SYSTEMS AND METHODS FOR SECURED GLOBAL LAN

US 20150007272A1
Filed: 07/09/2013
Published: 01/01/2015
Est. Priority Date: 07/01/2013
Status: Active Grant

First Claim

Patent Images

1. A method for a cloud controller to control a plurality of network devices, comprising:

receiving, at the cloud controller from a first network device, a message indicative of a public network address associated with the first network device;

receiving, at the cloud controller from a second network device, a message indicative of a public network address associated with the second network device;

pre-assigning, at the cloud controller, the first and second network devices to an account maintained by the cloud controller; and

sending an authorization message to the public network addresses associated with the first and second network devices to authorize the first and second network devices to establish a virtual network comprising two private networks to which the first and second network devices belong.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention relates to a method and a network device for establishing a Virtual Private Network (VPN) among Local Area Networks (LANs). The method uses a cloud controller that has a static IP address to control a plurality of network devices. The method comprises receiving, at the cloud controller, messages indicative of dynamic public network addresses associated with the first and second network devices; pre-assigning, at the cloud controller, the first and second network devices to an account maintained by the cloud controller; and sending an authorization message to the dynamic public network addresses associated with the first and second network devices to authorize the first and second network devices to establish a virtual network comprising two private networks to which the first and second network devices belong.

36 Citations

View as Search Results

25 Claims

1. A method for a cloud controller to control a plurality of network devices, comprising:
- receiving, at the cloud controller from a first network device, a message indicative of a public network address associated with the first network device;
  
  receiving, at the cloud controller from a second network device, a message indicative of a public network address associated with the second network device;
  
  pre-assigning, at the cloud controller, the first and second network devices to an account maintained by the cloud controller; and
  
  sending an authorization message to the public network addresses associated with the first and second network devices to authorize the first and second network devices to establish a virtual network comprising two private networks to which the first and second network devices belong.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein at least one of the public network addresses associated with the first and second network devices includes a dynamic IP address.
  - 3. The method of claim 1, wherein the public network addresses associated with the first and second network devices include communication ports and dynamic public IP addresses that are assigned to the first and second network devices, or assigned to routers of the private networks to which the first and second network devices belong.
  - 4. The method of claim 3, wherein the public network addresses associated with the first and second network devices include dynamic public IP addresses that are assigned to routers of the private networks to which the first and second network devices belong, and the first and second network devices are assigned with private IP addresses of the private networks.
  - 5. The method of claim 1, further comprising:
    - updating a database maintained by the cloud controller, wherein the database includes the public network addresses currently associated with the first and second network devices.
  - 6. The method of claim 5, wherein the database further includes information of the first and second network devices being pre-assigned to the account.
  - 7. The method of claim 1, further comprising:
    - receiving, at the cloud controller, an instruction to pre-assign the first and second network devices to the account maintained by the cloud controller;
      
      wherein the instruction is from a computing device separated from the first and second network devices.
  - 8. The method of claim 1, further comprising:
    - providing a remote user interface for pre-assigning a network device identified by a serial number to an account;
      
      wherein all network devices pre-assigned to the account are configured to form a virtual network among the private networks to which these network devices belong when these network devices are operating online.
  - 9. The method of claim 1, further comprising:
    - generating a pre-shared key that is unique for a pair of the first and second network devices, wherein the authorization message includes the pre-shared key.
  - 10. The method of claim 1, wherein the virtual network is a Virtual Private Network (VPN) and the private networks are Local Area Networks (LANs).

11. A network device comprising:
- a processor;
  
  a networking interface configured to communicate with a cloud controller and at least one peer device; and
  
  a storage component preloaded with a public network address associated with the cloud controller and an identifier of the network device;
  
  the storage component further storing instructions which, when executed by the processor, cause the network device to perform a process including;
  
  identifying the network device to the cloud controller by sending a registration message including the identifier of the network device to the public network address associated with the cloud controller;
  
  receiving, from the cloud controller, an authorization message including a public network address associated with the peer device; and
  
  directly connecting to the peer device based on the authorization message to establish a virtual network among a private network to which the network device belongs and a private network to which the peer device belongs.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The network device of claim 11, wherein the public network addresses associated with the peer network device includes a dynamic IP address.
  - 13. The network device of claim 11, wherein the registration message further includes a dynamic IP network address that are assigned to the network device, or assigned to a router of the private networks to which that the network device belongs.
  - 14. The network device of claim 11, wherein the process further includes:
    - requesting the private network connection with a peer device to the cloud controller without identifying the peer device;
  - 15. The network device of claim 11, wherein the network device and the peer device are pre-assigned to an account maintained by the cloud controller and the peer device is identified by the cloud controller based on the account.
  - 16. The network device of claim 11, wherein the directly connecting comprises:
    - transmitting, from the network device to the public network address associated with the peer device, a request to establish the virtual network;
      
      wherein the request is authenticated by a pre-shared key that the control controller provided to the network device and the peer device before the request being transmitted.
  - 17. The network device of claim 11, wherein the receiving comprises:
    - receiving, from the cloud controller, an authorization message including public network addresses associated with multiple peer devices;
      
      and wherein the directly connecting comprises;
      
      directly connecting to the peer devices based on the authorization message to establish the virtual network among the private networks to which the network device and the peer devices belong.

18. A method for establishing a virtual network among a plurality of private networks, comprising:
- transmitting a registration message from a network device to a cloud controller that is associated with a public network address preloaded in the network device, the registration message including a dynamic public network address associated with the network device;
  
  sending, from the network device to the cloud controller, a request message to establish a virtual network between the network device and a peer device;
  
  receiving, at the network device from the cloud controller, an authorization message including a public network address associated with the peer device; and
  
  directly connecting to the peer device based on the authorization message to establish the virtual network among a private network to which the network device belongs and a private network to which the peer device belongs.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
- - 19. The method of claim 18, wherein the network device and the peer device are pre-assigned to an account maintained by the cloud controller.
  - 20. The method of claim 18, wherein the sending comprises:
    - sending, from the network device to the cloud controller, a request message to establish a virtual network between the network device and a peer device without identifying the peer device;
  - 21. The method of claim 18, wherein the peer device is identified by the cloud controller based on an account to which the network device is pre-assigned.
  - 22. The method of claim 18, further comprising:
    - periodically transmitting, from the network device to the cloud controller, a heartbeat message to update the public network address associated with the network device.
  - 23. The method of claim 18, wherein the public network address associated with the network device is a dynamic public IP address currently assigned to the network device or a dynamic public IP address currently assigned to a router of the private network to which the network device belongs to.
  - 24. The method of claim 18, wherein the virtual network is a Virtual Private Network (VPN) and the authorization message includes a pre-shared key generated by the cloud controller that is unique for a pair of the network device and the peer device.
  - 25. The method of claim 18, wherein the cloud controller is Software-Defined Networking (SDN) service running on a cloud computing platform.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Holonet Security Inc.
Original Assignee
Stratusee Technologies, Inc.
Inventors
Zou, Feng

Granted Patent

US 9,438,596 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 61/2514   between local and global IP...

H04L 61/4535   using an address exchange p...

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

SYSTEMS AND METHODS FOR SECURED GLOBAL LAN

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR SECURED GLOBAL LAN

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links