Method for encapsulating and transmitting a message includes private and forwarding network addresses with payload to an end of a tunneling association
First Claim
1. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for processing a media flow at an end of a tunneling association through a network device, the method comprising the following steps:
- receiving a first message on the network device on a public network associated with a first layer of a protocol stack for the network device, wherein the first message includes a first payload;
determining whether the first message includes an indicator that the first payload is associated with a second layer of the protocol stack, and if so, obtaining a private network address from the first payload in the second layer of the protocol stack, wherein the first payload includes the private network address and a second payload, determining whether the private network address is recorded on the network device, and if so, associating a forwarding network address with the private network address, wherein the forwarding network address is associated with a third layer of the protocol stack and is associated with the end of the tunneling association, and requesting the third layer to encapsulate and transmit a second message to the end of the tunneling association, wherein the second message includes the forwarding network address and the second payload.
6 Assignments
0 Petitions
Accused Products
Abstract
Methods for processing a media flow at an end of a tunneling association in a data network. One method includes receiving a data packet on a public network, such as the Internet, and recognizing that it encapsulates another data packet for a virtual connection to an application. The virtual connection is addressed by private network addresses. Another method includes constructing a data packet for a virtual connection to the application and encapsulating it for transmission on the public network. The methods provide for hiding the identity of the originating and terminating ends of the tunneling association from the other users of the public network. Hiding the identities may prevent interception of media flow between the ends of the tunneling association or eavesdropping on Voice-over-Internet-Protocol calls. The methods increase the security of communication on the data network without imposing a computational burden on the devices in the data network.
-
Citations
28 Claims
-
1. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for processing a media flow at an end of a tunneling association through a network device, the method comprising the following steps:
-
receiving a first message on the network device on a public network associated with a first layer of a protocol stack for the network device, wherein the first message includes a first payload;
determining whether the first message includes an indicator that the first payload is associated with a second layer of the protocol stack, and if so, obtaining a private network address from the first payload in the second layer of the protocol stack, wherein the first payload includes the private network address and a second payload, determining whether the private network address is recorded on the network device, and if so, associating a forwarding network address with the private network address, wherein the forwarding network address is associated with a third layer of the protocol stack and is associated with the end of the tunneling association, and requesting the third layer to encapsulate and transmit a second message to the end of the tunneling association, wherein the second message includes the forwarding network address and the second payload. - View Dependent Claims (2, 3, 4, 5, 6, 7)
searching a network address table on the network device for an entry containing the private network address, wherein the private network address is recorded in the network address table; and
reading the forwarding network address from the entry, wherein the entry includes the private network address and the forwarding network address.
-
-
4. The method of claim 1 wherein the first layer of the protocol stack for the network device is an Internet Protocol layer and the second layer of the protocol stack for the network device is the Internet Protocol layer.
-
5. The method of claim 1 wherein the first layer of the protocol stack for the network device is an Internet Protocol layer and the second layer of the protocol stack for the network device is an application layer.
-
6. The method of claim 1 wherein the third layer of the protocol stack for the network device is a Media Access Control layer.
-
7. The method of claim 1 wherein the end of the tunneling association is any of a multimedia device or a telephony device, and wherein the network device is any of an edge router, a cable modem for a data-over-cable system, or a cable modem termination system for a data-over-cable system.
-
8. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for processing a media flow at an end of a tunneling association through a network device, the method comprising the following steps:
-
receiving a first message in a first layer of a protocol stack for the network device from the end of the tunneling association, wherein the first message includes a first payload;
determining whether the first message includes an indicator that the first payload is associated with a second layer of the protocol stack, and if so, obtaining a private network address from the first payload in the second layer of the protocol stack, wherein the first payload includes the private network address and a second payload, determining whether the private network address is recorded on the network device, and if so, associating a public network address with the private network address, wherein the public network address is associated with a third layer of the protocol stack, and requesting the third layer to encapsulate and transmit a second message on a public network associated with the third layer, wherein the second message includes the public network address, the private network address, and the second payload. - View Dependent Claims (9, 10, 11, 12, 13, 14)
searching a network address table on the network device for an entry containing the private network address, wherein the private network address is recorded in the network address table; and
reading the public network address from the entry, wherein the entry includes the private network address and the public network address.
