Virtual private network crossovers based on certificates
First Claim
1. A method for permitting a first device on a first Virtual Private Network (VPN) to communicate with a second device on a second VPN, the method comprising:
- automatically authenticating, at an interconnection device without reference to a completely centralized decision making process, the first device on the first VPN;
automatically identifying, at the interconnection device without reference to a completely centralized decision making process, VPN parameters of the first VPN related to connecting and forwarding characteristics of the first VPN;
forwarding data from the first device on the first VPN to the second device on the second VPN via the first VPN, the interconnection device and the second VPN, said forwarding step being based on the VPN parameters of the first VPN;
automatically authenticating, at the interconnection device without reference to a completely centralized decision making process, the second device on the second VPN;
automatically identifying, at the interconnection device without reference to a completely centralized decision making process, VPN parameters of the second VPN related to connecting and forwarding characteristics of the second VPN;
reading at least a portion of the VPN parameters of the first VPN and at least a portion of the VPN parameters of the second VPN from a mapping table stored on the interconnection device which contains information related to plural VPNs associated with the interconnection device; and
forwarding data from the second device on the second VPN to the first device on the first VPN via the second VPN, the interconnection device and the first VPN.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for enabling interconnection of VPNs is disclosed. An interconnection device manages an interconnection process at one or more facilities including, for example, a gateway device. The gateway device has information relating to a plurality of VPNs, and may facilitate interconnection between devices on at least two of the VPNs by determining that one device is in fact a member of a first one of the VPNs, and by forwarding connection parameters of the first VPN to the second VPN on an as-needed basis. In this way, the gateway allows interconnection without the need for a completely centralized decision-making process, and does so independently of the type of device and/or VPN(s) being used. Moreover, the gateway may implement only those VPN parameters needed by both VPNs to communicate with one another with a desired level of security, thereby simplifying the routing and forwarding processes associated with the actual communication occurring via the interconnection. The information related to the plurality of VPNs and their respective member devices may be stored in a mapping table at the gateway, and identification parameters of a device seeking interconnection and/or associated VPN parameters may be verified by the use of digital certificates.
123 Citations
37 Claims
-
1. A method for permitting a first device on a first Virtual Private Network (VPN) to communicate with a second device on a second VPN, the method comprising:
-
automatically authenticating, at an interconnection device without reference to a completely centralized decision making process, the first device on the first VPN; automatically identifying, at the interconnection device without reference to a completely centralized decision making process, VPN parameters of the first VPN related to connecting and forwarding characteristics of the first VPN; forwarding data from the first device on the first VPN to the second device on the second VPN via the first VPN, the interconnection device and the second VPN, said forwarding step being based on the VPN parameters of the first VPN; automatically authenticating, at the interconnection device without reference to a completely centralized decision making process, the second device on the second VPN; automatically identifying, at the interconnection device without reference to a completely centralized decision making process, VPN parameters of the second VPN related to connecting and forwarding characteristics of the second VPN; reading at least a portion of the VPN parameters of the first VPN and at least a portion of the VPN parameters of the second VPN from a mapping table stored on the interconnection device which contains information related to plural VPNs associated with the interconnection device; and forwarding data from the second device on the second VPN to the first device on the first VPN via the second VPN, the interconnection device and the first VPN. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for forwarding communications between a first device on a first Virtual Private Network (VPN) and a second device on a second VPN via an interconnection device, the method comprising:
-
receiving first identification information from the first device on the first VPN at a first filtering and forwarding engine within the interconnection device; forwarding the first identification information to a control subsystem within the interconnection device; automatically authenticating the first device as a member of the first VPN, the first device authenticating step including automatically verifying, at the control subsystem within the interconnection device without reference to a completely centralized decision making process, first VPN parameters associated with the first VPN; providing the first VPN parameters to the first filtering and forwarding engine; forwarding the communications from the first device to the second device via the first filtering and forwarding engine and in accordance with the first VPN parameters; receiving second identification information from the second device on the second VPN at a second filtering and forwarding engine within the interconnection device; forwarding the second identification information to the control subsystem within the interconnection device; automatically authenticating the second device as a member of the second VPN, the second device authenticating step including automatically verifying, at the control subsystem within the interconnection device without reference to a completely centralized decision making process, second VPN parameters associated with the second VPN; providing the second VPN parameters to the second filtering and forwarding engine; forwarding further communications from the second device to the first device via the second filtering and forwarding engine and in accordance with the second VPN parameters; and updating the VPN parameters within a mapping table containing VPN parameter categories for each of plural VPNs associated with the interconnection device. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. An interconnection device for allowing communications between a first device on a first Virtual Private Network (VPN) and a second device on a second VPN, the interconnection device comprising:
-
a mapping table containing VPN information describing operations of the first and second VPNs; first and second filtering and forwarding engines operable to receive first and second identification information related to the first device on the first VPN and the second device on the second VPN, respectively; and a control subsystem operable to automatically authenticate, without reference to a completely centralized decision making process, the first device on the first VPN and the second device on the second VPN based on the first identification information and the second identification information, respectively, wherein the control subsystem is further operable to automatically identify, without reference to a completely centralized decision making process, first VPN information related to the first device on the first VPN and second VPN information related to the second device on the second VPN, and to modify the first and second VPN information within the mapping table such that the first and second filtering and forwarding engines transmit the communications between the first device on the first VPN to the second device on the second VPN in accordance therewith. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. An article of manufacture, which comprises a computer readable medium having stored therein a computer program for carrying out a method for connecting a first device on a first Virtual Private Network (VPN) to a second device on a second VPN, the computer program comprising:
-
a first code segment for receiving first and second authentication requests from the first device on the first VPN and second device on the second VPN, respectively; a second code segment for automatically authenticating the first device as a member of the first VPN and for automatically authenticating the second device as a member of the second VPN, in response to the first and second authentication requests, respectively, the automatically authenticating steps being performed without reference to a completely centralized decision making process; a third code segment for automatically determining, without reference to a completely centralized decision making process, parameters associated with intra VPN data traffic including routing and forwarding parameters; a fourth code segment for implementing the routing and forwarding parameters with respect to communications between the first device and the second device; and a fifth code segment for updating the routing and forwarding parameters within a mapping table implemented by a sixth code segment. - View Dependent Claims (36, 37)
-
Specification