NEC has developed a system that can initiate a secure VPN connection between an office network and out-of-office computer at the receipt of an e-mail.

The system was developed to make setting up such connections easier, said Kazuo Takagi, an engineer at NEC's system platform research laboratories, who demonstrated it in use.

It has two basic components: a client application on the roaming user's PC and a terminal, about the size of a wireless access point, at the user's desk.

A VPN connection can be initiated by pressing a button on the client application. This sends an e-mail request to the terminal, which then opens a secure connection to the remote PC. Because the connection is starting from inside the office no configuration of firewalls, intermediate routers or proxies that might be needed to support an inbound connection is needed, said Takagi.

Before the connection is established, the system verifies that the PC it is connecting with is an authorised user. The prototype system uses the roaming PC's MAC address to confirm identification, but because these can be changed NEC is considering something less difficult to alter, such as the processor's serial number, Takagi said.

The connection makes use of SSL-encapsulated TCP/IP packets.

The terminal is as secure from hackers as other devices in the office because it resides on the internal network, and the authentication steps guard against connections to unauthorised terminals, according to NEC. A firewall blocks all packets except those transmitted via the VPN link to guard against infecting machines on the corporate LAN from a virus on the remote PC.

Another advantage of the system is that the remote user can access all the devices and services typically available to them in the office, because the connection initiates from the user's own desk.

NEC doesn't have any firm plans yet to commercialise the system. Takagi wouldn't comment on potential pricing.