Method and apparatus to facilitate virtual transport layer security on a virtual network

US 7,290,280 B2
Filed: 04/08/2002
Issued: 10/30/2007
Est. Priority Date: 04/08/2002
Status: Active Grant

First Claim

Patent Images

1. A method to facilitate virtual transport layer security on a virtual network, wherein the virtual network allows peer-to-peer communications, comprising:

creating a first pipe at a first peer, wherein a pipe is a one-way input channel into a peer, and wherein the peer is any type of computer system;

associating a first peer identifier with the first pipe;

advertising an availability of the first pipe, thereby allowing other peers to discover the first peer and to initiate secure direct peer-to-peer communications with the first peer;

connecting to the first pipe from a second peer;

creating a second pipe at the second peer;

associating a second peer identifier with the second pipe;

connecting to the second pipe from the first peer;

wherein the first pipe and the second pipe form a virtual connection between the first peer and the second peer; and

initiating secure communications on the virtual connection between the first peer and the second peer without the assistance of a server, and by using an available underlying transport layer, wherein the transport layer does not require robust transport services.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the present invention provides a system that provides virtual transport layer security on a virtual network to facilitate peer-to-peer communications. The system creates a first pipe that functions as a one-way input channel into a first peer. Next, the system associates a first peer identifier with the first pipe and advertises the availability of this first pipe. A second peer connects to this first pipe to communicate with the first peer. The system also creates a second pipe at the second peer, and a second peer identifier is associated with this second pipe. The first peer connects to this second pipe to communicate with the second peer. The first pipe and the second pipe form a virtual connection through which the first peer and the second peer can communicate securely.

Citations

21 Claims

1. A method to facilitate virtual transport layer security on a virtual network, wherein the virtual network allows peer-to-peer communications, comprising:
- creating a first pipe at a first peer, wherein a pipe is a one-way input channel into a peer, and wherein the peer is any type of computer system;
  
  associating a first peer identifier with the first pipe;
  
  advertising an availability of the first pipe, thereby allowing other peers to discover the first peer and to initiate secure direct peer-to-peer communications with the first peer;
  
  connecting to the first pipe from a second peer;
  
  creating a second pipe at the second peer;
  
  associating a second peer identifier with the second pipe;
  
  connecting to the second pipe from the first peer;
  
  wherein the first pipe and the second pipe form a virtual connection between the first peer and the second peer; and
  
  initiating secure communications on the virtual connection between the first peer and the second peer without the assistance of a server, and by using an available underlying transport layer, wherein the transport layer does not require robust transport services.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - creating a first set of pipes at the first peer, wherein the first set of pipes is associated with the first peer identifier;
      
      creating a second set of pipes at the second peer, wherein the second set of pipes is associated with the second peer identifier;
      
      connecting to the first set of pipes from the second peer; and
      
      connecting to the second set of pipes from the first peer;
      
      whereby the first set of pipes and the second set of pipes share the virtual connection.
  - 3. The method of claim 1, further comprising:
    - establishing a first certificate authority at the first peer; and
      
      establishing a second certificate authority at the second peer;
      
      wherein the first certificate authority and the second certificate authority can issue certificates that facilitate privacy, authentication, integrity, and non-repudiation.
  - 4. The method of claim 1, further comprising encrypting data that is transferred across the virtual connection.
  - 5. The method of claim 4, wherein encrypting data involves using an available encryption engine.
  - 6. The method of claim 5, further comprising using an available secure hash function to generate a message authentication code, wherein the message authentication code provides message integrity.
  - 7. The method of claim 1, wherein advertising the availability of the first pipe involves registering the first pipe with a rendezvous.

8. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method to facilitate virtual transport layer security on a virtual network, wherein the virtual network allows peer-to-peer communications, comprising:
- creating a first pipe at a first peer, wherein a pipe is a one-way input channel into a peer, and wherein the peer is any type of computer system;
  
  associating a first peer identifier with the first pipe;
  
  advertising an availability of the first pipe, thereby allowing other peers to discover the first peer and to initiate secure direct peer-to-peer communications with the first peer;
  
  connecting to the first pipe from a second peer;
  
  creating a second pipe at the second peer;
  
  associating a second peer identifier with the second pipe;
  
  connecting to the second pipe from the first peer;
  
  wherein the first pipe and the second pipe form a virtual connection between the first peer and the second peer; and
  
