Architecture for virtual private networks

US 7,010,702 B1
Filed: 11/09/2000
Issued: 03/07/2006
Est. Priority Date: 06/12/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A method for sending a data packet from a first member of a virtual private network to a second member of the virtual private network comprising the steps of:

receiving a data packet enroute to the second member;

determining if the data packet is being sent between members of the virtual private network, and if so;

determining the packet manipulation rules for packets sent between members of the virtual private network;

forming a secure data packet by executing the packet manipulation rules on the data packet; and

forwarding the secure data packet to the second member of the virtual private network;

wherein said step of determining the packet manipulation rules includes the step of accessing a memory that maintains information identifying compression and encryption algorithms to be utilized for data packets sent between members of the virtual private network; and

wherein said step of forming a secure data packet includes the steps of encrypting at least a payload portion of the data packet according to the identified encryption algorithm; and

compressing at least the payload portion of the data packet according to the compression algorithm identified.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Protocols and architecture for secure virtual private networks. Intraenterprise data communications are supported in a secure manner over the Internet or other public network space with the implementation of secure virtual private networks. Members of a virtual private network group exchange data that may be compressed, encrypted and authenticated, if the exchange is between members of the group.

54 Citations

View as Search Results

24 Claims

1. A method for sending a data packet from a first member of a virtual private network to a second member of the virtual private network comprising the steps of:
- receiving a data packet enroute to the second member;
  
  determining if the data packet is being sent between members of the virtual private network, and if so;
  
  determining the packet manipulation rules for packets sent between members of the virtual private network;
  
  forming a secure data packet by executing the packet manipulation rules on the data packet; and
  
  forwarding the secure data packet to the second member of the virtual private network;
  
  wherein said step of determining the packet manipulation rules includes the step of accessing a memory that maintains information identifying compression and encryption algorithms to be utilized for data packets sent between members of the virtual private network; and
  
  wherein said step of forming a secure data packet includes the steps of encrypting at least a payload portion of the data packet according to the identified encryption algorithm; and
  
  compressing at least the payload portion of the data packet according to the compression algorithm identified.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method according to claim 1, wherein said compressing step occurs prior to said encrypting step.
  - 3. The method according to claim 1, wherein if it is determined that the data packet is not being sent between members of the virtual private network, the data packet is not encrypted.
  - 4. The method according to claim 3, wherein if it is determined that the data packet is not being sent between members of the virtual private network, the data packet is not compressed.
  - 5. The method according to claim 1, wherein if it is determined that the data packet is not being sent between members of the virtual private network, the data packet is not compressed.
  - 6. The method according to claim 1, wherein said receiving step occurs within a virtual private network unit.
  - 7. The method according to claim 6, wherein the virtual private network unit is implemented in software running on a computer and the memory is located in the computer.
  - 8. The method according to claim 6, wherein the virtual private network unit is implemented in a hardware device placed between a gateway device and the Internet.
  - 9. The method according to claim 6, wherein the virtual private network unit is implemented in a hardware device placed between a gateway device and a local area network including the first member of the virtual private network.
  - 10. The method according to claim 1, wherein said step of determining that the data packet is being sent between members of the virtual private network includes comparing at least a destination address of the data packet to a list of stored destination addresses.
  - 11. The method according to claim 1, wherein the memory maintains a plurality of different encryption algorithms, each encryption algorithm being associated with a different virtual private network, and wherein different virtual private networks may include one or more common members.
  - 12. The method according to claim 1, wherein the memory also maintains information identifying an authentication algorithm to be utilized for data packets sent between members of the virtual private network;
    - andwherein if it is determined that the data packet is being sent between members of the virtual private network, authentication information is associated with the data packet according to the identified authentication algorithm.
  - 13. The method according to claim 1, wherein if it is determined that the data packet is not being sent between members of the virtual private network, the data packet is not sent.
  - 14. The method according to claim 6, wherein the virtual private network unit is implemented in a firewall device.

15. A virtual private network unit for sending a data packet from a first member of a virtual private network to a second member of the virtual private network comprising:
- an input for receiving a data packet enroute to the second member;
  
  circuitry and software for determining if the data packet is being sent between members of the virtual private network, and if so for;
  
  determining the packet manipulation rules for packets sent between members of the virtual private network; and
  
  forming a secure data packet by executing the packet manipulation rules on the data packet; and
  
  an output for forwarding the secure data packet to the second member of the virtual private network, wherein the packet manipulation rules are stored in a memory connected to said circuitry and software, and said memory maintains information identifying compression and encryption algorithms to be utilized for data packets sent between members of the virtual private network, and said circuitry and software forms a secure data packet by encrypting at least a payload portion of the data packet according to the identified encryption algorithm and by compressing at least the payload portion of the data packet according to the compression algorithm identified.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 16. The virtual private network unit according to claim 15, wherein said circuitry and software compresses the data packet prior to encrypting the data packet.
  - 17. The virtual private network unit according to claim 15, wherein if said circuitry and software determines that the data packet is not being sent between members of the virtual private network, said circuitry and software does not encrypt the data packet.
  - 18. The virtual private network unit according to claim 17, wherein if said circuitry and software determines that the data packet is not being sent between members of the virtual private network, said circuitry and software does not compress the data packet.
  - 19. The virtual private network unit according to claim 15, wherein if said circuitry and software determines that the data packet is not being sent between members of the virtual private network, said circuitry and software does not compress the data packet.
  - 20. The virtual private network unit according to claim 15, wherein said circuitry and software are part of a computer and said memory is located in said computer.
  - 21. The virtual private network unit according to claim 15, wherein said circuitry and software are implemented in a standalone hardware device placed between a gateway device and the Internet.
  - 22. The virtual private network unit according to claim 15, wherein said circuitry and software are implemented in a standalone hardware device placed between a gateway device and a local area network including the first member of the virtual private network.
  - 23. The virtual private network unit according to claim 15, wherein if said circuitry and software determines that the data packet is not being sent between members of the virtual private network, said circuitry and software does not send the data packet.
  - 24. The virtual private network unit according to claim 15, wherein said circuitry and software are part of a firewall device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
VPNet Technologies, Inc. (Avaya Incorporated)
Inventors
Hunt, William E., Bots, Henk J., Lawler, John, Palma, Derek
Primary Examiner(s)
BADERMAN, SCOTT T

Application Number

US09/710,691
Time in Patent Office

1,944 Days
Field of Search

713/201, 713/153, 713/154, 713/160, 709/225, 709/229
US Class Current

726/13
CPC Class Codes

H04L 12/46   Interconnection of networks

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 2212/00   Encapsulation of packets

H04L 61/00   Network arrangements, proto...

H04L 61/45   Network directories; Name-t...

H04L 63/0272   Virtual private networks

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 69/04   Protocols for data compress...

H04L 9/40   Network security protocols

Architecture for virtual private networks

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

Architecture for virtual private networks

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others