WO2001041392A2 - Selection de reseau prive virtuel - Google Patents
Selection de reseau prive virtuel Download PDFInfo
- Publication number
- WO2001041392A2 WO2001041392A2 PCT/SG2000/000192 SG0000192W WO0141392A2 WO 2001041392 A2 WO2001041392 A2 WO 2001041392A2 SG 0000192 W SG0000192 W SG 0000192W WO 0141392 A2 WO0141392 A2 WO 0141392A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- radius
- data terminal
- data storage
- storage computer
- vpns
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2854—Wide area networks, e.g. public data networks
- H04L12/2856—Access arrangements, e.g. Internet access
- H04L12/2869—Operational details of access network equipments
- H04L12/287—Remote access server, e.g. BRAS
- H04L12/2872—Termination of subscriber connections
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2854—Wide area networks, e.g. public data networks
- H04L12/2856—Access arrangements, e.g. Internet access
- H04L12/2869—Operational details of access network equipments
- H04L12/287—Remote access server, e.g. BRAS
- H04L12/2876—Handling of subscriber policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
- H04L12/4675—Dynamic sharing of VLAN information amongst network nodes
- H04L12/4679—Arrangements for the registration or de-registration of VLAN attribute values, e.g. VLAN identifiers, port VLAN membership
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/54—Store-and-forward switching systems
- H04L12/56—Packet switching systems
- H04L12/5691—Access to open networks; Ingress point selection, e.g. ISP selection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/54—Store-and-forward switching systems
- H04L12/56—Packet switching systems
- H04L12/5691—Access to open networks; Ingress point selection, e.g. ISP selection
- H04L12/5692—Selection among different networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
Definitions
- the present invention relates generally to virtual private networks, and more particularly to a method and system for selectively connecting a remote data terminal to one or more virtual private networks using a customised client or a web browser.
- a virtual private network is a private data network that is formed within and makes use of a larger public telecommunication network, such as the Internet, or a larger private telecommunications network.
- Use of a VPN provides companies with the same capabilities as a system of owned and leased telecommunication lines and exchanges, but at a much lower cost by using the shared public infrastructure rather than a private one.
- Privacy is maintained in a VPN through use of a tunnelling protocol, by which data is encrypted before it is sent through the public network and decrypted at the receiving end.
- An additional level of security involves encrypting not only the data but also the originating and receiving network addresses. VPNs therefore make it possible to have the same secure sharing of public resources. Companies today are looking at using VPNs for both Extranets and wide-area Intranets.
- VPN-based services requiring the transport of video, audio or data information between nodes within a VPN will be offered in the near future.
- examples of such services include financial and banking services, as well as traditional telephony services.
- financial and banking services as well as traditional telephony services.
- traditional telephony services The proliferation of VPN-based services will no doubt result in individual users subscribing to and using several such services.
- one aspect of the present invention provides a method for selectively connecting a data terminal to one of a plurality of VPNs, said VPNs being formed within a telecommunication network, the method including the steps of:
- step (h) if step (g) is successful, connecting said data terminal to the selected
- the telecommunication network may be a public telecommunications network, such as the Internet.
- the data terminal may be connected at step (b) to the Internet with a public IP address.
- the data terminal may be connected at step (b) to a private telecommunications network, with the data terminal being connected with a private IP address.
- the IP address of the data terminal may be changed, at step (h), to an IP address with access to the selected VPN.
- the connection of the data terminal to the public telecommunication network may be carried out in step (a) by a Remote Access Server.
- the user identifier may be sent from the data terminal to the first data storage computer in step (b) via a Web Server.
- a Web Browser may be installed in the Data Terminal to enable the entry and sending of said user identifier.
- the list of VPNs retrieved from the first data storage computer in step (c) may be transmitted to the Data Terminal by the Web Server.
- the list of VPNs may be displayed at the Data Terminal by the Web Browser.
- (g) may be performed by a RADIUS/LDAP client in conjunction with a RADIUS/LDAP server, said RADIUS/LDAP server storing user authentication information.
- the first data storage computer acts as said RADIUS/LDAP server.
