Method and apparatus for enabling peer-to-peer virtual private network (P2P-VPN) services in VPN-enabled network

US 7,421,736 B2
Filed: 07/02/2002
Issued: 09/02/2008
Est. Priority Date: 07/02/2002
Status: Active Grant

First Claim

Patent Images

1. A method for providing virtual private network (VPN) services, comprising:

identifying a subnet address and a host address for each of a plurality of user devices that request participation in a virtual private network (VPN) session; and

initiating a respective plurality of virtual private hosts (VPHs) for the respective user devices;

wherein, for each of the user devices, the VPH initiated for the user device communicates with the user device via a respective tunnel through a network, thereby enabling secure communications between the user devices.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing peer-to-peer virtual private network (P2P-VPN) services over a network. The method includes identifying subnet and host addresses for each user device requesting participation in a virtual private network (VPN) session. Once the subnet and host addresses are identified, a virtual private host (VPH) is initiated for each user device, where each VPH communicates with each user device via a respective tunnel through the network, thereby enabling secure communications between the user devices.

138 Citations

View as Search Results

22 Claims

1. A method for providing virtual private network (VPN) services, comprising:
- identifying a subnet address and a host address for each of a plurality of user devices that request participation in a virtual private network (VPN) session; and
  
  initiating a respective plurality of virtual private hosts (VPHs) for the respective user devices;
  
  wherein, for each of the user devices, the VPH initiated for the user device communicates with the user device via a respective tunnel through a network, thereby enabling secure communications between the user devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - authenticating each of the user devices; and
      
      generating the tunnels from the respective VPHs to those authenticated user devices that are authorized to participate in the session.
  - 3. The method of claim 2, wherein said authenticating step further comprises translating a network access identifier into the subnet and host addresses for the user devices.
  - 4. The method of claim 1, wherein said identifying step further comprises:
    - identifying a number of user devices forming a group;
      
      computing a minimal number of bits in an IP address required to uniquely identify each user device of the group with a host address; and
      
      allocating at least some of the remaining bits in the IP address as a unique subnet address for the group.
  - 5. The method of claim 1, wherein said initiating step comprises:
    - assigning the subnet and host addresses to the respective user devices participating in said session; and
      
      designating each VPH as an end-point of the respective tunnel by supporting communications with the respective user device for which the VPH is initiated.
  - 6. The method of claim 1, wherein the subnet and host addresses are statically assigned to respective authorized user devices during initiation of said session.
  - 7. The method of claim 1, wherein the subnet and host addresses are dynamically assigned to allow new authorized user devices to join a session in progress.
  - 8. The method of claim 1, further comprising terminating a tunnel of a user device exiting said session.
  - 9. The method of claim 1, further comprising terminating said session when less than two user devices are participating in said session.
  - 10. The method of claim 1, further comprising determining billing costs for said session based on billing metrics.
  - 11. The method of claim 10, wherein said billing metrics comprises at least one of a session time duration, group size, quality-of-service, bit-rate, a flat rate, tiered rate, bandwidth, and an access charge.
  - 12. The method of claim 10, wherein an individual subscribing to said session is designated an owner of said session.
  - 13. The method of claim 1, wherein said network is at least one of an IP network, a client/server network, and a peer-to-peer network.

14. A computer readable medium storing a software program which, when executed by a computer, causes the computer to perform a method for providing virtual private network (VPN) services, the method comprising:
- identifying a subnet address and a host address for each of a plurality of user devices requesting participation in a virtual private network (VPN) session; and
  
  initiating a respective plurality of virtual private hosts (VPHs) for the respective user devices;
  
  wherein, for each of the user devices, the VPH initiated for the user device communicates with the user device via a respective tunnel through a network, thereby enabling secure communications between the user devices.

15. A virtual IP service agent (VISA) operating in a controller having a processor and memory, for enabling virtual private network (VPN) services over an IP network, comprising:
- a virtual private host (VPH) bank having a plurality of VPHs, each of the VPHs allocating an IP address to a respective user device associated with the VPH, each of the VPHs forming an end-point of a tunnel over the IP network to the respective user device associated with the VPH.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The VISA of claim 15, further comprising:
    - an authentication, authorization, and accounting (AAA) client, interfacing with an AAA database of a service provider and said VPH bank, for authorizing generation of the VPHs for the respective user devices.
  - 17. The VISA of claim 16, further comprising:
    - a usage collector, interfacing with said AAA client and said VPH bank, for providing billing metrics to said AAA database.
  - 18. The VISA of claim 17, further comprising:
    - a tunnel manager, interfacing with said VPH bank, for establishing the respective tunnels between the VPHs and the respective user devices.
  - 19. The VISA of claim 18, further comprising:
    - an edge router configurator, interfacing with said tunnel manager and VPH bank, for creating and terminating each VPN session.
  - 20. The VISA of claim 19, wherein:
    - the edge router configurator identifies a session request from said device request by a network access identifier (NAI); and
      
      the AAA client interfaces with the AAA database for authentication.
  - 21. The VISA of claim 15, wherein said IP network comprises the Internet.

22. An apparatus for providing virtual private network (VPN) services, comprising:
- means for identifying a subnet address and a host address for each of a plurality of user devices requesting participation in a virtual private network (VPN) session; and
  
  means for initiating a respective plurality of virtual private hosts (VPHs) for the respective user devices;
  
  wherein, for each of the user devices, the VPH initiated for the user device communicates with the user device via a respective tunnel through a network, thereby enabling secure communications between the user devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Original Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Inventors
Paul, Sanjoy, Mukherjee, Sarit
Primary Examiner(s)
Moazami; Nasser
Assistant Examiner(s)
Cervetti; David Garcia

Application Number

US10/188,128
Publication Number

US 20040006708A1
Time in Patent Office

2,254 Days
Field of Search

726/15
US Class Current

726/15
CPC Class Codes

H04L 12/4679   Arrangements for the regist...

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/104   Grouping of entities

Method and apparatus for enabling peer-to-peer virtual private network (P2P-VPN) services in VPN-enabled network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

138 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for enabling peer-to-peer virtual private network (P2P-VPN) services in VPN-enabled network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

138 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links