[go: up one dir, main page]

GB2317792B - Virtual private network on application gateway - Google Patents

Virtual private network on application gateway

Info

Publication number
GB2317792B
GB2317792B GB9719816A GB9719816A GB2317792B GB 2317792 B GB2317792 B GB 2317792B GB 9719816 A GB9719816 A GB 9719816A GB 9719816 A GB9719816 A GB 9719816A GB 2317792 B GB2317792 B GB 2317792B
Authority
GB
United Kingdom
Prior art keywords
message
private network
virtual private
protocol stack
network protocol
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
GB9719816A
Other versions
GB9719816D0 (en
GB2317792A (en
Inventor
Spence Minear
Edward B Stockwell
Jongh Troy De
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Secure Computing LLC
Original Assignee
Secure Computing LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US08/715,343 external-priority patent/US5983350A/en
Priority claimed from US08/715,668 external-priority patent/US5950195A/en
Application filed by Secure Computing LLC filed Critical Secure Computing LLC
Publication of GB9719816D0 publication Critical patent/GB9719816D0/en
Publication of GB2317792A publication Critical patent/GB2317792A/en
Application granted granted Critical
Publication of GB2317792B publication Critical patent/GB2317792B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A system (10) for regulating the flow of messages through a firewall (18) having a network protocol stack, wherein the network protocol stack includes an Internet Protocol (IP) layer where if the message is not encrypted, it passes the unencrypted message up the network protocol stack to an application level proxy (50), and if the message is encrypted, it decrypts the message and passes the decrypted message up the network protocol stack to the application level proxy. The step of decrypting the message includes the step of executing a process at the IP layer to decrypt the message.
GB9719816A 1996-09-18 1997-09-17 Virtual private network on application gateway Expired - Fee Related GB2317792B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/715,343 US5983350A (en) 1996-09-18 1996-09-18 Secure firewall supporting different levels of authentication based on address or encryption status
US08/715,668 US5950195A (en) 1996-09-18 1996-09-18 Generalized security policy management system and method

Publications (3)

Publication Number Publication Date
GB9719816D0 GB9719816D0 (en) 1997-11-19
GB2317792A GB2317792A (en) 1998-04-01
GB2317792B true GB2317792B (en) 2001-03-28

Family

ID=27109321

Family Applications (2)

Application Number Title Priority Date Filing Date
GB9719816A Expired - Fee Related GB2317792B (en) 1996-09-18 1997-09-17 Virtual private network on application gateway
GB9719818A Expired - Fee Related GB2317539B (en) 1996-09-18 1997-09-17 Generalized security policy management system and method

Family Applications After (1)

Application Number Title Priority Date Filing Date
GB9719818A Expired - Fee Related GB2317539B (en) 1996-09-18 1997-09-17 Generalized security policy management system and method

Country Status (2)

Country Link
DE (1) DE19741239C2 (en)
GB (2) GB2317792B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7185365B2 (en) * 2002-03-27 2007-02-27 Intel Corporation Security enabled network access control
US7418504B2 (en) 1998-10-30 2008-08-26 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US7933990B2 (en) 1998-10-30 2011-04-26 Virnetx, Inc. Agile network protocol for secure communications with assured system availability
US7987274B2 (en) 1998-10-30 2011-07-26 Virnetx, Incorporated Method for establishing secure communication link between computers of virtual private network
US7996539B2 (en) 1998-10-30 2011-08-09 Virnetx, Inc. Agile network protocol for secure communications with assured system availability

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7580919B1 (en) 1997-03-10 2009-08-25 Sonicwall, Inc. Query interface to policy server
US6408336B1 (en) 1997-03-10 2002-06-18 David S. Schneider Distributed administration of access to information
US7912856B2 (en) 1998-06-29 2011-03-22 Sonicwall, Inc. Adaptive encryption
US7821926B2 (en) 1997-03-10 2010-10-26 Sonicwall, Inc. Generalized policy server
US8914410B2 (en) 1999-02-16 2014-12-16 Sonicwall, Inc. Query interface to policy server
US7272625B1 (en) 1997-03-10 2007-09-18 Sonicwall, Inc. Generalized policy server
US6104716A (en) * 1997-03-28 2000-08-15 International Business Machines Corporation Method and apparatus for lightweight secure communication tunneling over the internet
SE512440C2 (en) * 1998-05-27 2000-03-20 Telia Ab Method for secure telephony with mobility in a telephone and data communication system comprising an IP network
AU762061B2 (en) * 1998-06-29 2003-06-19 Redleaf Group, Inc. Generalized policy server
US10511573B2 (en) 1998-10-30 2019-12-17 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
WO2001086911A2 (en) * 1998-10-30 2001-11-15 Science Applications International Corporation Protocol for secure communications
US6615357B1 (en) * 1999-01-29 2003-09-02 International Business Machines Corporation System and method for network address translation integration with IP security
FI106594B (en) * 1999-02-10 2001-02-28 Intrasecure Networks Data communication method for sending a message through a firewall
GB2353676A (en) 1999-08-17 2001-02-28 Hewlett Packard Co Robust encryption and decryption of packetised data transferred across communications networks
GB0003018D0 (en) * 2000-02-11 2000-03-29 Secr Defence Computer security system
DE10031896C1 (en) * 2000-06-30 2002-01-24 Chris Holland Network coupling gateway for data telecommunications uses modular data format matching device configured using stored data set corresponding to subscriber device type
US6996842B2 (en) * 2001-01-30 2006-02-07 Intel Corporation Processing internet protocol security traffic
WO2003028335A1 (en) 2001-09-25 2003-04-03 Siemens Aktiengesellschaft Method for the transmission of data in a packet-oriented data network
US20030084319A1 (en) * 2001-10-31 2003-05-01 Tarquini Richard Paul Node, method and computer readable medium for inserting an intrusion prevention system into a network stack
CN100512278C (en) * 2003-11-13 2009-07-08 中兴通讯股份有限公司 A method for embedding IPSEC in IP protocol stack
CN100414929C (en) * 2005-03-15 2008-08-27 华为技术有限公司 Message transmission method in a mobile internet protocol network
US10708230B2 (en) * 2018-06-14 2020-07-07 Servicenow, Inc. Systems and methods for firewall configuration using block lists

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997013340A1 (en) * 1995-09-18 1997-04-10 Digital Secured Networks Technology, Inc. Network security device
WO1997023972A1 (en) * 1995-12-22 1997-07-03 V-One Corporation Application level security system and method
WO1997026735A1 (en) * 1996-01-16 1997-07-24 Raptor Systems, Inc. Key management for network communication
WO1997026731A1 (en) * 1996-01-16 1997-07-24 Raptor Systems, Inc. Data encryption/decryption for network communication
WO1997026734A1 (en) * 1996-01-16 1997-07-24 Raptor Systems, Inc. Transferring encrypted packets over a public network

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5864683A (en) * 1994-10-12 1999-01-26 Secure Computing Corporartion System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights
US5918018A (en) * 1996-02-09 1999-06-29 Secure Computing Corporation System and method for achieving network separation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997013340A1 (en) * 1995-09-18 1997-04-10 Digital Secured Networks Technology, Inc. Network security device
WO1997023972A1 (en) * 1995-12-22 1997-07-03 V-One Corporation Application level security system and method
WO1997026735A1 (en) * 1996-01-16 1997-07-24 Raptor Systems, Inc. Key management for network communication
WO1997026731A1 (en) * 1996-01-16 1997-07-24 Raptor Systems, Inc. Data encryption/decryption for network communication
WO1997026734A1 (en) * 1996-01-16 1997-07-24 Raptor Systems, Inc. Transferring encrypted packets over a public network