- a second data storage computer may be remotely connectable to said RADIUS/LDAP client, said second data storage computer acting as said RADIUS/LDAP server.
- the second data storage computer may connectable to said RADIUS/LDAP client via the Internet.
- the second data storage computer may be connectable to said RADIUS/LDAP client, said second data storage computer acting as said RADIUS/LDAP server, both second data storage computer and said RADIUS/LDAP client being remotely connectable to said Remote Access Server.
- the RADIUS/LDAP client may be connectable to said Remote Access Server via the Internet.
- Another aspect of the invention provides a system for selectively connecting a data terminal to one of a plurality of VPNs, said VPNs being formed within a telecommunication network, the system comprising: a first data storage computer for storing (i) user identity information indicative of the identity of authorized users to one or more of said VPNs and (ii) VPN authorisation- information indicative of those VPNs that each authorized user is authorized to use, connection means for connecting said data terminal to the telecommunication network; retrieval means for sending a user identifier indicative of a selected authorized user to said first data storage computer and retrieving a list of VPNs accessible by the selected authorized user from the first data storage computer, said data terminal including display means for presenting said list of VPNs, and selection means for accepting the selection at said data terminal of one of said virtual private networks, the system further comprising authenticating means for authenticating the identity of said selected authorized user, said connection means acting to connect said data terminal to the selected VPN if the authentication is successful.
- Figures 1 to 5 are schematic block diagrams illustrating a first embodiment of a system for selectively connecting a remote terminal to one of a plurality of VPNs, and the flow of information between various elements of that system during operation;
- Figures 6 and 7 are schematic block diagrams illustrating a second embodiment of a system for selectively connecting a remote terminal to one of a plurality of VPNs;
- Figure 8 is a schematic block diagram illustrating a third embodiment of a system for selectively connecting a remote terminal to one of a plurality of VPNs.
- Figures 9 to 11 are representations of graphical displays provided to the user of the data terminal of the systems of Figures 1 to 8 during operation.
- the data terminal 2 may consist of a personal computer and modem to enable connection of the personal computer to the public telephony network.
- the system 1 includes a Data File Server 3, a Web Server 4, a Remote Authentication Dial-In User Service (RADIUS) communications device 5 and a Remote Access Server (RAS) 6.
- the File Server 3 includes a Data Storage Computer 7.
- the RAS 6 is deployed at a local telephony exchange in which the data terminal 2's virtual circuits aggregates into, and manages the Internet access for the data terminal 2 and other data terminals and devices connecting to the Internet via that telephony exchange.
- RAS 's that are suitable for use with the present invention are the RedbackTM Subscriber Management System 1000 and the AlcatelTM Data Application Network Adapter (DANA).
- the Web Server 4 provides World Wide Web services on the Internet to the data terminal 2 and other terminals and devices connected to the Internet. It may include hardware, an operating system, Web server software, TCP/IP protocols and Web site content (Web pages). Alternatively, the Web Server 4 may simply comprise software installed on a host computer that performs these services.
- the software acts to accepts requests from a Web browser installed in the data terminal 2 to download HTML pages and images, and also to execute related server-side scripts that automate functions such the searching of the LDAP data storage computer.
- An example of this latter type of Web Server is the MicrosoftTM Internet Information Server.
- a mini-Web browser suitable for installation on the data terminal 2 which can adapted to implement the required functionality may be readily developed by a skilled person in the computing/telecommunications field.
- RADIUS is a proposed Internet Engineering Task Force (IETF) standard and uses a client/server protocol and software to enable remote access servers, such as the RAS 6, to communicate with a central server, such as the Data Storage Computer 7, so as to authenticate the identity of dial-in users and authorize their access to a requested service or system.
- All user authentication and network service access information is located on the Data Storage Computer 7. which acts as the RADIUS/LDAP server.
- the RADIUS communications device 5 (RADIUS client) and sends authentication requests to the Data Storage Computer 7 (RADIUS/LDAP server) and acts on responses sent back by the server.
- One example of a RADIUS communications device 5 suitable for use with the present invention is the AlcatelTM Service Management Centre (SMC).
