Simplified method of configuring internet protocol security tunnels

US 6,076,168 A
Filed: 10/03/1997
Issued: 06/13/2000
Est. Priority Date: 10/03/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A method of providing secure data traffic between a local and remote host systems comprising the steps of:

defining a first tunnel; and

autogenerating, in response to the definition of the first tunnel, a first filter, said first filter including rules for permitting or denying acceptance of inbound data and for permitting or denying transmission of outbound data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of securing data traffic between a local and remote host systems is provided. The method includes autogenerating a filter having rules associated with a defined tunnel. The filter rules are used to permit or deny acceptance of transmitted data by the host system and to direct traffic to the tunnel. The tunnel, on the other hand, is used to keep data confidential. The method further includes autogeneration of a counterpart tunnel and associated filter to be used by the remote host when in communication with the local host. The method further autogenerates a new filter to reflect changes to any one of the tunnels and autodeactivates the filter associated with a deleted tunnel.

Citations

16 Claims

1. A method of providing secure data traffic between a local and remote host systems comprising the steps of:
- defining a first tunnel; and
  
  autogenerating, in response to the definition of the first tunnel, a first filter, said first filter including rules for permitting or denying acceptance of inbound data and for permitting or denying transmission of outbound data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein said first tunnel is defined at said local host system to be used by said local host system.
  - 3. The method of claim 2 further comprising the step of autogenerating a second tunnel by said local host system for use by said remote host system.
  - 4. The method of claim 3 further comprising the step of autogenerating a second filter in response to said autogeneration of said second tunnel.
  - 5. The method of claim 4 further comprising the steps of:
    - determining whether a source or destination address has changed after a modification of said first or second tunnel; and
      
      autogenerating, in response to said modified tunnel, a third filter if said source or destination address has changed.
  - 6. The method of claim 5 further comprising the step of automatically deactivating said first or second filter if said first or second tunnel is deleted.
  - 7. The method of claim 6 further comprising the step of exporting said second tunnel and said second filter to said remote host system by said local host system.
  - 8. The method of claim 6 further comprising the step of importing said second tunnel and said second filter from said local host system by said remote host system.

9. A computer program product for use with a computer system, said computer program product having computer readable program code means embodied in a medium, said computer program code means comprising:
- program code means for defining a first tunnel; and
  
  program code means for autogenerating, in response to the definition of the first tunnel, a first filter, said first filter including rules for permitting or denying acceptance of inbound data and for permitting or denying transmission of outbound data.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer program product of claim 9 wherein said first tunnel is defined at said local host system to be used by said local host system.
  - 11. The computer program product of claim 10 wherein said computer readable program code means further comprising program code means for autogenerating a second tunnel by said local host system for use by said remote host system.
  - 12. The computer program product of claim 11 wherein said computer readable program code means further comprising program code means for autogenerating a second filter in response to said autogeneration of said second tunnel.
  - 13. The computer program product of claim 12 wherein said computer readable program code means further comprising:
    - program code means for determining whether a source or destination address has changed after a modification of said first or second tunnel; and
      
      program code means for autogenerating, in response to said modified tunnel, a third filter if said source or destination address has changed.
  - 14. The computer program product of claim 13 wherein said computer readable program code means further comprising program code means for automatically deactivating said first or second filter if said first or second tunnel is deleted.
  - 15. The computer program product of claim 14 wherein said computer readable program code means further comprising program code means for exporting said second tunnel and said second filter to said remote host system by said local host system.
  - 16. The computer program product of claim 14 wherein said computer readable program code means further comprising program code means for importing said second tunnel and said second filter from said local host system by said remote host system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Wang, Xinya, Wisham, Opral Vanan, Wilson, Jacqueline Hegedus, Fiveash, William Alton, Wenzel, Christiaan Blake
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Elisca, Pierre E.

Application Number

US08/943,166
Time in Patent Office

984 Days
Field of Search

395/186, 395/187.01, 395/188.01, 395/200.59, 380/4, 380/3, 380/25, 380/30, 380/49, 380/208, 340/825.31, 340/825.34, 713/154
US Class Current

726/11
CPC Class Codes

H04L 63/0263 Rule management

Simplified method of configuring internet protocol security tunnels

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Simplified method of configuring internet protocol security tunnels

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links