Automated operation and security system for virtual private networks
First Claim
1. A method of configuring and authenticating a node device, the method comprising:
- at a manufacturing facility, generating a public key and a private key in the node device;
storing the private key by the node device in a protected non-volatile storage;
providing the public key to the manufacturing facility, by the node device;
generating a public key certificate that includes the node device'"'"'s public key and is signed with a private key associated with the manufacturing facility, by the manufacturing facility;
providing the public key certificate to the node device, by the manufacturing facility;
storing the public key certificate in nonvolatile storage, by the node device;
providing an authentication chain, including a first plurality of public key certificates, to the node device for authenticating the certificates of other node devices, by the manufacturing facility;
storing the authentication chain, including the first plurality of public key certificates, in the nonvolatile storage, by the node device;
deploying the node device;
the node device authenticating itself to other node devices and servers by using said private key to sign messages and sending the signed messages and the public key certificate to the other node devices or servers, said other node devices or servers then authenticating the public key certificate using a second authentication chain, including a second plurality of public key certificates, stored on the other node devices or servers and confirming the messages were signed using the private key corresponding to the public key in the public key certificate; and
additional node devices and servers authenticating to the node device by using private keys of the additional node devices and servers to sign messages and sending signed messages and the public key certificates to the node device, the node device then authenticating the public key certificates using the authentication chain, including the first plurality of public key certificates of the node device and confirming that, for each additional node device or server, the messages were signed using the private key corresponding to the public key in the public key certificate.
8 Assignments
0 Petitions
Accused Products
Abstract
A node device provides secure communication services over a data network, such as the Internet or another public or private packet switched network, to multiple computers that are coupled through the node device and multiple other node devices. The node device includes a network communication interface for coupling the node device to the data network. The node device includes a data storage containing cryptographic information including information that is unique to the node device. The node device also includes a tunneling communication service coupled to the network interface configured to maintaining an encrypted communication tunnel with each of multiple other node devices using the cryptographic information. For example, the encrypted communication tunnels are implemented using the IPsec or PPTP protocols. The node device includes a routing database for holding routing data and a router coupled to the tunneling communication service and to the routing database. The router can pass communication from one communication tunnel to another. A centralized server can be used to control the node devices in a centralized manner, thereby reducing or eliminating on-site administration of node devices.
-
Citations
1 Claim
-
1. A method of configuring and authenticating a node device, the method comprising:
-
at a manufacturing facility, generating a public key and a private key in the node device; storing the private key by the node device in a protected non-volatile storage; providing the public key to the manufacturing facility, by the node device; generating a public key certificate that includes the node device'"'"'s public key and is signed with a private key associated with the manufacturing facility, by the manufacturing facility; providing the public key certificate to the node device, by the manufacturing facility; storing the public key certificate in nonvolatile storage, by the node device; providing an authentication chain, including a first plurality of public key certificates, to the node device for authenticating the certificates of other node devices, by the manufacturing facility; storing the authentication chain, including the first plurality of public key certificates, in the nonvolatile storage, by the node device; deploying the node device; the node device authenticating itself to other node devices and servers by using said private key to sign messages and sending the signed messages and the public key certificate to the other node devices or servers, said other node devices or servers then authenticating the public key certificate using a second authentication chain, including a second plurality of public key certificates, stored on the other node devices or servers and confirming the messages were signed using the private key corresponding to the public key in the public key certificate; and additional node devices and servers authenticating to the node device by using private keys of the additional node devices and servers to sign messages and sending signed messages and the public key certificates to the node device, the node device then authenticating the public key certificates using the authentication chain, including the first plurality of public key certificates of the node device and confirming that, for each additional node device or server, the messages were signed using the private key corresponding to the public key in the public key certificate.
-
Specification