- the Data Storage Computer 7 acts to store and retrieve user information and authorisation information.
- the Data Storage Computer 7 may operate in accordance with the Lightweight Directory Access Protocol (LDAP), a client-server protocol developed for accessing directory service information.
- LDAP Lightweight Directory Access Protocol
- MCIS MicrosoftTM Commercial Internet System
- CSPs Commercial Service Providers
- LDAP data storage computer The operation of the system 1 will now be described. Initially, VPN identification information indicative of several VPNs to which users- may subscribe or otherwise be provided with access to is stored in the Data Storage Computer 7.
- the Data Storage Computer 7 may also store user authentication information, such as a user name and a user password, for each authorised user to enable authentication of the identity of that user. At least some of the data stored in the Data Storage Computer 7 may be common to both the user identity information and the user authentication information.
- an installed dialer program is run to cause the Data Terminal's modem to dial the RAS 6 over a Permanent Virtual Circuit, such encapsulating an Ethernet or a PPP connection, to be established between the Data Terminal 2 and the RAS 6.
- a Permanent Virtual Circuit such encapsulating an Ethernet or a PPP connection
- the HTML page is displayed to the user by the mini-Browser installed at the Data Terminal 2 (step s3).
- An example of such an HTML page is shown in Figure 9.
- the HMTL page includes a field 10 for the entry of a user's name (step s4) or other user identifier to identify the user to the RAS 6 or to the Web Server 4 accessed by the RAS 6.
- a cookie may be set in the Data Terminal 42 so that the Web Server 4 is able to provide the HTML page for display by the mini-Browser with an expected user name inserted in the field 10.
- the HTML page may contain an ActiveX object that logs the user out of any previous VPN to which the Data Terminal 2 is connected. If ActiveX is not supported by the mini-Browser platform, the HTML page may display a text message to the user instructing the user to log out of any current VPN.
- the Web Server 4 sends a query (step s6) to the Data Storage Computer 7 to retrieve from the stored user information and VPN authorisation information a list of those VPNs accessible to the identified user.
- the list of accessible VPNs is transmitted to the Web Server 4 (step s7).
- the Web Server 4 then dynamically creates a customized HTML page containing the list of VPNs accessible to the user, and transmits this HTML page to the RAS 6 and onto the Data Terminal 2 (step s8).
- This HTML page is displayed by the mini-Browser installed in the Data Terminal 2 (step s9).
- An example of such an HTML page is shown in Figure 10.
- the list of accessible VPNs is displayed on this page as a series of icons 20 to 24, each of which corresponds to a different one of the VPNs accessible to the identified user.
- the VPN that the user wishes to use is then selected by using a mouse associated with the personal computer of the Data Terminal to position a cursor 25 over the icon corresponding to the selected VPN (step sl O).
- the mini-Browser Upon selection of the desired VPN, the mini-Browser acts to display a further HTML page to the user (step sl l).
- the HTML page an example of which is shown in Figure 1 1, includes a field 30 for the entry of a user password (step 12).
- the user name, the selected VPN and the entered password are then submitted to the RAS 6 (step si 3), and forwarded to the RADIUS communications device 5 (step 14).
- an authentication message is sent to the RADIUS/LDAP Communications device 5 (step si 6) and forwarded to the RAS 6 (step si 7).
- the RAS 6 then changes the IP address of the Data Terminal 2 to an IP address with access to the selected VPN (step si 8) and displays a "User Connected" message to the user via the mini-Browser.
- the mini-Browser can then be minimized until the user wishes to change VPN or disconnect. If the user reactivates the dialer program installed in the Data Terminal
- the user is automatically disconnected from the current VPN and presented with the VPN Service Selection page shown in Figure 10.
- the user may also be disconnected if the RAS 6 detects zero or a very low level of network activity by the user.
- the RADIUS/LDAP Communication device 5 may also collect accounting data, such as the user name, login time, logout time and VPN used.
- the presentation of a login web page such as that shown in Figure 10. may not be bypassable. That is to say, a client cannot gain access to any of the VPNs 20 to 24 without first obtaining a page presenting the choices of subscribed VPNs.