  initiating secure communications on the virtual connection between the first peer and the second peer without the assistance of a server, and by using an available underlying transport layer, wherein the transport layer does not require robust transport services.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-readable storage medium of claim 8, the method further comprising:
    - creating a first set of pipes at the first peer, wherein the first set of pipes is associated with the first peer identifier;
      
      creating a second set of pipes at the second peer, wherein the second set of pipes is associated with the second peer identifier;
      
      connecting to the first set of pipes from the second peer; and
      
      connecting to the second set of pipes from the first peer;
      
      whereby the first set of pipes and the second set of pipes share the virtual connection.
  - 10. The computer-readable storage medium of claim 8, the method further comprising:
    - establishing a first certificate authority at the first peer; and
      
      establishing a second certificate authority at the second peer;
      
      wherein the first certificate authority and the second certificate authority can issue certificates that facilitate privacy, authentication, integrity, and non-repudiation.
  - 11. The computer-readable storage medium of claim 8, the method further comprising encrypting data that is transferred across the virtual connection.
  - 12. The computer-readable storage medium of claim 11, wherein encrypting data involves using an available encryption engine.
  - 13. The computer-readable storage medium of claim 12, the method further comprising using an available secure hash function to generate a message authentication code, wherein the message authentication code provides message integrity.
  - 14. The computer-readable storage medium of claim 8, wherein advertising the availability of the first pipe involves registering the first pipe with a rendezvous.

15. An apparatus to facilitate virtual transport layer security on a virtual network, wherein the virtual network allows peer-to-peer communications, comprising:
- a creating mechanism that is configured to create a first pipe at a first peer, wherein a pipe is a one-way input channel into a peer, and wherein the peer is any type of computer system;
  
  an associating mechanism that is configured to associate a first peer identifier with the first pipe;
  
  an advertising mechanism that is configured to advertise an availability of the first pipe, thereby allowing other peers to discover the first peer and to initiate secure direct peer-to-peer communications with the first peer;
  
  a connecting mechanism that is configured to connect to the first pipe from a second peer;
  
  wherein the creating mechanism is further configured to create a second pipe at the second peer;
  
  wherein the associating mechanism is further configured to associate a second peer identifier with the second pipe;
  
  wherein the connecting mechanism is further configured to connect to the second pipe from the first peer;
  
  wherein the first pipe and the second pipe form a virtual connection between the first peer and the second peer; and
  
  an initiating mechanism that is configured to initiate secure communications on the virtual connection between the first peer and the second peer without the assistance of a server, and by using an available underlying transport layer, wherein the transport layer does not require robust transport services.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The apparatus of claim 15,wherein the creating mechanism is further configured to create a first set of pipes at the first peer, wherein the first set of pipes is associated with the first peer identifier;
    - wherein the creating mechanism is further configured to create a second set of pipes at the second peer, wherein the second set of pipes is associated with the second peer identifier;
      
      wherein the connecting mechanism is further configured to connect to the first set of pipes from the second peer; and
      
      wherein the connecting mechanism is further configured to connect to the second set of pipes from the first peer;
      
      whereby the first set of pipes and the second set of pipes share the virtual connection.
  - 17. The apparatus of claim 15, further comprising:
    - an establishing mechanism that is configured to establish a first certificate authority at the first peer;
      
      wherein the establishing mechanism is further configured to establish a second certificate authority at the second peer; and
      
      wherein the first certificate authority and the second certificate authority can issue certificates that facilitate privacy, authentication, integrity, and non-repudiation.
  - 18. The apparatus of claim 15, further comprising an encrypting mechanism that is configured to encrypt data that is transferred across the virtual connection.
  - 19. The apparatus of claim 18, wherein encrypting data involves using an available encryption engine.
  - 20. The apparatus of claim 19, further comprising a generating mechanism that is configured to generate a message authentication code, wherein the message authentication code provides message integrity using a secure hash function.
  - 21. The apparatus of claim 15, further comprising an advertising that is configured to advertise the availability of the first pipe by registering the first pipe with a rendezvous.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Yeager, William J., Chen, Rita Y.
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US10/117,819
Publication Number

US 20030191965A1
Time in Patent Office

2,031 Days
Field of Search

None
US Class Current

726/14
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/12   Applying verification of th...

H04L 63/166   at the transport layer

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/14   Session management for real...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Method and apparatus to facilitate virtual transport layer security on a virtual network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus to facilitate virtual transport layer security on a virtual network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links