Electrical computers and digital processing systems: multicomput – Network-to-computer interfacing
Reexamination Certificate
1999-01-29
2003-10-21
Hayes, Gail (Department: 2131)
Electrical computers and digital processing systems: multicomput
Network-to-computer interfacing
C713S152000, C709S227000, C709S228000, C709S229000
Reexamination Certificate
active
06636898
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Technical Field of the Invention
This invention pertains to central management of connections in a system. More particularly, it pertains to central management of connections within Virtual Private Networks implementing IPSec and ISAKMP Internet security protocols.
2. Background Art
With the onset of network computing came the need to insure secure connections between networked computers. Usually companies resorted to establishing private networks to do this, and at considerable expense. However, as this trend of Network Computing continues to evolve, it is necessary to extend secure communications with in the enterprise and to utilize the public networks. Driving factors include the need for mobility, company mergers and acquisitions, and the usual “improving the bottom line”. Virtual Private Networks (VPNs), in this context, allow customers to use existing private or public networks, including the Internet, to establish secure connections between other businesses, branch offices, and remote users.
One problem with VPNs is they are usually implemented via proprietary techniques, such that interoperability is limited to single vendor solutions. The IETF now has working groups and draft standards which will allow a more uniform VPN solution across vendors that implement to those standards. IP Security (IPSec) and Internet Security Association Key Management Protocol (ISAKMP) are examples of these standards and these are the standards used in the preferred embodiment of the invention.
Furthermore, the current state of the art establishes IPSec tunnels using these standards, however there is a requirement heretofore not met for providing systems the ability to manage connections established using these standards.
The creation of virtual private networks demands system security on those systems that act as IPSec connection endpoints. Without it, it is not possible to insure that the system isn't compromised in some way, and that the resulting IPSec tunnel or the VPN connection isn't compromised. Furthermore, for security reasons and connection manageability reasons, it is desireable the system have a single point of control for all IPSec tunnels and also for VPN connections. This single point of control needs to be able to, programmatically, control connections. The control of the connections include the ability to start and stop manual and dynamic VPN connections. It also needs to delete connections that might have had errors associated with them. For the purposes of interrogating VPN connection status on the system, it needs to provide the ability to query information on these connections. It also needs to manage such things as connection lifetimes, and the refresh of keying material, that is the re-negotiation of dynamic Security Associations (SAs). It should also provide the ability to create VPN connections when this system is acting in a responder role, that is the opposite endpoint of an initiated connection.
It is an object of the invention to provide a system and method for centrally managing connections in a virtual private network.
It is a further objective of the invention to provide a system and method for centrally managing VPN connections with the ability (a) to control access to the resources necessary to start the servers that manage VPN connections, and to control access in the management of those VPN connections; and (b) to start, stop delete and query defined VPN connections on the system, including the ability to discover which connections should be started in a variety of ways.
It is a further object of the invention to provide a system and method for establishing (starting) an active VPN connection in a plurality of ways, including VPN connections using IPSec technologies for protection of IP datagrams.
It is a further object of the invention to limit these VPN connections to a particular lifetime, and to refresh the keying material when VPN policy dictates it is time.
SUMMARY OF THE INVENTION
In accordance with the invention, there is provided a system and method for centrally managing connections in a virtual private network. A connection manager is selectively operable for managing, including starting, stopping, deleting, and querying, instantiated connections.
REFERENCES:
patent: 5345502 (1994-09-01), Rothenhofer
patent: 5432783 (1995-07-01), Ahmed et al.
patent: 5432785 (1995-07-01), Ahmed et al.
patent: 5621727 (1997-04-01), Vaudreuil
patent: 5623492 (1997-04-01), Teraslinna
patent: 5706279 (1998-01-01), Teraslinna
patent: 5761201 (1998-06-01), Vaudreuil
patent: 5768271 (1998-06-01), Seid et al.
patent: 5812525 (1998-09-01), Teraslinna
patent: 5835724 (1998-11-01), Smith
patent: 5835726 (1998-11-01), Shwed et al.
patent: 6055575 (2000-04-01), Paulsen et al.
patent: 6061796 (2000-05-01), Chen et al.
patent: 6079020 (2000-06-01), Liu
patent: 6173399 (2001-01-01), Gilbrech
patent: 2002/0055989 (2002-05-01), Stringer-Calvert et al.
Stern,Morgan, Extend Your Net with VPNs,BYTE Magazine, Nov. 1997, entire document.*
Loshin,Pete, Extranets Reach the Spotlight,BYTE Magazine, Jan. 1998, entire document.*
Stonesoft Corp., “VPN Client Installation and User Guide”, 2001, Stonesoft Corp., Version 2.0, entire document.*
Hilton, Scott W., “Adding the ‘N’ to Virtual Private Networking”, 2/99, Horizon House Publications, pp. 43-44.*
Greene, Tim, “VPNs are easy-once you get the clients installed”, May 31, 1999, Network World, Inc.,p. 28.*
Snyder, Joel, “Maturity brings a new face to IPSec VPN products”, Oct. 28, 2002,Network World, Inc.,p. 51.
Ludovici David S.
Melville Mark J.
Mullock Richard A.
Paxhia Frank V.
Baum Ronald
Beckstrand Shelley M.
Hayes Gail
LandOfFree
System and method for central management of connections in a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for central management of connections in a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for central management of connections in a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3173166