Claims
- 1. A system including a plurality of devices communicating with each other via at least one public network, at least one device coupled to at least one private network having access to the public network, comprising a virtual address realm.
- 2. The system of claim 1 wherein the virtual address realm comprises a realm definition including at least one set of users.
- 3. The system of claim 2 wherein each device includes at least one virtual address in the virtual address realm and at least one physical address.
- 4. The system of claim 2 wherein each device includes a first virtual address in the virtual address realm associated with a first user and a second virtual address in the virtual address realm associated with a second user.
- 5. The system of claim 3 wherein at least a first device is coupled to a first private network and accesses the public network via a NAT device.
- 6. The system of claim 5 wherein at least a second device is coupled to a second private network and accesses the public network via a second NAT device.
- 7. The system of claim 6 further including a virtual address realm router directing realm traffic to at least said first and second devices.
- 8. The system of claim 6 wherein said at least first private network and said at least second private network have at least a portion of the same private network subnet and subnet mask.
- 9. The system of claim 8 wherein said first and second devices have an identical private physical address.
- 10. The system of claim 1 wherein at least one device includes a dynamic physical address.
- 11. The system of claim 10 wherein said dynamic physical address is a public address.
- 12. The system of claim 10 wherein said dynamic physical address is private.
- 13. The system of claim 1 wherein packets in communications between devices in the realm are encapsulated.
- 14. The system of claim 1 wherein packets in communications between devices in the realm are encrypted.
- 15. The system of claim 1 further including at least one address realm group policy.
- 16. A virtual community network transmitting communications via at least one physical network, comprising:
a virtual address realm; and a set of users capable of communicating in the virtual address realm.
- 17. The virtual community network of claim 16 wherein network includes a domain name assignment.
- 18. The virtual community network of claim 17 wherein the domain name is a fully qualified domain name.
- 19. The virtual community network of claim 17 wherein the domain name is a virtual domain name.
- 20. The virtual community network of claim 16 wherein the set of users includes at least a first user coupled to a first private physical network and a second user coupled to a second private physical network.
- 21. The virtual community network of claim 20 wherein the first private physical network and the second private physical network have at least one common private physical subnet address.
- 22. The virtual community network of claim 20 wherein at least one user in said set of users has a dynamic physical IP address.
- 23. The virtual community network of claim 16 wherein at least a first user and at least a second user in said set of users couple to the virtual address realm via one processing device.
- 24. The virtual community network of claim 23 wherein said first user is assigned a first virtual IP address and said second user is assigned a second virtual IP address.
- 25. The virtual community network of claim 20 wherein the first private network and the second private physical network access the public network via respective first and second NAT devices.
- 26. The virtual community network of claim 16 wherein the user set includes at least a first user and a second user, and wherein the first user and the second user are coupled to a public network.
- 27. The virtual community network of claim 16 wherein the network includes a secure communication channel comprising encapsulated packet communications.
- 28. The virtual community network of claim 16 wherein the network includes a secure communication channel including encrypted communications between at least a first user and a second user in said set of users.
- 29. The virtual community network of claim 16 wherein said set of users includes at least a first user having a public IP address and at least a second user having a private IP address.
- 30. A method comprising:
defining a virtual address realm overlying a public address realm, the virtual address realm including at least a user set; and routing communications between users in the user set by means of virtual address realm addresses.
- 31. The method of claim 30 wherein the step of defining a virtual address realm includes specifying logical name for the realm.
- 32. The method of claim 31 wherein the step of defining a logical name includes specifying a domain name for the realm.
- 33. The method of claim 30 further including the step of registering users in the user set as members of the virtual address realm.
- 34. The method of claim 33 further including the step of assigning each registered user a unique virtual address in the virtual address realm.
- 35. The method of claim 30 further including a step of determining whether a user accesses a public network via a NAT device.
- 36. The method of claim 35 further including assigning users accessing the public network via a NAT device a unique virtual address and virtual address NAT translation routing information.
- 37. The method of claim 30 wherein a first user in said user set is coupled to a first private physical network and a second user in said user set is coupled to a second private physical network, and said step of routing comprises routing communication between said first user and said second user.
- 38. The method of claim 37 wherein said first private physical network is coupled to a public network by a first NAT device and said second private physical network is behind a second NAT device.
- 39. The method of claim 38 wherein said first and second private physical networks share at least one identical IPv4 private physical address.
- 40. The method of claim 30 wherein a first user in said user set is coupled to a first private physical network and a second user in said user set is coupled to a public network, and said step of routing comprises routing communication between said first user and said second user.
- 41. The method of claim 30 wherein the user set includes at least a first user accessing the virtual address realm using at least one processing device coupled to a physical network, wherein said at least one device includes a dynamic physical address, and said step of routing comprises routing communications between said first user and other users in the user set.
- 42. The method of claim 41 wherein the physical network is a private physical network.
- 43. The method of claim 41 wherein the physical network is a public network.
- 44. The method of claim 41 wherein said dynamic physical address is a public address.
- 45. The method of claim 41 wherein said at least one device comprises at least two users accessing the virtual address realm via said at least one device.
- 46. The method of claim 41 further including encrypting packet communications between devices in the realm.
- 47. The system of claim 41 further including the step of applying at least one address realm group policy.
- 48. A method for providing secure communications between two devices, comprising:
providing a virtual realm identifier; defining a set of users for the virtual realm; registering users in the realm; assigning virtual addresses to users; and routing information between users in said virtual address realm.
- 49. The method of claim 48 wherein the step of providing comprises providing a domain name.
- 50. The method of claim 48 further including the step of responding to information requests about users in the realm.
- 51. The method of claim 50 wherein said step of responding includes providing a DNS response of a virtual address.
