Electrical computers and digital processing systems: support – Multiple computer communication using cryptography
Reexamination Certificate
2000-06-01
2004-12-14
Morse, Gregory (Department: 2134)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
C713S153000, C713S156000, C713S152000, C713S152000
Reexamination Certificate
active
06832313
ABSTRACT:
BACKGROUND OF THE INVENTION
This invention relates to a method and means permitting migration from in-clear working over a communications link, to encrypted working and in particular, but not exclusively, to migration from in-clear working over a network to encrypted virtual private network (VPN) working.
A VPN is a network of connections between a number of sites that has the appearance of being dedicated and private to these sites but actually can be implemented over a shared network such as the Internet.
SUMMARY OF THE INVENTION
According to one aspect of the present invention there is provided a computer system comprising a first node, a second node and a communications link connecting the first node and the second node, and wherein initially the system is capable of working in a plurality of modes, including a first mode corresponding to in-clear working over the link, a second mode corresponding to encrypted working over the link, and a third mode, employed for migration from in-clear to encrypted working over the link, and wherein the third mode provides in-clear working until means required for encrypted working are provided at both the first and the second nodes, when encrypted working is commenced and from which point in time only encrypted working is possible over the link.
According to a second aspect of the present invention there is provided a computer system comprising a first node, a second node and a communications link connecting the first node and the second node, wherein the system is initially capable of operating in a plurality of modes, including a first mode corresponding to in-clear working over the link, a second mode corresponding to encrypted working over the link, and a third mode, employed for migration from in-clear working over the link to encrypted working over the link, in which one said node is set to “initiate encryption” and the other said node is set to “accept encryption”, and wherein the third mode provides in-clear working until means required for encrypted working are installed at both the first and the second nodes, when encrypted working is provided over the link and from which point in time only encrypted working is possible over the link.
According to another aspect of the present invention there is provided a computer system capable of operation as a virtual private network (VPN) including at least one central server and at least one remote client connectable by a shared network, wherein the or each server and the or each client include respective security policy files with settings of “in-clear”, “initiate encryption” or “accept encryption”, and “encrypt” for information to be transmitted therebetween, “in-clear” corresponding to a mode of operation comprising working in-clear, “encrypt” corresponding to a mode of operation comprising encrypted VPN working over the network, and “initiate encryption” or “accept encryption”, being employed for a mode of operation when migration from in-clear to encrypted VPN working is required, which migration mode provides in-clear working until authentication keys required for encrypted working are installed at both ends of a particular server/client link across the network, when encrypted VPN working is provided for said link and from which point in time only encrypted working is possible over said link.
According to yet another aspect of the present invention there is provided a method for use in migrating operation of a computer system from in-clear working to encrypted working, the computer system comprising a first node, a second node and a communications link connecting the first and second nodes, the computer system initially being capable of operating in a plurality of modes including “in-clear” mode, migration mode having settings of “initiate encryption” or “accept encryption”, and “encrypt” mode, means enabling encrypted working being required to be installed at the first and second nodes before encrypted working can commence, the method including the steps of installing said means at the first node, setting the first node to “initiate encryption”, setting the second node to “accept encryption”, as a result of which messages transmitted between said nodes are transmitted in-clear, subsequently installing said means at the second node, as a result of which messages between the nodes are transmitted encrypted, and setting the first and second nodes to “encrypt” mode whereby only encrypted working is subsequently possible over the link.
According to a still further aspect of the present invention there is provided a method for use in migrating operation of a computer system, comprising at least one central server and at least one remote client connectable by a shared network, from in-clear working to virtual private network (VPN) working, including the step of providing the or each server and the or each client with respective security policy files having settings for “in-clear”, “initiate encryption” or “accept encryption”, and “encrypt” for information to be transmitted therebetween, “in-clear” corresponding to a mode of operation comprising working in-clear, “encrypt” corresponding to a mode of operation comprising encrypted VPN working over the network, and “initiate encryption” or “accept encryption” corresponding to a mode of operation which is employed when migration from in-clear to encrypted VPN working is required and which provides in-clear working until authentication keys required for encrypted working are installed, and including the steps of setting the policy file on the server of a particular link to “initiate encryption” and setting the policy file on the client of said particular link to “accept encryption” when migration is required, installing the authentication key at the server of said particular link, messages between the server and the client of the particular link thereby being transmitted in clear, subsequently installing the authentication keys at the client of said particular link whereby encrypted VPN working commences instead of in-clear working, and resetting the security policy files of the server and client of said particular link to “encrypt” whereby only encrypted working is subsequently possible over said link.
REFERENCES:
patent: 4091423 (1978-05-01), Branscome
patent: 4369332 (1983-01-01), Campbell, Jr.
patent: 4815128 (1989-03-01), Malek
patent: 5077791 (1991-12-01), Salihi
patent: 5214698 (1993-05-01), Smith et al.
patent: 5428686 (1995-06-01), Brown et al.
patent: 5579394 (1996-11-01), Waldron
patent: 5594798 (1997-01-01), Cox
patent: 5822434 (1998-10-01), Caronni
patent: 6092200 (2000-07-01), Muniyappa et al.
patent: 6158011 (2000-12-01), Chen et al.
patent: 6173399 (2001-01-01), Gilbrech
patent: 6175917 (2001-01-01), Arrow et al.
patent: 6226748 (2001-05-01), Bots et al.
patent: 6226751 (2001-05-01), Arrow et al.
patent: 6353886 (2002-03-01), Howard et al.
patent: 6363154 (2002-03-01), Peyravian et al.
patent: 6430691 (2002-08-01), Di Santo
patent: 6483919 (2002-11-01), Lund et al.
patent: 0784392 (1997-07-01), None
patent: WO 98/19243 (1998-05-01), None
patent: WO 98/27783 (1998-06-01), None
Barnes & Thornburg
Fujitsu Services Limited
Morse Gregory
Tran Tongoc
LandOfFree
Migration from in-clear to encrypted working over a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Migration from in-clear to encrypted working over a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Migration from in-clear to encrypted working over a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3313316