (VPN) system and a network device thereof are provided. The VPN system includes a first network device, a second network device, and an authentication server. The first network device provides an encrypted connection setup request message containing an authentication information to the second network device. The second network device receives the encrypted connection setup request message and forwards the authentication information to the authentication server to perform a first authentication process, so as to determine whether the first network device is authorized. If the first network device is authorized, the first network device and the second network device directly exchange a set of VPN arguments and perform a second authentication process through the exchange of the VPN arguments, so as to establish an IPSec VPN connection between the first network device and the second network device.

38 Citations

View as Search Results

23 Claims

1. A virtual private network (VPN) system, comprising:
- a first network device, configured for providing an encrypted connection setup request message, wherein the encrypted connection setup request message comprises an authentication information; and
  
  a second network device, connected to the first network device through an Internet, configured for receiving the encrypted connection setup request message and forwarding the authentication information to an authentication server to perform a first authentication process and determines whether the first network device is authorized,wherein if the first network device is authorized, the second network device and the first network device directly exchange a set of VPN arguments and perform a second authentication process by exchanging the VPN arguments, so as to establish an IPSec VPN connection between the first network device and the second network device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The VPN system according to claim 1, wherein the first network device is a client device, and the second network device is a VPN server.
  - 3. The VPN system according to claim 1, wherein when the second network device and the first network device exchange the VPN arguments, the first network device sends a first IP address of a local area network (LAN) to which the first network device belongs to the second network device, and the second network device sends a second IP address of a LAN to which the second network device belongs back to the first network device.
  - 4. The VPN system according to claim 3, wherein when the second network device and the first network device exchange the VPN arguments, the first network device sends a third IP address of a wide area network (WAN) to which the first network device belongs to the second network device, and the second network device sends a fourth IP address of a WAN to which the second network device belongs back to the first network device.
  - 5. The VPN system according to claim 3, wherein the second network device dynamically generates a pre-shared key and sends the pre-shared key to the first network device to complete the second authentication process, wherein the second authentication process is a VPN authentication process.
  - 6. The VPN system according to claim 4, wherein the second network device selectively sends a domain name system (DNS) information to the first network device such that the first network device is connected to one or more network servers in the LAN corresponding to the second network device by using a domain name.
  - 7. The VPN system according to claim 1, wherein the first network device is one of a computer, a smart phone, a personal digital assistant (PDA), a TV set, and a multimedia player.

8. A network device, for establishing a VPN connection with another network device, the network device comprising:
- a network interface, configured for connecting to an Internet; and
  
  a memory module, comprising;
  
  a connection processing module, coupled to the network interface, configured for receiving an encrypted connection setup request message from a client device and forwarding the encrypted connection setup request message to an authentication server to perform a first authentication process and determine whether the client device is authorized, wherein the encrypted connection setup request message comprises an authentication information;
  
  a argument generation module, coupled to the connection processing module, configured for generating a plurality of VPN arguments, wherein the VPN arguments comprise a pre-shared key; and
  
  a processor module, coupled to the network interface and the memory module, configured for executing the argument generation module and the connection processing module and controlling the network interface and the memory module,wherein if the client device is authorized, the network device and the client device directly exchange a plurality of VPN arguments and perform a second authentication process by exchanging the VPN arguments, so as to establish an IPSec VPN connection.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The network device according to claim 8, wherein the network device is a VPN server.
  - 10. The network device according to claim 8, wherein when the network device and the client device exchange the VPN arguments, the connection processing module receives a first IP address of a LAN to which the client device belongs from the network device and sends a second IP address of a LAN to which the network device belongs to the client device.
  - 11. The network device according to claim 10, wherein when the network device and the client device exchange the VPN arguments, the connection processing module receives a third IP address of a WAN to which the client device belongs from the network device and sends a fourth IP address of a WAN to which the network device belongs to the client device.
  - 12. The network device according to claim 10, wherein the argument generation module dynamically generates the pre-shared key, and the connection processing module sends the pre-shared key to the client device to complete the second authentication process, wherein the second authentication process is a VPN authentication process.
  - 13. The network device according to claim 12, wherein the connection processing module selectively sends a DNS information to the client device such that the client device is connected to one or more network servers in the LAN to which the network device belongs by using a domain name.

14. A network device, for establishing a VPN connection with another network device, the network device comprising:
- a network interface, configured for connecting to an Internet; and
  
  a memory module, comprising;
  
  a user interface module, coupled to the network interface, configured for receiving an authentication information and a server address from a user, and generating a connection setup request message and sending an encrypted connection setup request message to a server according to the server address, wherein the server forwards the encrypted connection setup request message to an authentication server to perform a first authentication process and determine whether the network device is authorized, wherein the encrypted connection setup request message comprises the authentication information;
  
  an encryption module, coupled to the user interface module, configured for encrypting the connection setup request message into the encrypted connection setup request message;
  
  a processor module, coupled to the network interface and the memory module, configured for executing the user interface module and the encryption module and controlling the network interface and the memory module,wherein if the network device is authorized, the another network device and the network device directly exchange a plurality of VPN arguments and perform a second authentication process by exchanging the VPN arguments, so as to establish an IPSec VPN connection between the another network device and the network device.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The network device according to claim 14, wherein the network device is a client device, and the another network device is a VPN server.
  - 16. The network device according to claim 14, wherein when the network device and the another network device exchange the VPN arguments, the user interface module provides a first IP address of a LAN to which the network device belongs to the another network device and receives a second IP address of a LAN to which the another network device belongs.
  - 17. The network device according to claim 16, wherein when the network device and the another network device exchange the VPN arguments, the user interface module provides a third IP address of a WAN to which the network device to the another network device belongs and receives a fourth IP address of a WAN to which the another network device belongs.
  - 18. The network device according to claim 16, wherein the another network device dynamically generates a pre-shared key and sends the pre-shared key to the network device to complete the second authentication process, wherein the second authentication process is a VPN authentication process.
  - 19. The network device according to claim 17, wherein the another network device selectively sends a DNS information to the network device such that the network device is connected to one or more network servers in the LAN corresponding to the another network device by using a domain name.
  - 20. The network device according to claim 14 further comprising:
    - an input/output interface, configured for connecting to a biological characteristic sampler, receiving a biological characteristic provided by the user through the biological characteristic sampler, and generating the authentication information according to the biological characteristic.
  - 21. The network device according to claim 14 further comprising:
    - an input/output interface, for connecting to a smart card reader, receiving a digital characteristic from a smart card, and generating the authentication information according to the digital characteristic.
  - 22. The network device according to claim 14, wherein the authentication information comprises a username and a password.
  - 23. The network device according to claim 14, wherein the network device is one of a computer, a smart phone, a PDA, a TV set, and a multimedia player.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gemtek Technology Company Limited
Original Assignee
Gemtek Technology Company Limited
Inventors
Lai, Chung-Chiu

Application Number

US12/868,709
Publication Number

US 20120023325A1
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

H04L 63/0272 Virtual private networks

H04L 63/08 for authentication of entit...

VIRTUAL PRIVATE NETWORK SYSTEM AND NETWORK DEVICE THEREOF

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

38 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

VIRTUAL PRIVATE NETWORK SYSTEM AND NETWORK DEVICE THEREOF

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links