Method and apparatus for end-to-end secure data communication

US 20020042875A1
Filed: 07/23/2001
Published: 04/11/2002
Est. Priority Date: 10/11/2000
Status: Abandoned Application

First Claim

Patent Images

1. A method for duplicating information in an IP packet with the sole intention of using it to partially or completely reverse the effect of intermediate NATs, comprising the steps of:

Identifying parts of an IP packet that can be potentially modified by NATs;

Copying that information in its current form or copying it into a different format;

Inserting this information into an IP packet in a manner that keeps it protected from intermediate NATs.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed invention is a new method and apparatus to achieve end-to-end secure communication over public and private networks. The method can provide security to all networked applications without any modifications to the applications. The method is compatible with other networking protocols, such as, network address translation (NAT), Internet control message protocol (ICMP), and all quality of service (QoS) protocols that operate up to the transport layer. Secure communication system based on other protocols such as IPSec cannot achieve end-to-end security, while remaining compatible with networking protocols such as NAT and ICMP.

302 Citations

12 Claims

1. A method for duplicating information in an IP packet with the sole intention of using it to partially or completely reverse the effect of intermediate NATs, comprising the steps of:
- Identifying parts of an IP packet that can be potentially modified by NATs;
  
  Copying that information in its current form or copying it into a different format;
  
  Inserting this information into an IP packet in a manner that keeps it protected from intermediate NATs.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 wherein complete IP header and the transport layer header is inserted into the IP packet. Such a packet will have duplicate IP and transport layer headers or a duplicate IP or transport layer header.
  - 3. The method of claim 1, wherein the duplicate information is inserted into the IP packets of the same connection in a manner that keeps it protected from intermediate NATs.
  - 4. The method of claim 1, wherein the duplicate information is inserted into the IP packets of a different connection. In addition, there are identifiers inserted into the IP packets of both connections to correlate them.

5. A method for studying the effect of intermediate NATs with the sole purpose of using it to partially or completely reverse the effect of intermediate NATs, comprising the steps of:
- Identifying parts of an IP packet that can be potentially modified by intermediate NATs;
  
  Identifying parts of an IP packet from same or different connections that contain information before intermediate NATs modified it;
  
  Generating a look-up table that signifies the effect of intermediate NATs on the IP packets of that connection.

6. A method for reversing partially or fully the effect of intermediate NATs based on a look-up table that signifies the effect of NATs on the IP packets of that connections.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6 wherein only the effect of NAT on the transport layer header is reversed.
  - 8. The method of claim 6 wherein only the effect of NAT on the IP header is reversed.
  - 9. The method of claim 6 wherein the effect of NAT on the transport layer data is reversed.

10. A method for correcting the information in outgoing IP packets so that they arrive in a state expected by the NATs.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10 where the IP header and/or the transport header of the outgoing packet is modified.
  - 12. The method of claim 10 where the body of the outgoing packet is modified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Jayant Shukla
Original Assignee
Jayant Shukla
Inventors
Shukla, Jayant

Application Number

US09/910,667
Publication Number

US 20020042875A1
Time in Patent Office

Days
Field of Search
US Class Current

713/151
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 61/2514   between local and global IP...

H04L 61/2564   for a higher-layer protocol...

H04L 61/2575   using address mapping retri...

H04L 61/2578   without involvement of the ...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/164   at the network layer

Method and apparatus for end-to-end secure data communication

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

302 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for end-to-end secure data communication

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

302 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links