[go: up one dir, main page]

GB2413248B - Method and apparatus for enhanced security for communication over a network - Google Patents

Method and apparatus for enhanced security for communication over a network

Info

Publication number
GB2413248B
GB2413248B GB0509902A GB0509902A GB2413248B GB 2413248 B GB2413248 B GB 2413248B GB 0509902 A GB0509902 A GB 0509902A GB 0509902 A GB0509902 A GB 0509902A GB 2413248 B GB2413248 B GB 2413248B
Authority
GB
United Kingdom
Prior art keywords
security
network
nat
communication over
integration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
GB0509902A
Other versions
GB0509902D0 (en
GB2413248A (en
Inventor
Thomas Albert Maufer
Sameer Nanda
Paul J Sidenblad
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nvidia Corp
Original Assignee
Nvidia Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/172,046 external-priority patent/US7143188B2/en
Priority claimed from US10/172,345 external-priority patent/US7191331B2/en
Priority claimed from US10/172,352 external-priority patent/US7143137B2/en
Priority claimed from US10/172,683 external-priority patent/US7120930B2/en
Application filed by Nvidia Corp filed Critical Nvidia Corp
Publication of GB0509902D0 publication Critical patent/GB0509902D0/en
Publication of GB2413248A publication Critical patent/GB2413248A/en
Application granted granted Critical
Publication of GB2413248B publication Critical patent/GB2413248B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L29/06
    • H04L29/12009
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2517Translation of Internet protocol [IP] addresses using port numbers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/255Maintenance or indexing of mapping tables
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer
    • H04L29/06537
    • H04L29/12018
    • H04L29/12207
    • H04L29/1233
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/24Negotiation of communication capabilities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

Method and apparatus for Internet Protocol Security (IPSec) and Network Address Translation (NAT) integration is described. Additionally, method and apparatus for enhanced security for communication over a network, and more particularly to control of security protocol negotiation to enable multiple clients to establish a virtual private network connection with a same remote address, is described. Furthermore, method and apparatus for enhanced security for communication over a network, and more particularly to NAT integration IPSec, is described. Moreover, method and apparatus for integration of NAT and source address security, including, but not limited to, determining whether a gateway computer is integrated for NAT and source address security, is described.
GB0509902A 2002-06-13 2003-06-03 Method and apparatus for enhanced security for communication over a network Expired - Fee Related GB2413248B (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US10/172,046 US7143188B2 (en) 2002-06-13 2002-06-13 Method and apparatus for network address translation integration with internet protocol security
US10/172,345 US7191331B2 (en) 2002-06-13 2002-06-13 Detection of support for security protocol and address translation integration
US10/172,352 US7143137B2 (en) 2002-06-13 2002-06-13 Method and apparatus for security protocol and address translation integration
US10/172,683 US7120930B2 (en) 2002-06-13 2002-06-13 Method and apparatus for control of security protocol negotiation
GB0427337A GB2405300B (en) 2002-06-13 2003-06-03 Method and apparatus for enhanced security for communication over a network

Publications (3)

Publication Number Publication Date
GB0509902D0 GB0509902D0 (en) 2005-06-22
GB2413248A GB2413248A (en) 2005-10-19
GB2413248B true GB2413248B (en) 2006-06-21

Family

ID=34109062

Family Applications (2)

Application Number Title Priority Date Filing Date
GB0427337A Expired - Fee Related GB2405300B (en) 2002-06-13 2003-06-03 Method and apparatus for enhanced security for communication over a network
GB0509902A Expired - Fee Related GB2413248B (en) 2002-06-13 2003-06-03 Method and apparatus for enhanced security for communication over a network

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GB0427337A Expired - Fee Related GB2405300B (en) 2002-06-13 2003-06-03 Method and apparatus for enhanced security for communication over a network

Country Status (4)

Country Link
JP (1) JP4426443B2 (en)
AU (1) AU2003240506A1 (en)
DE (1) DE10392807B9 (en)
GB (2) GB2405300B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8042170B2 (en) * 2004-07-15 2011-10-18 Qualcomm Incorporated Bearer control of encrypted data flows in packet data communications
WO2007069327A1 (en) * 2005-12-15 2007-06-21 Fujitsu Limited Relay device, relay method, relay program, computer-readable recording medium containing the relay program, and information processing device
JP2008079059A (en) * 2006-09-22 2008-04-03 Fujitsu Access Ltd COMMUNICATION EQUIPMENT WHICH PROCESSES MULTIPLE SESSIONS OF IPsec, AND PROCESSING METHOD THEREOF
JP4708297B2 (en) * 2006-09-29 2011-06-22 富士通テレコムネットワークス株式会社 Communication device for processing a plurality of IPsec sessions
JP2008259099A (en) * 2007-04-09 2008-10-23 Atsumi Electric Co Ltd Security system
CN104980405A (en) * 2014-04-10 2015-10-14 中兴通讯股份有限公司 Method and device for performing authentication header (AH) authentication on NAT (Network Address Translation)-traversal IPSEC (Internet Protocol Security) message
JP6109990B1 (en) * 2016-03-31 2017-04-05 西日本電信電話株式会社 Web authentication compatible repeater
EP3871361B1 (en) 2018-11-15 2023-11-01 Huawei Technologies Co., Ltd. Rekeying a security association sa

