Architecture for virtual private networks
First Claim
Patent Images
1. A method for sending a data packet from a first member of a virtual private network to a second member of said virtual private network comprising the steps of:
- receiving said data packet enroute to said second member;
determining that said data packet is being sent between members of said virtual private network;
determining the packet manipulation rules for packets sent between members of said virtual private network;
forming a secure data packet by executing said packet manipulation rules on said data packet; and
forwarding said secure data packet to said second member of said virtual private network;
wherein said step of determining the packet manipulation rules comprises the step of accessing a lookup table that maintains information identifying compression, encryption and authentication algorithms to be utilized for data packets sent between members of the virtual private network;
wherein said step of forming a secure data packet comprises the steps of encrypting at least a payload portion of the data packet according to the identified encryption algorithm; and
providing authentication information for the data packet according to the identified authentication algorithm; and
wherein said step of forming a secure data packet further comprises the step of compressing said payload portion of the data packet according to the compression algorithm identified.
16 Assignments
0 Petitions
Accused Products
Abstract
Protocols and architecture for secure virtual private networks. Intraenterprise data communications are supported in a secure manner over the Internet or other public network space with the implementation of secure virtual private networks. Members of a virtual private network group exchange data that may be compressed, encrypted and authenticated, if the exchange is between members of the group.
-
Citations
5 Claims
-
1. A method for sending a data packet from a first member of a virtual private network to a second member of said virtual private network comprising the steps of:
-
receiving said data packet enroute to said second member;
determining that said data packet is being sent between members of said virtual private network;
determining the packet manipulation rules for packets sent between members of said virtual private network;
forming a secure data packet by executing said packet manipulation rules on said data packet; and
forwarding said secure data packet to said second member of said virtual private network;
wherein said step of determining the packet manipulation rules comprises the step of accessing a lookup table that maintains information identifying compression, encryption and authentication algorithms to be utilized for data packets sent between members of the virtual private network;
wherein said step of forming a secure data packet comprises the steps of encrypting at least a payload portion of the data packet according to the identified encryption algorithm; and
providing authentication information for the data packet according to the identified authentication algorithm; and
wherein said step of forming a secure data packet further comprises the step of compressing said payload portion of the data packet according to the compression algorithm identified. - View Dependent Claims (2)
-
-
3. A method for securely exchanging data packets by members of a virtual private network comprising the steps of:
-
generating a first data packet which includes a source address, a destination address and a data payload portion;
transmitting said first data packet toward the destination address;
intercepting said first data packet enroute to said destination address;
verifying that said first data packet is being sent between members of a virtual private network group;
determining the packet manipulation rules for packets sent between members of said virtual private network group;
generating a second data packet by performing said packet manipulation rules on said first data packet;
forwarding said second data packet toward said destination address;
receiving said second data packet;
verifying that said second data packet is being sent between members of said virtual private network group;
determining the packet manipulation rules for packets sent between members of said virtual private network group;
generating a third packet by reversing the identified packet manipulation rules, said third packet including said data payload portion; and
delivering said third data packet to said destination address. - View Dependent Claims (4, 5)
-
Specification