Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing
Reexamination Certificate
2002-10-02
2004-06-22
Barot, Bharat (Department: 2155)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
C709S203000, C709S229000, C709S230000, C713S152000, C370S401000
Reexamination Certificate
active
06754712
ABSTRACT:
BACKGROUND OF THE INVENTION
This invention relates generally to network systems and more particularly to a virtual dial-up system used for accessing a private local network through an internet access service.
FIG. 1
is a prior art internetwork system
12
which includes multiple dial-up network access servers (NAS)
14
also referred to as points of presence (POPs). The POPs
14
can be located at different geographical locations around the world. An internet service provider (ISP) operates multiple POPs
14
through a backbone network
16
. The ISP network
16
is connected to an internet infrastructure, referred to generally as internet
18
. Different clients
26
dial into a POP
14
in order to access the internet through the ISP network
16
.
Local Area Networks (LANs)
22
are typically operated by private companies and include multiple local clients
26
. The LAN
22
is connected to internet
18
through a home gateway
20
. The home gateway
20
includes a firewall
28
that prevents unauthorized external access into the private network
22
through internet
18
. While some access is possible from outside the firewall (e.g., electronic mail), resources such as network databases and application programs are only accessible by clients located behind the firewall
28
.
An authorized client may need to access files and other resources on network
22
from remote locations, such as when working at home or while on sales trips. Privately operated POPs
24
provide the remote clients with a direct dial-up capability to network
22
. Since the POP
24
is located behind firewall
28
, a remote client can dial into POP
24
and gain full access to resources on network
22
.
In many instances, it is more cost effective for companies to outsource dial-up service to general internet service providers, such as ISP
16
. However, the firewall
28
in home gateway
20
denies access to remote clients that attempt to access LAN
22
through a general internet service provider.
Different network protocols may be used within the internet infrastructure and within the private network
22
. For example, an Internet Protocol (IP) is typically used at the network protocol level to send information through the internet
18
. However, private networks
22
may use any one of a variety of network protocols including IP, IPX, Appletalk, etc. When a remote client dials into a POP
14
, the ISP dynamically assigns an IP address to the remote client
26
. Thus, the remote client may be denied access by home gateway
20
because the IP address assigned by the ISP network
16
is not one of the authorized addresses in the LAN
22
. The remote client may also be forced by the ISP to use an IP protocol incompatible with the local network
22
. Because the IP protocol and the local LAN protocol are incompatible, the remote client is prevented from accessing resources on LAN
22
.
Accordingly, a need remains for remote client access to private networks through internet service providers while maintaining security from unauthorized internet users.
SUMMARY OF THE INVENTION
A layer two forwarding protocol (L2F) is integrated with existing network protocols to provide a virtual direct dial-up service into private networks from internet se-vice providers. A remote client accesses an ISP network access server (NAS). The NAS determines whether the remote client is requesting virtual dial-up service to a local network or standard dial-up service. If virtual dial-up service is requested, a tunnel connection is established from the NAS to a home gateway for the local network. If the home gateway acknowledges the remote client as an authorized network user, a direct dial-up session is established between the NAS and the home gateway.
The L2F allows the remote client to negotiate with the home gateway using a point-to-point link level protocol such as point-to-point protocol (PPP). The remote client can then be managed through databases controlled by the local network and gain access to resources not typically accessible through the internet. Thus, the remote client appears as a direct dial-up client to the home gateway, even through the client is accessing the home gateway remotely through the ISP.
A PPP user uses various link level protocols such as link control protocol (LCP) and network control protocol (NCP) to initially negotiate bidirectionally between the remote client and the NAS. PPP negotiates physical parameters between the remote client and the POP. For PPP, an authentication protocol such as a challenge and authorization protocol (CHAP) or a password authentication protocol (PAP) is used to verify the remote client identity. During the authentication process, the remote client encrypts a random number based on a remote client password which cannot be authenticated by the NAS. Thus, if the remote client dials up to the wrong location and the client responds, the dial-up server will not receive any password information that can be used for unauthorized access to the local network.
The NAS looks at the remote client name to determine a communication destination and requirements for establishing a tunnel connection with the home gateway. The NAS uses L2F to authenticate the remote client with the home gateway. The home gateway looks through a local database for the client name and an associated client password. The private system then independently encrypts a random number transmitted from the NAS according to the client password. If the random number encrypted by the home gateway matches the random number encrypted by the remote client, a tunnel connection is established between the NAS and the home gateway.
If the tunnel connection is established, the NAS is essentially converted from a PPP endpoint into a switch. In other words, the NAS changes from a routing mode where a communication protocol is conducted with the client to a switching mode where the POP simply sends data from one port to a tunnel. The tunnel then transmits the data to another port, regardless of the header information on transmitted data packets.
L2F tunnels at the link level frames (i.e., HDLC and async HDLC) of higher level protocols. By using tunnels, it is possible to divorce the location of the initial dial-up server from the location where the dial-up protocol connection is terminated and access to the network is provided. The PPP session can then be projected from the NAS to the home gateway appearing to the home gateway as a direct dial-up session. LCP occurs between the client and the NAS for establishing subsequent protocols used between the remote client and the local LAN. For example, an IP control protocol (IPCP) can be negotiated to establish communication between the internet and an Appletalk protocol (ATPT).
L2F provides the ability to multiplex multiple clients within a tunnel and allows the home gateway to tell different tunnels apart. From a L2F header, the home gateway determines what NAS and client the data is coming from and accordingly connects the client to the correct virtual interface. The tunneling technique used in conjunction with L2F does not require authentication or address assignment from the ISP. Thus, termination protocols and updating requirements normally performed by the ISP, and which are incompatible with private networks such as IPX and Appletalk, are not necessary.
L2F allows multiple protocols and unregistered IP addresses to be used across existing internet infrastructure. Thus, very large investments in access and core infrastructure can be shared.
REFERENCES:
patent: 4644532 (1987-02-01), George et al.
patent: 4669113 (1987-05-01), Ash et al.
patent: 5014265 (1991-05-01), Hahne et al.
patent: 5159592 (1992-10-01), Perkins
patent: 5265245 (1993-11-01), Nordstrom et al.
patent: 5274634 (1993-12-01), Babiarz
patent: 5347511 (1994-09-01), Gun
patent: 5371852 (1994-12-01), Attanasio et al.
patent: 5416842 (1995-05-01), Aziz
patent: 5426637 (1995-06-01), Derby et al.
patent: 5437013 (1995-07-01), Rubin
patent: 5581552 (1996-12-01), Civanlar et al.
patent: 5602918 (1997-02-01), Chen et a
Barot Bharat
Cisco Techonology, Inc.
Marger Johnson & McCollom PC
LandOfFree
Virtual dial-up protocol for network communication does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Virtual dial-up protocol for network communication, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Virtual dial-up protocol for network communication will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3364509