Multiplex communications – Pathfinding or routing – Switching a message which includes an address header
Reexamination Certificate
2011-03-08
2011-03-08
Wu, Daniel (Department: 2612)
Multiplex communications
Pathfinding or routing
Switching a message which includes an address header
C370S402000, C370S404000
Reexamination Certificate
active
07903671
ABSTRACT:
Disclosed are methods and apparatus for methods and apparatus for facilitating a secure connection between a first and a second node in a computer network where one or both of the nodes may or may not reside behind a network address translation (NAT) enabled gateway. Embodiments of the present invention provide a seamless integration by providing a uniform solution for establishing secure connections, such as IPSEC, between two nodes irrespective of whether they are behind a NAT-enabled gateway or not. In general, a gateway is operable to receive a request from a remote host for a secure connection to a local host that within the home network of the gateway. The gateway then forwards this received request to a NAT traversal service. The NAT traversal service receives the request and then automatically sends an initiation message to set up a secure session, e.g., performing authentication and exchanging keys. In a specific aspect, the setup data utilizes an IKE (Internet Key Exchange) initiation message that is sent to the originator of the request via the gateway. Upon receipt of this initiation message, the gateway is then able to set up a two way connection to allow other setup data to flow between the remote and local hosts to complete the setup session and then secure data to flow between the remote and local hosts in a secure communication session, such as in IPSec or VPN session.
REFERENCES:
patent: 6870837 (2005-03-01), Ho et al.
patent: 6976176 (2005-12-01), Schier
patent: 2003/0212907 (2003-11-01), Genty et al.
patent: 2004/0088537 (2004-05-01), Swander
patent: 1328105 (2003-07-01), None
Haluk Aydin, “NAT Traversal: Peace Agreement Between NAT and IPSEC”, Aug. 12, 2001, SANS Institute 2001.
G. Montenegro, “RSIP Support to End-to-end IPsec”, Oct. 2001, RFC: 3104, Copyright The Internet Society (2001).
P. Srisuresh, “Security Model with Tunnel-mode IPsec for NAT Domains”, RFC:2709, Copyright The Internet Society (1999).
B. Aboba, “IPsec-Network Address Translation (NAT) Compatibility Requirements”, RFC: 3715, Copyright The Internet Society (2004).
S. Kent, “Security Architecture for the Internet Protocol”, Nov. 1998, RFC: 2401, Copyright The Internet Society (1998).
W. Simpson, “IP in IP Tunneling”, Oct. 1996, RFC: 1853.
J. Touch, “Use of IPsec Transport Mode for Dynamic Routing”, Sep. 2004, RFC: 3884, Copyright The Internet Society (2004).
R. Atkinson, IP Encapsulating Security Payload (ESP), Aug. 1995, RFC: 1827.
C. Perkins, “IP Encapsulation within IP”, Oct. 1996, RFC: 2003.
International Search Report received in corresponding PCT Application No. PCT/US2006/030164, dated Feb. 9, 2007.
Written Opinion received in corresponding PCT Application No. PCT/US2006/030164, dated Feb. 9, 2007.
Examination Report dated Nov. 30, 2009 for European Patent Application No. 06789235.6. [CISCP444EP].
Brahmbhatt Deepali Apurva
Enright Mark
Cisco Technology Inc.
Ott Frederick
Weaver Austin Vileneuve & Sampson LLP
Wu Daniel
LandOfFree
Service for NAT traversal using IPSEC does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Service for NAT traversal using IPSEC, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Service for NAT traversal using IPSEC will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2641954