System and method for separating addresses from the delivery scheme in a virtual private network
First Claim
1. A network communication system including a plurality of computers each including a memory which communicate over a private network which operates over a public network infrastructure, the network communication system including:
- a plurality of software nodes operating in the memory of each of the plurality of computers;
at least one administrative software node which operates in the memory of at least one of the plurality of computers;
a channel communication unit in each administrative software node which is configured to create at least one communication channel between at least two of the plurality of software nodes; and
a security unit in each administrative software node configured to receive messages from one of the plurality of software nodes,wherein,the plurality of software nodes communicate with one another using a plurality of delivery schemes,the messages include an internal address of a software node suitable for use in communicating within the private network and information for translating the internal address of the software node into an external address the software node suitable for communicating over the public network infrastructure,the channel communication unit in one of the administrative software nodes assigns each of the communication channels a unique key information for decrypting private network identification of source software nodes and destination software nodes, and channel identification for communication between the software nodes,one of the administrative software nodes changes the key information for each channel when a new software node is added to the channel,one of the plurality of delivery schemes utilizes the external address of the software node for delivery of the communication and for encryption of the communication over the public network infrastructure,the internal address of the software node is not incorporated in the encryption of the communication or in the delivery scheme used to deliver the communication over the public network infrastructure, andthe received messages are routed based on corresponding packets, which include the key information.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems consistent with the present invention establish a virtual network on top of current IP network naming schemes. The virtual network uses a separate layer to create a modification to the IP packet format that is used to separate network behavior from addressing. As a result of the modification to the packet format, any type of delivery method may be assigned to any address or group of addresses. The virtual network also maintains secure communications between nodes, while providing the flexibility of assigning delivery methods independent of the delivery addresses.
111 Citations
10 Claims
-
1. A network communication system including a plurality of computers each including a memory which communicate over a private network which operates over a public network infrastructure, the network communication system including:
-
a plurality of software nodes operating in the memory of each of the plurality of computers; at least one administrative software node which operates in the memory of at least one of the plurality of computers; a channel communication unit in each administrative software node which is configured to create at least one communication channel between at least two of the plurality of software nodes; and a security unit in each administrative software node configured to receive messages from one of the plurality of software nodes, wherein, the plurality of software nodes communicate with one another using a plurality of delivery schemes, the messages include an internal address of a software node suitable for use in communicating within the private network and information for translating the internal address of the software node into an external address the software node suitable for communicating over the public network infrastructure, the channel communication unit in one of the administrative software nodes assigns each of the communication channels a unique key information for decrypting private network identification of source software nodes and destination software nodes, and channel identification for communication between the software nodes, one of the administrative software nodes changes the key information for each channel when a new software node is added to the channel, one of the plurality of delivery schemes utilizes the external address of the software node for delivery of the communication and for encryption of the communication over the public network infrastructure, the internal address of the software node is not incorporated in the encryption of the communication or in the delivery scheme used to deliver the communication over the public network infrastructure, and the received messages are routed based on corresponding packets, which include the key information. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A network delivery system including a plurality of software nodes operating in a memory of a plurality of computers which communicate over the infrastructure of a public network, and where the software nodes utilize a plurality of delivery schemes to communicate with each other over a plurality of channels, and at least one of the software nodes acts as an administrative node which performs a method comprising the steps of:
-
assigning to each software node (1) an internal address, (2) a unique key information for decrypting private network identification of source software nodes and destination software nodes, and (3) channel identification for communication between the software nodes; mapping the internal address to an external address for each of the software nodes; encrypting a communication from a source software node to at least one destination software node using the external address of the destination software node; delivering an encrypted communication over the private network using a delivery scheme incorporating the external address of the destination software node without incorporating the internal address of destination software node; permitting the source and destination software nodes to communicate with each other on the private network in a secure manner based on a selected delivery scheme; and changing the key information when a new software node is added to the channel, wherein, the encrypted communication is routed based on a packet, which includes the key information. - View Dependent Claims (9, 10)
-
Specification