Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-06-22
2004-02-17
Barrón, Gilberto (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S153000, C713S168000
Reexamination Certificate
active
06694437
ABSTRACT:
BACKGROUND OF THE INVENTION
A. Field of the Invention
The present invention generally relates to an access concentrator for communicating virtual private networks, and more particularly to an on-demand access concentrator capable of providing users of virtual private networks with various choices of services before connecting to a server of the user's company.
B. Description of the Prior Art
A virtual private network (VPN)
19
is a private data network that makes use of the public telecommunication infrastructure as illustrated in
FIG. 1. A
company or corporation
14
can use a wide-area network
15
as a single large local area network via a contracted internet service provider (ISP)
13
. A VPN user
11
may connect to the VPN
19
via the ISP
13
using Point-to-Point Tunneling Protocol (PPTP). PPTP is an extension of the Internet's protocol that allows companies or corporations to extend their own corporate network through private tunnels
16
over the public Internet
15
. With PPTP, any user of a PC with PPP client support is able to dial-up PSTNs
12
to connect to an ISP
13
and then connect securely to a server
14
elsewhere in the user's VPN
19
. Consequently, a company no longer needs to lease its own lines for wide-area communication but can securely use the public Internet
15
.
The ISP
13
uses an Access Concentrator
17
and a database
18
for handling the communications of VPNs. The Access Concentrator
17
provides two interfaces: a VPN interface
171
for providing point-to-point access using PSTN or ISDN lines, and an Internet interface
172
for providing TCP/IP protocol to pass traffic to the Internet
15
or non-VPN.
PPTP uses an enhanced GRE (Generic Routing Encapsulation) mechanism to provide a flow- and congestion-controlled encapsulated datagram service for carrying PPP packets. When a user
11
of a corporation uses PPTP and dials up to the ISP
13
, the packets will be encapsulated and then sent to the Access Concentrator
17
. The encapsulated PPP packets will be carried over IP. Thus, the data format for the encapsulated packet is illustrated in FIG.
2
. It includes a Media header
21
, an IP header
22
, a GRE header
23
, and then the PPP packet
24
.
A conventional Access Concentrator
17
will simply check the authenticity of the dial-up user from the call ID of the PPP packet and then assign a legal network address as a source address for the authenticated user to access the VPN without actually decrypting the PPP packets. In other words, the ISP
13
allows the dial-up user
11
to directly perform PPP negotiation with the server
14
in the user's company. Consequently, if the dial-up user simply wants to browse the World Wide Web, or using TELNET, FTP, he still has to connect -to the server
14
of the VPN
19
. This is undesirable because connecting to a remote server needs more time and traffic.
Besides, based on the current architecture of an Access Concentrator, if we want to add the on-demand function to a conventional Access Concentrator, the software must be complied with the architecture of RADIOU Service (Remote Authentication Dial-In User). In other words, the PPP itself has to be modified to support EAP standard (PPP extensible authentication, RFC 2284) in addition to the modification on the authentication architecture of RADIUS. That would require additional costs in implementation and programming.
SUMMARY OF THE INVENTION
Accordingly, it is an object of the present invention to provide a system and method for an Access Concentrator to provide on-demand functions, so that a VPN user may request a non-VPN service to the Access Concentrator without having to access the server of the VPN.
It is another object of the present invention to provide a system and method for an Access Concentrator to provide on-demand functions, which is easy to implement and requires very little program revision, thereby to reduce the implementation costs and time.
In accordance with the invention, a system and method for on-demand Access Concentrator is provided for Virtual Private Networks. The invention involves in performing two steps of PPP negotiations. And before the second PPP negotiation is performed, an on-demand service is provided for the dial-up user to choose. The first PPP negotiation is performed between a host machine of a dial-up user and an Access Concentrator. In the first PPP negotiation, the authenticity of the dial-up user will be checked. If the dial-up user is authentic, the dial-up user will be assigned with a new network address. Then, the dial-up user is free to choose a VPN service or a non-VPN service, such as FTP, TELNET, WWW, or BBS. If the dial-up user requests a non-VPN service, the Access Concentrator will simply forward the packets of the dial-up user to their destinations. If the dial-up user requests a VPN service, a second PPP negotiation between the host machine of the dial-up user and a VPN server will be established. If the second PPP negotiation is successful, the dial-up user will be assigned with a legal VPN network address to access the VPN. Consequently, the dial-up user can access non-VPN service without having to directly connect to a VPN server.
REFERENCES:
patent: 5894557 (1999-04-01), Bade et al.
patent: 6487598 (2002-11-01), Valencia
patent: 6496491 (2002-12-01), Chuah et al.
Do Wei-Yuan
Lee Isaac Yi-Yuan
Pao Lih-Gwo
Barrón Gilberto
Fields Courtney D.
Institute for Information Technology
LandOfFree
System and method for on-demand access concentrator for... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for on-demand access concentrator for..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for on-demand access concentrator for... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3307740