Multiplex communications – Communication techniques for information carried in plural... – Assembly or disassembly of messages having address headers
Reexamination Certificate
1998-02-17
2001-01-09
Pham, Chi H. (Department: 2731)
Multiplex communications
Communication techniques for information carried in plural...
Assembly or disassembly of messages having address headers
C370S395430, C370S389000, C370S467000
Reexamination Certificate
active
06172991
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates generally to asynchronous transfer mode (ATM) networks, and more specifically to a secure Internet communication using TCP(transmission control protocol/IP (Internet protocol) protocol over ATM networks.
2. Description of the Related Art
In a communication system using TCP/IP protocols over an ATM network, the IP protocol is used as a network-layer protocol and the TCP/UDP protocol is used as a transport-layer protocol for routing packets and these protocol functions are provided by routers. Usually, the router has a number of network interfaces and handles processes up to the network layer. Some routers handle part of the transport layer. One of the functions of the router is the technique known as “packet filtering” to ensure security of communication at the edge of a network. When an IP node outside of a network wishes to communicate with an IP node inside the network, the router examines every arriving packet by reading the headers of the network and transport layers to determine whether the packet is allowed or discarded. Specifically, the IP addresses and TCP (UDP, i.e., user datagram protocol) port numbers of those IP nodes that are allowed are set into the router and the network and transport addresses of every incoming packets are checked against the stored data to determine accessibility to internal nodes. Depending on the layer at which filtering occurs, packet filtering is classified as network-layer filtering or transport-layer filtering.
On the other hand, communications system specified by the ATM Forum and IETF (Internet Engineering Task Force) use ATM as the second layer of the OSI (Open System Interconnection) reference model and the TCP/IP protocol as the third and fourth layers of the OSI reference model. Studies currently undertaken include the use of NHRP (next hop resolution protocol) scheme and MPOA (multiprotocol over ATM) system, where high speed ATM switches are provided, instead of conventional routers. ATM switches use a signaling procedure to establish a virtual connection between source and destination IP nodes prior to the transmission of transport-layer (TCP/UDP) packets. These packets are segmented into fixed-length cells at the source IP node and transmitted over the established virtual connection and reassembled at the destination IP node into a TCP/UDP packet.
However, since the TCP/UDP and IP headers of cells are not examined by transit switches as they propagate through the ATM network, the router's packet filtering function at the network-layer and transport-layer levels is not performed. Therefore, a need exists for ATM communication systems where security is a critical problem.
SUMMARY OF THE INVENTION
It is therefore an object of the present invention to provide an ATM network having a packet filtering function to ensure security of communication.
According to a first aspect of the present invention, there is provided a communication system comprising a source node for receiving a packet and transmitting a signaling message to an ATM network, containing source and destination network-layer addresses and source and destination transport-layer addresses of the packet. The source node has a virtual connection management table. The ATM network includes a filtering table having a plurality of entries each storing source and destination network-layer addresses and source and destination transport-layer addresses. The ATM network responds to the signaling message from the source node by returning a grant indication message thereto if contents of the received signaling message are identical to contents of one of the entries of the filtering table, and establishes a virtual connection between the source node and a destination node. The source node is responsive to the grant indication message for storing the network-layer addresses and transport-layer addresses of the packet into the virtual connection management table, segmenting a subsequently received packet into cells and transmits the cells over the virtual connection if the packet contains addresses identical to the addresses stored in the virtual connection management table.
According to a second aspect, the present invention provides a multiprotocol over ATM (MPOA) system comprising an MPOA client and an MPOA server. The MPOA client is provided with a shortcut virtual connection (VC) table having a plurality of entries, and arranged to receive a packet and transmit an address resolution request message containing source and destination network-layer addresses and source and destination transport-layer addresses of the packet. The MPOA server is provided with a filtering table having a plurality of entries each storing source and destination network-layer addresses and source and destination transport-layer addresses. The MPOA server is responsive to the address resolution request message for transmitting a resolution reply message back to the MPOA client containing an ATM address of a destination if contents of the resolution request message are identical to contents of one of the entries of the filtering table. The MPOA client is responsive to the resolution reply message for storing the ATM address of the reply message and the network-layer addresses and transport-layer addresses of the packet into the shortcut VC table to establish a shortcut virtual connection to the destination, and forwards a subsequently received packet over the shortcut virtual connection if the packet has addresses identical to contents of one of the entries of the shortcut VC table.
REFERENCES:
patent: 5425026 (1995-06-01), Mori
patent: 5600643 (1997-02-01), Robrock, II
patent: 5884025 (1999-03-01), Baehr et al.
patent: 0740442 (1996-10-01), None
patent: 2301985 (1996-12-01), None
patent: 6-152634 (1994-05-01), None
patent: 8-274815 (1996-10-01), None
patent: 9-275404 (1997-10-01), None
patent: 9-307580 (1997-11-01), None
patent: 9703189 (1997-01-01), None
Kazuyoshi Hayase et al., “A Study on Regional Communication Network System based on ATM”,Shingaku Sotai, B-7-124, Mar. 1997, p. 253.
Gen-ichi Nishio et al., “Group Communication Security on Regional PC Communication Network”,Shingakuron, vol. J80-B-I, No. 6, Jun. 1997, pp. 366-374.
ATM Forum: Technical Committee, ATM Forum/96-0824r9, “MPOA Baseline Version 1”, Sep. 3, 1996, pp. 1-53.
Duong Frank
NEC Corporation
Pham Chi H.
Sughrue Mion Zinn Macpeak & Seas, PLLC
LandOfFree
ATM Network with a filtering table for securing communication does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with ATM Network with a filtering table for securing communication, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and ATM Network with a filtering table for securing communication will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2451970