Method and apparatus for configuring a virtual private network

US 6,226,751 B1
Filed: 04/17/1998
Issued: 05/01/2001
Est. Priority Date: 04/17/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for establishing a virtual private network for facilitating secure communications between entities over a public data network, comprising:

receiving selections for a plurality of entities coupled to the public data network to include in the virtual private network;

wherein the entities reside on local networks coupled to the public data network and are addressed through local network addresses;

assembling a plurality of identifiers for the plurality of entities;

defining address translation rules for virtual private network units coupled to the public data network, the virtual private network units using the address translation rules to translate local network addresses for the local networks into corresponding addresses on the public data network;

using the plurality of identifiers to identify communications between the plurality of entities;

transferring the communications between the plurality of entities securely over the public data network; and

wherein transferring the communications involves using the address translation rules to translate local network addresses into addresses on the public data network.

View all claims

19 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method and an apparatus for establishing a virtual private network that operates over a public data network. One embodiment of the present invention includes a system that selects a plurality of entities coupled to the public data network to include in the virtual private network. The system next assembles a plurality of identifiers for the plurality of entities. These identifiers are used to identify communications between the plurality of entities, so that these communications can be transferred securely over the public data network. A variation on this embodiment includes defining encryption, authentication and compression parameters for the virtual private network. In another variation, selecting the plurality of entities includes, assembling entities coupled to the public data network into groups, and selecting groups of entities to include in the virtual private network. Another variation includes defining access control rules specifying types of communications that are allowed to pass through virtual private network units. These virtual private network units are typically used to couple local area networks to the public network so that secure communications on the public network pass through the virtual private network units. Yet another variation on this embodiment includes defining address translation rules for virtual private network units coupled to the public data network. These address translation rules are used to translate local network addresses to public network addresses.

347 Citations

27 Claims

1. A method for establishing a virtual private network for facilitating secure communications between entities over a public data network, comprising:
- receiving selections for a plurality of entities coupled to the public data network to include in the virtual private network;
  
  wherein the entities reside on local networks coupled to the public data network and are addressed through local network addresses;
  
  assembling a plurality of identifiers for the plurality of entities;
  
  defining address translation rules for virtual private network units coupled to the public data network, the virtual private network units using the address translation rules to translate local network addresses for the local networks into corresponding addresses on the public data network;
  
  using the plurality of identifiers to identify communications between the plurality of entities;
  
  transferring the communications between the plurality of entities securely over the public data network; and
  
  wherein transferring the communications involves using the address translation rules to translate local network addresses into addresses on the public data network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising defining encryption, authentication and compression parameters for the virtual private network.
  - 3. The method of claim 1, wherein receiving selections for the plurality of entities comprises:
4. The method of claim 3, wherein each group is associated with a virtual private network unit through which communications between the group and the public data network are routed.
5. The method of claim 1, further comprising defining access control rules specifying types of communications that are allowed to pass through virtual private network units, the virtual private network units being coupled to the public network so that secure communications on the public network pass through the virtual private network units.
6. The method of claim 1, wherein the address translation rules facilitate communicating with multiple entities through a single Internet Protocol (IP) address.
7. The method of claim 1, wherein the plurality of identifiers includes an Internet Protocol (IP) address.
8. The method of claim 1, wherein the plurality of identifiers includes a user identifier that identifies a computer user.
9. The method of claim 1, wherein the plurality of entities includes a computer system.
10. The method of claim 1, wherein the plurality of entities includes a computer user.
11. The method of claim 1, wherein the plurality of entities includes a remote client that can connect to the virtual private network from a remote location.
12. The method of claim 1, wherein receiving selections for the plurality of entities includes receiving selections for the plurality of entities at a virtual private network manager located at a centralized site on the public data network.

13. A method for establishing a virtual private network for facilitating secure communications between entities over a public data network, comprising:
- receiving selections for a plurality of entities coupled to the public data network to include in the virtual private network, wherein selecting the plurality of entities comprises assembling entities into groups of at least one entity, and selecting groups of entities to include in the virtual private network, each group of entities being associated with a virtual private network unit through which communications between the group and the public data network are routed;
  
  wherein the entities reside on local networks coupled to the public data network and are addressed through local network addresses;
  
  defining encryption, authentication and compression parameters for the virtual private network;
  
  defining address translation rules for virtual private network units coupled to the public data network, the virtual private network units using the address translation rules to translate local network addresses for the local networks into corresponding addresses on the public data network;
  
  assembling a plurality of identifiers for the plurality of entities;
  
  using the plurality of identifiers to identify communications between the plurality of entities;
  
  transferring the communications between the plurality of entities securely over the public data network; and
  
  wherein transferring the communications involves using the address translation rules to translate local network addresses into addresses on the public data network.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, further comprising defining access control rules specifying types of communications that are allowed to and from the plurality of entities.
  - 15. The method of claim 13, wherein the address translation rules facilitate communications with multiple entities through a single Internet Protocol (IP) address.

