System having filtering/monitoring of secure connections

US 20040123139A1
Filed: 12/18/2002
Published: 06/24/2004
Est. Priority Date: 12/18/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method of filtering a secure channel, comprising:

establishing a secure tunnel between first and second devices over at least a first network; and

filtering packets at the first network to block packets that do not meet specified requirements for packets over the secure tunnel.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Traffic over a secure link or tunnel is filtered to block packets that do not conform to specified requirements for the tunnel. In one embodiment, a private network, such as an ISP network, includes a filter for blocking packets not associated with an IPSec VPN tunnel. The ISP network and/or one or both of the tunnel endpoints can include monitoring modules for detecting the presence of packets that should have been blocked by the filter.

Citations

23 Claims

1. A method of filtering a secure channel, comprising:
- establishing a secure tunnel between first and second devices over at least a first network; and
  
  filtering packets at the first network to block packets that do not meet specified requirements for packets over the secure tunnel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, further including monitoring the tunnel packets to detect packets that should have been blocked by the packet filtering.
  - 3. The method according to claim 1, further including monitoring the tunnel packets at the first device.
  - 4. The method according to claim 3, wherein the first device corresponds to a mobile device.
  - 5. The method according to claim 3, further including selecting the mobile device from the group consisting of mobile phones, personal digital assistants, and portable computers.
  - 6. The method according to claim 1, further including providing the first network as an Internet Service Provider network.
  - 7. The method according to claim 1, further including monitoring the tunnel packets at the second device.
  - 8. The method according to claim 1, wherein the specified requirements include at least one of endpoint addresses for the tunnel and IPSEC packet format.

9. A method of monitoring a secure link, comprising:
- recognizing a Virtual Private Network (VPN) tunnel between a first device and a second device; and
  
  filtering traffic within an Internet Service Provider (ISP) network through which the tunnel passes to block packets that are not encrypted packets addressed to or from one of the first and second devices.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method according to claim 9, further including passing an alert message from a monitor module at the first device indicating that the monitor module has detected a packet that should have been filtered.
  - 11. The method according to claim 9, further including monitoring data received over the tunnel by the first device to detect packets that should have been blocked by the filtering in the ISP network.
  - 12. The method according to claim 11, further including monitoring data received over the tunnel by the second device to detect packets that should have been blocked by the filtering in the ISP network.
  - 13. The method according to claim 9, further including directing packets addressed to the first device to test the packet monitoring at the first device.

14. A network, comprising:
- a plurality of switching devices for providing connection paths through the network including secure tunnels; and
  
  a filter module for filtering packets in a first secure tunnel through the network between first and second devices external to the network.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The network according to claim 14, wherein the network includes an Internet Service Provider (ISP) network.
  - 16. The network according to claim 15, wherein the ISP includes a monitor module for detecting packets not meeting predetermined requirements.
  - 17. The network according to claim 16, wherein the network further includes a test module for testing operation of the filter module and/or monitor module.
  - 18. The network according to claim 16, wherein the predetermined requirements include one or more of packets being VPN packets, packets being addressed to one of the first and second devices, and packets being transmitted from one of the first and second devices.
  - 19. The network according to claim 14, wherein the network identifies the first secure tunnel as an IPSEC VPN tunnel.
  - 20. The network according to claim 14, wherein the second device includes a gateway coupled to a corporate intranet.
  - 21. The network according to claim 14, wherein the first device includes a mobile device.
  - 22. The network according to claim 16, wherein the mobile device is selected from the group consisting of mobile telephones, personal digital assistants, and portable computers.
  - 23. The network according to claim 14, wherein the secure tunnel is an IPSec VPN tunnel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Corporation (AT&T, Inc.)
Original Assignee
AT&T Corporation (AT&T, Inc.)
Inventors
Crandall, Evan Stephen, Rubin, Aviel D., Bellovin, Steven Michael, Schryer, Norman Loren, Kaplan, Alan Edward, Kormann, David P., Aiello, William A.

Application Number

US10/322,189
Publication Number

US 20040123139A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/164   at the network layer

System having filtering/monitoring of secure connections

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

System having filtering/monitoring of secure connections

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links