A METHOD FOR FORMING A SECURE VIRTUAL PRIVATE NETWORK FACILITATING PEER-TO-PEER COMMUNICATION

摘要

A method for forming a secure virtual private network (VPN100) is described. The secure virtual private network consists of two or more linked entities having internet connectability where each entity has links with at least one other device on the VPN. The method characterised by the steps of: providing a lookup device (104,246) having a known address with an updatable index of entities known to be connectable to the VPN. Causing at least one pre-dcsignated contact entity (238) on the VPN to periodically poll the lookup device (104) for received joining requests. The look up device accepts requests from known entities ("joining entity") (236) wishing to link to the VPN. The lookup device (104) receives a request from a joining entity to connect to the VPN(100). In response to a poll for joining requests the lookup device (104) notifies the polling contact entity (238) of at least the address of each joining entity (236). If the contact entity (238) permits a connection to the VPN, the contact entity supplies at least its address to the lookup device which passes this to the joining entity. The joining entity (236) and contact entity (238) establish a first link (254) between them. The joining entity and the contact entity conduct an authentication process over the first link. If the authentication process is successful the contact entity notifies the joining entity of at least the status of other entities belonging to the VPN and notifies all entities on the VPN that the joining device is joining the VPN. The joining device uses the status of other entities belonging to the VPN to calculate its node position in the VPN including the one or two neighbour entities it will connect to. The one or two neighbour entities initiating a process of the type specified above to connect with the lookup entity to establish one or more second links with the joining entity and terminating the first link. The joining entity and at least one neighbour entity conducting a mutual authentication process which if successful sustains the one or more second links.