Architecture for virtual private networks
First Claim
Patent Images
1. A method for sending a data packet from a first member of a virtual private network to a second member of the virtual private network comprising the steps of:
- receiving a data packet enroute to the second member;
determining if the data packet is being sent between members of the virtual private network, and if so;
determining the packet manipulation rules for packets sent between members of the virtual private network;
forming a secure data packet by executing the packet manipulation rules on the data packet; and
forwarding the secure data packet to the second member of the virtual private network;
wherein said step of determining the packet manipulation rules includes the step of accessing a memory that maintains information identifying compression and encryption algorithms to be utilized for data packets sent between members of the virtual private network; and
wherein said step of forming a secure data packet includes the steps of encrypting at least a payload portion of the data packet according to the identified encryption algorithm; and
compressing at least the payload portion of the data packet according to the compression algorithm identified.
8 Assignments
0 Petitions
Accused Products
Abstract
Protocols and architecture for secure virtual private networks. Intraenterprise data communications are supported in a secure manner over the Internet or other public network space with the implementation of secure virtual private networks. Members of a virtual private network group exchange data that may be compressed, encrypted and authenticated, if the exchange is between members of the group.
54 Citations
24 Claims
-
1. A method for sending a data packet from a first member of a virtual private network to a second member of the virtual private network comprising the steps of:
-
receiving a data packet enroute to the second member; determining if the data packet is being sent between members of the virtual private network, and if so; determining the packet manipulation rules for packets sent between members of the virtual private network; forming a secure data packet by executing the packet manipulation rules on the data packet; and forwarding the secure data packet to the second member of the virtual private network; wherein said step of determining the packet manipulation rules includes the step of accessing a memory that maintains information identifying compression and encryption algorithms to be utilized for data packets sent between members of the virtual private network; and wherein said step of forming a secure data packet includes the steps of encrypting at least a payload portion of the data packet according to the identified encryption algorithm; and
compressing at least the payload portion of the data packet according to the compression algorithm identified. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A virtual private network unit for sending a data packet from a first member of a virtual private network to a second member of the virtual private network comprising:
-
an input for receiving a data packet enroute to the second member; circuitry and software for determining if the data packet is being sent between members of the virtual private network, and if so for; determining the packet manipulation rules for packets sent between members of the virtual private network; and forming a secure data packet by executing the packet manipulation rules on the data packet; and an output for forwarding the secure data packet to the second member of the virtual private network, wherein the packet manipulation rules are stored in a memory connected to said circuitry and software, and said memory maintains information identifying compression and encryption algorithms to be utilized for data packets sent between members of the virtual private network, and said circuitry and software forms a secure data packet by encrypting at least a payload portion of the data packet according to the identified encryption algorithm and by compressing at least the payload portion of the data packet according to the compression algorithm identified. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification