Virtual private network system and method

US 6,055,575 A
Filed: 01/26/1998
Issued: 04/25/2000
Est. Priority Date: 01/28/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A method for forming a virtual node for a private access network having a private access communications protocol over a public access network having a public access communications protocol, the virtual node being a remote computer and the method comprising:

establishing a secure communications path over the public access network between a host computer connected to the private network and a remote client computer to establish the remote client computer as a virtual node of the private network, the establishing including negotiating a communications protocol compatible with the private network between the host computer connected to the public access network and the remote client computer, the negotiating including negotiating one or more parameters governing future communications between the remote client computer and the host computer, wherein the negotiated parameters include an encryption technique;

generating a data packet to be transmitted over the secure communications path, the data packet including data and information about routing the data in the data packet in accordance with the private access communications protocol;

encrypting said data packet using the negotiated encryption technique;

encapsulating said encrypted data packet into second data packet having a format compatible with the public access communications protocol;

transmitting the second data packet over the public access network;

unpacking the encrypted data packet from said second data packet; and

decrypting the data packet received from the public access network to route the data in the data packet over the private access network using the information about the private access communications protocol.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for remote users to access a private network having a first communications protocol via a public network, such as any TCP/IP network having a second different communications protocol, in a secure manner so that the remote user appears to be connected directly to the private network and appears to be a node on that private network. A host connected to the private network may execute a host software application which establishes and provides a communications path for secure access of the remote client computer. An encrypted data stream may be communicated between the host and the client representing traffic and commands on the network.

299 Citations

28 Claims

1. A method for forming a virtual node for a private access network having a private access communications protocol over a public access network having a public access communications protocol, the virtual node being a remote computer and the method comprising:
- establishing a secure communications path over the public access network between a host computer connected to the private network and a remote client computer to establish the remote client computer as a virtual node of the private network, the establishing including negotiating a communications protocol compatible with the private network between the host computer connected to the public access network and the remote client computer, the negotiating including negotiating one or more parameters governing future communications between the remote client computer and the host computer, wherein the negotiated parameters include an encryption technique;
  
  generating a data packet to be transmitted over the secure communications path, the data packet including data and information about routing the data in the data packet in accordance with the private access communications protocol;
  
  encrypting said data packet using the negotiated encryption technique;
  
  encapsulating said encrypted data packet into second data packet having a format compatible with the public access communications protocol;
  
  transmitting the second data packet over the public access network;
  
  unpacking the encrypted data packet from said second data packet; and
  
  decrypting the data packet received from the public access network to route the data in the data packet over the private access network using the information about the private access communications protocol.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein said establishing further comprises authenticating the identity of the remote client computer.
  - 3. The method of claim 2, wherein the authentication comprises generating a challenge at the host computer, communicating said challenge to the remote client computer, and receiving a challenge response from the remote client computer.
  - 4. The method of claim 1 further comprising negotiating a session key for communicating between the host and the client.
  - 5. The method of claim 1, wherein generating the information in the data packet comprises generating a network node identification number for the remote client node.
  - 6. The method of claim 5, wherein said private access network comprises an AppleTalk communications network.
  - 7. The method of claim 6, wherein said public access network comprises the Internet.
  - 8. The method of claim 1, wherein the negotiated parameters include a protocol version.
  - 9. The method of claim 1, wherein the negotiated parameters include a compression level.
  - 10. The method of claim 1, wherein the negotiated encryption technique is data encryption standard (DES) encryption.
  - 11. The method of claim 1, wherein the negotiated encryption technique is a non-data encryption standard (DES) encryption technique.
  - 12. The method of claim 1, wherein the negotiated parameters include indication of whether to negotiate a session key.
  - 13. The method of claim 1, wherein said negotiating the communications protocol includes sending a protocol request message from said remote client node to said host node, the protocol request message indicating a set of proposed parameters.
  - 14. The method of claim 13, wherein the negotiating the communications protocol further includes means for sending a protocol response from said host node to said remote client node, the protocol response message indicating a set of accepted parameters.

15. A virtual node for a private access network having a private access communications protocol over a public access network having a public access communications protocol, the virtual node being a remote client computer and comprising:
- means for establishing a secure communications path over the public access network between a host computer connected to the private network and a remote client computer to establish the remote client computer as a virtual node of the private network, the means for establishing including means for negotiating a communications protocol compatible with the private network between the host computer connected to the public access network and the remote client computer, the negotiating including negotiating one or more parameters governing future communications between the remote client computer and the host computer, wherein the negotiated parameters include an encryption technique;
  
  means for generating a data packet to be transmitted over the secure communications path, the data packet including data and information about routing the data in the data packet in accordance with the private access communications protocol;
  
  means for encrypting said data packet using the negotiated encryption technique;
  
  means for encapsulating said encrypted data packet into second data packet having a format compatible with the public access communications protocol;
  
  means for transmitting the second data packet over the public access network;
  
  means for unpacking the encrypted data packet from said second data packet; and
  
  means for decrypting the data packet received from the public access network to route the data packet over the private access network using the information about the private access communications protocol.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The virtual node of claim 15, wherein said establishing means further comprises means for authenticating the identity of the remote client computer.
  - 17. The virtual node of claim 16, wherein the authentication means comprises means for generating a challenge at the host computer, means for communicating said challenge to the remote client computer, and means for receiving a challenge response from the remote client computer.
  - 18. The virtual node of claim 15 further comprising negotiating a session key for communicating between the host and the client.
  - 19. The virtual node of claim 15, wherein said means for generating the information in the data packet comprises means for generating a network node identification number for the remote client node.
  - 20. The virtual node of claim 19, wherein said private access network comprises an AppleTalk communications network.
  - 21. The virtual node of claim 20, wherein said public access network comprises the Internet.
  - 22. The virtual node of claim 15, wherein the negotiated parameters include a protocol version.
  - 23. The virtual node of claim 15, wherein the negotiated parameters include a compression level.
  - 24. The virtual node of claim 15, wherein the negotiated encryption technique is data encryption standard (DES) encryption.
  - 25. The virtual node of claim 15, wherein the negotiated encryption technique is a non-data encryption standard (DES) encryption technique.
  - 26. The virtual node of claim 15, wherein the negotiated parameters include indication of whether to negotiate a session key.
  - 27. The virtual node of claim 15, wherein said means for negotiating the communications protocol includes sending a protocol request message from said remote client node to said host node, the protocol request message indicating a set of proposed parameters.
  - 28. The virtual node of claim 27, wherein said means for negotiating the communications protocol further includes sending a protocol response from said host node to said remote client node, the protocol response message indicating a set of accepted parameters.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ascend Communications, Inc. (Nokia Corporation)
Original Assignee
Ascend Communications, Inc. (Nokia Corporation)
Inventors
Walker, Amanda, Paulsen, Gaige B.
Primary Examiner(s)
Matar, Ahmad F.
Assistant Examiner(s)
Tran, Philip B.

Application Number

US09/013,122
Time in Patent Office

820 Days
Field of Search

709/245, 709/229, 709/228, 709/226, 380/23, 380/30
US Class Current

709/229
CPC Class Codes

H04L 2212/00   Encapsulation of packets

H04L 61/00   Network arrangements, proto...

H04L 63/0272   Virtual private networks

H04L 63/067   using one-time keys cryptog...

H04L 63/08   for authentication of entit...

H04L 67/2876   Pairs of inter-processing e...

H04L 67/59   Providing operational suppo...

H04L 9/40   Network security protocols

Virtual private network system and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

299 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual private network system and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

299 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links