Information security – Access control or authentication – Network
Reexamination Certificate
2006-12-26
2006-12-26
Sheikh, Ayaz (Department: 2131)
Information security
Access control or authentication
Network
C370S392000
Reexamination Certificate
active
07155740
ABSTRACT:
Linux's NAT (Network Address Translator) implementation, IP Masquerade, includes a VPN Masquerade feature that provides interoperation of NAT with IKE and ESP tunnel mode within the IPSec security protocol suite. VPN Masquerade uses heuristics to route packets from a server on the Internet to a client on a local network that shares access to the Internet with other clients over a common access link through a router running NAT. VPN Masquerade, however, is susceptible to crashes, collisions and race conditions that can disable IPSec communication. These are prevented, or recovery from such is automatically effected, by sending over a tunnel a control packet, a “ping”, from the client at one end of the tunnel to the server at the other end of the tunnel, and then waiting to send any packets other than a control packet over the tunnel until a responsive control packet is received from the server.
REFERENCES:
patent: 5805803 (1998-09-01), Birrell et al.
patent: 6615357 (2003-09-01), Boden et al.
patent: 6678258 (2004-01-01), Capurka et al.
patent: 6765931 (2004-07-01), Rabenko et al.
patent: 6795917 (2004-09-01), Ylonen
patent: 6832322 (2004-12-01), Boden et al.
patent: 6886103 (2005-04-01), Brustoloni et al.
patent: 6963982 (2005-11-01), Brustoloni et al.
patent: 2001/0034831 (2001-10-01), Brustoloni et al.
patent: 2002/0029276 (2002-03-01), Bendinelli et al.
patent: 2002/0083344 (2002-06-01), Vairavan
patent: 2003/0179742 (2003-09-01), Ogier et al.
Website: http://www.ietf.org/rfc/rfc2401.txt?number=2401 “Security Architecture for the Internet Protocol”, Nov. 1998.
Website: http://www.ietf.org/rfc/rfc2409.txt?number=2409 “The Internet Key Exchange (IKE)”, Nov. 1998.
Website: http://www.ietf.org/rfc/rfc2406.txt?number=2406 “IP Encapsulating Security Payload (ESP)”, Nov. 1998.
Website: http://wp.netscape.com/eng/ssl3/draft302.txt “The SSL Protocol Version 3.0”, Nov. 18, 1998.
Website: http://www.impsec.org/linux/masquerade/ip—masq—vpn.html “Linux VPN Masquerade”, submitted as prior art by applicant.
Eun-Sang Lee, Hyun-Seok Chae, Byoung-Soo Park, Myung-Ryul Choi, “An Expanded NAT with Server Connection Ability”, Sep. 15-17, 1999, TENCON 99. Proceedings of the IEEE Region 10 Conference, vol. 2, pp. 1391-1394.
Website: http://www.rfc-editor.org/rfc/rfc2409.t, “The Internet Key Exchange (IKE)” pp. 1-36, Oct. 26, 2000.
Website: http://www.rfc-editor.org/rfc/rfc2401.t, “Security Architecture for the Internet Protocol” pp. 1-57, Oct. 26, 2000.
Website: http://www.impsec.org/linux/masquerade/ip—masq—vpn.html, “Linux VPN Masquerade” pp. 1-6, May 23, 2001.
Website: http://www.rfc-editor.org/rfc/rfc2402.t, “IP Authentication Header” pp. 1-19, Oct. 26, 2000.
Website: http://www.rfc-editor.org/rfc/rfc2460.t, “Internet Protocol, Version 6 (Ipv6) Specification” pp. 1-34, Oct. 26, 2000.
Website: http://www.rfc-editor.org/rfc/rfc2406.t, “IP Encapsulating Security Payload (ESP)” pp. 1-19, Oct. 26, 2000.
Website: http://www.rfc-editor.org/rfc/rfc2408.t, “nternet Security Association and Key Management Protocol (ISAKMP)” pp. 1-75, Oct. 26, 2000.
U.S. Appl. No. 09/698,973, filed Oct. 27, 2000, Brustolini.
U.S. Appl. No. 09/698,978, filed Oct. 27, 2000, Brustoloni.
Abrishamkar Kaveh
Gurey Stephen M.
Lucent Technologies - Inc.
Sheikh Ayaz
LandOfFree
Method and apparatus for robust NAT interoperation with... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for robust NAT interoperation with..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for robust NAT interoperation with... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3714600