Information security – Access control or authentication – Network
Reexamination Certificate
2007-01-02
2007-01-02
Moazzami, Nasser (Department: 2136)
Information security
Access control or authentication
Network
C726S003000, C726S015000, C713S150000, C713S160000, C713S161000, C713S168000, C709S220000, C709S225000, C709S229000
Reexamination Certificate
active
10142608
ABSTRACT:
A method and system for enabling secure IPsec tunnels within NAT without compromising security. A local network is configured with a gateway machine connected to the Internet and having an IPsec ID for interfacing with the Internet and a local IP/interface address for interfacing with the local network. Client machines are connected to the gateway machine and communicate with the Internet via the gateway and network address translation (NAT) techniques. Each client machine is configured with a local IP/interface address. The client machines are also provided with an alias of the IPsec ID for the gateway machine. When an IPsec request is received by the gateway machine to establish a tunnel (secure communication) with one of the clients, the gateway machine forwards the packet to the particular client using NAT. The client machine receives the request and since it has an alias of the gateway's IPsec ID, the client machine will confirm that it has one of the IPsec IDs in the packet. The client machine sends the reply packet back to the gateway machine, which then forwards it to the requesting machine over the Internet. The requesting machine receives the packet and a confirmation that it has reached its intended recipient and opens the secure IKE tunnel with the particular client via the gateway machine. In this manner authentication of the IKE tunnel and establishment of a secure IPsec session is completed with a client machine that is accessible only via a gateway implementing NAT.
REFERENCES:
patent: 6631416 (2003-10-01), Bendinelli et al.
patent: 6826684 (2004-11-01), Fink et al.
patent: 6886103 (2005-04-01), Brustoloni et al.
patent: 6944183 (2005-09-01), Iyer et al.
patent: 6996628 (2006-02-01), Keane et al.
patent: 2002/0010866 (2002-01-01), McCullough et al.
patent: 2002/0016926 (2002-02-01), Nguyen et al.
patent: 2002/0023210 (2002-02-01), Tuomenoksa et al.
patent: 2002/0046348 (2002-04-01), Brustoloni
Mukundan, D., et al, ‘Implementation of IPSEC-NAT compatibility with UDP encapsulation of IPSEC packets’, Dept. EE & CS, Univ. of Kansas, 2001, entire document, http://www.ittc.ku.edu/˜kpm/ipsec—udp—encap/.
Genty Denise Marie
Tesauro James Stanley
Unnikrishnan Ramachandran
Baum Ronald
Dillon & Yudell LLP
Moazzami Nasser
Salys Casimer K.
LandOfFree
Secure IPsec tunnels with a background system accessible via... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure IPsec tunnels with a background system accessible via..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure IPsec tunnels with a background system accessible via... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3737299