Automatic hardware-enabled virtual private network system
First Claim
1. An automatic hardware-enabled virtual private network system comprising:
- a first token, wherein said first token is configured to be coupled to a computing device;
a subnet box configured to be coupled to a private network and to a public network, wherein the subnet box is configured to communicate with the computing device via the public network;
a second token, wherein said second token is configured to be coupled to said subnet box;
wherein said virtual private network is facilitated only when said second token is coupled to said subnet box; and
a key database, wherein said key database is coupled to said subnet box and comprises a serial number and at least one secret cryptographic key associated with said first token;
whereby the subnet box facilitates an encrypted connection between the subnet box and the computing device when the first token is coupled to the computing device.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a technique for automatically establishing efficient, remote, secure client connections to one or more locations using a smart card enabled client driver and a smart card enabled network edge device (“Subnet Box”) capable of establishing an end-to-end hardware encrypted tunnel between itself and the client. In an embodiment of the invention, a method of establishing a secure communications tunnel comprises the steps of: authenticating a remote client to a subnet box on a private network, wherein the remote client is connected to the subnet box via a public network, establishing a tunnel between the remote client and the subnet box, and encapsulating all traffic in the tunnel, wherein the tunnel is established only when a unique physical token is coupled to the remote device. The unique physical token comprises a smartcard and is configured to be inserted into a communications port of the remote device. The step of authenticating comprises the steps of: receiving an authentication packet, wherein the first authentication packet comprises an identifier identifying the unique physical token and a first random number, and transmitting a response authentication packet, wherein the response authentication packet comprise a second random number. The step of establishing a secure communications tunnel comprises the step of generating a cryptographic key based on the first and second random numbers.
-
Citations
11 Claims
-
1. An automatic hardware-enabled virtual private network system comprising:
-
a first token, wherein said first token is configured to be coupled to a computing device; a subnet box configured to be coupled to a private network and to a public network, wherein the subnet box is configured to communicate with the computing device via the public network; a second token, wherein said second token is configured to be coupled to said subnet box; wherein said virtual private network is facilitated only when said second token is coupled to said subnet box; and a key database, wherein said key database is coupled to said subnet box and comprises a serial number and at least one secret cryptographic key associated with said first token; whereby the subnet box facilitates an encrypted connection between the subnet box and the computing device when the first token is coupled to the computing device. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of establishing a secure communications tunnel, the method comprising the steps of:
-
authenticating a remote client to a subnet box on a private network, wherein said remote client is connected to said subnet box via a public network, establishing a tunnel between said remote client and said subnet box when a first unique physical token is coupled to said remote client and a second unique physical token is coupled to said subnet box, and encapsulating all traffic in said tunnel, wherein said subnet box is coupled to a key database that comprises a serial number and at least one secret cryptographic key associated with said first unique physical token. - View Dependent Claims (7, 8, 9, 10, 11)
-
Specification