METHOD AND ARRANGEMENT FOR PROVIDING SECURITY THROUGH NETWORK ADDRESS TRANSLATIONS USING TUNNELING AND COMPENSATIONS
1 Assignment
0 Petitions
Accused Products
Abstract
This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
54 Citations
32 Claims
-
1-23. -23. (canceled)
-
24. A method comprising:
-
receiving, by a computer device, a packet comprising an encoding of an address from which the packet was sent in a payload of the packet; and determining based on the encoding of the address in the payload of the packet and an address in the header of the packet that a network address translation occurred on the packet. - View Dependent Claims (25, 26)
-
-
27. An apparatus comprising at least one processor, and at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processor, cause the apparatus to
determine from a received packet comprising an encoding in a payload of the packet of an address from which the packet was sent whether the address in the encoding is different from an address in the header of the packet; - and
determine that a network address translation occurred on the packet in response to determination that the address in the encoding in the payload of the packet is different from the address in the header of the packet. - View Dependent Claims (28, 29)
- and
-
30. A non-transitory computer readable media for revealing occurrence of network address translations, comprising program code for causing a processor to perform instructions for
receiving a packet comprising an encoding of an address from which the packet was sent in a payload of the packet; - and
determining based on the encoding of the address in the payload of the packet and an address in the header of the packet that a network address translation occurred on the packet. - View Dependent Claims (31, 32)
- and
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeSSH Communications Security Oyj
-
Original AssigneeTectia Oyj
-
InventorsKivinen, Tero, YIonen, Tatu
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current726/26
-
CPC Class CodesH04L 12/4633 Interconnection of networks...H04L 2101/663 Transport layer addresses, ...H04L 45/026 Details of "hello" or keep-...H04L 61/00 Network arrangements, proto...H04L 61/25 of the same typeH04L 61/2514 between local and global IP...H04L 61/2553 Binding renewal aspects, e....H04L 61/256 NAT traversalH04L 61/2564 for a higher-layer protocol...H04L 61/2575 using address mapping retri...H04L 61/2578 without involvement of the ...H04L 61/5007 Internet protocol [IP] addr...H04L 63/0272 Virtual private networksH04L 63/029 Firewall traversal, e.g. tu...H04L 63/04 for providing a confidentia...H04L 63/0428 wherein the data content is...H04L 63/164 at the network layerH04L 67/568 Storing data temporarily at...H04L 69/16 Implementation or adaptatio...H04L 69/161 Implementation details of T...View All
