Multiplex communications – Pathfinding or routing – Switching a message which includes an address header
Reexamination Certificate
1999-12-10
2004-09-28
Patel, Ajit (Department: 2664)
Multiplex communications
Pathfinding or routing
Switching a message which includes an address header
C370S475000
Reexamination Certificate
active
06798782
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to data processing systems and, more particularly, to a private network using a public-network infrastructure.
BACKGROUND OF THE INVENTION
As part of their day-to-day business, many organizations require an enterprise network, a private network with lease lines, dedicated channels, and network connectivity devices, such as routers, switches, and bridges. These components, collectively known as the network's “infrastructure,” are very expensive and require a staff of information technology personnel to maintain them. This maintenance requirement is burdensome on many organizations whose main business is not related to the data processing industry (e.g., a clothing manufacturer) because they are not well suited to handle such data processing needs.
Another drawback to enterprise networks is that they are geographically restrictive. The term “geographically restrictive” refers to the requirement that if a user is not physically located such that they can plug their device directly into the enterprise network, the user cannot typically utilize it. To alleviate the problem of geographic restrictiveness, virtual private networks have been developed.
In a virtual private network (VPN), a remote device or network connected to the Internet may connect to the enterprise network through a firewall. This allows the remote device to access resources on the enterprise network even though it may not be located near any component of the enterprise network. For example,
FIG. 1
depicts a VPN
100
, where enterprise network
102
is connected to the Internet
104
via firewall
106
. By using VPN
100
, a remote device D
1
108
may communicate with enterprise network
102
via Internet
104
and firewall
106
. Thus, D
1
108
may be plugged into an Internet portal virtually anywhere within the world and make use of the resources on enterprise network
102
.
To perform this functionality, D
1
108
utilizes a technique known as tunneling to ensure that the communication between itself and enterprise network
102
is secure in that it cannot be viewed by an interloper. “Tunneling” refers to encapsulating one packet inside another when packets are transferred between end points (e.g., D
1
108
and VPN software
109
running on firewall
106
). The packets may be encrypted at their origin and decrypted at their destination. For example,
FIG. 2A
depicts a packet
200
with a source Internet protocol (IP) address
202
, a destination IP address
204
, and data
206
. It should be appreciated that packet
200
contains other information not depicted, such as the source and destination port. As shown in
FIG. 2B
, the tunneling technique forms a new packet
208
out of packet
200
by encrypting it and adding both a new source IP address
210
and a new destination IP address
212
. In this manner, the contents of the original packet (i.e.,
202
,
204
, and
206
) are not visible to any entity other than the destination. Referring back to
FIG. 1
, by using tunneling, remote device D
1
108
may communicate and utilize the resources of the enterprise network
102
in a secure manner.
Although VPNs alleviate the problem of geographic restrictiveness, they impose significant processing overhead when two remote devices communicate. For example, if remote device D
1
108
wants to communicate with remote device D
2
110
, D
1
sends a packet using tunneling to VPN software
109
, where the packet is decrypted and then transferred to the enterprise network
102
. Then, the enterprise network
102
sends the packet to VPN software
109
, where it is encrypted again and transferred to D
2
. Given this processing overhead, it is burdensome for two remote devices to communicate in a VPN environment. It is therefore desirable to alleviate the need of organizations to maintain their own network infrastructure as well as to improve communication between remote devices.
SUMMARY OF THE INVENTION
Accordingly, systems and methods consistent with the present invention substantially obviate one or more of the problems due to limitations, shortcomings, and disadvantages of the related art by providing for a network that allows secure communications between nodes allowed access to the network through the use of key management.
In accordance with the present invention, as embodied and broadly described herein, a system and method is provided in a public network having a network infrastructure that is used by a private network over which a plurality of nodes communicate, which establishes an address pair for each node of the private network including a virtual address within the private network assigned by an authentication module and a real address indicating a physical location associated with each node; and sends a message from a source node to a destination node including an address pair for the source node such that the real address of the source node is determinable only by an address resolution module and a real identity of the source node is determinable only by the authentication module.
Both the foregoing general description and the following detailed description are exemplary and explanatory only, and merely provide further explanation of the claimed invention.