- the user may be presented with a VPN-specific welcome page which also may not be bypassable.
- the control of the VPN-specific welcome page may be provided by the remote access server (RAS) 6, the RADIUS communication device 5, or the Data Storage Computer 7
- FIGs 6 and 7 there is shown generally a system 40 for selectively connecting a data terminal 2 to one of a plurality of virtual private networks (VPNs), which includes the Data Storage Computer 7, Web Server 4, RADIUS/LDAP communications device 5 and a RAS 6 of Figures 1 to 5.
- VPNs virtual private networks
- the system 40 includes a further Data Storage Computer 41, acting as a remote RADIUS server, which is connectable to the RADIUS/LDAP communications device 5 by a telecommunications network 42, such as the Internet.
- the remote RADIUS server 41 stores the user authentication information, whilst the RADIUS/LDAP communications device 5 acts here as a RADIUS proxy and forwards data packets for processing to the remote RADIUS server 41.
- steps si to sl4 are carried out in the same manner as described in relation to Figures 1 to 5.
- a data packet containing this information is sent to remote RADIUS server 41 and the identity of the user authenticated (step si 5').
- a data packet containing an authentication message is sent to the RADIUS/LDAP Communications device 5 (step si 6'). Thereafter, the system 40 operates in accordance with steps si 7 and si 8 as described previously.
- FIG 8 illustrates a second variant of the system 1.
- VPNs virtual private networks
- a Remote Access Server which is also a RADIUS client device 51 and another Data Storage Computer 52 remotely connected to the RAS 6 by a telecommunications network, such as the Internet, are also provided.
- the Data Storage Computer 52 which may be a RADIUS server, stores the user authentication information and together with the external RADIUS client device 51 acts to entirely handle user authentication at a remote location from the RAS 6.
- the system 50 operates in accordance with steps si to sl3 as described in relation to Figures 1 to 5.
- the RAS 6 merely forwards an entire Point-to-Point Protocol (PPP) packet containing the user name, selected VPN and password over a secure tunneling protocol - such as Layer 2 Tunneling Protocol (L2TP) - to the RADIUS client device 51 (step si 4").
- PPP Point-to-Point Protocol
- L2TP Layer 2 Tunneling Protocol
- An attempt is then made to authenticate the identity of the user and whether or not the selected VPN is accessible to that user through a series of communications between the RADIUS client device 51 and the Data Storage server 52 - - during which the user name, selected VPN and password are compared to the user authentication information stored in the server 52.
- step si 5" a PPP packet containing the IP address to the selected VPN is sent to Data Terminal 2 (step si 5"). Thereafter, the system 50 operates in accordance with step si 8 as described previously.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Abstract
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU45003/01A AU4500301A (en) | 1999-11-18 | 2000-11-17 | Virtual private network selection |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
SG9905842 | 1999-11-18 | ||
SG9905842-2 | 1999-11-18 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2001041392A2 true WO2001041392A2 (fr) | 2001-06-07 |
WO2001041392A3 WO2001041392A3 (fr) | 2002-05-02 |
Family
ID=20430475
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/SG2000/000192 WO2001041392A2 (fr) | 1999-11-18 | 2000-11-17 | Selection de reseau prive virtuel |
Country Status (2)
Country | Link |
---|---|
AU (1) | AU4500301A (fr) |
