Claims
- 1. A virtual community network system, comprising:
a virtual network manager including at least one virtual community definition comprising at least a domain name and a user set; and at least one route director capable of communicating with users in the user set.
- 2. The system of claim 1 wherein each user communicates with the virtual network manager and other users in the user set via at least one agent.
- 3. The system of claim 2 wherein the agent is installed on a processing device.
- 4. The system of claim 2 wherein the agent is installed on a proxy device.
- 5. The system of claim 2 wherein the virtual network manager includes a NAT device detector for agents installed on a processing device behind a NAT device.
- 6. The system of claim 1 wherein the manager comprises a device coupled to a public network and having a public network address.
- 7. The system of claim 1 wherein the user set includes at least a first user and a second user, said first user accesses other users in the community using at least a first processing device, said second user accesses other users in the community using at least a second processing device.
- 8. The system of claim 7 wherein each said device includes at least one virtual address in the community and at least one physical address.
- 9. The system of claim 8 wherein the physical address is dynamic.
- 10. The system of claim 8 wherein the physical address is static.
- 11. The system of claim 8 wherein the physical address is private.
- 12. The system of claim 8 wherein at least one of said first device or second device is coupled to a first private network and accesses a public network via a NAT device.
- 13. The system of claim 12 wherein the physical address is dynamic.
- 14. The system of claim 12 wherein the physical address is static.
- 15. The system of claim 12 wherein said first device is coupled to said first private network, and said second device is coupled to a second private network and accesses the public network via a second NAT device.
- 16. The system of claim 15 wherein said second device includes at least one virtual address in the realm and at least one private physical address.
- 17. The system of claim 15 wherein the physical address is dynamic.
- 18. The system of claim 15 wherein the physical address is static.
- 19. The system of claim 15 wherein said at least first private network and said at least second private network share at least one network address.
- 20. The system of claim 1 wherein the route director includes a pseudo address assignment for at least one user in the user set.
- 21. The system of claim 1 wherein the route director includes a translator for virtual address information for a virtual user in a private network realm.
- 22. The system of claim 1 wherein the virtual community manager is coupled to a public network and includes a public network address.
- 23. The system of claim 22 wherein the route director is coupled to said public network and includes a public network address.
- 24. The system of claim 22 wherein the route director is coupled to a first private network and said route director includes a private network address.
- 25. The system of claim 1 wherein communications between users in the user set are encapsulated.
- 26. The system of claim 1 wherein communications between users in the user set are encrypted.
- 27. The system of claim 26 wherein said encryption uses IPSEC.
- 28. The system of claim 26 wherein said encryption uses DES.
- 29. The system of claim 26 wherein said encryption uses triple DES.
- 30. The system of claim 1 wherein the manager includes at least a second virtual domain definition.
- 31. The system of claim 1 further including at least a first public route director and a second private route director.
- 32. A system, comprising:
a management device including network interface coupled to a public address realm and having a public address; a virtual community network traffic router; and router data including at least one association of a logical identifier with public routing information for a member.
- 33. The system of claim 32 wherein the network traffic router includes a network interface accessible by a public address in the public address realm.
- 34. The system of claim 32 wherein the management device includes a UDP port capable of receiving virtual community network traffic.
- 35. The system of claim 32 wherein the management device includes a TCP port capable of communicating virtual community network traffic.
- 36. The system of claim 32 wherein a member accesses a physical network via a processing device and the system further includes at least one agent installed on the processing device.
- 37. The system of claim 36 wherein the processing device is coupled to a private physical network behind a NAT device, and the network traffic router includes a transposer for routing information in a packet destined for the agent to direct the packet to the NAT device for the agent.
- 38. The system of claim 32 further including at least one proxy agent on a private physical network communicating with a member and the network traffic router.
- 39. The system of claim 38 wherein the member accesses other members using a device coupled to a private physical network.
- 40. The system of claim 32 wherein the manager includes a member register module.
- 41. The system of claim 40 wherein the manager includes a member join module.
- 42. The system of claim 41 wherein the join module provides a virtual address to a registered member.
- 43. The system of claim 41 wherein the manager maintains data on an association between at least one virtual address with at least one member.
- 44. The system of claim 40 wherein the manager includes a DNS server for the virtual community.
- 45. The system of claim 32 further including a virtual community network communication agent for a device, comprising a virtual network adapter interfacing with the device and applications on the device to route traffic to members of the virtual community via their virtual address.
- 46. The system of claim 45 wherein the agent includes a domain name routing plugin.
- 47. The system of claim 45 wherein the agent includes a separate IP stack for each user in the user set accessing the device.
- 48. The system of claim 45 wherein the adapter is a deterministic network enhancer.
- 49. The system of claim 45 wherein the adapter includes a DNS plugin.
- 50. The system of claim 45 wherein the adapter includes an IPSEC plugin.
- 51. The system of claim 45 wherein the adapter includes a domain name routing plugin.
- 52. The system of claim 45 wherein the agent includes a community registration module.
- 53. A virtual community network system, comprising:
a virtual community network manager; a route director; at least a first virtual community agent associated with a first community member; and at least a second virtual community agent associated with at least a second community member.
- 54. The system of claim 53 wherein the route director is a network route director, and includes a public network interface and public address.
- 55. The system of claim 53 wherein the route director is a private route director, and includes a private physical network address interface and a private physical network address.
- 56. The system of claim 53 wherein the first or second virtual community network agent is installed on a device used by a member to access a network.
- 57. The system of claim 56 wherein the device is in a private physical network.
- 58. The system of claim 56 wherein the device is coupled to a public physical network.
- 59. The system of claim 53 wherein the first or second virtual community network agent is a proxy agent.
- 60. The system of claim 53 wherein the first and second members access the virtual community via devices coupled to separate private address physical realms.
- 61. The system of claim 53 wherein the virtual community network manager includes at least a first community definition and a second community definition.
- 62. The system of claim 53 wherein the community network manager includes a member authenticator.
- 63. The system of claim 62 wherein the community network manager includes a DNS server providing authorative responses for DNS queries in the virtual community.
- 64. A method for providing a secure virtual network, comprising:
providing a virtual network manager coupled to a public network; defining a member set of users entitled to communicate in the virtual network; registering members with the manager; assigning members a virtual address; and routing network traffic between the members in the virtual community.
- 65. The method of claim 64 further including the step of providing users in said member set with a communication agent.
- 66. The method of claim 65 wherein said step of providing users with a communication agent includes providing a proxy agent.
- 67. The method of claim 65 wherein said step of providing users with a communication agent includes providing an agent installed on a device used by the member to couple to a network.
- 68. The method of claim 65 wherein the step of registering comprises authenticating members with the member set.
- 69. The method of claim 64 wherein the step of defining a member set includes the step of assigning a domain name for the community.
- 70. The method of claim 64 wherein the step of defining a member set includes defining at least two member sets having at least one different member.
- 71. The method of claim 64 wherein the step of assigning a virtual address includes assigning an IPV4 compliant address.
- 72. The method of claim 71 wherein the step of assigning a virtual address includes assigning a non-routable IPV4 compliant address.
- 73. The method of claim 64 wherein the step of routing network traffic includes routing traffic from a first member accessing the public network on a first device having a public address with a second member accessing the public network on a second device having a different public address.
- 74. The method of claim 64 wherein the step of routing network traffic includes routing traffic from a first member accessing the public network on a first device in a private physical network having a private address with a second member accessing the public network on a second device having a public address.
- 75. The method of claim 64 wherein the step of routing network traffic includes routing traffic from a first member accessing the public network on a device in a private physical network having a first private physical address with a second member accessing the public network on a device in a private physical network having a second private physical address.
- 76. The method of claim 75 wherein the first private physical address and the second private physical address are identical.
- 77. The method of claim 64 further including the step of responding to DNS requests for members in the virtual network.
- 78. The method of claim 64 further including the step of responding to joined status requests for registered members in the virtual network.
- 79. The method of claim 64 further including applying a group policy to members of the virtual community.
- 80. One or more processor readable storage devices having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
managing a virtual community network realm; defining a member set of users entitled to communicate in the virtual community; registering users with the virtual community; assigning each user a virtual address; and routing network traffic between the users in the virtual community.
- 81. One or more processor readable storage devices as defined in claim 80 further including code for programming one or more processors to perform a step of providing users in said member set with a communication agent.
- 82. One or more processor readable storage devices as defined in claim 81 wherein said step of providing users with a communication agent includes providing a proxy agent.
- 83. One or more processor readable storage devices as defined in claim 80 wherein the step of defining a member set includes the step of assigning a domain name for the community.
