Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular node for directing data and applying cryptography
Reexamination Certificate
2005-08-16
2005-08-16
Song, Hosuk (Department: 2135)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular node for directing data and applying cryptography
C713S152000, C713S152000
Reexamination Certificate
active
06931529
ABSTRACT:
A method, system, and computer program product for providing consistent, end-to-end protection within a computer network for user datagrams (i.e. packets) traveling through the network. The network may comprise network segments that are conventionally assumed to be secure (such as those found in a corporate intranet) as well as network segments in non-secure networks (such as the public Internet or corporate extranets). Because security breaches may in fact happen in any network segment when datagrams are unprotected, the present invention discloses a technique for protecting datagrams throughout the entire network path by establishing cascaded tunnels. The datagrams may be exposed in cleartext at the endpoints of each tunnel, thereby enabling security gateways to perform services that require content inspection (such as network address translation, access control and authorization, and so forth). The preferred embodiment is used with the “IPSec” (Internet Protocol Security Protocol) and “IKE” (Internet Key Exchange) protocols, thus providing a standards-based solution.
REFERENCES:
patent: 5115466 (1992-05-01), Presttun
patent: 5790548 (1998-08-01), Sistanizadeh et al.
patent: 5802178 (1998-09-01), Holden et al.
patent: 5835726 (1998-11-01), Shwed et al.
patent: 5884025 (1999-03-01), Baehr et al.
patent: 5940591 (1999-08-01), Boyle et al.
patent: 5983350 (1999-11-01), Minear et al.
patent: 6052788 (2000-04-01), Wesinger, Jr. et al.
patent: 6055236 (2000-04-01), Nessett et al.
patent: 6055575 (2000-04-01), Paulsen et al.
patent: 6067620 (2000-05-01), Holden et al.
patent: 6076168 (2000-06-01), Fiveash et al.
patent: 6079020 (2000-06-01), Liu
patent: 6304973 (2001-10-01), Williams
patent: 6330562 (2001-12-01), Boden et al.
patent: 6484257 (2002-11-01), Ellis
patent: 6636520 (2003-10-01), Jason et al.
patent: 6678827 (2004-01-01), Rothermel et al.
patent: 6693878 (2004-02-01), Daruwalla et al.
IBM Technical Disclosure Bulletin, vol. 32, No. 9A. Feb. 1990, Session-Based Secure Communication for Secure Xenix, pp. 239-243.
IBM Technical Disclosure Bulletin, vol. 37, No. 02B, Feb. 1994, Security Implementation at Internet Protocol Layer for TCIP/I, pp. 683-686.
IBM Technical Disclosure Bulletin, vol. 35, No. 4A, Sep. 1992, “Virtual Private Networks on Vendor Independent Networks”, pp. 326-329.
Stallings, WilliamCryptography and Network Security. 1999 Prentice-Hall, Inc. 2nd Edition; pp. 399-440.
Doubet Marcia L.
Song Hosuk
LandOfFree
Establishing consistent, end-to-end protection for a user... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Establishing consistent, end-to-end protection for a user..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Establishing consistent, end-to-end protection for a user... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3485774