Multi-access virtual private network

DC CAFC

US 6,061,796 A
Filed: 08/26/1997
Issued: 05/09/2000
Est. Priority Date: 08/26/1997
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. Apparatus for carrying out communications over a multi-tier virtual private network, said network including a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network, comprising:

means for intercepting function calls and requests for service sent by an applications program on one of said client computers to a lower level set of communications drivers;

means for causing an applications level authentication and encryption program in said one of said client computers to communicate with the server, generate a session key, and use the session key generated by the applications level authentication and encryption program to encrypt files sent by the applications program before transmittal over said open network, andmeans for intercepting files packaged by a transport driver interface layer to form packets and encrypting the packets using a session key generated during communications between corresponding lower layers of the server and said one of said client computers.

View all claims

5 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A virtual private network for communicating between a server and clients over an open network uses an applications level encryption and mutual authentication program and at least one shim positioned above either the socket, transport driver interface, or network interface layers of a client computer to intercept function calls, requests for service, or data packets in order to communicate with the server and authenticate the parties to a communication and enable the parties to the communication to establish a common session key. Where the parties to the communication are peer-to-peer applications, the intercepted function calls, requests for service, or data packets include the destination address of the peer application, which is supplied to the server so that the server can authenticate the peer and enable the peer to decrypt further direct peer-to-peer communications.

398 Citations

28 Claims

1. Apparatus for carrying out communications over a multi-tier virtual private network, said network including a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network, comprising:
- means for intercepting function calls and requests for service sent by an applications program on one of said client computers to a lower level set of communications drivers;
  
  means for causing an applications level authentication and encryption program in said one of said client computers to communicate with the server, generate a session key, and use the session key generated by the applications level authentication and encryption program to encrypt files sent by the applications program before transmittal over said open network, andmeans for intercepting files packaged by a transport driver interface layer to form packets and encrypting the packets using a session key generated during communications between corresponding lower layers of the server and said one of said client computers.

2. Apparatus for carrying out communications over a multi-tier virtual private network, said network including a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network, comprising:
- means for intercepting function calls and requests for service sent by an applications program on one of said client computers to a lower level set of communications drivers; and
  
  means for causing an applications level authentication and encryption program in said one of said client computers to communicate with the server, generate a session key, and use the session key generated by the applications level authentication and encryption program to encrypt files sent by the applications program before transmittal over said open network, andfurther comprising means for intercepting a destination address during initialization of communications between said one of said client computers and a second of said client computers on said virtual private network;
  
  means for causing said applications level authentication and encryption program to communicate with the server to in order to enable the applications level authentication and encryption program to generate said session key;
  
  means for transmitting said destination address to said server;
  
  means for causing said server to communicate with the second of said two client computers;
  
  means for enabling said second of said two client computers to recreate the session key;
  
  means for causing said authentication software to encrypt files to be sent to the destination address using the session key; and
  
  means for transmitting the encrypted files directly to the destination address.
- View Dependent Claims (3)
- - 3. Apparatus as claimed in claim 2, wherein said means for intercepting the destination address is carried out by a shim positioned between a peer-to-peer applications program and a layer of a communications driver architecture of said one of the two client computers.

4. A multi-tier virtual private network, comprising:
- a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network,wherein said means for transmitting data to and receiving data from the open network includes, in any client computer initiating communications with the server;
  
  applications level encryption and authentication software arranged to communicate with the server in order to;
  
  a.) mutually authenticate the server and the client computer initiating communications with the server and b.) generate a session key for use by the client computer initiating communications to encrypt files;
  
  at least one lower level set of communications drivers;
  
  and a shim arranged to intercept function calls and requests for service sent by an applications program to the lower level set of communications drivers in order to cause the applications level authentication and encryption program to communicate with the server, generate said session key, and encrypt files sent by the applications program before transmittal over said open network,wherein said lower level set of communications drivers includes a network driver layer, a transport driver interface layer arranged to package applications files as packets capable of being routed over the open network and supply the packets to the network driver layer for transmission to the open network, and an applications socket for facilitating service requests by said applications program to the transport driver interface layer, and wherein said shim is a socket shim positioned between the applications program and the socket to intercept function calls to the socket in order to cause the applications level authentication and encryption program to communicate with the server, generate said session key, and encrypt files sent by the applications program before the files are packaged by the transport driver interface layer, andwherein said applications program is a peer-to-peer communications program, wherein a peer application destination address, included in said function calls to the socket, is diverted by the socket shim, and wherein a destination address including said intercepted function calls is supplied to the server during communications with the server, causing the service to establish a communications link with a peer application, mutually authenticate the peer application, and enable the peer application to reconstruct the session key in order to receive encrypted files sent by the peer-to-peer communications program over the open network.

5. A multi-tier virtual private network, comprising:
- a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network,wherein said means for transmitting data to and receiving data from the open network includes, in any client computer initiating communications with the server;
  
  applications level encryption and authentication software arranged to communicate with the server in order to;
  
  a.) mutually authenticate the server and the client computer initiating communications with the server and b.) generate a session key for use by the client computer initiating communications to encrypt files;
  
  at least one lower level set of communications drivers;
  
  and a shim arranged to intercept function calls and requests for service sent by an applications program to the lower level set of communications drivers in order to cause the applications level authentication and encryption program to communicate with the server, generate said session key, and encrypt files sent by the applications program before transmittal over said open network,wherein said lower level set of communications drivers includes a network driver layer, a transport driver interface layer arranged to package applications files as packets capable of being routed over the open network and supply the packets to the network driver layer for transmission to the open network, and an applications socket for facilitating service requests by said applications program to the transport driver interface layer, and wherein said shim is a socket shim positioned between the applications program and the socket to intercept function calls to the socket in order to cause the applications level authentication and encryption program to communicate with the server, generate said session key, and encrypt files sent by the applications program before the files are packaged by the transport driver interface layer, andfurther including a transport driver interface shim positioned between the transport driver interface layer and a second applications program, for intercepting requests from the second applications program for service by the transport driver interface layer in order to cause the applications level authentication and encryption program to communicate with the server, generate said session key, and encrypt files sent by the applications program before the files are packaged by the transport driver interface layer.
- View Dependent Claims (6)
- - 6. A multi-tier virtual private network as claimed in claim 5, further comprising a network driver layer shim positioned between the network driver layer and the transport driver interface layer and arranged to intercept files packaged by the transport driver interface layer and encrypt the files using a session key generated during communications with a lower layer of the server.

7. A multi-tier virtual private network, comprising:
- a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network,wherein said means for transmitting data to and receiving data from the open network includes, in an client computer initiating communications with the server;
  
  applications level encryption and authentication software arranged to communicate with the server in order to;
  
  a.) mutually authenticate the server and the client computer initiating communications with the server and b.) generate a session key for use by the client computer initiating communications to encrypt files;
  
  at least one lower level set of communications drivers;
  
  and a shim arranged to intercept function calls and requests for service sent by an applications program to the lower level set of communications drivers in order to cause the applications level authentication and encryption program to communicate with the server, generate said session key, and encrypt files sent by the applications program before transmittal over said open network, andwherein said lower level set of communications drivers includes a network driver layer, and a transport driver interface layer arranged to package applications files as packets capable of being routed over the open network and supply the packets to the network driver layer for transmission to the open network, and wherein said shim is a transport driver interface layer shim positioned between the applications program and the transport driver interface layer to intercept service requests by the applications program to the transport driver interface layer in order to cause the applications level authentication and encryption program to communicate with the server, generate said session key, and encrypt files sent by the applications program before the files are packaged by the transport driver interface layer.
- View Dependent Claims (8, 9)
- - 8. A multi-tier virtual private network as claimed in claim 7, wherein said applications program is a peer-to-peer communications program, and wherein a peer application destination address, included in said intercepted requests for service, is diverted by the transport driver interface layer shim and supplied to the server during communications with the server, causing the service to establish a communications link with a peer application, mutually authenticate the peer application, and enable the peer application to reconstruct the session key in order to receive encrypted files sent by the peer-to-peer communications program over the open network.
  - 9. A multi-tier virtual private network as claimed in claim 7, further comprising a network driver layer shim positioned between the network driver layer and the transport driver interface layer and arranged to intercept files packaged by the transport driver interface layer and encrypt the files using a session key generated during communications with a lower layer of the server.

10. A multi-tier virtual private network, comprising:
- a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network,wherein said means for transmitting data to and receiving data from the open network includes, in any client computer initiating communications with the server;
  
  applications level encryption and authentication software arranged to communicate with the server in order to;
  
  a.) mutually authenticate the server and the client computer initiating communications with the server and b.) generate a session key for use by the client computer initiating communications to encrypt files; and
  
  at least one lower level set of communications drivers,wherein said lower level set of communications drivers includes a network driver layer, a transport driver interface layer arranged to package applications files as packets capable of being routed over the open network and supply the packets to the network driver layer for transmission to the open network, and a network driver layer shim positioned between the transport driver interface layer and the network driver layer and arranged to intercept files packaged by the transport driver interface layer and encrypt the files using a session key generated during communications with a lower layer of the server.

11. A multi-tier virtual private network, comprising:
- a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network,wherein said means for transmitting data to and receiving data from the open network includes, in any client computer initiating communications with the server;
  
  applications level encryption and authentication software arranged to communicate with the server in order to;
  
  a.) mutually authenticate the server and the client computer initiating communications with the server and b.) generate a session key for use by the client computer initiating communications to encrypt files; and
  
  further comprising means for securing peer-to-peer communications between applications on two of said client computers, said peer-to-peer communications securing means comprising;
  
  means for intercepting a destination address during initialization of communications by a first of said two client computers;
  
  means for causing said authentication software to communicate with the server to carry out functions a.) and b.);
  
  means for transmitting said destination address to said server;
  
  means for causing said server to carry-out functions a.) and b.) with respect to the second of said two client computers;
  
  means for enabling said second of said two client computers to recreate the session key;
  
  means for causing said authentication software to encrypt files to be sent to the destination address using the session key;
  
  means for transmitting the encrypted files directly to the destination address.
- View Dependent Claims (12, 13, 14)
- - 12. A multi-tier virtual private network as claimed in claim 11, wherein said means for intercepting the destination address comprises a shim positioned between the peer-to-peer applications program and a layer of a communications driver architecture of said first of the two client computers.
  - 13. A multi-tier virtual private network as claimed in claim 11, wherein said shim is positioned above a socket, the socket being positioned above a transport driver layer of said communications driver architecture.
  - 14. A multi-tier virtual private network as claimed in claim 11, wherein said shim is positioned above a transport driver layer of said communications driver architecture.

15. Computer software for installation on a client computer of a multi-tier virtual private network, said network including a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network, wherein said computer software includes:
- applications level encryption and authentication software arranged to communicate with the server in order to;
  
  a.) mutually authenticate the server and the client computer initiating communications with the server and b.) generate a session key for use by the client computer initiating communications to encrypt files;
  
  and a shim arranged to intercept function calls and requests for service sent by an applications program to a lower level set of communications drivers in order to cause the applications level authentication and encryption program to communicate with the server, generate said session key, and encrypt files sent by the applications program before transmittal over said open network,wherein said lower level set of communications drivers includes a network driver layer, a transport driver interface layer arranged to package applications files as packets capable of being routed over the open network and supply the packets to the network driver layer for transmission to the open network, and an applications socket for facilitating service requests by said applications program to the transport driver interface layer, and wherein said shim is a socket shim positioned between the applications program and the socket to intercept function calls to the socket in order to cause the applications level authentication and encryption program to communicate with the server, generate said session key, and encrypt files sent by the applications program before the files are packaged by the transport driver interface layer, andwherein said applications program is a peer-to-peer communications program, wherein a peer application destination address, included in said function calls to the socket, is diverted by the socket shim, and wherein a destination address including said intercepted function calls is supplied to the server during communications with the server, causing the service to establish a communications link with a peer application, mutually authenticate the peer application, and enable the peer application to reconstruct the session key in order to receive encrypted files sent by the peer-to-peer communications program over the open network.

