Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular node for directing data and applying cryptography
Reexamination Certificate
2002-10-31
2008-03-18
Sheikh, Ayaz (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular node for directing data and applying cryptography
C713S171000, C709S201000, C726S014000
Reexamination Certificate
active
07346770
ABSTRACT:
The invention uses a three phase IKE protocol main mode negotiation to implement a port float algorithm that permits UDP encapsulated ESP traffic to traverse an IPSec-aware NAT. The NAT is connected to a plurality of client computers on a private network and provides an interface between the client computers and a server connected to a public network. In a first phase, a client and the server determine whether both are capable of sending UDP encapsulated ESP packets. In a second phase, the client and server conduct NAT discovery and determine whether the client, server, or both operate behind a NAT. In a third phase, the client and server initiate a port float algorithm, moving a destination UDP port specified in IKE packets from a first port value to a second port value. The server maintains a data structure that allows the server to identify the client sending IKE packets after exiting the second phase and entering the third phase.
REFERENCES:
patent: 6822957 (2004-11-01), Schuster et al.
patent: 6886103 (2005-04-01), Brustoloni et al.
patent: 6957346 (2005-10-01), Kivinen et al.
patent: 6957946 (2005-10-01), Vander Kley
patent: 6996842 (2006-02-01), Strahm et al.
patent: 7032242 (2006-04-01), Grabelsky et al.
patent: 7143137 (2006-11-01), Maufer et al.
patent: 7143188 (2006-11-01), Maufer et al.
patent: 2001/0020273 (2001-09-01), Murakawa
patent: 2002/0046348 (2002-04-01), Brustoloni
patent: 2002/0097724 (2002-07-01), Halme et al.
patent: 2002/0133602 (2002-09-01), Godwin et al.
patent: 2003/0018813 (2003-01-01), Antes et al.
patent: 2003/0135616 (2003-07-01), Carrico et al.
patent: 2003/0145227 (2003-07-01), Boden
patent: WO 00/78008 (2000-12-01), None
U.S. Appl. No. 10/337,763, filed Jan. 7, 2003, Swander.
U.S. Appl. No. 10/348,594, filed Jan. 21, 2003, Swander et al.
IP Security Protocol Working Group (IPSEC) Internet Draft, Category: Standards track, Expires: Jun. 2003—UDP Encapsulation of IPsec Packets draft-ietf-ipsec-udp-encaps-05.txt, Dec. 2002, 10 pp.
Network Working Group, Request for Comments: 2406, Obsoletes: 1827, Category: Standards Track—IP Encapsulating Security Payload (ESP), Nov. 1998, 20 pp.
IPSec Working Group, Internet-Draft, Category: Informational, <draft-ietf-ipsec-nat-reqts-02.txt>, Aug. 18, 2002—IPsec-NAT Compatibility Requirements, 15 pp.
ipSEC Express—SSH IPSEC Express, White Paper, Version 2.0, Mar. 1999, 23 pp.
Network Working Group, Request for Comments: 2401, Obsoletes: 1825, Category: Standards Track—Security Architecture for the Internet Protocol, 58 pp.
IPSEC Working Group, Internet-Draft, draft-ieft-ipsec-ike-01.txt: The Internet Key Exchange (IKE), <draft-ietf-ipsec-ike-01.txt>, 36 pp.
Network Working Group, Request for Comments: 2663, Category: Informational, IP Network Address Translator (NAT) Terminology and Considerations, Aug. 1999, 27 pp.
Dixon William H.
Swander Brian D.
Doan Trang
Microsoft Corporation
Sheikh Ayaz
Wolf Greenfield & Sacks P.C.
LandOfFree
Method and apparatus for traversing a translation device... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for traversing a translation device..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for traversing a translation device... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3964444