Tunnelling of Information

US 20150271140A1
Filed: 05/21/2015
Published: 09/24/2015
Est. Priority Date: 06/15/1999
Status: Abandoned Application

First Claim

Patent Images

1. A device comprising at least one processor, and at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processor, cause the device tocommunicate information in packets conforming a first protocol, andtunnel information to be communicated to another device to a second protocol in response to determining possibility of packets conforming the first protocol being incapable of traversing at least one node between the device and the other device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.

71 Citations

20 Claims

1. A device comprising at least one processor, and at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processor, cause the device tocommunicate information in packets conforming a first protocol, andtunnel information to be communicated to another device to a second protocol in response to determining possibility of packets conforming the first protocol being incapable of traversing at least one node between the device and the other device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The device according to claim 1, configured to tunnel the information in response to determination of at least one network address translation and/or a protocol conversion between the device and the other device.
  - 3. The device according to claim 1, configured to determine the possibility of packets conforming the first protocol being incapable of traversing at least one node between the device and the other device based on the other device not responding to a packet send earlier thereto.
  - 4. The device according to claim 1, configured to determine the possibility of packets conforming the first protocol being incapable of traversing at least one node between the device and the other device based on configuration of the device.
  - 5. The device according to claim 1, configured to determine the possibility of packets conforming the first protocol being incapable of traversing at least one node between the device and the other device based on stored information.
  - 6. The device according to claim 1, configured to encapsulate the packets to be communicated to the other device into User Datagram Protocol (UDP) packets and/or Transport Control Protocol (TCP) packets.
  - 7. The device according to claim 1, comprising an end node or a virtual private network (VPN) device.

8. A method for communication of packets from a device configured for communication of packets according to a first protocol, the method comprising tunneling information to be communicated from the device to another device to a second protocol in response to determining possibility of packets conforming the first protocol being incapable of traversing at least one node between the device and the other device.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method according to claim 8, comprising performing the tunneling in response to determining at least one network address translation and/or a protocol conversion between the device and the other device.
  - 10. The method according to claim 8, comprising sending a packet to the other device in accordance with the first protocol and determining the possibility of packets conforming the first protocol being incapable of traversing at least one node between the device and the other device based on the other device not responding to the packet.
  - 11. The method according to claim 8, comprising determining the possibility of packets conforming the first protocol being incapable of traversing at least one node between the device and the other device based on configuration of the device.
  - 12. The method according to claim 8, comprising storing information about communication of packet to the other device and determining the possibility of packets conforming the first protocol being incapable of traversing at least one node between the device and the other device based on the stored information.
  - 13. The method according to claim 8, comprising selectively encapsulating the packets to be communicated to the other device into User Datagram Protocol (UDP) packets and/or Transport Control Protocol (TCP) packets.

14. A non-transitory computer readable media, comprising program code for causing a processor to perform instructions forcommunicating, by a device, information in packets conforming a first protocol, andtunneling information to be communicated from the device to another device to a second protocol in response to determining possibility of packets conforming the first protocol being incapable of traversing at least one node between the device and the other device.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer readable media of claim 14, further comprising program code for causing the processor to perform instructions fordetermining at least one network address translation and/or protocol conversion between the device and the other device, andtunneling the information in response thereto.
  - 16. The non-transitory computer readable media of claim 14, further comprising program code for causing the processor to perform instructions for determining the possibility of packets conforming the first protocol being incapable of traversing at least one node between the device and the other device based on the other device not responding a packet send to the other device in accordance with the first protocol.
  - 17. The non-transitory computer readable media of claim 14, further comprising program code for causing the processor to perform instructions for determining the possibility of packets conforming the first protocol being incapable of traversing at least one node between the device and the other device based on configuration of the device.
  - 18. The non-transitory computer readable media of claim 14, further comprising program code for causing the processor to perform instructions for storing information about communication of packet to the other device and determining the possibility of packets conforming the first protocol being incapable of traversing at least one node between the device and the other device based on the stored information.
  - 19. The non-transitory computer readable media of claim 14, wherein the program code is configured for causing the processor to perform instructions for encapsulating the packets to be communicated to the other device into User Datagram Protocol (UDP) packets and/or Transport Control Protocol (TCP) packets.
  - 20. The non-transitory computer readable media of claim 14 configured for an end node or a virtual private network (VPN) device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SSH Communications Security Oyj
Original Assignee
Tectia Oyj
Inventors
KIVINEN, Tero, YLONEN, Tatu

Application Number

US14/719,148
Publication Number

US 20150271140A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 2101/663   Transport layer addresses, ...

H04L 45/026   Details of "hello" or keep-...

H04L 61/00   Network arrangements, proto...

H04L 61/25   of the same type

H04L 61/2514   between local and global IP...

H04L 61/2553   Binding renewal aspects, e....

H04L 61/256   NAT traversal

H04L 61/2564   for a higher-layer protocol...

H04L 61/2575   using address mapping retri...

H04L 61/2578   without involvement of the ...

H04L 61/5007   Internet protocol [IP] addr...

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/164   at the network layer

H04L 67/568   Storing data temporarily at...

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/165 : Combined use of TCP and UDP...

View All

Tunnelling of Information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

71 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Tunnelling of Information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others