WO2005057341A3 - Automatic hardware-enabled virtual private network system - Google Patents

Automatic hardware-enabled virtual private network system Download PDF

Info

Publication number
WO2005057341A3
WO2005057341A3 PCT/US2004/040173 US2004040173W WO2005057341A3 WO 2005057341 A3 WO2005057341 A3 WO 2005057341A3 US 2004040173 W US2004040173 W US 2004040173W WO 2005057341 A3 WO2005057341 A3 WO 2005057341A3
Authority
WO
WIPO (PCT)
Prior art keywords
tunnel
establishing
client
remote
authentication packet
Prior art date
Application number
PCT/US2004/040173
Other languages
French (fr)
Other versions
WO2005057341A2 (en
Inventor
Anthony C Fascenda
Original Assignee
Koolspan Inc
Anthony C Fascenda
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koolspan Inc, Anthony C Fascenda filed Critical Koolspan Inc
Publication of WO2005057341A2 publication Critical patent/WO2005057341A2/en
Publication of WO2005057341A3 publication Critical patent/WO2005057341A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Abstract

The present invention provides a technique for automatically establishing efficient, remote, secure client connections to one or more locations using a smart card enabled client driver and a smart card enabled network edge device ('Subnet Box') capable of establishing an end-to-end hardware encrypted tunnel between itself and the client. In an embodiment of the invention, a method of establishing a secure communications tunnel comprises the steps of: authenticating a remote client to a subnet box on a private network, wherein the remote client is connected to the subnet box via a public network, establishing a tunnel between the remote client and the subnet box, and encapsulating all traffic in the tunnel, wherein the tunnel is established only when a unique physical token is coupled to the remote device. The unique physical token comprises a smartcard and is configured to be inserted into a communications port of the remote device. The step of authenticating comprises the steps of: receiving an authentication packet, wherein the first authentication packet comprises an identifier identifying the unique physical token and a first random number, and transmitting a response authentication packet, wherein the response authentication packet comprise a second random number. The step of establishing a secure communications tunnel comprises the step of generating a cryptographic key based on the first and second random numbers.
PCT/US2004/040173 2003-12-02 2004-12-02 Automatic hardware-enabled virtual private network system WO2005057341A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US52612303P 2003-12-02 2003-12-02
US60/526,123 2003-12-02

Publications (2)

Publication Number Publication Date
WO2005057341A2 WO2005057341A2 (en) 2005-06-23
WO2005057341A3 true WO2005057341A3 (en) 2006-09-08

Family

ID=34676598

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2004/040173 WO2005057341A2 (en) 2003-12-02 2004-12-02 Automatic hardware-enabled virtual private network system

Country Status (1)

Country Link
WO (1) WO2005057341A2 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009027756A2 (en) 2007-08-28 2009-03-05 Abb Research Limited Real-time communication security for automation networks
AU2009200139B2 (en) 2008-01-15 2012-02-16 Aristocrat Technologies Australia Pty Limited A method of processing a user data card, an interface module and a gaming system
ES2502541T3 (en) 2009-09-10 2014-10-03 Kyowa Hakko Kirin Co., Ltd. Medication that includes an antibody composition specifically bound to human CC chemokine receptor 4 (CCR4)
CN103546472B (en) * 2013-10-28 2017-10-24 中国软件与技术服务股份有限公司 A kind of method and apparatus of the false proof protection of operation system
US20180271861A1 (en) 2015-07-14 2018-09-27 Kyowa Hakko Kirin Co., Ltd. Therapeutic agent for a tumor comprising an ido inhibitor administered in combination with an antibody

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020029350A1 (en) * 2000-02-11 2002-03-07 Cooper Robin Ross Web based human services conferencing network
US20030041091A1 (en) * 2001-08-23 2003-02-27 Hughes Electronics Corporation Domain name system resolution

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020029350A1 (en) * 2000-02-11 2002-03-07 Cooper Robin Ross Web based human services conferencing network
US20030041091A1 (en) * 2001-08-23 2003-02-27 Hughes Electronics Corporation Domain name system resolution

Also Published As

Publication number Publication date
WO2005057341A2 (en) 2005-06-23

Similar Documents

Publication Publication Date Title
US9794371B2 (en) Method and system for remote activation and management of personal security devices
US6782474B1 (en) Network connectable device and method for its installation and configuration
WO2002044858A3 (en) System and method for securing a non-secure communication channel
TW200511793A (en) System and method for secure remote access
CN109257346B (en) Concealed transmission system based on block chain
AU4781899A (en) Secure session set up based on the wireless application protocol
EP1069726A3 (en) Secure mutual network authentication protocol
RU2006101287A (en) ADVANCED PROTECTED AUTHENTICATED CHANNEL
WO2002091662A8 (en) Use and generation of a session key in a secure socket layer connection
WO1999027678A3 (en) Security of data connections
CN107508847A (en) One kind connection method for building up, device and equipment
CN106850680A (en) A kind of intelligent identity identification method and device for Transit Equipment
CA2540590A1 (en) System and method for secure access
WO2002089444A1 (en) Method and system for authenticating a personal security device vis-a-vis at least one remote computer system
CN111541776A (en) Safe communication device and system based on Internet of things equipment
WO2003027800A3 (en) Method and apparatus for secure mobile transaction
FI964926A (en) Verification of the correctness of the parties to the data transmission in the telecommunications network
CN108259486A (en) End-to-end key exchange method based on certificate
CN113163375B (en) Air certificate issuing method and system based on NB-IoT communication module
WO2005057341A3 (en) Automatic hardware-enabled virtual private network system
WO2002045340A3 (en) Threshold cryptography scheme for message authentication systems
EP1096446A3 (en) Method and system for secure communication between a self-service financial transaction terminal and a remote operator interface
WO2000057597A3 (en) Method for verifying the authentication of a manager application in a telecommunications management network operating system by means of a network element and network element suitable therefor
WO2000052905A3 (en) Method and apparatus for enhanced security in a broadband telephony network
EP1755307A3 (en) Improvements to an agile network protocol for secure communications with assured system availability

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase