SYSTEM AND METHOD FOR EASING COMMUNICATIONS BETWEEN DEVICES CONNECTED RESPECTIVELY TO PUBLIC NETWORKS SUCH AS THE INTERNET AND TO PRIVATE NETWORKS BY FACILITATING RESOLUTION OF HUMAN-READABLE ADDRESSES

US 6,557,037 B1
Filed: 05/29/1998
Issued: 04/29/2003
Est. Priority Date: 05/29/1998
Status: Expired due to Term

First Claim

Patent Images

1. A system comprising a virtual private network and an external device interconnected by a digital network,the virtual private network having a firewall, at least one internal device and a nameserver each having a virtual private network address, wherein the external device has been provided only the virtual private network address of the firewall prior to the establishment of a secure tunnel connection therebetween, the internal device also having a secondary address, the nameserver being configured to provide an association between the secondary address and the virtual private network address, the firewall is configured to, in response to a request from the external device to establish a secure tunnel connection therebetween, provide the external device with the virtual private network address of the nameserver, and the external device is configured to, in response to a request requesting access to the internal device including the internal device'"'"'s secondary address, generate a network address request message for transmission over the secure tunnel connection to the firewall requesting resolution of the virtual private network address associated with the secondary address, the firewall being configured to provide the address resolution request to the nameserver, the nameserver being configured to provide the virtual private network address associated with the secondary address, the firewall in turn being further configured to provide the virtual private network address in a network address message for transmission over the secure tunnel connection to the external device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

“A system [comprises] includes a virtual private network and an external device interconnected by a digital network. The virtual private network has a firewall, at least one internal device and a nameserver each having a network address. The internal device also has a secondary address, and the nameserver is configured to provide an association between the secondary address and the network address. The firewall, in response to a request from the external device to establish a connection therebetween, provides the external device with the network address of the nameserver. The external device, in response to a request from an operator or the like, including the internal device'"'"'s secondary address, requesting access to the internal device, generates a network address request message for transmission over the connection to the firewall requesting resolution of the network address associated with the secondary address. The firewall provides the address resolution request to the nameserver, and the nameserver provides the network address associated with the secondary address to the firewall. The firewall, in turn, provides the network address in a network address response message for transmission over the connection to the external device. The external device can thereafter use the network address so provided in subsequent communications with the firewall intended for the internal device.”

181 Citations

18 Claims

1. A system comprising a virtual private network and an external device interconnected by a digital network,the virtual private network having a firewall, at least one internal device and a nameserver each having a virtual private network address, wherein the external device has been provided only the virtual private network address of the firewall prior to the establishment of a secure tunnel connection therebetween, the internal device also having a secondary address, the nameserver being configured to provide an association between the secondary address and the virtual private network address, the firewall is configured to, in response to a request from the external device to establish a secure tunnel connection therebetween, provide the external device with the virtual private network address of the nameserver, and the external device is configured to, in response to a request requesting access to the internal device including the internal device'"'"'s secondary address, generate a network address request message for transmission over the secure tunnel connection to the firewall requesting resolution of the virtual private network address associated with the secondary address, the firewall being configured to provide the address resolution request to the nameserver, the nameserver being configured to provide the virtual private network address associated with the secondary address, the firewall in turn being further configured to provide the virtual private network address in a network address message for transmission over the secure tunnel connection to the external device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A system as defined in claim 1 in which the external device is further configured to use the network address provided in the network address response message in generating at least one message for transmission to the internal device.
  - 3. A system as defined in claim 1 in which the external device is configured to connect to the network through a network service provider.
  - 4. A system as defined in claim 3 in which the external device is configured to establish a communications session with the network service provider, the network service provider providing the external device with the identification of a further nameserver, the further nameserver being configured to provide an association between a secondary address and a network address for at least one device.
  - 5. A system as defined in claim 1 in which the external device is configured to maintain a list of nameservers which have been identified to said external device, the external device being configured to interrogate successive ones of the nameservers in the list in response to a request requesting access to another device, said request including a secondary address for said other device, until said external device receives a network address, in each interrogation the external device being configured to generate a said network address request message for transmission over the network for response by one of said nameservers in said list and to receive a network address response message therefrom.
  - 6. A system as defined in claim 1 in which at least some portion of messages transferred between the external device and the firewall over the secure tunnel connection is encrypted.

