Abstract: Disclosed herein are systems and methods for creating an ultra-lightweight multi-tenant network virtualization model by augmenting an OSI layer 4 tuple (protocol, source IP address, destination IP address, source port, destination port) with additional private gateway-specific source and destination augmented addresses. A unique OpenVPN Augmented Address (OAA) may be created and assigned to each device on a network such as a mesh-linked system. This OAA may form part of a packet shim created with routing path information for both the source and the destination resources. Once created, the shim may be inserted into a packet header for transmission. Once the initial packet is transmitted, each hop creates its own resources for managing transmission of subsequent packets in this session. The packet shim operates to establish a communications session on layer 4 (Transport) between the requestor and the target resource which is intermediate-device agnostic.

Abstract: Disclosed herein are systems and methods for creating an ultra-lightweight multi-tenant network virtualization model by augmenting an OSI layer 4 tuple (protocol, source IP address, destination IP address, source port, destination port) with additional private gateway-specific source and destination augmented addresses. A unique OpenVPN Augmented Address (OAA) may be created and assigned to each device on a network such as a mesh-linked system. This OAA may form part of a packet shim created with routing path information for both the source and the destination resources. Once created, the shim may be inserted into a packet header for transmission. Once the initial packet is transmitted, each hop creates its own resources for managing transmission of subsequent packets in this session. The packet shim operates to establish a communications session on layer 4 (Transport) between the requestor and the target resource which is intermediate-device agnostic.

Abstract: Methods for creating an ultra-lightweight multi-tenant network virtualization model by augmenting an OSI layer 4 tuple (protocol, source IP address, destination IP address, source port, destination port) with additional private gateway-specific source and destination augmented addresses. A unique OpenVPN Augmented Address (OAA) may be created and assigned to each device on a network such as a mesh-linked system. This OAA may form part of a packet shim created with routing path information for both the source and the destination resources. Once created, the shim may be inserted into a packet header for transmission. The packet shim operates to establish a communications session on layer 4 (Transport) between the requestor and the target resource which is intermediate-device agnostic. Further disclosed are methods for intelligently routing domain-level traffic to VPNs including augmenting a DNS with VPN information associated with human-memorable domain names.

Abstract: Disclosed herein are systems and methods for creating an ultra-lightweight multi-tenant network virtualization model by augmenting an OSI layer 4 tuple (protocol, source IP address, destination IP address, source port, destination port) with additional private gateway-specific source and destination augmented addresses. A unique OpenVPN Augmented Address (OAA) may be created and assigned to each device on a network such as a mesh-linked system. This OAA may form part of a packet shim created with routing path information for both the source and the destination resources. Once created, the shim may be inserted into a packet header for transmission. Once the initial packet is transmitted, each hop creates its own resources for managing transmission of subsequent packets in this session. The packet shim operates to establish a communications session on layer 4 (Transport) between the requestor and the target resource which is intermediate-device agnostic.

Abstract: A system and method for efficient certificate authentication management and distribution of large, web scale authentication information. The method includes receiving at a server, security certificate information, said security certificate including a unique certificate identifier. A structured data source, such as an XML file or database is encoded with a unique record for each possible security certificate using the record ID as the security certificate ID. Each unique record includes a record of four bits or less. Owing to the small size of the data source, large amounts of security certificates may be managed and distributed efficiently over a network to one of more private gateways allowing for large scale certificate authentication.

Abstract: A method including receiving, at a virtual private network (VPN) server, an encapsulated packet on one of the ingress addresses wherein the ingress address is associated with the packet information. After processing the packet at the VPN server, the packet source address is transformed to the address of the ingress port before transmitting the packet over a network. The process may be effectuated in the operating system's kernel. The association step may include tracking the ingress port in a data store, or tagging the packet with the ingress address so it can be later used to modify the source address. Transforming may include swapping TCP source and destination port information, changing an IP or TCP header checksum, changing a TCP sequence and acknowledgment number, or changing an IP addresses contained in the data payload.

Abstract: A system and method for disposing, in kernel space, a data plane having instructions operable to encrypt and transfer data over a network. The data plane is coupled to a control plane which resides in user space. The control plane has instructions operable to control the transfer of the encrypted data in kernel space. Certain embodiments include an application programming interface (API), which operates to expose a programming interface for encrypted communications which results in a more efficient data transfer because most of the data processing is done in kernel space.

Abstract: A processor-based system and method comprising a private tunnel connector operable to receive a network connection request, test the connection request for private network information, generate network connection information in response to the test, and respond to the network connection request with the network connection information. The testing may include accessing a DNS server for private network information, and receiving private domain information from a private domain server. The private tunnel connector is further operable to connect to a private domain server that is coupled to the private network connector through the Internet. The private domain server may include private cloud information such that users may create and access one or more private clouds using tunneling technologies. Domain servers and host machines may employ various encryption schemes to facilitate adding public Internet resources to the private cloud.

Abstract: A processor-based system and method comprising a private tunnel connector operable to receive a network connection request, test the connection request for private network information, generate network connection information in response to the test, and respond to the network connection request with the network connection information. The testing may include accessing a DNS server for private network information, and receiving private domain information from a private domain server. The private tunnel connector is further operable to connect to a private domain server that is coupled to the private network connector through the Internet. The private domain server may include private cloud information such that users may create and access one or more private clouds using tunneling technologies. Domain servers and host machines may employ various encryption schemes to facilitate adding public Internet resources to the private cloud.

Abstract: A method including receiving, at a virtual private network (VPN) server, an encapsulated packet on one of the ingress addresses wherein the ingress address is associated with the packet information. After processing the packet at the VPN server, the packet source address is transformed to the address of the ingress port before transmitting the packet over a network. The process may be effectuated in the operating system's kernel. The association step may include tracking the ingress port in a data store, or tagging the packet with the ingress address so it can be later used to modify the source address. Transforming may include swapping TCP source and destination port information, changing an IP or TCP header checksum, changing a TCP sequence and acknowledgment number, or changing an IP addresses contained in the data payload.

Abstract: A system and method for disposing, in kernel space, a data plane having instructions operable to encrypt and transfer data over a network. The data plane is coupled to a control plane which resides in user space. The control plane has instructions operable to control the transfer of the encrypted data in kernel space. Certain embodiments include an application programming interface (API), which operates to expose a programming interface for encrypted communications which results in a more efficient data transfer because most of the data processing is done in kernel space.

Abstract: A system and method for efficient certificate authentication management and distribution of large, web scale authentication information. The method includes receiving at a server, security certificate information, said security certificate including a unique certificate identifier. A structured data source, such as an XML file or database is encoded with a unique record for each possible security certificate using the record ID as the security certificate ID. Each unique record includes a record of four bits or less. Owing to the small size of the data source, large amounts of security certificates may be managed and distributed efficiently over a network to one of more private gateways allowing for large scale certificate authentication.

Abstract: A system and method for multicast transmission are disclosed. In one embodiment, a virtual exchange network including interconnected nodes is embedded within a network. A sender is disposed in communication with a root node and receivers are disposed in communication with a set of edge nodes. The sender publishes a packetized data stream to which the receivers subscribe. The packetized data stream is promulgated by implicit signaling through optimum virtual exchange network connections from the sender through the virtual exchange network to the receivers. The interconnected nodes, responsive to receiving the published packetized data stream, are adapted to multicast N instances of the published packetized data stream to N recipients selected from the group consisting of receivers and other of the interconnected nodes.

Abstract: A processor-based system and method comprising a private tunnel connector operable to receive a network connection request, test the connection request for private network information, generate network connection information in response to the test, and respond to the network connection request with the network connection information. The testing may include accessing a DNS server for private network information, and receiving private domain information from a private domain server. The private tunnel connector is further operable to connect to a private domain server that is coupled to the private network connector through the Internet. The private domain server may include private cloud information such that users may create and access one or more private clouds using tunneling technologies. Domain servers and host machines may employ various encryption schemes to facilitate adding public Internet resources to the private cloud.

Abstract: A system and method for multicast transmission are disclosed. In one embodiment, a virtual exchange network including interconnected nodes is embedded within a network. A sender is disposed in communication with a root node and receivers are disposed in communication with a set of edge nodes. The sender publishes a packetized data stream to which the receivers subscribe. The packetized data stream is promulgated by implicit signaling through optimum virtual exchange network connections from the sender through the virtual exchange network to the receivers. The interconnected nodes, responsive to receiving the published packetized data stream, are adapted to multicast N instances of the published packetized data stream to N recipients selected from the group consisting of receivers and other of the interconnected nodes.

Abstract: A system and method for multicast transmission are disclosed. In one embodiment, a virtual exchange network including interconnected nodes is embedded within a network. A sender is disposed in communication with a root node and receivers are disposed in communication with a set of edge nodes. The sender publishes a packetized data stream to which the receivers subscribe. The packetized data stream is promulgated by implicit signaling through optimum virtual exchange network connections from the sender through the virtual exchange network to the receivers. The interconnected nodes, responsive to receiving the published packetized data stream, are adapted to multicast N instances of the published packetized data stream to N recipients selected from the group consisting of receivers and other of the interconnected nodes.

Abstract: A system and method for a virtual private network (VPN) wherein some embodiments includes creating complementary stack layers on both a client and a server device. An application operating through the VPN establishes a socket level protocol for operation of the VPN such that an application communicates with a client socket VPN layer which, in turn, is coupled to a server VPN layer. Data is encapsulated in a private tunnel. Certain embodiments may provide for VPN sockets for each application allowing concurrent VPNs to operate on a single device.

Abstract: A system and method for a portal for management and operation of a private tunnel network computing system. The portals provide for establishing, modifying, and operating multiple private clouds through a single interface. In some embodiments the method includes receiving resource information such as private and public resources and presenting the resource information to a manager through a graphical interface. The network manager then selects a resource and a private cloud, also through a graphical user interface. Once selected, a manager can operate to add the resource to the private cloud, or alternatively drop the resource from the cloud. Multiple private clouds may be effectuated and membership in those clouds established through the user interface. The private tunnel network portal may include controls for management tools, developer tools, and a cloud applications store. Once established, non-manager users can access those resources in a secure environment.

Abstract: A processor-based system and method comprising a private tunnel connector operable to receive a network connection request, test the connection request for private network information, generate network connection information in response to the test, and respond to the network connection request with the network connection information. The testing may include accessing a DNS server for private network information, and receiving private domain information from a private domain server. The private tunnel connector is further operable to connect to a private domain server that is coupled to the private network connector through the Internet. The private domain server may include private cloud information such that users may create and access one or more private clouds using tunneling technologies. Domain servers and host machines may employ various encryption schemes to facilitate adding public Internet resources to the private cloud.

Abstract: A data access and control system and method for sourcing data to one or more software as a service (SaaS) providers. Certain embodiments include an interface engine coupled to one or more SaaS providers through a network, and further operable to service requests for data operations from the SaaS providers. The service requests may include a request for data from the user-controlled structured data store or a request to store data in the user-controlled structured data store. The user-controlled data store may be local to the user or in a remote location. User-control of data provides additional security because the SaaS provider does not keep control of the data. Certain embodiments include encryption through the use of a cipher or a key, which may be provided from a third party. The ciphers may be dynamically changed for different files. Other embodiments include operations on a mobile computing device.