16. Computer software for installation on a client computer of a multi-tier virtual private network, said network including a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network,wherein said computer software includes:
- applications level encryption and authentication software arranged to communicate with the server in order to;
  
  a.) mutually authenticate the server and the client computer initiating communications with the server and b.) generate a session key for use by the client computer initiating communications to encrypt files;
  
  and a shim arranged to intercept function calls and requests for service sent by an applications program to a lower level set of communications drivers in order to cause the applications level authentication and encryption program to communicate with the server, generate said session key, and encrypt files sent by the applications program before transmittal over said open network,wherein said lower level set of communications drivers includes a network driver layer, a transport driver interface layer arranged to package applications files as packets capable of being routed over the open network and supply the packets to the network driver layer for transmission to the open network, and an applications socket for facilitating service requests by said applications program to the transport driver interface layer, and wherein said shim is a socket shim positioned between the applications program and the socket to intercept function calls to the socket in order to cause the applications level authentication and encryption program to communicate with the server, generate said session key, and encrypt files sent by the applications program before the files are packaged by the transport driver interface layer, andfurther including a transport driver interface shim positioned between the transport driver interface layer and a second applications program, for intercepting requests from the second applications program for service by the transport driver interface layer in order to cause the applications level authentication and encryption program to communicate with the server, generate said session key, and encrypt files sent by the applications program before the files are packaged by the transport driver interface layer.
- View Dependent Claims (17)
- - 17. Computer software as claimed in claim 16, further comprising a network driver layer shim positioned between the network driver layer and the transport driver interface layer and arranged to intercept files packaged by the transport driver interface layer and encrypt the files using a session key generated during communications with a lower layer of the server.

18. Computer software for installation on a client computer of a multi-tier virtual private network, said network including a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network,wherein said computer software includes:
- applications level encryption and authentication software arranged to communicate with the server in order to;
  
  a.) mutually authenticate the server and the client computer initiating communications with the server and b.) generate a session key for use by the client computer initiating communications to encrypt files;
  
  and a shim arranged to intercept function calls and requests for service sent by an applications program to a lower level set of communications drivers in order to cause the applications level authentication and encryption program to communicate with the server, generate said session key, and encrypt files sent by the applications program before transmittal over said open network, andwherein said lower level set of communications drivers includes a network driver layer, and a transport driver interface layer arranged to package applications files as packets capable of being routed over the open network and supply the packets to the network driver layer for transmission to the open network, and wherein said shim is a transport driver interface layer shim positioned between the applications program and the transport driver interface layer to intercept service requests by the applications program to the transport driver interface layer in order to cause the applications level authentication and encryption program to communicate with the server, generate said session key, and encrypt files sent by the applications program before the files are packaged by the transport driver interface layer.
- View Dependent Claims (19, 20)
- - 19. Computer software as claimed in claim 18, wherein said applications program is a peer-to-peer communications program, and wherein a peer application destination address, included in said intercepted requests for service, is diverted by the transport driver interface layer shim and supplied to the server during communications with the server, causing the service to establish a communications link with a peer application, mutually authenticate the peer application, and enable the peer application to reconstruct the session key in order to receive encrypted files sent by the peer-to-peer communications program over the open network.
  - 20. Computer software as claimed in claim 18, further comprising a network driver layer shim positioned between the network driver layer and the transport driver interface layer and arranged to intercept files packaged by the transport driver interface layer and encrypt the files using a session key generated during communications with a lower layer of the server.

21. Computer software for installation on a client computer of a multi-tier virtual private network, said network including a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network,wherein said computer software includes:
- applications level encryption and authentication software arranged to communicate with the server in order to;
  
  a.) mutually authenticate the server and the client computer initiating communications with the server and b.) generate a session key for use by the client computer initiating communications to encrypt files; and
  
  at least one lower level set of communications drivers,wherein said lower level set of communications drivers includes a network driver layer, a transport driver interface layer arranged to package applications files as packets capable of being routed over the open network and supply the packets to the network driver layer for transmission to the open network, and a network driver layer shim positioned between the transport driver interface layer and the network driver layer and arranged to intercept files packaged by the transport driver interface layer and encrypt the files using a session key generated during communications with a lower layer of the server.

