Method for encapsulating and transmitting a message includes private and forwarding network addresses with payload to an end of a tunneling association

US 6,523,068 B1
Filed: 08/27/1999
Issued: 02/18/2003
Est. Priority Date: 08/27/1999
Status: Expired due to Term

First Claim

Patent Images

1. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for processing a media flow at an end of a tunneling association through a network device, the method comprising the following steps:

receiving a first message on the network device on a public network associated with a first layer of a protocol stack for the network device, wherein the first message includes a first payload;

determining whether the first message includes an indicator that the first payload is associated with a second layer of the protocol stack, and if so, obtaining a private network address from the first payload in the second layer of the protocol stack, wherein the first payload includes the private network address and a second payload, determining whether the private network address is recorded on the network device, and if so, associating a forwarding network address with the private network address, wherein the forwarding network address is associated with a third layer of the protocol stack and is associated with the end of the tunneling association, and requesting the third layer to encapsulate and transmit a second message to the end of the tunneling association, wherein the second message includes the forwarding network address and the second payload.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods for processing a media flow at an end of a tunneling association in a data network. One method includes receiving a data packet on a public network, such as the Internet, and recognizing that it encapsulates another data packet for a virtual connection to an application. The virtual connection is addressed by private network addresses. Another method includes constructing a data packet for a virtual connection to the application and encapsulating it for transmission on the public network. The methods provide for hiding the identity of the originating and terminating ends of the tunneling association from the other users of the public network. Hiding the identities may prevent interception of media flow between the ends of the tunneling association or eavesdropping on Voice-over-Internet-Protocol calls. The methods increase the security of communication on the data network without imposing a computational burden on the devices in the data network.

Citations

28 Claims

1. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for processing a media flow at an end of a tunneling association through a network device, the method comprising the following steps:
- receiving a first message on the network device on a public network associated with a first layer of a protocol stack for the network device, wherein the first message includes a first payload;
  
  determining whether the first message includes an indicator that the first payload is associated with a second layer of the protocol stack, and if so, obtaining a private network address from the first payload in the second layer of the protocol stack, wherein the first payload includes the private network address and a second payload, determining whether the private network address is recorded on the network device, and if so, associating a forwarding network address with the private network address, wherein the forwarding network address is associated with a third layer of the protocol stack and is associated with the end of the tunneling association, and requesting the third layer to encapsulate and transmit a second message to the end of the tunneling association, wherein the second message includes the forwarding network address and the second payload.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 1.
  - 3. The method of claim 1 wherein the associating step further comprises:
4. The method of claim 1 wherein the first layer of the protocol stack for the network device is an Internet Protocol layer and the second layer of the protocol stack for the network device is the Internet Protocol layer.
5. The method of claim 1 wherein the first layer of the protocol stack for the network device is an Internet Protocol layer and the second layer of the protocol stack for the network device is an application layer.
6. The method of claim 1 wherein the third layer of the protocol stack for the network device is a Media Access Control layer.
7. The method of claim 1 wherein the end of the tunneling association is any of a multimedia device or a telephony device, and wherein the network device is any of an edge router, a cable modem for a data-over-cable system, or a cable modem termination system for a data-over-cable system.

8. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for processing a media flow at an end of a tunneling association through a network device, the method comprising the following steps:
- receiving a first message in a first layer of a protocol stack for the network device from the end of the tunneling association, wherein the first message includes a first payload;
  
  determining whether the first message includes an indicator that the first payload is associated with a second layer of the protocol stack, and if so, obtaining a private network address from the first payload in the second layer of the protocol stack, wherein the first payload includes the private network address and a second payload, determining whether the private network address is recorded on the network device, and if so, associating a public network address with the private network address, wherein the public network address is associated with a third layer of the protocol stack, and requesting the third layer to encapsulate and transmit a second message on a public network associated with the third layer, wherein the second message includes the public network address, the private network address, and the second payload.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 8.
  - 10. The method of claim 8 wherein the associating step further comprises:
11. The method of claim 8 wherein the first layer of the protocol stack for the network device is a Media Access Control layer and the second layer of the protocol stack for the network device is an Internet Protocol layer.
12. The method of claim 8 wherein the first layer of the protocol stack for the network device is a Media Access Control layer and the second layer of the protocol stack for the network device is an application layer.
13. The method of claim 8 wherein the third layer of the protocol stack for the network device is an Internet Protocol layer.
14. The method of claim 8 wherein the end of the tunneling association is any of a multimedia device or a telephony device, and wherein the network device is any of an edge router, a cable modem for a data-over-cable system, or a cable modem termination system for a data-over-cable system.

15. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for processing a media flow at an end of a tunneling association through a network device, the method comprising the following steps:
- receiving a first payload in a first layer of a protocol stack for the network device from a second layer of the protocol stack, wherein the first payload includes a private network address and a second payload;
  
  searching a network address table on the network device for an entry containing the private network address;
  
  reading a forwarding network address associated with a third layer of the protocol stack for the end of the tunneling association from the entry, wherein the entry includes the private network address and the forwarding network address; and
  
  requesting the third layer to encapsulate and transmit a message to the end of the tunneling association, wherein the message includes the forwarding network address and the second payload.
- View Dependent Claims (16, 17, 18)
- - 16. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 15.
  - 17. The method of claim 15 wherein the first layer of the protocol stack for the network device is an Internet Protocol layer, the second layer of the protocol stack is the Internet Protocol layer, and the third layer of the protocol stack is a Media Access Control layer.
  - 18. The method of claim 15 wherein the first layer of the protocol stack for the network device is an application layer, the second layer of the protocol stack is an Internet Protocol layer, and the third layer of the protocol stack is a Media Access Control layer.

19. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for processing a media flow at an end of a tunneling association through a network device, the method comprising the following steps:
- receiving a first payload in a first layer of a protocol stack for the network device from a second layer of the protocol stack, wherein the first payload includes a private network address and a second payload;
  
  searching a network address table on the network device for an entry containing the private network address;
  
  reading a public network address associated with a third layer of the protocol stack from the entry, wherein the entry includes the private network address and the public network address; and
  
  requesting the third layer to encapsulate and transmit a message on a public network, wherein the message includes the public network address, the private network address, and the second payload.
- View Dependent Claims (20, 21, 22)
- - 20. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 19.
  - 21. The method of claim 19 wherein the first layer of the protocol stack for the network device is an Internet Protocol layer, second layer of the protocol stack is a Media Access Control layer, and the third layer of the protocol stack is the Internet Protocol layer.
  - 22. The method of claim 19 wherein the first layer of the protocol stack for the network device is an application layer, the second layer of the protocol stack is a Media Access Control layer, and the third layer of the protocol stack is an Internet Protocol layer.

23. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for processing a Voice-over-Internet-Protocol flow at an end of a Voice-over-Internet-Protocol association through a network device, the method comprising the following steps:
- receiving a first message on the network device on a public network associated with an Internet Protocol layer of a protocol stack for the network device, wherein the first message includes a first payload;
  
  determining whether the first message includes an indicator that the first payload is associated with the Internet Protocol layer of the protocol stack, and if so, obtaining a private Internet Protocol address from the first payload in the Internet Protocol layer of the protocol stack, wherein the first payload includes the private Internet Protocol address and a second payload, determining whether the private Internet Protocol address is recorded on the network device, and if so, associating a Medium Access Control address with the private Internet Protocol address, wherein the Medium Access Control address is associated with a Medium Access Control layer of the protocol stack and is associated with the end of the Voice-over-internet-Protocol association, and requesting the Medium Access Control layer to encapsulate and transmit a second message to the end of the Voice-over-Internet-Protocol association, wherein the second message includes the Medium Access Control address and the second payload.
- View Dependent Claims (24, 25)
- - 24. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 23.
  - 25. The method of claim 23 wherein the end of the Voice-over-Internet-Protocol association is a telephony device, and wherein the network device is any of an edge router, a cable modem for a data-over-cable system, or a cable modem termination system for a data-over-cable system.

26. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for processing a Voice-over-Internet-Protocol flow at an end of a Voice-over-Internet-Protocol association through a network device, the method comprising the following steps:
- receiving a first message in a Media Access Control layer of a protocol stack for the network device from the end of the Voice-over-Internet-Protocol association, wherein the first message includes a first payload;
  
  determining whether the first message includes an indicator that the first payload is associated with an Internet Protocol layer of the protocol stack, and if so, obtaining a private Internet Protocol address from the first payload in the Internet Protocol layer of the protocol stack, wherein the first payload includes the private Internet Protocol address and a second payload, determining whether the private Internet Protocol address is recorded on the network device, and if so, associating a public Internet Protocol address with the private Internet Protocol address, wherein the public Internet Protocol address is associated with an Internet Protocol layer of the protocol stack, and requesting the Internet Protocol layer to encapsulate and transmit a second message on a public network associated with the Internet Protocol layer, wherein the second message includes the public Internet Protocol address, the private Internet Protocol address, and the second payload.
- View Dependent Claims (27, 28)
- - 27. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 26.
  - 28. The method of claim 26 wherein the end of the Voice-over-Internet-Protocol association is a telephony device, and wherein the network device is any of an edge router, a cable modem for a data-over-cable system, or a cable modem termination system for a data-over-cable system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
3Com Corporation (HP Inc.)
Inventors
Borella, Michael, Beser, Nurettin B.
Primary Examiner(s)
Luu, Le Hien

Application Number

US09/385,118
Time in Patent Office

1,271 Days
Field of Search

709/238, 709/245, 370/328, 370/352, 370/392, 370/390, 370/232
US Class Current

709/238
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 61/00   Network arrangements, proto...

H04L 61/35   involving non-standard use ...

H04L 63/0272   Virtual private networks

H04L 63/04   for providing a confidentia...

Method for encapsulating and transmitting a message includes private and forwarding network addresses with payload to an end of a tunneling association

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method for encapsulating and transmitting a message includes private and forwarding network addresses with payload to an end of a tunneling association

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links