7. A method of operating a system comprising a virtual private network and an external device interconnected by a digital network, the virtual private network having a firewall, at least one internal device and a nameserver each having a virtual private network address, wherein the external device has been provided only the virtual private network address of the firewall prior to the establishment of a secure tunnel connection therebetween, the internal device also having a secondary address, the nameserver being configured to provide an association between the secondary address and the virtual private network address, the method comprising the steps of:
- A. enabling the firewall, in response to a request from the external device to establish a secure tunnel connection therebetween, provide the external device with the virtual private network address of the nameserver; and
  
  B. enabling (i) the external device, in response to a request requesting access to the internal device including the internal device'"'"'s secondary address, to generate a network address request message for transmission over the secure tunnel connection to the firewall requesting resolution of the virtual private network address associated with the secondary address, (ii) the firewall to provide the address resolution request to the nameserver, (iii) The nameserver to provide the virtual private network address associated with the secondary address, and (iv) the firewall to provide the virtual private network address in a network address response message for transmission over the secure tunnel connection to the external device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. A method as defined in claim 7 in which the external device is further enabled to use the network address provided in the network address response message in generating at least one message for transmission to the internal device.
  - 9. A method as defined in claim 7 in which the external device is enabled to connect to the network through a network service provider.
  - 10. A method as defined in claim 9 in which the external device is enabled to establish a communications session with the network service provider, the network service provider being enabled to provide the external device with the identification of a further nameserver, the further nameserver being enabled to provide an association between a secondary address and a network address for at least one device.
  - 11. A method as defined in claim 7 in which the external device is enabled to maintain a list of nameservers which have been identified to said external device, the external device being enabled to interrogate successive ones of the nameservers in the list in response to a request requesting access to another device, said request including a secondary address for said other device, until said external device receives a network address, in each interrogation the external device being enabled to generate a said network address request message for transmission over the network for response by one of said nameservers in said list and to receive a network address response message therefrom.
  - 12. A method as defined in claim 7 in which at least some portion of messages transferred between the external device and the firewall over the secure tunnel connection is encrypted.

13. A computer program product for use in connection with a virtual private network and an external device interconnected by a digital network, the virtual private network having a firewall, at least one internal device and a nameserver each having a virtual private network address, wherein the external device has been provided only the virtual private network address of the firewall prior to the establishment of a secure tunnel connection therebetween, the internal device also having a secondary address, the nameserver being configured to provide an association between the secondary address and the virtual private network address, the computer program product comprising a machine readable medium having encoded thereon:
- A. a nameserver identification code module configured to enable the firewall, in response to a request from the external device to establish a secure tunnel connection therebetween, to provide the external device with the virtual private network address of the nameserver, B. a network address request message generating code module for enabling the external device, in response to a request requesting access to the internal device including the internal device'"'"'s secondary address, to generate a network address request message for transmission over the secure tunnel connection to the firewall requesting resolution of the virtual private network address associated with the secondary address, C. an address resolution request forwarding module for enabling the firewall to provide the address resolution request to the nameserver, D. a nameserver control module for enabling the nameserver to provide the virtual private network address associated with the secondary address, and E. a network address response message forwarding module for enabling the firewall to provide the virtual private network address in a network address response message for transmission over the connection to the external device.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. A computer program product as defined in claim 13 further comprising a network address utilization module configured to enable the external device to use the network address provided in the network address response message in generating at least one message for transmission to the internal device.
  - 15. A computer program product as defined in claim 13 further comprising a network service provider control module for enabling the external device to connect to the network through a network service provider.
  - 16. A computer program product as defined in claim 15 in which the network service provider control module includes a communications session establishment module for enabling the external device to a communications session with the network service provider and receive therefrom identification of a further nameserver.
  - 17. A computer program product as defined in claim 13 further including nameserver interrogation control module for enabling the external device to maintain a list of nameservers which have been identified to said external device, and to interrogate successive ones of the nameservers in the list in response to a request requesting access to another device, said request including a secondary address for said other device, until said external device receives a network address, in each interrogation the external device being enabled to generate a said network address request message for transmission over the network for response by one of said nameservers in said list and to receive a network address response message therefrom.
  - 18. A computer program product as defined in claim 14 in which the connection between the external device and the firewall is a secure tunnel, in which at least some portion of messages transferred between tie external device and the firewall is encrypted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems (Oracle Corporation)
Inventors
Provino, Joseph E.
Primary Examiner(s)
Dinh, Dung C.
Assistant Examiner(s)
SALAD, ABDULLAHI ELMI

Application Number

US09/087,823
Time in Patent Office

1,796 Days
Field of Search

709/227, 709/228, 709/250, 709/245, 709/225, 713/201
US Class Current

709/227
CPC Class Codes

H04L 61/2514   between local and global IP...

H04L 61/2567   for reachability, e.g. inqu...

H04L 61/2575   using address mapping retri...

H04L 61/4511   using domain name system [DNS]

H04L 63/0272   Virtual private networks

H04L 9/40   Network security protocols

SYSTEM AND METHOD FOR EASING COMMUNICATIONS BETWEEN DEVICES CONNECTED RESPECTIVELY TO PUBLIC NETWORKS SUCH AS THE INTERNET AND TO PRIVATE NETWORKS BY FACILITATING RESOLUTION OF HUMAN-READABLE ADDRESSES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

181 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM AND METHOD FOR EASING COMMUNICATIONS BETWEEN DEVICES CONNECTED RESPECTIVELY TO PUBLIC NETWORKS SUCH AS THE INTERNET AND TO PRIVATE NETWORKS BY FACILITATING RESOLUTION OF HUMAN-READABLE ADDRESSES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

181 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others