Method and system for integrating performance enhancing functions in a virtual private network (VPN)

US 7,398,552 B2
Filed: 01/28/2003
Issued: 07/08/2008
Est. Priority Date: 01/28/2002
Status: Active Grant

First Claim

Patent Images

1. A method of providing security in a communications network, the method comprising:

establishing a secure tunnel over the network for transport of encrypted traffic;

selectively establishing a connection supported by the secure tunnel according to a proxying architecture that provides a plurality of performance enhancing functions to minimize performance impact of latency of the network; and

determining status information regarding establishment of the secure tunnel, wherein the connection is established only if the status information indicates that the secure tunnel is successfully established.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach for supporting security in a communications network is disclosed. A network device includes a security peer that establishes a secure tunnel over a data network (e.g., satellite network) for transport of encrypted traffic. The device also includes a performance peer for establishing a connection supported by the secure tunnel. The performance peer includes a plurality of modules for providing respective performance enhancing functions to minimize performance impact of latency of the network.

Citations

16 Claims

1. A method of providing security in a communications network, the method comprising:
- establishing a secure tunnel over the network for transport of encrypted traffic;
  
  selectively establishing a connection supported by the secure tunnel according to a proxying architecture that provides a plurality of performance enhancing functions to minimize performance impact of latency of the network; and
  
  determining status information regarding establishment of the secure tunnel, wherein the connection is established only if the status information indicates that the secure tunnel is successfully established.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method according to claim 1, further comprising:
    - receiving a plurality of packets over one or more communication sessions according to a predetermined communication protocol; and
      
      mapping the one or more communication sessions to the connection for transport over the secure tunnel.
  - 3. A method according to claim 2, wherein the network in the step of establishing the connection is a satellite network and the predetermined communication protocol in the receiving step is Transmission Control Protocol/Internet Protocol (TCP/IP).
  - 4. A method according to claim 2, wherein the plurality of performance enhancing functions in the step of establishing the connection includes,spoofing acknowledgement messages to a host originating traffic carried by the connection;
    - andmultiplexing the communication sessions for transport over the connection.
  - 5. A method according to claim 1, wherein the secure tunnel in the step of establishing the secure tunnel is a virtual private network (VPN) tunnel.
  - 6. A computer-readable storage medium bearing instructions for providing security in a communications network, said instruction, being arranged, upon execution, to cause one or more processors to perform the method of claim 1.

7. A network device for supporting security in a communications network, the device comprising:
- a security peer configured to establish a secure tunnel over the network for transport of encrypted traffic; and
  
  a performance peer configured to selectively establish a connection supported by the secure tunnel, the performance peer including a plurality of modules for providing respective performance enhancing functions to minimize performance impact of latency of the network,wherein the performance peer is further configured to determine status information regarding establishment of the secure tunnel from the security peer, wherein the connection is established only if the status information indicates that the secure tunnel is successfully established.
- View Dependent Claims (8, 9, 10, 11)
- - 8. A device according to claim 7, wherein the performance peer is further configured to map one or more communication sessions associated with a predetermined communication protocol to the connection for transport over the secure tunnel.
  - 9. A device according to claim 8, wherein the network is a satellite network and the predetermined communication protocol is Transmission Control Protocol/Internet Protocol (TCP/IP).
  - 10. A device according to claim 8, wherein the plurality of performance enhancing functions includes,spoofing acknowledgement messages to a host originating traffic carried by the connection;
    - andmultiplexing the communication sessions for transport over the connection.
  - 11. A device according to claim 7, wherein the secure tunnel is a virtual private network (VPN) tunnel.

12. A communication system for providing security services, the system comprising:
- an access network operated by a service provider; and
  
  a network device communicating with a host associated with a customer of the service provider, the host being configured to generate packets for transport over the access network, the host including a security peer to encrypt the packets, wherein the network device includes,a security peer configured to establish a secure tunnel for transport of the encrypted packets over the access network with the security peer of the host; and
  
  a performance peer configured to selectively establish a connection supported by the secure tunnel, the performance peer including a plurality of modules for providing respective performance enhancing functions to minimize performance impact of latency of the access network with respect to the host, wherein the performance peer is further configured to determine status information regarding establishment of the secure tunnel from the security peer of the network device, wherein the connection is established only if the status information indicates that the secure tunnel is successfully established.
- View Dependent Claims (13, 14, 15, 16)
- - 13. A system according to claim 12, wherein the performance peer is further configured to map one or more communication sessions initiated by the host and associated with a predetermined communication protocol to the connection for transport over the secure tunnel.
  - 14. A system according to claim 13, wherein the access network is a satellite network and the predetermined communication protocol is Transmission Control Protocol/Internet Protocol (TCP/IP).
  - 15. A system according to claim 13, wherein the plurality of performance enhancing functions includes,spoofing acknowledgement messages to a host originating traffic carried by the connection;
    - andmultiplexing the communication sessions for transport over the connection.
  - 16. A system according to claim 12, wherein the secure tunnel is a virtual private network (VPN) tunnel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hughes Network Systems LLC (Echostar Corporation)
Original Assignee
Hughes Network Systems LLC (Echostar Corporation)
Inventors
Dillon, Douglas, Border, John, Bartlett, Nigel, Pardee, Peter
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Pearson; David J

Application Number

US10/353,183
Publication Number

US 20030177395A1
Time in Patent Office

1,988 Days
Field of Search

726/15
US Class Current

726/15
CPC Class Codes

H04L 12/46   Interconnection of networks

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/0209   Architectural arrangements,...

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/1466   Active attacks involving in...

H04L 67/14   Session management for real...

Method and system for integrating performance enhancing functions in a virtual private network (VPN)

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for integrating performance enhancing functions in a virtual private network (VPN)

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links