Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2005-04-26
2005-04-26
Morse, Gregory (Department: 2134)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S160000, C713S152000
Reexamination Certificate
active
06886103
ABSTRACT:
Clients that are connected on a private network and which are assigned a private IP address that is not routable on the Internet can connect to the Internet through a router/server that includes a network address translator (NAT). For outgoing packets, the NAT translates the client's private source IP address and generalized port number (GPN) to the NAT's global IP address and GPN. For incoming packets sent to the NAT's global IP address and GPN, the NAT translates the global destination IP address and GPN to the client's private IP address and GPN. For protocols which cannot be directly supported by the NAT, such as those in the IPSec security protocol suite, the NAT is extended by creating in the NAT's translation table an entry that associates, for a specific unsupported protocol, a client's private IP address and GPN, the NAT's global IP address and GPN, and a foreign address on the Internet, that is valid until a specified or default expiration time. Outgoing packets from the client to that foreign address and incoming packets from that foreign address to the NAT's global IP address and GPN are translated according to the entry until the entry expires. In associations with these translations to outgoing and incoming packets, the client implements any Application Layer Gateway (ALG) that would otherwise be implemented at the NAT. Further, at the client, outgoing packets are modified before being transmitted so as to pre-compensate for the effects of the translations. Incoming packets at the client from the NAT are similarly modified so as to post-compensate for the effects of the translations. For the IPSec protocol, these modification include adjusting the checksum in the TCP or UDP header to account for IP address and TCP or UDP port number translations.
REFERENCES:
patent: 6631402 (2003-10-01), Devine et al.
patent: 6697354 (2004-02-01), Borella et al.
S. Kent and R. Atkinson, “Security Architecture for the Internet Protocol,” IETF, RFC 2401, Nov. 1998.
S. Deering and R. Hinden, “Internet Protocol, Version 6 (Ipv6) Specification,” IETF, RFC 2460, Dec. 1998.
S. Kent and R. Atkinson, “IP Authentication Header,” IEFT, RFC 2402, Nov. 1998.
S. Kent and R. Atkinson, “IP Encapsulating Security Payload (ESP),” IEFT, RFC 2406, Nov. 1998.
D. Maughan, M. Scherlter, M. Schneider and J. Turner, “Internet Security Association and Key Management Protocol (ISAKMP),” IETF, RFC 2408, Nov. 1998.
C. Madson and R. Glenn, “The Use of HMAC-MD5-96 within ESP and AH,” IETF, RFC 2403, Nov. 1998.
C. Madson and N. Doraswamy, “The ESP DES-CBC Cipher Algorithm with Explicit IV,” IETF, RFC 2405, Nov. 1998.
D. Harkins and D. Carrel, “The Internet Key Exchange (IKE),” IETF, RFC 2409, Nov. 1998.
C. Madson and R. Glenn, “The Use of HMAC-SHA-1-96 within ESP and AH,” RFC 2404, Nov. 1998.
Brustoloni Jose C.
Garay Juan Alberto
Gurey Stephen M.
Lucent Technologies - Inc.
Morse Gregory
Tran Ellen
LandOfFree
Method and apparatus for extending network address... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for extending network address..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for extending network address... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3396389