Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing – Session/connection parameter setting
Reexamination Certificate
1998-11-02
2002-03-19
Maung, Zarni (Department: 2154)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
Session/connection parameter setting
C709S225000, C709S229000, C709S250000
Reexamination Certificate
active
06360269
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates generally to the field of data communications and, more specifically, the present invention relates to data communications through the Internet.
2. Background Information
The traditional workplace is generally thought of as a single location to which all employees commuted and worked during the day. With the explosion of technology, the definition of the workplace is expanding to include telecommuters as well as employees that work while traveling. In addition, employees may often need the ability to login remotely from their home or laptop computer systems to their employer's corporate networks for any number of reasons including accessing or transferring files or simply checking their electronic mail.
FIG. 1
shows a computer system
101
remotely connected to a local area network (LAN)
131
. As shown in
FIG. 1
, computer system
101
is coupled to LAN
131
through a modem
103
. Modem
103
is connected to modem
105
through a connection
127
. Modem
105
is connected to a LAN bus
107
, to which a plurality of other network resources are attached. For example,
FIG. 1
shows that computer systems
1
13
and
117
are coupled to LAN bus
107
through network interfaces
111
and
115
, respectively.
A disadvantage with the setup described above for remotely coupling computer system
101
to corporate LAN
131
through the modems
103
and
105
is that connection
127
is typically a telephone connection through a public switched telephone network. Thus, if computer system
101
is located a great physical distance away from LAN
131
, connection
127
may be a long distance telephone call, which could be quite expensive if used often or for long periods of time.
FIG. 1
also shows that in the alternative, computer system
101
may be coupled to LAN
131
through the Internet
119
. As shown in
FIG. 1
, computer system
101
connects to an Internet service provider (ISP)
121
through connection
133
. Typically, connection
133
is a local telephone call, which is more cost-effective in comparison with connection
127
in the event that connection
127
is a long distance telephone call.
FIG. 1
shows that ISP
121
is connected to a gateway system
109
through a connection
129
through the Internet
119
. Gateway system
109
is connected to LAN
131
through LAN bus
107
.
There are a variety of different protocols that may be used for connection
129
between ISP
121
and gateway system
109
. One such example protocol is the Point-to-Point Tunnel Protocol (PPTP). A shortcoming of this protocol is that it does not provide complete security in connection
129
. As is known to those skilled in the art, the control channel of a PPTP connection is not encrypted. Consequently, it would be relatively easy for an intruder
125
to intercept the non-protected communications in connection
129
between ISP
121
and gateway system
109
and conceivably eavesdrop on communications, disrupt communications, or possibly even masquerade as one of the two parties.
One known protocol providing secured communications through the Internet
119
is the Internet Security Association and Key Management Protocol (ISAKMP)/Oakley protocol combined with Internet Protocol Security (IPSec). ISAKMP/Oakley is used for key management and IPSec is used for transferring encrypted data. As is known to those skilled in the art, the ISAKMP/Oakley protocol was designed to be used primarily for providing secured static host to host communications through the Internet
119
between networks that are not shut down often. For example, a pair of networks such as LAN
131
could communicate securely through the Internet
119
using the ISAKMP/Oakley protocol with IPSec. When designing the ISAKMP/Oakley protocol, it was assumed that the secured host to host (e.g. firewall to firewall) communications through the Internet
119
between networks would be relatively static. That is, the connections between the networks would remain active for relatively long periods of time and therefore would not be dropped frequently.
One disadvantage of using the ISAKMP/Oakley protocol with IPSec in the example illustrated in
FIG. 1
is that computer system
101
accesses the Internet
119
through modem
103
. As is known to those skilled in the art, it is known that modem connections to the Internet
119
may drop often. For example, if connection
133
is on a noisy telephone line or if for example connection
133
includes the call waiting service, connection
133
could be dropped unexpectedly. As is known to those skilled in the art, the ISAKMP/Oakley protocol does not provide a keepalive feature. Consequently, LAN
131
would not be aware that computer system
101
was no longer reachable until the connection between computer system
101
and LAN
131
times out. Generally, ISAKMP/Oakley connections time out after attempts to renegotiate the policy and keys used to secure the communications link have failed. It is appreciated that the attempts to renegotiate the policy and keys to secure communications under the ISAKMP/Oakley protocol are computationally intensive operations and are therefore not performed at a high enough frequency to detect quickly and reliably that computer system
101
is no longer reachable through Internet
119
.
SUMMARY OF THE INVENTION
A method of verifying the reachability of a remote box from a local box is disclosed. In one embodiment, the method includes the steps of establishing a protected Internet communications link between the local box and the remote box. A protected keepalive message is transmitted to the remote box from the local box. The protected Internet communications link is terminated if the remote box fails to transmit to the local box a protected acknowledgement message in response to the protected keepalive message. Additional features and benefits of the present invention will become apparent from the detailed description, figures and claims set forth below.
REFERENCES:
patent: 5351290 (1994-09-01), Naeini et al.
patent: 5553239 (1996-09-01), Heath et al.
patent: 5633933 (1997-05-01), Aziz
patent: 5822434 (1998-10-01), Caronni et al.
patent: 5996001 (1999-11-01), Quarles et al.
patent: 6115040 (2000-09-01), Bladow et al.
patent: 6147987 (2000-11-01), Chau et al.
patent: WO 97 26735 (1997-07-01), None
Patel BV and Jeronimo M: “Revised SA Negotiation Mode for ISAKMP/Oakley”, Internet Draft, Nov., 1977.
Kent S and Atkinson R: “Security Architecture for the Internet Protocol”, Internet Draft, Jul. 1998.
Harkins D and Carrel D: “The Internet Key Exchange (IKE)”, Internet Draft, Jun. 1988.
Orman HK: “The Oakley Key Determination Protocol”, Internet Draft, Aug. 1998.
Maughan D., et al. “Internet Security Association and Key Management Protocol (ISAKMP)”, Internet Draft, Jul. 3, 1998.
“TCP/IP and IPX Routing Tutorial”, at http://www.sangoma.com/fguide.htm, Sangoma Technologies, Inc. 1998.
“Cisco Enterprise Security Solutions Standards”, at http://cio.cisco.co.jp/warp/putlic/779/largeent/security/standard.html, Cisco Systems, Inc. 1997.
“ISAKMP and Oakley” at http://www.cisco.com/putlic/library/isakmp/isakmp.html, Cisco Systems, Inc., May 1997.
Hannigan Kerry M.
Mamros Shawn
Blakely , Sokoloff, Taylor & Zafman LLP
Nortel Networks Limited
LandOfFree
Protected keepalive message through the internet does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Protected keepalive message through the internet, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Protected keepalive message through the internet will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2835256