Method and apparatus for extending network address...

Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C713S160000, C713S152000

Reexamination Certificate

active

06886103

ABSTRACT:
Clients that are connected on a private network and which are assigned a private IP address that is not routable on the Internet can connect to the Internet through a router/server that includes a network address translator (NAT). For outgoing packets, the NAT translates the client's private source IP address and generalized port number (GPN) to the NAT's global IP address and GPN. For incoming packets sent to the NAT's global IP address and GPN, the NAT translates the global destination IP address and GPN to the client's private IP address and GPN. For protocols which cannot be directly supported by the NAT, such as those in the IPSec security protocol suite, the NAT is extended by creating in the NAT's translation table an entry that associates, for a specific unsupported protocol, a client's private IP address and GPN, the NAT's global IP address and GPN, and a foreign address on the Internet, that is valid until a specified or default expiration time. Outgoing packets from the client to that foreign address and incoming packets from that foreign address to the NAT's global IP address and GPN are translated according to the entry until the entry expires. In associations with these translations to outgoing and incoming packets, the client implements any Application Layer Gateway (ALG) that would otherwise be implemented at the NAT. Further, at the client, outgoing packets are modified before being transmitted so as to pre-compensate for the effects of the translations. Incoming packets at the client from the NAT are similarly modified so as to post-compensate for the effects of the translations. For the IPSec protocol, these modification include adjusting the checksum in the TCP or UDP header to account for IP address and TCP or UDP port number translations.

REFERENCES:
patent: 6631402 (2003-10-01), Devine et al.
patent: 6697354 (2004-02-01), Borella et al.
S. Kent and R. Atkinson, “Security Architecture for the Internet Protocol,” IETF, RFC 2401, Nov. 1998.
S. Deering and R. Hinden, “Internet Protocol, Version 6 (Ipv6) Specification,” IETF, RFC 2460, Dec. 1998.
S. Kent and R. Atkinson, “IP Authentication Header,” IEFT, RFC 2402, Nov. 1998.
S. Kent and R. Atkinson, “IP Encapsulating Security Payload (ESP),” IEFT, RFC 2406, Nov. 1998.
D. Maughan, M. Scherlter, M. Schneider and J. Turner, “Internet Security Association and Key Management Protocol (ISAKMP),” IETF, RFC 2408, Nov. 1998.
C. Madson and R. Glenn, “The Use of HMAC-MD5-96 within ESP and AH,” IETF, RFC 2403, Nov. 1998.
C. Madson and N. Doraswamy, “The ESP DES-CBC Cipher Algorithm with Explicit IV,” IETF, RFC 2405, Nov. 1998.
D. Harkins and D. Carrel, “The Internet Key Exchange (IKE),” IETF, RFC 2409, Nov. 1998.
C. Madson and R. Glenn, “The Use of HMAC-SHA-1-96 within ESP and AH,” RFC 2404, Nov. 1998.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Method and apparatus for extending network address... does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Method and apparatus for extending network address..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for extending network address... will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-3396389

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.