System and method to negotiate private network addresses for initiating tunneling associations through private and/or public networks

US 6,496,867 B1
Filed: 08/27/1999
Issued: 12/17/2002
Est. Priority Date: 08/27/1999
Status: Expired due to Term

First Claim

Patent Images

1. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for initiating a tunneling association between an originating end of the tunneling association and a terminating end of the tunneling association, the method comprising the following steps:

receiving a request to initiate the tunneling association on a first network device, wherein the first network device is associated with the originating end of the tunneling association, and wherein the request includes a unique identifier for the terminating end of the tunneling association;

informing a trusted-third-party network device of the request on a public network;

associating a public network address for a second network device with the unique identifier for the terminating end of the tunneling association on the trusted-third-party network device, wherein the second network device is associated with the terminating end of the tunneling association; and

negotiating a first private network address on the first network device and a second private network address on the second network device through the public network, wherein the first private network address is assigned to the originating end of the tunneling association and the second private network address is assigned to the terminating end of the tunneling association.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for initiating a tunneling association in a data network. The method includes negotiating private addresses, such as private Internet Protocol addresses, for the ends of the tunneling association. The negotiation is performed on a public network, such as the Internet, through a trusted-third-party without revealing the private addresses. The method provides for hiding the identity of the originating and terminating ends of the tunneling association from the other users of the public network. Hiding the identities may prevent interception of media flow between the ends of the tunneling association or eavesdropping on Voice-over-Internet-Protocol calls. The method increases the security of communication on the data network without imposing a computational burden on the devices in the data network.

182 Citations

41 Claims

1. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for initiating a tunneling association between an originating end of the tunneling association and a terminating end of the tunneling association, the method comprising the following steps:
- receiving a request to initiate the tunneling association on a first network device, wherein the first network device is associated with the originating end of the tunneling association, and wherein the request includes a unique identifier for the terminating end of the tunneling association;
  
  informing a trusted-third-party network device of the request on a public network;
  
  associating a public network address for a second network device with the unique identifier for the terminating end of the tunneling association on the trusted-third-party network device, wherein the second network device is associated with the terminating end of the tunneling association; and
  
  negotiating a first private network address on the first network device and a second private network address on the second network device through the public network, wherein the first private network address is assigned to the originating end of the tunneling association and the second private network address is assigned to the terminating end of the tunneling association.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 1.
  - 3. The method of claim 1 wherein the negotiating step further comprises:
4. The method of claim 1 wherein the negotiating step further comprises:
- selecting the first private network address from a first pool of private addresses on the first network device;
  
  communicating the first private network address from the first network device to the second network device through the public network;
  
  selecting the second private network address from a second pool of private addresses on the second network device, wherein the second private network address is a different address than the first private network address; and
  
  communicating the second private network address from the second network device to the first network device through the public network.
5. The method of claim 1 wherein the negotiating step further comprises:
- selecting a plurality of private network addresses from a pool of private addresses on the first network device;
  
  communicating the plurality of private network addresses from the first network device to the second network device through the public network;
  
  selecting the first private network address and the second private network address from the plurality of private addresses on the second network device, wherein the second private network address is a different address than the first private network address; and
  
  communicating the first private network address and the second private network address from the second network device to the first network device through the public network.
6. The method of claim 1 wherein the unique identifier for the terminating end of the tunneling association is any of a dial-up number, an electronic mail address, or a domain name.
7. The method of claim 1 wherein the associating step includes associating the public network address with a lower layer of a protocol stack for the second network device.
8. The method of claim 7 wherein the lower layer of the protocol stack for the second network device is an Internet Protocol layer.
9. The method of claim 1 wherein the first private network address and the second private network address are respectively associated with a higher layer of a protocol stack for the first network device and a higher layer of a protocol stack for the second network device.
10. The method of claim 9 wherein the higher layers of the protocol stacks are application layers.
11. The method of claim 9 wherein the first private network address and the second private network address are private Internet Protocol addresses.
12. The method of claim 1 wherein the receiving step includes receiving the request to initiate the tunneling association in a higher layer of a protocol stack for the first network device.
13. The method of claim 12 wherein the higher layer of the protocol stack for the first network device is an application layer.
14. The method of claim 1 wherein the originating end of the tunneling association and the terminating end of the tunneling association is any of a multimedia device or a telephony device.
15. The method of claim 1 wherein the first network device and the second network device is any of an edge router, a cable modem for a data-over-cable system, or a cable modem termination system for a data-over-cable system.

16. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for establishing an end of a tunneling association through a first network device, the method comprising the following steps:
- receiving a first message on the first network device from an originating end of a tunneling association, wherein the first message includes a first indicator that the first message is associated with a higher layer of a protocol stack for the first network device and a unique identifier for a terminating end of the tunneling association;
  
  assigning a first private network address to the originating end of the tunneling association, wherein the first private network address is associated with the higher layer of the protocol stack for the first network device;
  
  transmitting a second message to a trusted-third-party network device on a public network associated with a lower layer of the protocol stack for the first network device, wherein the second message includes a second indicator that the second message is associated with a higher layer of a protocol stack for the trusted-third-party network device and the unique identifier for the terminating end of the tunneling association;
  
  receiving a third message on the first network device from the public network, wherein the third message includes a third indicator that the third message is associated with the higher layer of the protocol stack for the first network device, a second private network address for the terminating end of the tunneling association, and a public network address for a second network device associated with the terminating end of the tunneling association; and
  
  associating the first private network address with the second private network address in the higher layer of the protocol stack for the first network device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 16.
  - 18. The method of claim 16 wherein the transmitting step further comprises:
19. The method of claim 16 wherein the lower layer of the protocol stack for the first network device is an Internet Protocol layer and the higher layer of the protocol stack for the first network device is an application layer.
20. The method of claim 16 wherein the originating end of the tunneling association is any of a multimedia device or a telephony device, and the first network device is any of an edge router, a cable modem for a data-over-cable system, or a cable modem termination system for a data-over-cable system.

21. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for establishing an end of a tunneling association through a first network device, the method comprising the following steps:
- receiving a first message on the first network device from a public network associated with a lower layer of a protocol stack for the first network device, wherein the first message includes a first indicator that the first message is associated with a higher layer of the protocol stack for the first network device, a first private network address for an originating end of the tunneling association, and a public network address for a second network device associated with the originating end of the tunneling association;
  
  assigning a second private network address to a terminating end of the tunneling association, wherein the second private network address is associated with the higher layer of the protocol stack for the first network device and the second private network address is a different address than the first private network address;
  
  transmitting a second message on the public network, wherein the second message includes a second indicator that the second message is associated with a higher layer of a protocol stack for the second network device and the second private network address; and
  
  associating the first private network address with the second private network address in the higher layer of the protocol stack for the first network device.
- View Dependent Claims (22, 23, 24, 25)
- - 22. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 21.
  - 23. The method of claim 21 wherein the transmitting step further comprises:
24. The method of claim 21 wherein the lower layer of the protocol stack for the first network device is an Internet Protocol layer and the higher layer of the protocol stack for the first network device is an application layer.
25. The method of claim 21 wherein the terminating end of the tunneling association is any of a multimedia device or a telephony device, and the first network device is any of an edge router, a cable modem for a data-over-cable system, or a cable modem termination system for a data-over-cable system.

26. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for mediating a tunneling association through a trusted-third-party network device, the method comprising the following steps:
- receiving a first message on the trusted-third-party network device from a first network device on a public network associated with a lower layer of a protocol stack for the trusted-third-party network device, wherein the first network device is associated with an originating end of the tunneling association, and wherein the first message includes a first indicator that the first message is associated with a higher layer of the protocol stack for the trusted-third-party network device, a first private network address for the originating end of the tunneling association, a unique identifier for a terminating end of the tunneling association, and a first public network address for the first network device;
  
  associating a second public network address for a second network device with the unique identifier for the terminating end of the tunneling association on the trusted-third-party network device, wherein the second network device is associated with the terminating end of the tunneling association;
  
  transmitting a second message from the trusted-third-party network device to the second network device on the public network, wherein the second message includes a second indicator that the second message is associated with a higher layer of a protocol stack for the second network device, the first private network address, and the first public network address;
  
  receiving a third message on the trusted-third-party network device from the second network device on the public network, wherein the third message includes a third indicator that the third message is associated with a higher layer of a protocol stack for the trusted-third-party network device and a second private network address for the terminating end of the tunneling association;
  
  associating the first private network address with the second private network address in the higher layer of the protocol stack for the trusted-third-party network device; and
  
