Method and system for peer-to-peer enforcement

摘要

The present invention concerns a method and a system for establishing a dynamic peer-to-peer communications channel between a first terminal and a second terminal. A first terminal and a second terminal are connectable over secured communications channels to a secured network. The first terminal sends a connection request for establishing a communications channel between the terminals. The connection request is intercepted and analyzed by an analyzer module. The analyzer modules requests network parameters from the first and the second terminals. Based on the intercepted connection request, and the network parameters of the terminals, the analyzer module instructs the terminal to establish a peer-to-peer communications channel over a network distinct from the secured network. Security of the peer-to-peer communications channel may be maintained by means of a central unit of the secured network. In this regard, the central unit may send to the terminal authentication keys and/or encryption keys.

主权项

1. A method, comprising:
in a network device:
intercepting by an analyzer module a connection request transmitted from a first terminal to a second terminal over a secured network, wherein:
the secured network comprises a private network associated with particular entity,the secured network operates according to particular security policy or guidelines, andaccess to the secure network is limited to secured devices;analyzing the connection request by the analyzer module;transmitting by the analyzer module a request to each of the first terminal and the second terminal, for network parameters distinct to each of the first terminal and the second terminal;receiving by the analyzer module, in response to the transmitted requests, the network parameters of the first terminal and the network parameters of the second terminal from each of the first terminal and the second terminal, respectively,analyzing the network parameters of the first terminal and of the second terminal by the analyzer module;transmitting a connection instruction to one or both of the first terminal and the second terminal from the analyzer module based on the analysis of the connection request and the network parameters of the first terminal and the second terminal, wherein said connection instruction comprises an instruction to enforce a peer-to-peer communications channel, over a network distinct from the secured network, between the first terminal and the second terminal; and wherein:
a first secured communications channel is established between the first terminal and the secured network; anda second secured communications channel is established between the second terminal and the secured network; andthe establishing of the first and the second secured communications channels comprises using public access points for connecting terminals to public networks, using public communications channels between the public networks and the secured network, and using cryptographic modules for authentication of the terminals and for encryption of the first and second secured communications channels between the terminals and the secured network.