WO (1) | WO2001041392A2 (fr) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004017598A1 (fr) * | 2002-08-19 | 2004-02-26 | Axalto Sa | Procede securise d'echange de donnees entre un navigateur et un site web |
EP1473898A1 (fr) * | 2003-05-02 | 2004-11-03 | Texas Instruments Incorporated | Méthode pour l'accès à l'environnement de développement |
GB2393365B (en) * | 2002-07-11 | 2005-03-16 | Sun Microsystems Inc | A method and system for authenticating users of computer services |
EP1560369A2 (fr) * | 2004-01-29 | 2005-08-03 | NTT DoCoMo, Inc. | Système, terminal et logiciel de communication |
WO2006118530A1 (fr) * | 2005-04-29 | 2006-11-09 | Telefonaktiebolaget Lm Ericsson (Publ) | Selection de boutique d'operateur dans un acces large bande |
CZ298394B6 (cs) * | 2002-10-01 | 2007-09-19 | Anect A. S. | Komunikacní infrastruktura spolupracující korporace |
WO2008061349A1 (fr) * | 2006-11-21 | 2008-05-29 | Research In Motion Limited | Traitement de connexions de réseau virtuel privé sur un réseau local sans fil |
KR100923394B1 (ko) * | 2002-06-25 | 2009-10-23 | 주식회사 케이티 | 가상사설망에서의 네트워크 저장공간 구현 방법 |
CZ301193B6 (cs) * | 2002-05-17 | 2009-12-02 | TELEMATIX SERVICES, a.s. | Univerzální komunikacní, informacní, navigacní a platební systém |
US8719431B2 (en) | 2006-10-26 | 2014-05-06 | Blackberry Limited | Transient WLAN connection profiles |
WO2016119633A1 (fr) * | 2015-01-28 | 2016-08-04 | 中兴通讯股份有限公司 | Procédé et dispositif d'accès pour réseau de locataire mobile virtuel |
US20210218775A1 (en) * | 2016-06-09 | 2021-07-15 | CACI, Inc-Federal | Methods and systems for controlling traffic to vpn servers |
US11683346B2 (en) | 2016-06-09 | 2023-06-20 | CACI, Inc.—Federal | Methods and systems for establishment of VPN security policy by SDN application |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1998027783A1 (fr) * | 1996-12-19 | 1998-06-25 | Nortel Networks Corporation | Fournisseur de services de reseau prive virtuel pour un reseau fonctionnant en mode de transfert asynchrone |
-
2000
- 2000-11-17 WO PCT/SG2000/000192 patent/WO2001041392A2/fr active Application Filing
- 2000-11-17 AU AU45003/01A patent/AU4500301A/en not_active Abandoned
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1998027783A1 (fr) * | 1996-12-19 | 1998-06-25 | Nortel Networks Corporation | Fournisseur de services de reseau prive virtuel pour un reseau fonctionnant en mode de transfert asynchrone |
Non-Patent Citations (1)
Title |
---|
DAVE KOSIUR: "'Virtual' privacy is not enough" [Online] XP002184489 Retrieved from the Internet: <URL: http://www.zdnet.com/eweek/reviews/0810/10 vpn.html> [retrieved on 2001-11-30] first three pages * |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CZ301193B6 (cs) * | 2002-05-17 | 2009-12-02 | TELEMATIX SERVICES, a.s. | Univerzální komunikacní, informacní, navigacní a platební systém |
KR100923394B1 (ko) * | 2002-06-25 | 2009-10-23 | 주식회사 케이티 | 가상사설망에서의 네트워크 저장공간 구현 방법 |
GB2393365B (en) * | 2002-07-11 | 2005-03-16 | Sun Microsystems Inc | A method and system for authenticating users of computer services |
WO2004017598A1 (fr) * | 2002-08-19 | 2004-02-26 | Axalto Sa | Procede securise d'echange de donnees entre un navigateur et un site web |
CZ298394B6 (cs) * | 2002-10-01 | 2007-09-19 | Anect A. S. | Komunikacní infrastruktura spolupracující korporace |
EP1473898A1 (fr) * | 2003-05-02 | 2004-11-03 | Texas Instruments Incorporated | Méthode pour l'accès à l'environnement de développement |
US7269849B2 (en) | 2003-05-02 | 2007-09-11 | Texas Instruments Incorporated | Method and system for access to development environment of another |
EP1560369A2 (fr) * | 2004-01-29 | 2005-08-03 | NTT DoCoMo, Inc. | Système, terminal et logiciel de communication |
EP1560369A3 (fr) * | 2004-01-29 | 2007-11-14 | NTT DoCoMo, Inc. | Système, terminal et logiciel de communication |