  transmitting a fourth message from the trusted-third-party network device to the first network device on the public network, wherein the fourth message includes a fourth indicator that the fourth message is associated with a higher layer of a protocol stack for the first network device, the second private network address, and the second public network address.
- View Dependent Claims (27, 28, 29, 30, 31, 32)
- - 27. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 26.
  - 28. The method of claim 26 wherein the step of transmitting the second message further comprises:
29. The method of claim 26 wherein the step of transmitting the fourth message further comprises:
- constructing a payload for the fourth message in the higher layer of the protocol stack for the trusted-third-party network device; and
  
  directing the lower layer of the protocol stack for the trusted-third-party network device to encapsulate and transmit the fourth message.
30. The method of claim 26 wherein the lower layer of the protocol stack for the trusted-third-party network device is an Internet Protocol layer and the higher layer of the protocol stack for the trusted-third-party network device is an application layer.
31. The method of claim 26 wherein the unique identifier for the terminating end of the tunneling association is any of a dial-up number, an electronic mail address, or a domain name.
32. The method of claim 26 wherein the trusted-third-party network device is an address supplier.

33. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for mediating a tunneling association through a trusted-third-party network device, the method comprising the following steps:
- receiving a first message on the trusted-third-party network device from a first network device on a public network associated with a lower layer of a protocol stack for the trusted-third-party network device, wherein the first network device is associated with an originating end of the tunneling association, and wherein the first message includes a first indicator that the first message is associated with a higher layer of the protocol stack for the trusted-third-party network device, a unique identifier for a terminating end of the tunneling association, and a first public network address for the first network device;
  
  associating a second public network address for a second network device with the unique identifier for the terminating end of the tunneling association on the trusted-third-party network device, wherein the second network device is associated with the terminating end of the tunneling association; and
  
  transmitting a second message from the trusted-third-party network device to the first network device on the public network, wherein the second message includes a second indicator that the second message is associated with a higher layer of a protocol stack for the first network device, and the second public network address.
- View Dependent Claims (34, 35, 36, 37, 38)
- - 34. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 33.
  - 35. The method of claim 33 wherein the step of transmitting the second message further comprises:
36. The method of claim 33 wherein the lower layer of the protocol stack for the trusted-third-party network device is an Internet Protocol layer and the higher layer of the protocol stack for the trusted-third-party network device is an application layer.
37. The method of claim 33 wherein the unique identifier for the terminating end of the tunneling association is any of a dial-up number, an electronic mail address, or a domain name.
38. The method of claim 33 wherein the trusted-third-party network device is an address supplier.

39. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for initiating a Voice-over-Internet-Protocol association between an originating telephony device and a terminating telephony device, the method comprising the following steps:
- receiving a request to initiate the Voice-over-Internet-Protocol association on a first network device, wherein the first network device is associated with the originating telephony device, and wherein the request includes a unique identifier for the terminating telephony device;
  
  informing a trusted-third-party network device of the request on a public network;
  
  associating a public Internet Protocol address for a second network device with the unique identifier for the terminating telephony device on the trusted-third-party network device, wherein the second network device is associated with the terminating telephony device; and
  
  negotiating a first private Internet Protocol address on the first network device and a second private Internet Protocol address on the second network device through the public network, wherein the first private Internet Protocol address is assigned to the originating telephony device and the second private Internet Protocol address is assigned to the terminating telephony device.
- View Dependent Claims (40, 41)
- - 40. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 39.
  - 41. The method of claim 39 wherein the first network device and the second network device is any of a cable modem for a data-over-cable system or a cable modem termination system for a data-over-cable system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
3Com Corporation (HP Inc.)
Inventors
Borella, Michael, Beser, Nurettin B.
Primary Examiner(s)
Luu, Le Hien

Application Number

US09/384,120
Time in Patent Office

1,208 Days
Field of Search

709/220, 709/222, 709/225, 709/226, 709/227, 709/228, 709/229, 709/245, 709/218, 709/217, 370/401, 370/349, 713/201
US Class Current

709/245
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 61/35   involving non-standard use ...

H04L 61/5038   for local use, e.g. in LAN ...

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 65/1101   Session protocols

H04L 67/56   Provisioning of proxy servi...

H04L 67/562   Brokering proxy services

H04L 69/24   Negotiation of communicatio...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

System and method to negotiate private network addresses for initiating tunneling associations through private and/or public networks

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

182 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

System and method to negotiate private network addresses for initiating tunneling associations through private and/or public networks

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

182 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links