System for automated connection to virtual private networks related applications

US 7,827,278 B2
Filed: 07/23/2001
Issued: 11/02/2010
Est. Priority Date: 07/23/2001
Status: Active Grant

First Claim

Patent Images

1. A network interface unit for communicating data packets over one or more non-secure networks between one or more client devices associated with one or more local area networks (LAN) and a secure virtual private network (VPN) node, comprising:

means for authenticating the one or more client devices for access to the secure VPN node,a graphical user interface server for presenting an authentication menu to the one or more client devices, wherein, when a first one of the client devices is incompatible with the authentication menu, the authentication means is to authenticate the first client device in response to an authentication of a second one of the client devices via the authentication menu, the second client device being compatible with the authentication menu;

means for receiving a menu selection from the second client device, the selection corresponding to a connection profile associated with a first type of connection;

means for accessing the one or more non-secure networks using information associated with the selection; and

a security server for establishing a secure communication over the non-secure network between the LAN and the secure VPN node.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network interface unit is provided for use intermediate a LAN and a public or private network, or a combination of both, for establishing secure links to a VPN gateway. Login by a LAN client with the network interface unit, addressing, authentication, and other configuration operations achieved using a web page-based GUI are applied in establishing tunnels from LAN clients to desired VPN destinations. Illustrative network interface units include a DHCP server and provide encryption-decryption and encapsulation-decapsulation of data packets for communication with VPN nodes. Configuration and connection of a client are further enhanced by a built-in DNS server and other functional servers to provide a high degree of autonomy in establishing connections to a desired VPN gateway via an ISP or other public and/or private network links to. The interface unit then performs required authentication exchanges, and required encryption key exchanges.

Citations

19 Claims

1. A network interface unit for communicating data packets over one or more non-secure networks between one or more client devices associated with one or more local area networks (LAN) and a secure virtual private network (VPN) node, comprising:
- means for authenticating the one or more client devices for access to the secure VPN node,a graphical user interface server for presenting an authentication menu to the one or more client devices, wherein, when a first one of the client devices is incompatible with the authentication menu, the authentication means is to authenticate the first client device in response to an authentication of a second one of the client devices via the authentication menu, the second client device being compatible with the authentication menu;
  
  means for receiving a menu selection from the second client device, the selection corresponding to a connection profile associated with a first type of connection;
  
  means for accessing the one or more non-secure networks using information associated with the selection; and
  
  a security server for establishing a secure communication over the non-secure network between the LAN and the secure VPN node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The network interface unit of claim 1, further comprising a configuration server having a memory for storing configuration information for at the client devices, and means for retrieving the configuration information from the memory in response to an authentication of one of the client devices.
  - 3. The network interface unit of claim 2, wherein the configuration information comprises information received in association with each of the client devices upon an initial authentication of respective ones of the client devices.
  - 4. The network interface unit of claim 2, wherein the configuration information corresponding to the client devices comprises information related to connections to the one or more non-secure networks.
  - 5. The network interface unit of claim 4, wherein the information related to the connections to the one or more non-secure networks comprises information relating to a dial-up connection.
  - 6. The network interface unit of claim 5, wherein the information related to the dial-up connection comprises information relating to a customized dial-up connection, the information relating to the customized dial-up connection comprising a customized string of characters to control a modem connection to the one or more non-secure network networks.
  - 7. The network interface unit of claim 4, wherein the information related to the connections to the one or more non-secure networks comprises information relating to a connection having a fixed IP address.
  - 8. The network interface unit of claim 4, wherein the information related to the connections to the one or more non-secure networks comprises information relating to one a connection having a temporary IP address.
  - 9. The network interface unit of claim 8, further comprising a Dynamic Host Configuration Protocol (DHCP) server for providing the temporary IP address.
  - 10. The network interface unit of claim 4, further comprising a Dynamic Host Configuration Protocol (DHCP) client for obtaining a temporary IP address from the at least one non-secure network and providing the temporary IP address for use in a connection.
  - 11. The network interface unit of claim 4, wherein the information related to the connections to the one or more non-secure networks comprises information relating to a point-to-point over Ethernet (PPPoE) connection.
  - 12. The network interface unit of claim 2, wherein the memory comprises a removable memory module.
  - 13. The network interface unit of claim 12, wherein the removable memory module stores web pages for presentation by the graphical user interface server.
  - 14. The network interface unit of claim 1, wherein the means for authenticating the client devices comprises means for comparing a client identifier and password information received from the client devices with information stored at the network interface unit.
  - 15. The network interface unit of claim 1, wherein the second client device is designated for authentication on behalf of the first client device and other incompatible client devices associated with the LAN.

16. A method for communicating data packets over a non-secure network between client devices a secure virtual private network (VPN) node, comprising:
- receiving a request from a first client device associated with a first local area network (LAN) to access the secure VPN node;
  
  presenting an authentication menu via a graphical user interface on the first client device;
  
  in response to receiving valid authentication information from the first client device, authenticating the first client device for access to the secure VPN node;
  
  when a second client device associated with the first LAN is incompatible with the authentication menu, authenticating the second client device associated with the first LAN in response to the authentication of the first client device associated with the first LAN, the first client device being compatible with the authentication menu;
  
  receiving a menu selection from the first client device corresponding to a connection profile associated with a first type of connection;
  
  accessing the non-secure network using information associated with the selection; and
  
  establishing a secure communication over the non-secure network between the first LAN and the secure VPN node.
- View Dependent Claims (17)
- - 17. The method as defined in claim 16, wherein the first client device is designated for authentication on behalf of an incompatible client device, the first client device and the incompatible client device being associated with the same LAN.

18. A non-transitory memory storing instructions that, when executed, cause a machine to:
- receive a request from a first client device associated with a first local area network (LAN) to access a secure VPN node;
  
  present an authentication menu via a graphical user interface to the first client device;
  
  in response to receiving valid authentication information from the first client device, authenticate the first client device for access to the secure VPN node;
  
  when a second client device associated with the first LAN is incompatible with the menu, authenticate the second client device of the first LAN in response to the authentication of the first client device of the first LAN;
  
  receive a menu selection from the first client device corresponding to a connection profile associated with a first type of connection;
  
  access a non-secure network using information associated with the selection; and
  
  establish a secure connection over the non-secure network between the first LAN and the secure VPN.
- View Dependent Claims (19)
- - 19. The non-transitory memory as defined in claim 18, wherein the first client device is designated for authentication on behalf of an incompatible client device associated with the first LAN.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Stone, Kevin, Schryer, Norman Loren, Killian, Thomas Joseph, Weber, Roy Philip, Goldman, Shelley B., Foladare, Mark Jeffrey, Chen, Yihsiu
Primary Examiner(s)
Lin; Kenny S

Application Number

US09/910,987
Publication Number

US 20030200321A1
Time in Patent Office

3,389 Days
Field of Search

709/223, 709/225, 726/15
US Class Current

709/225
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

System for automated connection to virtual private networks related applications

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System for automated connection to virtual private networks related applications

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links