-
-
11. The method of claim 8 wherein the first layer of the protocol stack for the network device is a Media Access Control layer and the second layer of the protocol stack for the network device is an Internet Protocol layer.
-
12. The method of claim 8 wherein the first layer of the protocol stack for the network device is a Media Access Control layer and the second layer of the protocol stack for the network device is an application layer.
-
13. The method of claim 8 wherein the third layer of the protocol stack for the network device is an Internet Protocol layer.
-
14. The method of claim 8 wherein the end of the tunneling association is any of a multimedia device or a telephony device, and wherein the network device is any of an edge router, a cable modem for a data-over-cable system, or a cable modem termination system for a data-over-cable system.
-
15. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for processing a media flow at an end of a tunneling association through a network device, the method comprising the following steps:
-
receiving a first payload in a first layer of a protocol stack for the network device from a second layer of the protocol stack, wherein the first payload includes a private network address and a second payload;
searching a network address table on the network device for an entry containing the private network address;
reading a forwarding network address associated with a third layer of the protocol stack for the end of the tunneling association from the entry, wherein the entry includes the private network address and the forwarding network address; and
requesting the third layer to encapsulate and transmit a message to the end of the tunneling association, wherein the message includes the forwarding network address and the second payload. - View Dependent Claims (16, 17, 18)
-
-
19. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for processing a media flow at an end of a tunneling association through a network device, the method comprising the following steps:
-
receiving a first payload in a first layer of a protocol stack for the network device from a second layer of the protocol stack, wherein the first payload includes a private network address and a second payload;
searching a network address table on the network device for an entry containing the private network address;
reading a public network address associated with a third layer of the protocol stack from the entry, wherein the entry includes the private network address and the public network address; and
requesting the third layer to encapsulate and transmit a message on a public network, wherein the message includes the public network address, the private network address, and the second payload. - View Dependent Claims (20, 21, 22)
-
-
23. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for processing a Voice-over-Internet-Protocol flow at an end of a Voice-over-Internet-Protocol association through a network device, the method comprising the following steps:
-
receiving a first message on the network device on a public network associated with an Internet Protocol layer of a protocol stack for the network device, wherein the first message includes a first payload;
determining whether the first message includes an indicator that the first payload is associated with the Internet Protocol layer of the protocol stack, and if so, obtaining a private Internet Protocol address from the first payload in the Internet Protocol layer of the protocol stack, wherein the first payload includes the private Internet Protocol address and a second payload, determining whether the private Internet Protocol address is recorded on the network device, and if so, associating a Medium Access Control address with the private Internet Protocol address, wherein the Medium Access Control address is associated with a Medium Access Control layer of the protocol stack and is associated with the end of the Voice-over-internet-Protocol association, and requesting the Medium Access Control layer to encapsulate and transmit a second message to the end of the Voice-over-Internet-Protocol association, wherein the second message includes the Medium Access Control address and the second payload. - View Dependent Claims (24, 25)
-
-
26. In a data network having a plurality of private networks and public networks, and a plurality of network devices, a method for processing a Voice-over-Internet-Protocol flow at an end of a Voice-over-Internet-Protocol association through a network device, the method comprising the following steps:
-
receiving a first message in a Media Access Control layer of a protocol stack for the network device from the end of the Voice-over-Internet-Protocol association, wherein the first message includes a first payload;
determining whether the first message includes an indicator that the first payload is associated with an Internet Protocol layer of the protocol stack, and if so, obtaining a private Internet Protocol address from the first payload in the Internet Protocol layer of the protocol stack, wherein the first payload includes the private Internet Protocol address and a second payload, determining whether the private Internet Protocol address is recorded on the network device, and if so, associating a public Internet Protocol address with the private Internet Protocol address, wherein the public Internet Protocol address is associated with an Internet Protocol layer of the protocol stack, and requesting the Internet Protocol layer to encapsulate and transmit a second message on a public network associated with the Internet Protocol layer, wherein the second message includes the public Internet Protocol address, the private Internet Protocol address, and the second payload. - View Dependent Claims (27, 28)
-
Specification