- 84. One or more processor readable storage devices as defined in claim 80 wherein the step of assigning a virtual address includes a non-routable IPV4 compliant address.
- 85. One or more processor readable storage devices as defined in claim 80 wherein the step of routing network traffic includes routing traffic from a first member accessing the public address realm on a first device having a public address with a second member accessing the public address realm on a second device having a different public address.
- 86. One or more processor readable storage devices as defined in claim 80 wherein the step of routing network traffic includes routing traffic from a first member accessing the public address realm on a first device in a private physical network having a private address with a second member accessing the public address realm on a second device having a public address.
- 87. One or more processor readable storage devices as defined in claim 80 wherein the step of routing network traffic includes routing traffic from a first member accessing the public address realm on a device in a private physical network having a first private physical address with a second member accessing the public address realm on a device in a private physical network having a second private physical address.
- 88. One or more processor readable storage devices as defined in claim 87 wherein the step of routing network traffic includes routing traffic to the first or second member via a NAT device.
- 89. One or more processor readable storage devices as defined in claim 87 wherein the first private physical address and the second private physical address are identical.
- 90. One or more processor readable storage devices as defined in claim 80 wherein the step of routing includes routing encapsulated traffic.
- 91. One or more processor readable storage devices as defined in claim 80 wherein the step of routing includes routing encrypted traffic.
- 92. One or more processor readable storage devices as defined in claim 80 further including applying a group policy to members of the virtual community.
- 93. A virtual community network system, comprising:
a virtual network manager having a network interface coupled to a network, the manager including at least one virtual community definition comprising at least a domain name and a user set, the network being assessable by users in the user set and users outside the user set, the manager exchanging virtual community network information with users in the user set.
- 94. The system of claim 93 wherein the virtual network manager includes a member register module.
- 95. The system of claim 93 wherein the virtual network manager includes a member join module.
- 96. The system of claim 95 wherein the join module provides a virtual address to a registered member.
- 97. The system of claim 93 wherein the virtual network manager maintains data on an association between at least one virtual address with at least one member.
- 98. The system of claim 93 wherein the virtual network manager includes a DNS server for the virtual community.
- 99. The system of claim 93 wherein the virtual network manager includes a NAT device detector for users connecting with the virtual network manager using a processing device behind a NAT device.
- 100. The system of claim 93 wherein the virtual network manager includes at least a second virtual domain definition.
- 101. The system of claim 93 wherein the virtual network manager includes at least a first virtual community definition and a second virtual community definition.
- 102. The system of claim 93 wherein the virtual network manager includes a member authenticator.
- 103. The system of claim 93 wherein the virtual network manager includes a DNS server providing authorative responses for DNS queries form users in the virtual community.
- 104. The system of claim 93 wherein the system further includes at least one route director capable of communicating with users in the user set.
- 105. The system of claim 93 wherein each user communicates with the virtual network manager and other users in the user set via at least one agent.
- 106. The system of claim 93 wherein the user set includes at least a first user and a second user, said first user accesses other users in the community using at least a first processing device, said second user accesses other users in the community using at least a second processing device, wherein at least one of said first device or second device is coupled to a first private network and accesses a public network via a NAT device.
- 107. The system of claim 106 wherein said first device is coupled to said first private network, and said second device is coupled to a second private network and accesses the public network via a second NAT device.
- 108. The system of claim 93 wherein communications between users in the user set are encrypted.
- 109. The system of claim 108 wherein the virtual network manager provides a shared secret to users in the user set to establish encrypted communications.
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This Application is related to the following Applications: U.S. patent application Ser. No. 10/233,289, “Accessing An Entity Inside a Private Network,” filed on Aug. 30, 2002; U.S. patent application Ser. No. 10/161,573, “Creating A Public Identity For An Entity On A Network,” filed on Jun. 3, 2002; U.S. patent application Ser. No. 10/233,288, “Communicating With An Entity Inside A Private Network Using An Existing Connection To Initiate Communication,” filed on Aug. 30, 2002; U.S. patent application “Secure Virtual Address Realm,” filed on Mar. 31, 2003, Atty. Docket TTCC-01020US0; and U.S. patent application “Group Agent,” filed on Mar. 31, 2003, Atty. Docket TTCC-01022US0. All these related applications are incorporated herein be reference in their entirety.