Private network system and method

US 8,196,181 B2
Filed: 10/15/2007
Issued: 06/05/2012
Est. Priority Date: 10/13/2006
Status: Active Grant

First Claim

Patent Images

1. A method for forming a secure virtual private network (VPN) consisting of two or more linked entities having internet connectability where each entity has links with at least one other device on the VPN, said method comprising the steps of:

(a) providing a lookup device having a known address with an updatable index of entities known to be connectable to the VPN, which look up device accepts requests from known entities (“

joining entity”

) wishing to link to the VPN,(b) causing at least one pre-designated contact entity on the VPN to periodically poll the lookup device for received joining requests,(c) said lookup device receiving a request from a joining entity to connect to the VPN,(d) in response to a poll for joining requests said lookup device notifying the polling contact entity of at least the address of each joining entity,(e) if the contact entity permits a connection to the VPN, the contact entity supplies at least its address to the lookup device which passes this to the joining entity,(f) the joining entity and contact entity establish a first link between them,(g) the joining entity and the contact entity conduct an authentication process over said first link,(h) and if the authentication process is successful the contact entity notifies the joining entity of at least the status of other entities belonging to the VPN and notifies all entities on the VPN that the joining entity is joining the VPN,(i) said joining entity using the status of other entities belonging to the VPN to calculate its node position in the VPN including its node position with respect to one or two neighbor entities it will connect to,(j) said one or two neighbor entities polling said lookup device for a received joining request,(k) said lookup device receiving a request from said joining entity to connect to a neighbor entity,(l) in response to a poll from a neighbor entity for a received joining request said lookup device notifying the neighbor entity of at least the address of said joining entity,(m) if the neighbor entity permits a connection to the joining entity, the neighbor entity supplying at least its address to the lookup device which passes this to the joining entity,(n) the joining entity and the neighbor entity establishing a second link between them,(o) said joining entity and at least one neighbor entity conducting a mutual authentication process which if successful sustains said one or more second links,(p) providing an initial registration step whereby entities register with the lookup device for access to one or more desired VPNs and only entities which are so registered are subsequently recognized or known to the lookup device, said registration step comprising;

the entity sending to the lookup device registration information including at least a username, a password, and the lookup device storing said registration information for identification purposes when a registered entity sends a VPN joining request to the lookup device,(q) wherein said registration step includes the lookup device sending to registering entities a security key to allow such entities to access security keys unique to VPN for which registration has been made and the other entities registered for that VPN.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for forming a secure virtual private network (VPN) is described comprising: providing a lookup device, causing at least one pre-designated contact entity on the VPN to periodically poll the lookup device for received joining requests, receiving at the lookup device a request from a joining entity to connect to the VPN, in response to a poll for joining requests the lookup device notifying the polling contact entity of at least the address of each joining entity, and the contact entity supplying at least its address to the lookup device which passes this to the joining entity to establish a link with the contact entity.

38 Citations

View as Search Results

16 Claims

1. A method for forming a secure virtual private network (VPN) consisting of two or more linked entities having internet connectability where each entity has links with at least one other device on the VPN, said method comprising the steps of:
- (a) providing a lookup device having a known address with an updatable index of entities known to be connectable to the VPN, which look up device accepts requests from known entities (“
  
  joining entity”
  
  ) wishing to link to the VPN,(b) causing at least one pre-designated contact entity on the VPN to periodically poll the lookup device for received joining requests,(c) said lookup device receiving a request from a joining entity to connect to the VPN,(d) in response to a poll for joining requests said lookup device notifying the polling contact entity of at least the address of each joining entity,(e) if the contact entity permits a connection to the VPN, the contact entity supplies at least its address to the lookup device which passes this to the joining entity,(f) the joining entity and contact entity establish a first link between them,(g) the joining entity and the contact entity conduct an authentication process over said first link,(h) and if the authentication process is successful the contact entity notifies the joining entity of at least the status of other entities belonging to the VPN and notifies all entities on the VPN that the joining entity is joining the VPN,(i) said joining entity using the status of other entities belonging to the VPN to calculate its node position in the VPN including its node position with respect to one or two neighbor entities it will connect to,(j) said one or two neighbor entities polling said lookup device for a received joining request,(k) said lookup device receiving a request from said joining entity to connect to a neighbor entity,(l) in response to a poll from a neighbor entity for a received joining request said lookup device notifying the neighbor entity of at least the address of said joining entity,(m) if the neighbor entity permits a connection to the joining entity, the neighbor entity supplying at least its address to the lookup device which passes this to the joining entity,(n) the joining entity and the neighbor entity establishing a second link between them,(o) said joining entity and at least one neighbor entity conducting a mutual authentication process which if successful sustains said one or more second links,(p) providing an initial registration step whereby entities register with the lookup device for access to one or more desired VPNs and only entities which are so registered are subsequently recognized or known to the lookup device, said registration step comprising;
  
  the entity sending to the lookup device registration information including at least a username, a password, and the lookup device storing said registration information for identification purposes when a registered entity sends a VPN joining request to the lookup device,(q) wherein said registration step includes the lookup device sending to registering entities a security key to allow such entities to access security keys unique to VPN for which registration has been made and the other entities registered for that VPN.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method according to claim 1 wherein in step (h) the contact entity further notifies the joining entity of the entity identifiers of other entities belonging to the VPN.
  - 3. A method according to claim 2 wherein in step (i) said joining entity additionally uses the entity identifiers of other entities belonging to the VPN to calculate its node position.
  - 4. A method according to claim 3 wherein said entity identifier is an address.
  - 5. A method according to claim 4 wherein said authentication process consists of each of the two entities challenging the other using a key unique to the purported identity of the other entity, each challenge comprising a transmission to the other entity, a response from the other entity and verification by the challenging entity that the response is correct.
  - 6. A method according to claim 5 wherein each challenge between a first entity and a second entity comprises the steps of:
    - (a) the first entity generates a random sequence of data, stores it and encrypts it with the public key of the second entity and sends the resultant cyphertext to the second entity,(b) the second entity receives the cyphertext from the first entity, decrypts it using the private key of the second entity, encrypts the resultant plaintext with the public key of the first entity and sends it to the first entity, and(c) the first entity receives the cyphertext from the second entity, decrypts it using the private key of the first entity, compares the resultant plaintext with said stored random sequence of data and, if there is a match, accepts that the second entity is authenticated.
  - 7. A method according to claim 6 wherein data traffic between entities connected to a VPN is encrypted using a symmetric key and said symmetric key is said random sequence of data.
  - 8. A method according to claim 7 wherein said authentication process is periodically repeated and the periodically generated random data sequences are used as a dynamic symmetric session key.
  - 9. A method according to claim 8 wherein said entities are devices having a processor that can be connected to the internet.
  - 10. A method according to claim 9 wherein said devices include computers, PDAs, PPC, mobile telephones or smartphones, and embedded devices.
  - 11. A method according to claim 1 wherein said authentication process consists of each of the two entities challenging the other using a key unique to the purported identity of the other entity, each challenge comprising a transmission to the other entity, a response from the other entity and verification by the challenging entity that the response is correct.
  - 12. A method according to claim 11 wherein each challenge between a first entity and a second entity comprises the steps of:
    - (a) the first entity generates a random sequence of data, stores it and encrypts it with the public key of the second entity and sends the resultant cyphertext to the second entity,(b) the second entity receives the cyphertext from the first entity, decrypts it using the private key of the second entity, encrypts the resultant plaintext with the public key of the first entity and sends it to the first entity, and(c) the first entity receives the cyphertext from the second entity, decrypts it using the private key of the first entity, compares the resultant plaintext with said stored random sequence of data and, if there is a match, accepts that the second entity is authenticated.
  - 13. A method according to claim 12 wherein data traffic between entities connected to a VPN is encrypted using a symmetric key and said symmetric key is said random sequence of data.
  - 14. A method according to claim 13 wherein said authentication process is periodically repeated and the periodically generated random data sequences are used as a dynamic symmetric session key.