16. An apparatus for establishing a virtual private network for facilitating secure communications between entities over a public data network, comprising:
- a virtual private network manager coupled to the public data network;
  
  a selection mechanism, within the virtual private network manager, for receiving selections for a plurality of entities coupled to the public data network to include in the virtual private network, and for assembling a plurality of identifiers for the plurality of entities;
  
  wherein the plurality of entities reside on local networks coupled to the public data network and are addressed through local network addresses;
  
  wherein the virtual private network manager is configured to define address translation rules for virtual private network units coupled to the public data network, the virtual private network units using the address translation rules to translate local network addresses to corresponding addresses on the public data network;
  
  a virtual private network unit, coupled to the public data network, through which communications between entities in the virtual private network are routed;
  
  an identification mechanism, within the virtual private network unit, that uses the plurality of identifiers to identify communications between the plurality of entities;
  
  a secure communication mechanism with the virtual private network unit for transferring the communications between the plurality of entities securely over the public data network; and
  
  wherein the secure communication mechanism is configured to use the address translation rules to translate local network addresses into addresses on the public data network.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 17. The apparatus of claim 16, wherein the virtual private network manager is configured to define encryption, authentication and compression parameters for the virtual private network.
  - 18. The apparatus of claim 16, wherein the selection mechanism is configured to receive command to assemble entities coupled to the public data network into groups of at least one entity, and to receive selections for groups of entities to include in the virtual private network.
  - 19. The apparatus of claim 18, wherein each group is associated with a virtual private network unit through which communications between the group of entities and the public data network are routed.
  - 20. The apparatus of claim 16, wherein the virtual private network manager is configured to define access control rules specifying types of communications that are allowed to pass through virtual private network units, the virtual private network units being coupled to the public network so that secure communications on the public network pass through the virtual private network units.
  - 21. The apparatus of claim 16, wherein the address translation rules facilitate communicating with multiple entities through a single Internet Protocol (IP) address.
  - 22. The apparatus of claim 16, wherein the plurality of identifiers includes an Internet Protocol (IP) address.
  - 23. The apparatus of claim 16, wherein the plurality of identifiers includes a user identifier that identifies a computer user.
  - 24. The apparatus of claim 16, wherein the plurality of entities includes a computer system.
  - 25. The apparatus of claim 16, wherein the plurality of entities includes a computer user.
  - 26. The apparatus of claim 16, wherein the plurality of entities includes a remote client that can connect to the virtual private network from a remote location.

27. A program storage device storing instructions that when executed by a computer perform a method for establishing a virtual private network for facilitating secure communications between entities over a public data network, the method comprising:
- receiving selections for a plurality of entities coupled to the public data network to include in the virtual private network;
  
  wherein the entities reside on local networks coupled to the public data network and are addressed through local network addresses;
  
  assembling a plurality of identifiers for the plurality of entities;
  
  defining address translation rules for virtual private network units coupled to the public data network, the virtual private network units using the address translation rules to translate local network addresses for the local networks into corresponding addresses on the public data network;
  
  using the plurality of identifiers to identify communications between the plurality of entities;
  
  transferring the communications between the plurality of entities securely over the public data network; and
  
  wherein transferring the communications involves using the address translation rules to translate local network addresses into addresses on the public data network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
VPNet Technologies, Inc. (Avaya Incorporated)
Inventors
Arrow, Leslie J., Liu, Quentin C., Jones, Russell C., Hunt, William E., Hoke, Mark R., Bots, Henk J.
Primary Examiner(s)
Hayes, Gail
Assistant Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US09/062,507
Time in Patent Office

1,110 Days
Field of Search

713/201, 713/200, 709/227, 709/228, 709/1, 709/230, 709/245, 709/232, 709/238, 709/220, 709/221, 709/222, 709/249, 370/396, 370/397, 370/398, 370/399, 370/409, 370/351
US Class Current

726/15
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 61/2514   between local and global IP...

H04L 61/2557   Translation policies or rules

H04L 63/0272   Virtual private networks

Method and apparatus for configuring a virtual private network

First Claim

19 Assignments

0 Petitions

Accused Products

Abstract

347 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for configuring a virtual private network

First Claim

19 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

347 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others