Method to use a virtual private network using a public network
First Claim
1. A method to use a virtual private network (VPN) having a plurality of units connected to a public network, each unit having a security device which includes at least a unique number UA, said virtual private network including a first unit generating a right Dn associated to the unique number UAn and at least one second unit Um, the security device of the at least one second unit receiving the right Dn from said first unit, the method comprising:
- encrypting the data sent by unit Un and a description of the right Dn necessary for the decryption of the data, by an encryption data key KS,creating a control data block that includes the encryption data key KS and the description of the right necessary for the decryption of the data,receiving the encrypted data and the description of the right Dn by the at least one second unit Um, and receiving the control data block by the at least one second unit Um, andpresenting the encrypted control data block to the security device of the at least one second unit Um to verify if the right Dn is present in the security module of the at least one second unit,wherein if the right Dn is present, then using the encryption data key KS to decrypt the encrypted data.
1 Assignment
0 Petitions
Accused Products
Abstract
Example embodiments relate to exchanging data between several computers or multimedia units through a public network while guaranteeing at the same time the confidentiality of these data. Specifically, the creation and use of a virtual private network (VPN) is disclosed. The virtual private network (VPN) may have a plurality of units connected to a public network, each unit having a security device which may have a unique number UA1. The method may include generating a right Dn associated to the unique number UAn, by the security device of a unit Un, transferring the right Dn to the security device of at least one second unit Um, encrypting the data sent by unit Un and the description of the Dn right by a encryption data key KS, and receiving the encrypted data by the second unit Um, wherein the encrypted data is presented to the security device of the second unit Um to verify if the right Dn is present, and if the right Dn is present, then decrypting the data by the encryption data key KS.
16 Citations
19 Claims
-
1. A method to use a virtual private network (VPN) having a plurality of units connected to a public network, each unit having a security device which includes at least a unique number UA, said virtual private network including a first unit generating a right Dn associated to the unique number UAn and at least one second unit Um, the security device of the at least one second unit receiving the right Dn from said first unit, the method comprising:
-
encrypting the data sent by unit Un and a description of the right Dn necessary for the decryption of the data, by an encryption data key KS, creating a control data block that includes the encryption data key KS and the description of the right necessary for the decryption of the data, receiving the encrypted data and the description of the right Dn by the at least one second unit Um, and receiving the control data block by the at least one second unit Um, and presenting the encrypted control data block to the security device of the at least one second unit Um to verify if the right Dn is present in the security module of the at least one second unit, wherein if the right Dn is present, then using the encryption data key KS to decrypt the encrypted data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method to use of a virtual private network (VPN) including a plurality of units connected to a managing center (MC) through a public network, each unit having a security device which includes at least a unique number UA, said virtual private network being created by requesting the creation of a network Rn through a unit Un at the managing center (MC), by sending a right Dn and a key Kn representing the network Rn to unit Un by the managing center (MC), by requesting the registration of at least a second unit Um as part of the network Rn, at the managing center (MC), by transmitting the right Dn and the key Kn to the second unit Um, the method comprising:
-
encrypting the data sent by the unit Un and the description of the right Dn necessary for the decryption of the data by an encryption data key KS, creating a control data block that includes the encryption data key KS and the description of the right Dn necessary for the decryption of the data, receiving the encrypted data and the description of the right Dn by the at least one second unit Um, and receiving the encrypted control data block by said at least one second unit Um, and decrypting the control data block and presenting said control data block to the security device of the at least one second unit Um to verify if the right Dn is present, and if the right Dn is present, then decrypting the control data block to obtain the encryption data key KS and then decrypt the data with the encryption data key Ks. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
Specification