Virtual private network system and method
First Claim
1. A method for forming a virtual node for a private access network having a private access communications protocol over a public access network having a public access communications protocol, the virtual node being a remote computer and the method comprising:
- establishing a secure communications path over the public access network between a host computer connected to the private network and a remote client computer to establish the remote client computer as a virtual node of the private network, the establishing including negotiating a communications protocol compatible with the private network between the host computer connected to the public access network and the remote client computer, the negotiating including negotiating one or more parameters governing future communications between the remote client computer and the host computer, wherein the negotiated parameters include an encryption technique;
generating a data packet to be transmitted over the secure communications path, the data packet including data and information about routing the data in the data packet in accordance with the private access communications protocol;
encrypting said data packet using the negotiated encryption technique;
encapsulating said encrypted data packet into second data packet having a format compatible with the public access communications protocol;
transmitting the second data packet over the public access network;
unpacking the encrypted data packet from said second data packet; and
decrypting the data packet received from the public access network to route the data in the data packet over the private access network using the information about the private access communications protocol.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for remote users to access a private network having a first communications protocol via a public network, such as any TCP/IP network having a second different communications protocol, in a secure manner so that the remote user appears to be connected directly to the private network and appears to be a node on that private network. A host connected to the private network may execute a host software application which establishes and provides a communications path for secure access of the remote client computer. An encrypted data stream may be communicated between the host and the client representing traffic and commands on the network.
299 Citations
28 Claims
-
1. A method for forming a virtual node for a private access network having a private access communications protocol over a public access network having a public access communications protocol, the virtual node being a remote computer and the method comprising:
-
establishing a secure communications path over the public access network between a host computer connected to the private network and a remote client computer to establish the remote client computer as a virtual node of the private network, the establishing including negotiating a communications protocol compatible with the private network between the host computer connected to the public access network and the remote client computer, the negotiating including negotiating one or more parameters governing future communications between the remote client computer and the host computer, wherein the negotiated parameters include an encryption technique; generating a data packet to be transmitted over the secure communications path, the data packet including data and information about routing the data in the data packet in accordance with the private access communications protocol; encrypting said data packet using the negotiated encryption technique; encapsulating said encrypted data packet into second data packet having a format compatible with the public access communications protocol; transmitting the second data packet over the public access network; unpacking the encrypted data packet from said second data packet; and decrypting the data packet received from the public access network to route the data in the data packet over the private access network using the information about the private access communications protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A virtual node for a private access network having a private access communications protocol over a public access network having a public access communications protocol, the virtual node being a remote client computer and comprising:
-
means for establishing a secure communications path over the public access network between a host computer connected to the private network and a remote client computer to establish the remote client computer as a virtual node of the private network, the means for establishing including means for negotiating a communications protocol compatible with the private network between the host computer connected to the public access network and the remote client computer, the negotiating including negotiating one or more parameters governing future communications between the remote client computer and the host computer, wherein the negotiated parameters include an encryption technique; means for generating a data packet to be transmitted over the secure communications path, the data packet including data and information about routing the data in the data packet in accordance with the private access communications protocol; means for encrypting said data packet using the negotiated encryption technique; means for encapsulating said encrypted data packet into second data packet having a format compatible with the public access communications protocol; means for transmitting the second data packet over the public access network; means for unpacking the encrypted data packet from said second data packet; and means for decrypting the data packet received from the public access network to route the data packet over the private access network using the information about the private access communications protocol. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification