Information security – Access control or authentication – Network
Reexamination Certificate
2006-04-18
2006-04-18
Barron, Jr., Gilberto (Department: 2132)
Information security
Access control or authentication
Network
C726S003000, C726S012000, C726S026000, C713S151000, C713S153000, C713S168000, C709S201000, C709S225000, C709S229000, C380S028000, C380S270000
Reexamination Certificate
active
07032242
ABSTRACT:
A method and system for distributed network address translation with security features. The method and system allow Internet Protocol security protocol (“IPsec”) to be used with distributed network address translation. The distributed network address translation is accomplished with IPsec by mapping a local Internet Protocol (“IP”) address of a given local network device and a IPsec Security Parameter Index (“SPI”) associated with an inbound IPsec Security Association (“SA”) that terminates at the local network device. A router allocates locally unique security values that are used as the IPsec SPIs. A router used for distributed network address translation is used as a local certificate authority that may vouch for identities of local network devices, allowing local network devices to bind a public key to a security name space that combines a global IP address for the router with a set of locally unique port numbers used for distributed network address translation. The router issues security certificates and may itself be authenticated by a higher certificate authority. Using a security certificate, a local network device may initiate and be a termination point of an IPsec security association to virtually any other network device on an IP network like the Internet or an intranet. The method and system may also allow distributed network address translation with security features to be used with Mobile IP or other protocols in the Internet Protocol suite.
REFERENCES:
patent: 4953198 (1990-08-01), Daly et al.
patent: 5159592 (1992-10-01), Perkins
patent: 5227778 (1993-07-01), Vacon et al.
patent: 5327365 (1994-07-01), Fujisaki et al.
patent: 5497339 (1996-03-01), Bernard
patent: 5526353 (1996-06-01), Henley et al.
patent: 5526489 (1996-06-01), Nilakantan et al.
patent: 5550984 (1996-08-01), Gelb
patent: 5604737 (1997-02-01), Iwami et al.
patent: 5606594 (1997-02-01), Register et al.
patent: 5636216 (1997-06-01), Fox et al.
patent: 5654957 (1997-08-01), Koyama
patent: 5708655 (1998-01-01), Toth et al.
patent: 5737333 (1998-04-01), Civanlar et al.
patent: 5742596 (1998-04-01), Baratz et al.
patent: 5754547 (1998-05-01), Nakazawa
patent: 5793657 (1998-08-01), Nemoto
patent: 5793763 (1998-08-01), Mayes et al.
patent: 5812819 (1998-09-01), Rodwin et al.
patent: 5828846 (1998-10-01), Kirby et al.
patent: 5835723 (1998-11-01), Andrews et al.
patent: 5862331 (1999-01-01), Herriot
patent: 5867495 (1999-02-01), Elliott et al.
patent: 5867660 (1999-02-01), Schmidt et al.
patent: 5872847 (1999-02-01), Boyle et al.
patent: 5889774 (1999-03-01), Mirashrafi et al.
patent: 5892924 (1999-04-01), Lyon et al.
patent: 5915008 (1999-06-01), Dulman
patent: 5933778 (1999-08-01), Buhrmann et al.
patent: 5950195 (1999-09-01), Stockwell et al.
patent: 5968176 (1999-10-01), Nessett et al.
patent: 5983350 (1999-11-01), Minear et al.
patent: 6011782 (2000-01-01), DeSimone et al.
patent: 6055236 (2000-04-01), Nessett et al.
patent: 6055561 (2000-04-01), Feldman et al.
patent: 6058421 (2000-05-01), Fijolek et al.
patent: 6079021 (2000-06-01), Abadi et al.
patent: 6101189 (2000-08-01), Tsuruoka
patent: 6101543 (2000-08-01), Alden et al.
patent: 6104711 (2000-08-01), Voit
patent: 6115751 (2000-09-01), Tam et al.
patent: 6134591 (2000-10-01), Nickles
patent: 6137791 (2000-10-01), Frid et al.
patent: 6157950 (2000-12-01), Krishnan
patent: 6172986 (2001-01-01), Watanuki et al.
patent: 6185184 (2001-02-01), Mattaway et al.
patent: 6195705 (2001-02-01), Leung
patent: 6212183 (2001-04-01), Wilford
patent: 6212563 (2001-04-01), Beser
patent: 6249820 (2001-06-01), Dobbins et al.
patent: 6266707 (2001-07-01), Boden et al.
patent: 6269099 (2001-07-01), Borella et al.
patent: 6353614 (2002-03-01), Borella et al.
patent: 6353891 (2002-03-01), Borella et al.
patent: 6438612 (2002-08-01), Ylonen et al.
patent: 6510513 (2003-01-01), Danieli
patent: WO 01/31888 (2001-05-01), None
patent: WO 01/31888 (2001-05-01), None
G. Montene, Internet Engineering Task Force, Internet Draft, “Negotiated Address Reuse” (NAR), <draft-montenegro-aatn-nar-00.txt>, May 1998, pp. 1 to 22.
George Tsirtis, Alan O'Neill, Internet Engineering Task Force, Internet Draft, “NAT Bypass for End 2 End ‘Sensitive’ Applications,” <draft-tsirtsis-nat-bypass-00.txt>, Jan. 1998, pp. 1 to 5.
George Tsirtis, Pyda Srishuresh, Internet Engineering Task Force, Internet Draft, “Network Address Translation—Protocol Translation” (NAT-PT), <draft-ietf-ngtrans-natpt-04.txt>, Jan. 1999, pp. 1 to 13.
Jeffrey Lo, K, Taniguchi, Internet Engineering Task Force, Internet Draft, “IP Host Network Address (and port) Translation,” <draft-ietf-hnat-00.txt>, Nov. 1998, pp. 1 to 13.
Michael Borella, David Grabelsky, Ikhlaq Sidhu, Brian Petry, Internet Engineering Task Force, Internet Draft, “Distributed Network Address Translation,” <draft-borella-aatn-dnat-01.txt>, Oct. 1998, pp. 1 to 21.
P. Srisuresh, G. Tsirsis, P. Akkiraju, A. Heffernan, Internet Engineering Task Force, Internet Draft, “DNS Extensions to Network Address Translators” (DNS—ALG), <draft-ietf-nat-dns-01.txt>, Oct. 1998, pp. 1 to 24.
P. Srisuresh, Internet Engineering Task Force, Internet Draft “Security for IP Network Address Translator (NAT) Domains,” <draft-ietf-nat-security-00.txt.>, Nov. 1998, pp. 1 to 11.
P. Srisuresh, K. Eg, Internet Engineering Task Force, Internet Draft, “The IP Network Address Translator” (NAT), <draft-rfced-info-srisuresh-05.txt>, Feb. 1998, pp. 1 to 24.
P. Srisuresh, K. Egev, Internet Engineering Task Force, Internet Draft, “Traditional IP Network Address Translator (Traditional NAT),” <draft-ietf-nat-traditional-01.txt>, Oct. 1998, pp. 1 to 17.
P. Srisuresh, Matt Holdrege, Internet Engineering Task Force, Internet Draft, “IP Network Address Translator (NAT) Terminology and Consideration,” <draft-ietf-nat-terminology-01.txt>, Oct. 1998, pp. 1 to 28.
Praveen Akkiraju, Yakov Rekhter, Internet Engineering Task Force, Internet Draft, “A Multihoming Solution Using NATs” <draft-akkiraju-nat-multihoming-00.txt>, Nov. 1998, pp. 1 to 32.
R. G. Moskowitz, Internet Engineering Task Force, Internet Draft, “Network Address Translation Issues with IPsec,” <draft-moskowitz-net66-vpn-00.txt>, Feb. 5, 1998, p. 1 to 8.
R. Thay, N. Doraswa and R. Gle, Internet-Engineering-Task Force, Internet Draft “IP Security,” <drat-ietf-ipsec-doc-roadmap-02.txt.>, Nov. 1997, pp. 1 to 12.
T. Hain, Internet Engineering Task Force, Internet Draft, “Architectural implications of NAT,” <draft-iab-nat-implications-02.txt>, Oct. 1998, pp. 1 to 14.
W.T. Teo, S.W. Yeeow, R. Singh, Internet Engineering Task Force, Internet Draft, “IP Relocation Through Twice Network Address Translator,” <draft-ietf-nat-rnat-00.txt>, Feb. 1999, pp. 1 to 20.
W.T. Teo, S.W. Yeow, R. Singh, Internet Engineering Task Force, Internet Draft, “Reverse Twice Network Address Translators” (RAT), <draft-teoyeow-mip-rat-01.txt>, Dec. 1998, pp. 1 to 20.
W.T. Teo, Y. Li, Internet Engineering Task Force, Internet Draft, “Mobile IP Extension for Private Internets Support,” <draft-teoyli-mobileip-mvpn-02.txt>, Feb. 1999, pp. 1 to 24.
Yakov Rekhter, Internet Engineering Task Force, Internet Draft, “Implications of NATs on the TCP/IP Architecture,” <draft-ietf-nat-arch-implications-00.txt>, Feb. 1999, pp. 1 to 7.
K. Egevang and P. Francis, “The IP Network Address Translator (NAT)”, RFC 1631, Internet Engineering Task Force, www.ietf.org/rfc/rfc1631.txt, May 1994, pp. 1 to 10.
Borella, Michael,Technology Update—Protocol Helps Stretch IPv4 Addresses, “Network World”, vol. 17, No. 3, Jan. 17, 2000, p. 43.
Kent, Stephen,Evaluati
Borella Michael S.
Grabelsky David
Nessett Danny M.
Sidhu Ikhlaq
3Com Corporation
Barron Jr. Gilberto
McDonnell Boehnen & Hulbert & Berghoff LLP
Nobahar A.
LandOfFree
Method and system for distributed network address... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for distributed network address..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for distributed network address... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3615019