22. Computer software for installation on a client computer of a multi-tier virtual private network, said network including a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network,wherein said computer software includes:
- applications level encryption and authentication software arranged to communicate with the server in order to;
  
  a.) mutually authenticate the server and the client computer initiating communications with the server and b.) generate a session key for use by the client computer initiating communications to encrypt files; and
  
  further comprising means for securing peer-to-peer communications between applications on two of said client computers, said peer-to-peer communications securing means comprising;
  
  means for intercepting a destination address during initialization of communications by a first of said two client computers;
  
  means for causing said authentication software to communicate with the server to carry out functions a.) and b.);
  
  means for transmitting said destination address to said server;
  
  means for causing said server to carry-out functions a.) and b.) with respect to the second of said two client computers;
  
  means for enabling said second of said two client computers to recreate the session key;
  
  means for causing said authentication software to encrypt files to be sent to the destination address using the session key;
  
  means for transmitting the encrypted files directly to the destination address.
- View Dependent Claims (23, 24, 25)
- - 23. Computer software as claimed in claim 22, wherein said means for intercepting the destination address comprises a shim positioned between the peer-to-peer applications program and a layer of a communications driver architecture of said first of the two client computers.
  - 24. Computer software as claimed in claim 22, wherein said shim is positioned above a socket, the socket being positioned above a transport driver layer of said communications driver architecture.
  - 25. Computer software as claimed in claim 22, wherein said shim is positioned above a transport driver layer of said communications driver architecture.

26. A method of carrying out communications over a multi-tier virtual private network, said network including a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network, comprising the steps of:
- intercepting function calls and requests for service sent by an applications program in one of said client computers to a lower level set of communications drivers;
  
  causing an applications level authentication and encryption program in said one of said client computers to communicate with the server, generate a session key, and use the session key generated by the applications level authentication and encryption program to encrypt files sent by the applications program before transmittal over said open network; and
  
  intercepting files packaged by a transport driver interface layer to form packets and encrypting the packets using a session key generated during communications between a lower layer of the server and a lower layer of said one of said client computers.

27. A method of carrying out communications over a multi-tier virtual private network, said network including a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network, comprising the steps of:
- intercepting function calls and requests for service sent by an applications program in one of said client computers to a lower level set of communications drivers;
  
  causing an applications level authentication and encryption program said one of said client computers to communicate with the server, generate a session key, and use the session key generated by the applications level authentication and encryption program to encrypt files sent by the applications program before transmittal over said open network;
  
  intercepting a destination address during initialization of communications between said one of said client computers and a second of said client computers on said virtual private network;
  
  causing said applications level authentication and encryption program to communicate with the server in order to enable the applications level authentication and encryption program to generate said session key;
  
  transmitting said destination address to said server;
  
  causing said server to communicate with the second of said two client computers;
  
  enabling said second of said two client computers to recreate the session key;
  
  causing said authentication software to encrypt files to be sent to the destination address using the session key; and
  
  transmitting the encrypted files directly to the destination address.
- View Dependent Claims (28)
- - 28. A method as claimed in claim 27, wherein said step of intercepting the destination address is carried out by a shim positioned between a peer-to-peer applications program and a layer of a communications driver architecture of said one of the two client computers.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
SSL Services LLC
Original Assignee
V-ONE Corp. (AEP Networks Ltd.)
Inventors
Wang, Jieh-Shan, Chen, James F., Garvey, Francis, Brook, Christopher T.
Primary Examiner(s)
WRIGHT, NORMAN M

Application Number

US08/917,341
Time in Patent Office

987 Days
Field of Search

395/187.01, 395/186, 395/188.01, 395/200.49, 395/200.47, 395/200.48, 395/200.55, 380/21, 380/49, 380/25, 380/4, 380/23, 709/217, 709/218, 709/219, 709/225, 713/201
US Class Current

726/15
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 67/01   Protocols

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/162   involving adaptations of so...

Multi-access virtual private network

First Claim

5 Assignments

Litigations

0 Petitions

Accused Products

Abstract

398 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-access virtual private network

First Claim

5 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

398 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links