- 52. The method of claim 50 wherein said step of responding includes providing connection status information on users in the realm.
- 53. The method of claim 48 wherein said step of defining comprises defining a username and initial registration password for at least one user.
- 54. The method of claim 48 wherein said step of assigning comprises the sub-steps of authenticating the user and providing a virtual address in the realm to the user.
- 55. The method of claim 48 further including the step of routing communications using virtual address realm addresses to and from users of the virtual address realm.
- 56. The method of claim 48 wherein the user set includes at least a first user and said first user accesses the realm using at least one device.
- 57. The method of claim 55 wherein said at least a first device and at least a second device both include at least one virtual address in the realm and at least one physical network address.
- 58. The method of claim 57 wherein at least one physical network address is dynamic.
- 59. The method of claim 57 wherein at least one physical address is static.
- 60. The method of claim 57 wherein at least one physical address is private.
- 61. The method of claim 60 wherein said at least one physical address is coupled to a first private network and represents a device which accesses a public network via a NAT device.
- 62. The method of claim 57 wherein said first device has a private physical network address and said second device has said private physical network address, and the step of routing comprises routing information between said first and said second device based on respective first and second virtual addresses of said first and second devices.
- 63. One or more processor readable storage devices having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
providing a virtual address realm configuration including a user set and a domain name for said user set; and routing communications between users in said virtual address realm.
- 64. One or more processor readable storage devices according to claim 63 including code for programming the further step of assigning users a virtual address in the virtual address realm.
- 65. One or more processor readable storage devices according to claim 63 including code for programming the further step of determining whether a user is behind a NAT device.
- 66. One or more processor readable storage devices according to claim 65 including code for programming the further step of assigning a user behind a NAT device a virtual address in the virtual address realm and realm routing information.
- 67. One or more processor readable storage devices according to claim 63, wherein the user set includes at least a first user and a second user, the first user in said user set is coupled to a first private physical network and the second user in said user set is coupled to a second private physical network, and said step of routing comprises routing communications between said first user and said second user.
- 68. One or more processor readable storage devices according to claim 63, wherein a first user in said user set is coupled to a first private physical network and a second user in said user set is coupled to a public network, and said step of routing comprises routing communications between said first user, and said second user.
- 69. One or more processor readable storage devices according to claim 63 wherein the user set includes at least a first user accessing the virtual address realm via a physical network using a dynamic physical address, and said step of routing comprises routing communications between said first user and other users in the user set.
- 70. One or more processor readable storage devices according to claim 63 wherein the user set includes at least a first user and a second user, the first user in said user set is coupled to a first private physical network and the second user in said user set is coupled to a second private physical network, each said user having the same private physical network address on the respective first and second private physical network.
- 71. One or more processor readable storage devices according to claim 63 wherein the step of routing communications comprises routing encrypted communications between devices in the realm.
- 72 One or more processor readable storage devices according to claim 63 including code for programming the further step of applying at least one address realm group policy.
- 73. A virtual network allowing a plurality of devices to communicate in a secure manner in a virtual address realm, comprising:
a virtual network manager governing device registration, access and communication policies of devices communicating in the virtual network
- 74. The virtual network of claim 73 wherein the network manager provides a secure communication key to each of the plurality of devices in the virtual address realm.
- 75. The virtual network of claim 73 wherein the network manager provides router information for each of the plurality of devices in the network.
- 76. The virtual network of claim 73 wherein the network manager provides virtual DNS information for each of the plurality of devices in the virtual address realm.
- 77. A virtual network allowing a plurality of devices to communicate in a secure manner in a virtual address realm, comprising:
a virtual network agent capable of communicating with other virtual network agents in the virtual address realm.
- 78. The virtual network of claim 77 wherein the virtual network agent is installed on a user device.
- 79. The virtual network of claim 77 wherein the virtual network agent includes a deterministic network enhancer.
- 80. The virtual network of claim 77 wherein the virtual network agent includes a registration module.
- 81. The virtual network of claim 77 wherein the virtual network agent includes a join module.
- 82. The virtual network of claim 77 wherein the virtual network agent includes an encryption and decryption module operable on secure communications between devices in the virtual address realm.
- 83. The virtual network of claim 77 wherein the virtual network agent is installed on a proxy device.
- 84. A virtual network allowing a plurality of devices to communicate in a secure manner in a virtual address realm, comprising:
a virtual network router translating virtual addressing information for devices in the virtual address realm to publicly routable information.
- 85. The virtual network of claim 84 wherein the virtual network router is coupled to a public network.
- 86. The virtual network of claim 84 wherein the virtual network router is coupled to a private network.
- 87. The virtual network of claim 84 wherein the virtual network router includes a data structure including at least one public IP to virtual IP association.
- 88. The virtual network of claim 87 wherein the virtual network router receives network traffic destined for at least one of said plurality of devices using a virtual IP address, and forwards said traffic to said at least one of said plurality of devices.
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This Application is related to the following Applications: U.S. patent application Ser. No. 10/233,289, “Accessing An Entity Inside a Private Network,” filed on Aug. 30, 2002; U.S. patent application Ser. No. 10/161,573, “Creating A Public Identity For An Entity On A Network,” filed on Jun. 3, 2002; U.S. patent application Ser. No. 10/233,288, “Communicating With An Entity Inside A Private Network Using An Existing Connection To Initiate Communication,” filed on Aug. 30, 2002; U.S. patent application “Secure Virtual Community Network System,” filed on Mar. 31. 2003, Atty. Docket TTCC-01021US0; and U.S. patent application “Group Agent,” filed on Mar. 31, 2003, Atty. Docket TTCC-01022US0. These related applications are incorporated herein be reference in their entirety.