REFERENCES:
patent: 4825354 (1989-04-01), Agrawal et al.
patent: 5220604 (1993-06-01), Gasser et al.
patent: 5331637 (1994-07-01), Francis et al.
patent: 5335346 (1994-08-01), Fabbio
patent: 5519833 (1996-05-01), Agranat et al.
patent: 5570366 (1996-10-01), Baker et al.
patent: 5572528 (1996-11-01), Shuen
patent: 5623601 (1997-04-01), Vu
patent: 5696763 (1997-12-01), Gang, Jr.
patent: 5720035 (1998-02-01), Allegre et al.
patent: 5732137 (1998-03-01), Aziz
patent: 5835723 (1998-11-01), Andrews et al.
patent: 5856974 (1999-01-01), Gervais et al.
patent: 5884024 (1999-03-01), Lim et al.
patent: 5931947 (1999-08-01), Burns et al.
patent: 5933420 (1999-08-01), Jaszewski et al.
patent: 5960177 (1999-09-01), Tanno
patent: 5987506 (1999-11-01), Carter et al.
patent: 5999531 (1999-12-01), Ferolito et al.
patent: 6061346 (2000-05-01), Nordman
patent: 6061796 (2000-05-01), Chen et al.
patent: 6078586 (2000-06-01), Dugan et al.
patent: 6128298 (2000-10-01), Wootton et al.
patent: 6130892 (2000-10-01), Short et al.
patent: 6158011 (2000-12-01), Chen et al.
patent: 6219694 (2001-04-01), Lazaridis et al.
patent: 6226751 (2001-05-01), Arrow et al.
patent: 6236652 (2001-05-01), Preston et al.
patent: 6279029 (2001-08-01), Sampat et al.
patent: 6307837 (2001-10-01), Ichikawa et al.
patent: 6308282 (2001-10-01), Huang et al.
patent: 6327252 (2001-12-01), Silton et al.
patent: 6330671 (2001-12-01), Aziz
patent: 6333918 (2001-12-01), Hummel
patent: 6335926 (2002-01-01), Silton et al.
patent: 6374298 (2002-04-01), Tanno
patent: 6377997 (2002-04-01), Hayden
patent: 6393484 (2002-05-01), Massarani
patent: 6415323 (2002-07-01), McCanne et al.
patent: 6452925 (2002-09-01), Sistanizadeh et al.
patent: 6487600 (2002-11-01), Lynch
patent: 6505255 (2003-01-01), Akatsu et al.
patent: 6507908 (2003-01-01), Caronni
patent: 6515974 (2003-02-01), Inoue et al.
patent: 6557037 (2003-04-01), Provino
patent: 6567405 (2003-05-01), Borella et al.
patent: 6615349 (2003-09-01), Hair
patent: 0 702 477 (1996-03-01), None
patent: 0 813 327 (1997-12-01), None
patent: 0 887 981 (1998-12-01), None
patent: 0 702 477 (1999-07-01), None
patent: WO 89/08887 (1989-09-01), None
patent: WO 97/48210 (1997-12-01), None
patent: WO 98/18269 (1998-04-01), None
patent: WO 98/32301 (1998-07-01), None
patent: WO 99/11019 (1999-03-01), None
patent: WO 99/38081 (1999-07-01), None
Iona Technologies, “Introduction to OrbixOTM”, IONA Technologies PLC, Jun. 1999, PLC XP002178409, Online, retrieved from the Internet: <URL: http://www.iona.com/docs/manuals/orbixotm/30/pdf/0rbixotm30_intro.pdf>, retrieved Sep. 25, 2001.
Iona Technologies, “Orbix C++ Administrator's Guide”, Iona Technologies PLC, Feb. 1999, XP002178410, Online, retrived from the internet <URL: http://www.iona.com/docs/manuals/orbix/301/pdf/0rbix301_admin.pdf>
Caronni Germano
Gupta Amit
Kumar Sandeep
Markson Tom R.
Schuba Christoph L.
Finnegan Henderson Farabow Garrett & Dunner L.L.P.
Patel Ajit
Shah Chirag
Sun Microsystems Inc.
LandOfFree
Truly anonymous communications using supernets, with the... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Truly anonymous communications using supernets, with the..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Truly anonymous communications using supernets, with the... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3213932