Agile network protocol for secure communications with assured system availability
DC- US 6,502,135 B1
- Filed: 02/15/2000
- Issued: 12/31/2002
- Est. Priority Date: 10/30/1998
- Status: Expired due to Term
First Claim
Patent Images
1. A method of transparently creating a virtual private network (VPN) between a client computer and a target computer, comprising the steps of:
- (1) generating from the client computer a Domain Name Service (DNS) request that requests an IP address corresponding to a domain name associated with the target computer;
(2) determining whether the DNS request transmitted in step (1) is requesting access to a secure web site; and
(3) in response to determining that the DNS request in step (2) is requesting access to a secure target web site, automatically initiating the VPN between the client computer and the target computer.
3 Assignments
Litigations
8 Petitions
Reexaminations
Accused Products
Abstract
A plurality of computer nodes communicate using seemingly random Internet Protocol source and destination addresses. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are quickly rejected. Improvements to the basic design include (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities.
-
Citations
17 Claims
-
1. A method of transparently creating a virtual private network (VPN) between a client computer and a target computer, comprising the steps of:
-
(1) generating from the client computer a Domain Name Service (DNS) request that requests an IP address corresponding to a domain name associated with the target computer;
(2) determining whether the DNS request transmitted in step (1) is requesting access to a secure web site; and
(3) in response to determining that the DNS request in step (2) is requesting access to a secure target web site, automatically initiating the VPN between the client computer and the target computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
(4) in response to determining that the DNS request in step (2) is not requesting access to a secure target web site, resolving the IP address for the domain name and returning the IP address to the client computer. -
-
4. The method of claim 1, wherein step (3) comprises the step of, prior to automatically initiating the VPN between the client computer and the target computer, determining whether the client computer is authorized to establish a VPN with the target computer and, if not so authorized, returning an error from the DNS request.
-
5. The method of claim 1, wherein step (3) comprises the step of, prior to automatically initiating the VPN between the client computer and the target computer, determining whether the client computer is authorized to resolve addresses of non secure target computers and, if not so authorized, returning an error from the DNS request.
-
6. The method of claim 1, wherein step (3) comprises the step of establishing the VPN by creating an IP address hopping scheme between the client computer and the target computer.
-
7. The method of claim 1, wherein step (3) comprises the step of using a gatekeeper computer that allocates VPN resources for communicating between the client computer and the target computer.
-
8. The method of claim 1, wherein step (2) is performed in a DNS proxy server that passes through the request to a DNS server if it is determined in step (3) that access is not being requested to a secure target web site.
-
9. The method of claim 5, wherein step (3) comprises the step of transmitting a message to the client computer to determine whether the client computer is authorized to establish the VPN target computer.
-
10. A system that transparently creates a virtual private network (VPN) between a client computer and a secure target computer, comprising:
-
a DNS proxy server that receives a request from the client computer to look up an IP address for a domain name, wherein the DNS proxy server returns the IP address for the requested domain name if it is determined that access to a non-secure web site has been requested, and wherein the DNS proxy server generates a request to create the VPN between the client computer and the secure target computer if it is determined that access to a secure web site has been requested; and
a gatekeeper computer that allocates resources for the VPN between the client computer and the secure web computer in response to the request by the DNS proxy server. - View Dependent Claims (11, 12)
-
-
13. A method of establishing communication between one of a plurality of client computers and a central computer that maintains a plurality of authentication tables each corresponding to one of the client computers, the method comprising the steps of:
-
(1) in the central computer, receiving from one of the plurality of client computers a request to establish a connection;
(2) authenticating, with reference to one of the plurality of authentication tables, that the request received in step (1) is from an authorized client;
(3) responsive to a determination that the request is from an authorized client, allocating resources to establish a virtual private link between the client and a second computer; and
(4) communicating between the authorized client and the second computer using the virtual private link. - View Dependent Claims (14, 15, 16, 17)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
Litigation Data
-
Current AssigneeN/A
-
Original AssigneeN/A
-
InventorsMunger, Edmund Colby, Schmidt, Douglas Charles, Short, III, Robert Dunham, Larson, Victor, Williamson, Michael
-
Primary Examiner(s)Lim, Krisna
-
Application NumberUS09/504,783
-
Time in Patent Office1,050 Days
-
Field of Search709/249, 709/223, 709/225, 709/229, 709/245, 713/201
-
US Class Current709/225
-
CPC Class CodesH04L 2101/604 Address structures or formatsH04L 45/00 Routing or path finding of ...H04L 45/24 MultipathH04L 45/243 using M+N parallel active p...H04L 45/28 using route fault recoveryH04L 61/35 involving non-standard use ...H04L 61/4511 using domain name system [DNS]H04L 61/5007 Internet protocol [IP] addr...H04L 61/5076 Update or notification mech...H04L 61/5092 by self-assignment, e.g. pi...H04L 63/0272 Virtual private networksH04L 63/0407 wherein the identity of one...H04L 63/0414 during transmission, i.e. p...H04L 63/0428 wherein the data content is...H04L 63/08 for authentication of entit...H04L 63/10 for controlling access to d...H04L 63/1458 Denial of ServiceH04L 63/1466 Active attacks involving in...H04L 63/1491 using deception as counterm...H04L 65/403 Arrangements for multi-part...
