NEC has developed a system that can initiate a secure VPN (virtual private network) connection between an office network and out-of-office computer at the receipt of an e-mail, it said Wednesday.
The system, on show at an NEC event in Tokyo this week, was developed to make setting up such connections easier, said Kazuo Takagi, an engineer at NEC's system platform research laboratories, who demonstrated it in use.
It has two basic components: a client application on the roaming user's PC and a terminal, about the size of a wireless access point, at the user's desk.
A VPN connection can be initiated by pressing a button on the client application. This sends an e-mail request to the terminal, which then opens a secure connection to the remote PC. Because the connection is starting from inside the office no configuration of firewalls, intermediate routers or proxies that might be needed to support an inbound connection is needed, said Takagi.
Before the connection is established, the system verifies that the PC it is connecting with is an authorized user. The prototype system uses the roaming PC's Ethernet MAC address to confirm identification, but because these can be changed NEC is considering something less difficult to alter, such as the processor's serial number, Takagi said.
The connection makes use of SSL-encapsulated TCP/IP packets.
The terminal is as secure from hackers as other devices in the office because it resides on the internal network, and the authentication steps guard against connections to unauthorized terminals, according to NEC. A firewall blocks all packets except those transmitted via the VPN link to guard against infecting machines on the corporate LAN from a virus on the remote PC.
Another advantage of the system is that the remote user can access all the devices and services typically available to them in the office, because the connection initiates from the user's own desk.
NEC doesn't have any firm plans yet to commercialize the system. Its appearance at the NEC event this week was intended partly to encourage comments from potential users to further refine the system. Takagi wouldn't comment on potential pricing.