NAT ACCESS CONTROL WITH IPSEC

US 20070124489A1
Filed: 01/26/2007
Published: 05/31/2007
Est. Priority Date: 01/24/2000
Status: Active Grant

First Claim

Patent Images

1. A system that provides access to remote resources that utilize Internet Protocol Security (IPSec) protocol comprising:

an access control component that determines whether an intended destination requires a packet from a client to be secured; and

a gateway component secures the packet and transmits a secured packet to the intended destination.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An architecture that can provide for improved network content filtering is described herein. In particular, access to remote resources can be controlled by a remote mechanism. In accordance therewith, a gateway can seamlessly and/or transparently redirect packets from a client that are meant for an intended destination to an access control component. The access control component can determine whether the client has access to the resources requested. In addition, the gateway can provide IPSec features on behalf to the client.

85 Citations

View as Search Results

20 Claims

1. A system that provides access to remote resources that utilize Internet Protocol Security (IPSec) protocol comprising:
- an access control component that determines whether an intended destination requires a packet from a client to be secured; and
  
  a gateway component secures the packet and transmits a secured packet to the intended destination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system of claim 1, a secured packet is a packet secured and/or authenticated by way of an IPSec policy.
  - 3. The system of claim 1, the gateway component receives IPSec information from the access control component regarding at least one of the client or the intended destination.
  - 4. The system of claim 1, the gateway component establishes an IPSec connection session with the intended destination on behalf of the client
  - 5. The system of claim 4, the gateway component employs a credential associated with at least one of the client or a user of the client to establish the IPSec connection session.
  - 6. The system of claim 4, the gateway component dynamically secures packets from the client for the duration of the IPSec connection session.
  - 7. The system of claim 6, the gateway component secures the packets by way of IPSec transport mode.
  - 8. The system of claim 6, the gateway component secures the packets by way of IPSec tunnel mode.
  - 9. The system of claim 1, client component transmits a data packet comprising connection setup information and a destination address, the destination address is an Internet Protocol (IP) address corresponding to an intended destination server.
  - 10. The system of claim 9, the data packet is an unsecured packet.
  - 11. The system of claim 9, the gateway component that receives the data packet, rewrites the destination address, and redirects the data packet to the access control component.
  - 12. The system of claim 11, the gateway component redirects the entirety of the packet.
  - 13. The system of claim 11, the access control component receives the redirected packet and determines whether the client component is granted access to the intended destination server.
  - 14. The system of claim 13, the gateway component forbids client component access to the intended destination if the access control component determines access is not granted.
  - 15. The system of claim 13, the gateway component establishes a connection session between the client component and the intended destination server if the access control component determines access is granted.
  - 16. The system of claim 15, the gateway component monitors subsequent packets on the fly to determine when the client component attempts to establish a connection with a different destination.
  - 17. The system of claim 1, the gateway component is remote from the client component, the gateway component is coupled to the client component by way of a first network.

18. A method for facilitating IPSec support in a controlled access environment, comprising:
- receiving an unsecured packet from a client;
  
  redirecting the packet for determining whether an intended destination for the packet utilizes an IPSec policy; and
  
  securing the packet in accordance with the IPSec policy.
- View Dependent Claims (19)
- - 19. The method of claim 18, further comprising establishing an IPSec connection session between the client and the intended destination.

20. A computer-implemented system that facilitates IPSec support in a controlled access environment comprising:
- computer-implemented means for receiving an unsecured packet from a client;
  
  computer-implemented means for re-routing the packet in order to ascertain whether an intended destination for the packet employs an IPSec protocol;
  
  computer-implemented means for encrypting the packet in accordance with the IPSec protocol; and
  
  computer-implemented means for creating an IPSec connection session between the client and the intended destination.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zhigu Holdings Limited
Original Assignee
Microsoft Corporation
Inventors
Lamb, Richard, Guzovsky, Eduard, Swander, Brian

Granted Patent

US 7,925,693 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/230
CPC Class Codes

H04L 61/2557   Translation policies or rules

H04L 63/0245   Filtering by information in...

H04L 63/0254   Stateful filtering

H04L 63/0478   applying multiple layers of...

H04L 63/168   above the transport layer

NAT ACCESS CONTROL WITH IPSEC

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

NAT ACCESS CONTROL WITH IPSEC

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links