WO2006118497A1 (fr) * | 2005-04-29 | 2006-11-09 | Telefonaktiebolaget L M Ericsson (Publ) | Selection d'une boutique d'operateur |
WO2006118530A1 (fr) * | 2005-04-29 | 2006-11-09 | Telefonaktiebolaget Lm Ericsson (Publ) | Selection de boutique d'operateur dans un acces large bande |
US8719431B2 (en) | 2006-10-26 | 2014-05-06 | Blackberry Limited | Transient WLAN connection profiles |
WO2008061349A1 (fr) * | 2006-11-21 | 2008-05-29 | Research In Motion Limited | Traitement de connexions de réseau virtuel privé sur un réseau local sans fil |
US8595365B2 (en) | 2006-11-21 | 2013-11-26 | Research In Motion Limited | Handling virtual private network connections over a wireless local area network |
US8874764B2 (en) | 2006-11-21 | 2014-10-28 | Blackberry Limited | Saving a connection profile when unable to connect to a wireless local area network |
WO2016119633A1 (fr) * | 2015-01-28 | 2016-08-04 | 中兴通讯股份有限公司 | Procédé et dispositif d'accès pour réseau de locataire mobile virtuel |
CN105992163A (zh) * | 2015-01-28 | 2016-10-05 | 中兴通讯股份有限公司 | 虚拟移动租户网络的接入方法及装置 |
US20210218775A1 (en) * | 2016-06-09 | 2021-07-15 | CACI, Inc-Federal | Methods and systems for controlling traffic to vpn servers |
US11606394B2 (en) * | 2016-06-09 | 2023-03-14 | CACI, Inc.—Federal | Methods and systems for controlling traffic to VPN servers |
US11683346B2 (en) | 2016-06-09 | 2023-06-20 | CACI, Inc.—Federal | Methods and systems for establishment of VPN security policy by SDN application |
Also Published As
Publication number | Publication date |
---|---|
AU4500301A (en) | 2001-06-12 |
WO2001041392A3 (fr) | 2002-05-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6212561B1 (en) | Forced sequential access to specified domains in a computer network | |
US8996603B2 (en) | Method and apparatus for user domain based white lists | |
US6615263B2 (en) | Two-tier authentication system where clients first authenticate with independent service providers and then automatically exchange messages with a client controller to gain network access | |
US6718388B1 (en) | Secured session sequencing proxy system and method therefor | |
CN100456729C (zh) | 个人远程防火墙 | |
US7984157B2 (en) | Persistent and reliable session securely traversing network components using an encapsulating protocol | |
EP1370040B1 (fr) | Procédé, serveur d'accès réseau, serveur d'authentification, d'autorisation et de comptabilité, produit logiciel informatique des fonctions de proxy d'utilisateur d'authentification, d'autorisation et de comptabilité, avec un serveur d'accès réseau | |
US8352548B2 (en) | Communications system providing enhanced client-server communications and related methods | |
JP2002523973A (ja) | コンピュータ・ネットワークにおけるサービスへの安全なアクセスを可能にするシステムおよび方法 | |
WO2001031855A9 (fr) | Procedes et appareil permettant d'etablir des sessions d'acces direct par tunnel dans un reseau de communication | |
US20030050918A1 (en) | Provision of secure access for telecommunications system | |
US7644185B2 (en) | Communications system providing shared client-server communications interface and related methods | |
WO2001041392A2 (fr) | Selection de reseau prive virtuel | |
EP1075748B1 (fr) | Procede, agencement et dispositif d'authentification | |
US20020099832A1 (en) | Method for accessing the internet | |
Cisco | CDAT Expert Interface | |
Cisco | CDAT Expert Interface | |
Cisco | SESM Features | |
KR100359559B1 (ko) | 전용 사설망 서비스 방법 | |
KR20020059640A (ko) | 동적 네트워크 승인, 인증 및 어카운팅을 제공하는 시스템및 방법 | |
EP1211860A1 (fr) | Accès sécurisé pour un système de télécommunications | |
JP2001352411A (ja) | ダイヤルアップ接続システム | |
EP1084556B1 (fr) | Acces a un reseau de donnees | |
KR20060096986A (ko) | 개인 원격 방화벽 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase |