Multi-access virtual private network
DC CAFCFirst Claim
1. Apparatus for carrying out communications over a multi-tier virtual private network, said network including a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network, wherein said means for transmitting data to and receiving data from an open network includes a lower set of communications drivers, said lower set of communications drivers being arranged to receive function calls and requests for service from an applications program in order to transmit and receive said data comprising:
- means for intercepting said function calls and requests for service sent by said applications program to said lower level set of communications drivers, said intercepted function calls and requests for service being limited to communications functions with no reference to encryption functions;
means for causing an applications level authentication and encryption program in said one of said client computers to communicate with the server in response to receiving said intercepted function calls and requests for service by generating a session key, using the session key generated by the applications level authentication and encryption program to encrypt file sent by the applications program, and sending function calls and requests for service to the lower level set of communications drivers in order to transmit said encrypted files over said open network.
2 Assignments
Litigations
1 Petition
Reexaminations
Accused Products
Abstract
A virtual private network for communicating between a server and clients over an open network uses an applications level encryption and mutual authentication program and at least one shim positioned above either the socket, transport driver interface, or network interface layers of a client computer to intercept function calls, requests for service, or data packets in order to communicate with the server and authenticate the parties to a communication and enable the parties to the communication to establish a common session key. Where the parties to the communication are peer-to-peer applications, the intercepted function calls, requests for service, or data packets include the destination address of the peer application, which is supplied to the server so that the server can authenticate the peer and enable the peer to decrypt further direct peer-to-peer communications.
199 Citations
7 Claims
-
1. Apparatus for carrying out communications over a multi-tier virtual private network, said network including a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network, wherein said means for transmitting data to and receiving data from an open network includes a lower set of communications drivers, said lower set of communications drivers being arranged to receive function calls and requests for service from an applications program in order to transmit and receive said data comprising:
-
means for intercepting said function calls and requests for service sent by said applications program to said lower level set of communications drivers, said intercepted function calls and requests for service being limited to communications functions with no reference to encryption functions; means for causing an applications level authentication and encryption program in said one of said client computers to communicate with the server in response to receiving said intercepted function calls and requests for service by generating a session key, using the session key generated by the applications level authentication and encryption program to encrypt file sent by the applications program, and sending function calls and requests for service to the lower level set of communications drivers in order to transmit said encrypted files over said open network.
-
-
2. A multi-tier virtual private network, comprising:
-
a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network, wherein said means for transmitting data to and receiving data from the open network includes, in any client computer initiating communications with the server; applications level encryption and authentication software arranged to communicate with the server in order to;
a.) mutually authenticate the server and the client computer initiating communications with the server and b.) generate a session key for use by the client computer initiating communications to encrypt files;at least one lower level set of communications drivers; and a shim arranged to intercept function calls and requests for service sent by an applications program to the lower level set of communications drivers in order to cause the applications level authentication and encryption program to communicate with the server, generate said session key, and encrypt files sent by the applications program before transmittal over said open network. - View Dependent Claims (3)
-
-
4. Computer software for installation on a client computer of a multi-tier virtual private network, said network including a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network, wherein said means for transmitting data to and receiving data from an open network includes a lower set of communications drivers, said lower set of communications drivers being arranged to receive function calls and requests for service from an applications program in order to transmit and receive said data,
wherein said computer software includes: -
applications level encryption and authentication software arranged to communicate with the server in order to;
a.) mutually authenticate the server and the client computer initiating communications with the server and b.) generate a session key for use by the client computer initiating communications to encrypt files;and a shim arranged to intercept said function calls and requests for service sent by an applications program to the lower set of communications drivers, said function calls and requests for service being limited to communications functions without reference to encryption, in order to cause the applications level authentication and encryption program to communicate with the server, generate said session key, and use the session key generated by the applications level encryption and authentication software to encrypt files sent by the applications program before transmittal over said open network using function calls and requests for service transmitted by the applications level authentication and encryption program to the lower level set of communications drivers. - View Dependent Claims (5, 6)
-
-
7. A method of carrying out communications over a multi-tier virtual private network, said network including a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network, wherein said means for transmitting data to and receiving data from an open network includes a lower set of communications drivers, said lower set of communications drivers being arranged to receive function calls and requests for service from an applications program in order to transmit and receive said data, comprising the steps of:
-
intercepting said function calls and requests for service sent by said applications program to said lower level set of communications drivers, said intercepted function calls and requests for service being limited to communications functions with no reference to encryption functions; causing an applications level authentication and encryption program in said one of said client computers to communicate with the server in response to receiving said intercepted function calls and requests for service by generating a session key, using the session key generated by the applications level authentication and encryption program to encrypt file sent by the applications program, and sending function calls and requests for service to the lower level set of communications drivers in order to transmit said encrypted files over said open network.
-
Specification