Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-09-02
2004-05-18
Hua, Ly V. (Department: 2135)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C709S223000
Reexamination Certificate
active
06738909
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Technical Field
The present invention relates generally to an improved distributed data processing system and in particular to a method and apparatus for establishing connections between nodes in a distributed data processing system. Still more particularly, the present invention relates to a method and apparatus for automatically configuring secure connections between nodes in a distributed data processing system.
2. Description of Related Art
The Internet, also referred to as an “internetwork”, is a set of computer networks, possibly dissimilar, joined together by means of gateways that handle data transfer and the conversion of messages from the sending network to the protocols used by the receiving network (with packets if necessary). When capitalized, the term “Internet” refers to the collection of networks and gateways that use the TCP/IP suite of protocols.
The Internet has become a cultural fixture as a source of both information and entertainment. Many businesses are creating Internet sites as an integral part of their marketing efforts, informing consumers of the products or services offered by the business or providing other information seeking to engender brand loyalty. Many federal, state, and local government agencies are also employing Internet sites for informational purposes, particularly agencies which must interact with virtually all segments of society such as the Internal Revenue Service and secretaries of state. Providing informational guides and/or searchable databases of online public records may reduce operating costs. Further, the Internet is becoming increasingly popular as a medium for commercial transactions.
Currently, the most commonly employed method of transferring data over the Internet is to employ the World Wide Web environment, also called simply “the Web”. Other Internet resources exist for transferring information, such as File Transfer Protocol (FTP) and Gopher, but have not achieved the popularity of the Web. In the Web environment, servers and clients effect data transaction using the Hypertext Transfer Protocol (HTTP), a known protocol for handling the transfer of various data files (e.g., text, still graphic images, audio, motion video, etc.). The information in various data files is formatted for presentation to a user by a standard page description language, the Hypertext Markup Language (HTML).
Often times, it is desirable to set up a secure communications channel for all data transmitted between different computers. This cannot be achieved with a mechanism like a secure that is used in a browser. Thus an alternate technology called IP security is used to set up a secure tunnel. This secure communications channel is also referred to as a “tunnel” or “security tunnel”. In order to setup secure communications between machines, a variety of security parameters are negotiated, then the characteristics of the IP stack are altered to use those negotiated parameters. In setting up a tunnel, different rules are used to specify how data is to be handled. Presently, these rules are typically placed in a filter table, which is used to identify how data is to be treated in a tunnel. These rules must be ordered from more general to more specific. For example, a rule used for hosts is more specific than rules for subnets. Therefore, a rule for hosts should be placed before a rule for subnets in a filter table.
Presently, users must create and order the security rules for each tunnel. Such a process is time consuming and tedious. Further, having users create and order security rules for each tunnel also is error prone. Therefore, it would be advantageous to have an improved method and apparatus for configuring tunnels.
SUMMARY OF THE INVENTION
The present invention provides a method and apparatus for use in a data processing system for automatically creating and ordering rules without user intervention rules to map data for a tunnel. A request is received to create a tunnel to another data processing system. A granularity of information about the data processing system is identified to form an identified granularity. The identified granularity of the information about the data processing system is used to select a rule, which matches the identified granularity. This rule is placed in a filter, wherein the filter associates data packets with the tunnel.
REFERENCES:
patent: 5835726 (1998-11-01), Shwed et al.
patent: 5898784 (1999-04-01), Kirby et al.
patent: 6330562 (2001-12-01), Boden et al.
patent: 6643776 (2003-11-01), Boden et al.
“Configuring Accept Policies”, Bay Networks Apr. 16, 1996, 2 pages. (http://www.ifb.com.pl/~mateo/bgp/ip/2917A-260.html).*
“AIX IP Security”, AIXpert Magazine, Mar. 1998, 8 pages. (http://www-1.ibm.com/servers/aix/products/ibmsw/security/vpn/techref/m98chang.pdf).
Cheng Pau-Chen
Fiveash William Alton
Kompella Vachaspathi Peter
Wenzel Christiaan Blake
Wilson Jacqueline Hegedus
Baum Ronald
Emile Volel
Hua Ly V.
International Business Machines - Corporation
Walder, Jr. Stephen J.
LandOfFree
Method and apparatus for automatic configuration for... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for automatic configuration for..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for automatic configuration for... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3228196