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999035799A2 (en) * 1997-12-31 1999-07-15 Ssh Communications Security Oy A method for packet authentication in the presence of network address translations and protocol conversions
WO2000056034A1 (en) * 1999-03-17 2000-09-21 3Com Corporation Method and system for distributed network address translation with network security features
EP1130846A2 (en) * 2000-03-03 2001-09-05 Nexland, Inc. Network address translation gateway
US20020046348A1 (en) * 2000-07-13 2002-04-18 Brustoloni Jose?Apos; C. Method and apparatus for robust NAT interoperation with IPSEC'S IKE and ESP tunnel mode

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999035799A2 (en) * 1997-12-31 1999-07-15 Ssh Communications Security Oy A method for packet authentication in the presence of network address translations and protocol conversions
WO2000056034A1 (en) * 1999-03-17 2000-09-21 3Com Corporation Method and system for distributed network address translation with network security features
EP1130846A2 (en) * 2000-03-03 2001-09-05 Nexland, Inc. Network address translation gateway
US20020046348A1 (en) * 2000-07-13 2002-04-18 Brustoloni Jose?Apos; C. Method and apparatus for robust NAT interoperation with IPSEC'S IKE and ESP tunnel mode

Also Published As

Publication number Publication date
JP2005530404A (en) 2005-10-06
GB2405300B (en) 2006-07-12
DE10392807B9 (en) 2011-06-16
JP4426443B2 (en) 2010-03-03
GB0509902D0 (en) 2005-06-22
GB0427337D0 (en) 2005-01-19
GB2413248A (en) 2005-10-19
AU2003240506A1 (en) 2003-12-31
DE10392807T5 (en) 2005-07-28
GB2405300A (en) 2005-02-23
DE10392807B4 (en) 2011-03-10

Similar Documents

Publication Publication Date Title
EP1130846A3 (en) Network address translation gateway
US8631139B2 (en) System and method for automatically initiating and dynamically establishing secure internet connections between a fire-walled server and a fire-walled client
US7173928B2 (en) System and method for establishing channels for a real time streaming media communication system
WO2004063843A3 (en) PEER-TO-PEER (P2P) CONNECTION DESPITE NETWORK ADDRESS TRANSLATOR (NATs) AT BOTH ENDS
GB2392343B (en) Communications protocols operable through network address translation (nat) type devices
EP1434406A3 (en) Establishing a bi-directional IP-tunnel in a mobile IP communication system in case of private address conflicts
DE60229042D1 (en) ADDRESS TRANSLATION AND ADDRESS TRANSLATION METHOD
TW200637263A (en) Method and system in an IP network for using a network address translation (NAT) with any type of application
GB2405300B (en) Method and apparatus for enhanced security for communication over a network
WO2001097485A3 (en) Method for providing transparent public addressed networks within private networks
JP2019050628A5 (en)
MY134829A (en) Establishing a vpn connection
KR100397547B1 (en) An internet voice communication method using WebCallAgent
KR100418246B1 (en) An internet voice communication method in NAT/Firewall environment using WebCallAgent and WebCallProxy
Constantinescu et al. NAT/Firewall traversal for SIP: issues and solutions
JP4648436B2 (en) Packet distribution device, communication system, packet processing method, and program
WO2006117284A3 (en) Method and device for converting an internet protocol address inside a communications network
AU2003251342A1 (en) Served initiated authorised communication in the presence of network address translator (nat) or firewalls
KR20060020953A (en) System to connect to private IP network using SIP protocol
JP2006340261A (en) Method for executing internet voice communication by web-to-phone system
Cook Design of a Voice-Aware Firewall Architecture
GB2403627B (en) Communication protocols operable through network address translation (nat) type devices
TWI256214B (en) Method for transforming Internet protocol (IP) address and port of packet under asynchronous path
WO2006042607A3 (en) A method for enabling communication between two network nodes and apparatus

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20160603