Automated operation and security system for virtual private networks
Abstract
A node device provides secure communication services over a data network, to multiple computers that are coupled through the node device and multiple other node devices. The node device includes a network communication interface for coupling the node device to the data network, a data storage containing cryptographic information including information that is unique to the node device, a tunneling communication service coupled to the network interface configured to maintaining an encrypted communication tunnel with each of multiple other node devices using the cryptographic information, a routing database for holding routing data and a router coupled to the tunneling communication service and to the routing database. The router can pass communication from one communication tunnel to another. A centralized server can be used to control the node devices in a centralized manner, thereby reducing or eliminating on-site administration of node devices.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method of configuring and authenticating a node device, the method comprising:
at a manufacturing facility, generating a public key and a private key in the node device; storing the private key by the node device in a protected non-volatile storage; providing the public key to the manufacturing facility, by the node device; generating a public key certificate that includes the node device's public key and is signed with a private key associated with the manufacturing facility, by the manufacturing facility; providing the public key certificate to the node device, by the manufacturing facility; storing the certificate in nonvolatile storage, by the node device; providing an authentication chain to the node device for authenticating the certificates of other node devices, by the manufacturing facility; storing the authentication chain in nonvolatile storage, by the node device; deploying the node device; the node device authenticating itself to other node devices and servers by using said private key to sign messages and sending the signed messages and the public key certificate to the other node devices or servers, said other node device or server then authenticating the public key certificate using a second authentication chain of the other node devices or servers and confirming the messages were signed using the private key corresponding to the public key in the public key certificate; and additional node devices and servers authenticating to the node device by using private keys of the additional node devices and servers to sign messages and sending signed messages and the public key certificates to the node device, the node device then authenticating the public key certificates using the authentication chain of the node device and confirming that, for each additional node device or server, the messages were signed using the private key corresponding to the public key in the public key certificate.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.