Virtual private network crossovers based on certificates
First Claim
1. A method for permitting a first device on a Virtual Private Network (VPN) to communicate with a second device outside the VPN, comprising:
- authenticating, at an interconnection device, the first device;
authenticating, at the interconnection device, VPN parameters related to connecting and forwarding characteristics of the VPN with which the first device is associated; and
forwarding data from the first device to the second device via the VPN and the interconnection device, said forwarding operation based on the VPN parameters.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for enabling interconnection of VPNs is disclosed. An interconnection device manages an interconnection process at one or more facilities including, for example, a gateway device. The gateway device has information relating to a plurality of VPNs, and may facilitate interconnection between devices on at least two of the VPNs by determining that one device is in fact a member of a first one of the VPNs, and by forwarding connection parameters of the first VPN to the second VPN on an as-needed basis. In this way, the gateway allows interconnection without the need for a completely centralized decision-making process, and does so independently of the type of device and/or VPN(s) being used. Moreover, the gateway may implement only those VPN parameters needed by both VPNs to communicate with one another with a desired level of security, thereby simplifying the routing and forwarding processes associated with the actual communication occurring via the interconnection. The information related to the plurality of VPNs and their respective member devices may be stored in a mapping table at the gateway, and identification parameters of a device seeking interconnection and/or associated VPN parameters may be verified by the use of digital certificates.
298 Citations
47 Claims
-
1. A method for permitting a first device on a Virtual Private Network (VPN) to communicate with a second device outside the VPN, comprising:
-
authenticating, at an interconnection device, the first device;
authenticating, at the interconnection device, VPN parameters related to connecting and forwarding characteristics of the VPN with which the first device is associated; and
forwarding data from the first device to the second device via the VPN and the interconnection device, said forwarding operation based on the VPN parameters. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for forwarding communications from a first device on a Virtual Private Network (VPN) to a second device via an interconnection device, the method comprising:
-
receiving identification information from the first device at a filtering and forwarding engine within the interconnection device;
forwarding the identification information to a control subsystem within the interconnection device;
authenticating the first device as a member of the VPN including/verifying, at the control subsystem, VPN parameters associated with the VPN;
providing the VPN parameters to the filtering and forwarding engine; and
forwarding the communications from the first device to the second device via the filtering and forwarding engine and in accordance with the VPN parameters. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. An interconnection device for allowing communications between a first device on a Virtual Private Network (VPN) and a second device not on the VPN, the interconnection device comprising:
-
a mapping table containing VPN information describing operations of the VPN;
a filtering and forwarding engine operable to receive identification information related to the first device; and
a control subsystem operable to authenticate the first device based on the identification information, the control subsystem further operable to authenticate VPN information related to the first device and to modify the VPN information within the mapping table such that the filtering and forwarding engine transmits the communications from the first device to the second device in accordance therewith. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. An article of manufacture, which comprises a computer readable medium having stored therein a computer program carrying out a method for connecting a first device on a Virtual Private Network (VPN) to a second device not on the VPN, the computer program comprising:
-
a first code segment for receiving an authentication request from the first device;
a second code segment for authenticating the first device as a member of the VPN, in response to the authentication request;
a third code segment for authenticating parameters associated with intra-VPN data traffic including routing and forwarding parameters; and
a fourth code segment for implementing the routing and forwarding parameters with respect to communications between the first device and the second device. - View Dependent Claims (41, 42, 43, 44)
-
-
45. A system for cross-connecting a first device on a first Virtual Private Network (VPN) to a second device on a second VPN, the system comprising:
-
an identification subsystem operable to identify the first device and the second device and output identification information accordingly;
an authentication subsystem operable to receive the identification information and authenticate the first device and the second device as members of the first VPN and the second VPN, respectively, based thereon, and to output authentication information accordingly, the authentication information including a first set of rules governing data transmission over the first VPN and a second set of rules governing transmission over the second VPN;
a matching subsystem operable to receive the authentication information and match the first set of rules to the second set of rules such that secure transmission occurs between the first and second devices via the first and second VPNs.
-
-
46. A method for connecting a first device on a first Virtual Private Network (VPN) to a second device on a second VPN, the method comprising:
-
receiving, at an interconnection device, a first certificate identifying properties of the first device and the first VPN, and a second certificate identifying properties of the second device and the second VPN;
comparing the first and second certificates at the interconnection device, the interconnection device storing information related to a predetermined number of VPNs of which the first and second VPNs are a subset; and
allowing interconnection of the first and second devices based on the comparing operation.
-
-
47. A system for connecting a first device on a Virtual Private Network (VPN) to a second device not on the VPN, the system comprising:
-
means for authenticating the first device as a member of the VPN;
means for authenticating VPN parameters associated with the first VPN; and
means for transmitting communications between the first device and the second device, based on the VPN parameters.
-
Specification