Secure network connection for devices on a private network
First Claim
1. A method for implementing secure network communications between a first device and a second device, at least one of the devices communicating with a public network via a separate computer, the method comprising:
- receiving a request for a first secure connection from the first device;
masking an address of the first device with respect to the second device; and
initiating a second secure connection between the separate computer and the second device, wherein the first and second secure connections enable the secure network communications between the first and second devices.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for providing secure network connections are provided. When a device resides on a private network such that its address is not commonly available to other devices via a public network, a gateway, firewall or similar device can be used to preserve the address of the private network device in confidence while still allowing a secure, end-to-end connection between the public and private network devices. The gateway or similar device may negotiate separate secure connections, such as Security Associations, with each of the public and private network devices. In this way, encryption parameters of those two devices can be exchanged even though neither need be knowledgeable of the other'"'"'s actual address. Moreover, the gateway or similar device can perform this function without itself gaining access to the content being transmitted between the public and private network devices. Additionally, the gateway or similar device can also be used to forward data between the public and private network devices once a secure tunnel has been established therebetween.
60 Citations
24 Claims
-
1. A method for implementing secure network communications between a first device and a second device, at least one of the devices communicating with a public network via a separate computer, the method comprising:
-
receiving a request for a first secure connection from the first device;
masking an address of the first device with respect to the second device; and
initiating a second secure connection between the separate computer and the second device, wherein the first and second secure connections enable the secure network communications between the first and second devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A virtual peer device for implementing a secure network connection between a first and second device, at least one of the devices being a private network device communicating with a public network via the virtual peer device, the virtual peer device comprising:
-
means for receiving a request for a first connection from the first device;
means for requesting a second connection with the second device;
means for forwarding encryption parameters between the two devices, to thereby establish the first and second connections; and
means for establishing the secure connection based on the first and second connections. - View Dependent Claims (10, 11, 12, 13)
-
-
14. An article of manufacture, which comprises a computer readable medium having stored therein a computer program carrying out a method for implementing a secure connection between two devices, the computer program comprising:
-
a first code segment for establishing a device address associated with the article of manufacture;
a second code segment for establishing a first link between a first device and the device address;
a third code segment for establishing a second link between a second device and the device address;
a fourth code segment for exchanging encryption parameters associated with each of the first and second device via the first and second link; and
a fifth code segment for establishing the secure connection based on the encryption parameters. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A method of transmitting data, comprising:
-
negotiating a first security association between a first device and a second device;
negotiating a second security association between a second device and a third device that is independent of the first security association; and
transmitting data inaccessible to said second device between the first and third devices via the second device. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification