Multipoint server for providing secure, scaleable connections between a plurality of network devices
First Claim
Patent Images
1. A method for implementing secure communications between a plurality of devices, the method comprising:
- at a multi-point server not comprised in the plurality of devices;
receiving a request from a first device for a first secure point-to-point connection between the first device, a second device, and a third device, the plurality of devices comprising the first device, the second device and the third device,responsive to the request;
providing at least one common encryption parameter to each of the plurality of devices; and
identifying the plurality of devices to one another;
establishing a second secure, point-to-point connection between the second device and the third device via the at least one common encryption parameter; and
responsive to a detected mismatch in a sequence number of a communication between the second device and the third device, via a phase two restart message, restarting the second secure point-to-point connection between the second device and the third device.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and system for implementing secure communications between a plurality of devices are provided. The method and system generally include the provision of at least one common encryption parameter to each of the plurality of devices, as well as an identification of the plurality of devices to one another. This information can be maintained and shared by interaction of the plurality of devices with a designated server device. In this way, a secure, point-to-point connection between at least two of the plurality of devices can be established.
49 Citations
27 Claims
-
1. A method for implementing secure communications between a plurality of devices, the method comprising:
-
at a multi-point server not comprised in the plurality of devices; receiving a request from a first device for a first secure point-to-point connection between the first device, a second device, and a third device, the plurality of devices comprising the first device, the second device and the third device, responsive to the request; providing at least one common encryption parameter to each of the plurality of devices; and identifying the plurality of devices to one another; establishing a second secure, point-to-point connection between the second device and the third device via the at least one common encryption parameter; and responsive to a detected mismatch in a sequence number of a communication between the second device and the third device, via a phase two restart message, restarting the second secure point-to-point connection between the second device and the third device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A server device for implementing a secure network connection between a plurality of devices, the server device comprising:
-
a first code segment configured to receive a request from a first device for a secure point-to-point connection between the first device, a second device, and a third device, the plurality of devices comprising the first device, the second device and the third device, the plurality of devices not comprising the server device; means for securely distributing connection information to each of the plurality of devices responsive to the request; means for enabling secure, point-to-point communication between at least the second device and the third device based on the connection information; and a second code segment configured to, responsive to a detected mismatch in a sequence number between the second device and the third device, via a phase two restart message, restart the point-to-point communication session between the first device and the second device. - View Dependent Claims (11, 12, 13, 14)
-
-
15. An article of manufacture, which comprises a computer readable medium having stored therein a computer program carrying out a method for implementing a virtual private network, the computer program comprising:
-
a first code segment for authenticating member devices of the virtual private network; a second code segment for receiving a request from a first device for a secure point-to-point connection between the first device, a second device, and a third device, the member devices comprising the first device, the second device and the third device, the computer readable medium comprised by a multi-point server, the multi-point server not comprised by the member devices; a third code segment for providing a secret encryption parameter to each of the authenticated member devices seeking to conduct active communications within the virtual private network; a fourth code segment for distributing a list of each of the authenticated member devices to other member devices; and a fifth code segment configured to, responsive to a detected mismatch in a sequence number between the first device and the second device, via a phase two restart message, restart the secure point-to-point connection between the first device and the second device. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A method of utilizing a virtual private network, comprising:
-
contacting a server device administering the virtual private network; receiving information authenticating the server device and each of a plurality of members of the virtual private network; receiving an encryption parameter from the server device that is commonly obtainable by all members of the virtual private network, the encryption parameter received at a first device not initiating a request for point-to-point connection; receiving a list of all members of the virtual private network; communicating, via the encryption parameter, with a second device not initiating the request for the point-to-point connection; and responsive to a detected mismatch in a sequence number between the first device and the second device, via a phase two restart message, restarting the point-to-point connection between the first device and the second device. - View Dependent Claims (21, 22, 23, 24)
-
-
25. A method of activating a first and second device within a virtual private network (VPN) managed by a server, comprising:
-
negotiating a first security association between the server and the first device; determining an encryption secret key with the first device as part of the first security association; negotiating a second security association between the server and the second device; communicating the encryption secret key to the second device as part of the second security association; establishing an IPsec session between the first and second devices based on the encryption secret key; and responsive to a detected mismatch in a sequence number between the first device and the second device, via a phase two restart message, restarting the IPSec session between the first device and the second device. - View Dependent Claims (26, 27)
-
Specification