Cited By (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8843643B2 (en) 1998-10-30 2014-09-23 Virnetx, Inc. System and method employing an agile network protocol for secure communications using secure domain names
US8850009B2 (en) 1998-10-30 2014-09-30 Virnetx, Inc. System and method employing an agile network protocol for secure communications using secure domain names
US7933990B2 (en) 1998-10-30 2011-04-26 Virnetx, Inc. Agile network protocol for secure communications with assured system availability
US7945654B2 (en) 1998-10-30 2011-05-17 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US7987274B2 (en) 1998-10-30 2011-07-26 Virnetx, Incorporated Method for establishing secure communication link between computers of virtual private network
US7996539B2 (en) 1998-10-30 2011-08-09 Virnetx, Inc. Agile network protocol for secure communications with assured system availability
US8051181B2 (en) 1998-10-30 2011-11-01 Virnetx, Inc. Method for establishing secure communication link between computers of virtual private network
US8458341B2 (en) 1998-10-30 2013-06-04 Virnetx, Inc. System and method employing an agile network protocol for secure communications using secure domain names
US8504696B2 (en) 1998-10-30 2013-08-06 Virnetx, Inc. System and method employing an agile network protocol for secure communications using secure domain names
US8504697B2 (en) 1998-10-30 2013-08-06 Virnetx, Inc. System and method employing an agile network protocol for secure communications using secure domain names
US8516117B2 (en) 1998-10-30 2013-08-20 Virnetx, Inc. Agile network protocol for secure communications with assured system availability
US8516131B2 (en) 1998-10-30 2013-08-20 Virnetx, Inc. System and method employing an agile network protocol for secure communications using secure domain names
US8521888B2 (en) 1998-10-30 2013-08-27 Virnetx, Inc. System and method employing an agile network protocol for secure communications using secure domain names
US8554899B2 (en) 1998-10-30 2013-10-08 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US8560705B2 (en) 1998-10-30 2013-10-15 Virnetx, Inc. System and method employing an agile network protocol for secure communications using secure domain names
US8572247B2 (en) 1998-10-30 2013-10-29 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US7418504B2 (en) 1998-10-30 2008-08-26 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US8868705B2 (en) 1998-10-30 2014-10-21 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US9479426B2 (en) 1998-10-30 2016-10-25 Virnetz, Inc. Agile network protocol for secure communications with assured system availability
US8874771B2 (en) 1998-10-30 2014-10-28 Virnetx, Inc. Agile network protocol for secure communications with assured system availability
US8904516B2 (en) 1998-10-30 2014-12-02 Virnetx, Inc. System and method employing an agile network protocol for secure communications using secure domain names
US8943201B2 (en) 1998-10-30 2015-01-27 Virnetx, Inc. Method for establishing encrypted channel
US9027115B2 (en) 1998-10-30 2015-05-05 Virnetx, Inc. System and method for using a registered name to connect network devices with a link that uses encryption
US9037713B2 (en) 1998-10-30 2015-05-19 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US9038163B2 (en) 1998-10-30 2015-05-19 Virnetx, Inc. Systems and methods for connecting network devices over communication network
US9077694B2 (en) 1998-10-30 2015-07-07 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US9077695B2 (en) 1998-10-30 2015-07-07 Virnetx, Inc. System and method for establishing an encrypted communication link based on IP address lookup requests
US9094399B2 (en) 1998-10-30 2015-07-28 Virnetx, Inc. Method for establishing secure communication link between computers of virtual private network
US9100375B2 (en) 1998-10-30 2015-08-04 Virnetx, Inc. System and method employing an agile network protocol for secure communications using secure domain names
US9374346B2 (en) 1998-10-30 2016-06-21 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US9386000B2 (en) 1998-10-30 2016-07-05 Virnetx, Inc. System and method for establishing a communication link
US9413766B2 (en) 1998-10-30 2016-08-09 Virnetx, Inc. Method for establishing connection between devices
US7185365B2 (en) * 2002-03-27 2007-02-27 Intel Corporation Security enabled network access control

Also Published As

Publication number Publication date
GB9719818D0 (en) 1997-11-19
DE19741239C2 (en) 2000-08-24
GB9719816D0 (en) 1997-11-19
DE19741239A1 (en) 1998-05-07
GB2317792A (en) 1998-04-01
GB2317539A (en) 1998-03-25
GB2317539B (en) 2001-03-28

Similar Documents

Publication Publication Date Title
GB2317792B (en) Virtual private network on application gateway
WO2000033506A8 (en) Public key cryptosystem with roaming user capability
US5812671A (en) Cryptographic communication system
EP1986382B1 (en) End-to-end encryption method and system for emails
US5825891A (en) Key management for network communication
EP1317839B2 (en) Apparatus and method for selectively encrypting the payload portion of multimedia data sent over a network
CA2224661A1 (en) Use of an encryption server for encrypting messages
AU3658900A (en) Digital home network and method for creating and updating such a network
EP0669741A3 (en) Method and apparatus for encrypted communication in data networks
WO2002101974A8 (en) Secure ephemeral decryptability
CA2213096A1 (en) Key management system for mixed-trust environments
JO2117B1 (en) method and apparatus for secure communication of information between aplurality of digital audiovisual devices
WO1997026735A9 (en) Key management for network communication
BR0112510A (en) Secure Packet-Based Data Broadcast Architecture
AU2506397A (en) Method for providing a secure communication between two devices and application of this method
BR0206590A (en) System for distributing content to a subscriber terminal on demand over a communication network, method for distributing content from one or more subscriber cable systems within cable systems, system for distributing first and second content to a subscriber terminal on-demand over a communication network, method using a cryptographic renewal system, and method for distributing pre-encrypted content to subscribers from first and second communication systems
WO2004047352A3 (en) Identity-based encryption system
CA2299056A1 (en) A system and method for manipulating a computer file and/or program
IL155108A0 (en) A telecommunication systems, for example an ip telecommunication system, and equipment units for use in the system
GB2336512A (en) Apparatus and method for preventing disclosure through user-authentication at aprinting node
AU3475000A (en) Key management for telephone calls to protect signaling and call packets betweencta's
EP0938209A3 (en) Method and apparatus for conducting crypto-ignition processes between thin client devices and server devices over data networks
WO2002033881A3 (en) Fast escrow delivery
WO1997026731A1 (en) Data encryption/decryption for network communication
IL136747A0 (en) System and method of sending and receiving secure data with a shared-key

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20141009 AND 20141015

PCNP Patent ceased through non-payment of renewal fee

Effective date: 20150917