15. Computer software for forming a secure virtual private network (VPN) consisting of two or more linked entities having internet connectability where each entity has links with at least one other entity on the VPN and a lookup device connected to the internet having a known address with an updatable index of entities known to be connectable to the VPN, said software residing on each said entity in a non-transitory medium and comprising:
- (a) a routine for connecting to said lookup device and making a request to said lookup device to join to the VPN,(b) a routine for polling the lookup device for received joining requests,(c) a routine for receiving from the lookup device at least the address of each joining entity,(d) a routine for matching the address of each joining entity with stored criteria,(e) a routine which allows matched entities to establish a first link between them,(f) an authentication routine which enables entities which have established a first link to mutually authenticate the identity of the other,(g) a routine which, if the authentication process is successful, notifies the joining entity of at least the status of other entities belonging to the VPN and notifies all entities on the VPN that the joining entity is joining the VPN,(h) a routine which uses the status of other entities belonging to the VPN to calculate the node position in the VPN and the one or two neighbor entities that the entity on which the routine resides will connect to,(i) a routine which, through said lookup device, establishes one or more second links with said one or more neighboring entities in said VPN and ends said first link,(j) a routine which invokes said authentication routine to conduct mutual authentication between said linked neighboring entities and which, if successful, sustains said one or more second links,(k) an initialization routine whereby entities register with the lookup device for access to one or more desired VPNs and only entities which are so registered are subsequently recognized or known to the lookup device, the registration routine including a registration step comprising;
  
  the entity sending to the lookup device registration information including at least a username, a password, and the lookup device storing said registration information for identification purposes when a registered entity sends a VPN joining request to the lookup device,(l) wherein the registration step includes the lookup device sending to registering entities a security key to allow such entities to access security keys unique to VPN for which registration has been made and the other entities registered for that VPN.

16. Computer software for forming a secure virtual private network (VPN) consisting of two or more linked entities having internet connectability where each entity has links with at least one other entity on the VPN and a lookup device connected to the internet having a known address with an updatable index of entities known to be connectable to the VPN, said software residing on each of said entities in a non-transitory medium and comprising:
- (a) a routine for connecting to said lookup device and making a request to said lookup device to join to the VPN,(b) a routine for polling the lookup device for received joining requests,(c) a routine for receiving from the lookup device at least the address of each joining entity,(d) a routine for matching the address of each joining entity with stored criteria and supplying the address of the entity to the lookup device for passing to the joining entity,(e) a routine which allows matched entities to establish a first link between them,(f) an authentication routine which enables entities which have established a first link to mutually authenticate the identity of the other,(g) a routine which, if the authentication process is successful, notifies the joining entity of at least the status of other entities belonging to the VPN and notifies all entities on the VPN that the joining entity is joining the VPN,(h) a routine which uses the status of other entities belonging to the VPN to calculate the node position in the VPN and the one or two neighbor entities that the entity on which the routine resides will connect to,a routine which, through said lookup device, establishes one or more second links with said one or more neighboring entities in said VPN and ends said first link,(j) a routine which invokes said authentication routine to conduct mutual authentication between said linked neighboring entities and which, if successful, sustains said one or more second links(k) an initialization routine whereby entities register with the lookup device for access to one or more desired VPNs and only entities which are so registered are subsequently recognized or known to the lookup device, the registration routine including a registration step comprising;
  
  the entity sending to the lookup device registration information including at least a username, a password, and the lookup device storing said registration information for identification purposes when a registered entity sends a VPN joining request to the lookup device,(l) wherein the registration step includes the lookup device sending to registering entities a security key to allow such entities to access security keys unique to VPN for which registration has been made and the other entities registered for that VPN.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quipa Holdings Limited
Original Assignee
Quipa Holdings Limited
Inventors
Devonshire, Karyn, Lobb, Jason
Primary Examiner(s)
Poltorak, Peter

Application Number

US11/872,362
Publication Number

US 20080134316A1
Time in Patent Office

1,695 Days
Field of Search

726/15
US Class Current

726/3
CPC Class Codes

G06F 9/548   Object oriented; Remote met...

H04L 61/4535   using an address exchange p...

H04L 63/0272   Virtual private networks

H04L 63/065   for group communications cr...

H04L 63/0869   for achieving mutual authen...

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/1046   Joining mechanisms

H04L 67/1093   Some peer nodes performing ...

H04L 67/14   Session management for real...

Private network system and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

38 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Private network system and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others