×

Method and apparatus for control of security protocol negotiation

  • US 7,120,930 B2
  • Filed: 06/13/2002
  • Issued: 10/10/2006
  • Est. Priority Date: 06/13/2002
  • Status: Active Grant
First Claim
Patent Images

1. A method for security negotiation control for a plurality of local clients over a gateway computer without additional encapsulation of a data packet between one of the local clients and a remote computer, comprising:

  • providing the gateway computer with access to a data structure that includes a mapping table having a row assigned to each connection between a local client and a remote client and storing on one of the rows a public IP address assigned to one of the local clients communicating with the remote computer;

    receiving at the gateway computer a packet;

    determining if the packet is a security negotiation packet;

    checking the mapping table for a Medium Access Control (MAC) source address and a destination address of the remote computer in response to the packet being part of the security negotiation;

    in response to finding in the mapping table the destination address and to not finding in the data structure the MAC source address in association with the destination address, determining if a security value comprising a Security Parameter Index (SPI) for the destination address of the remote computer is in the data structure; and

    in response to not finding the security value in the data structure for the destination address, suppressing transmission of the security negotiation packet, andin response to finding the SPI in the mapping table, forwarding the packet to the local client using one of the client'"'"'s public IP destination address or the local client'"'"'s MAC address or the local client'"'"'s private IP address assigned by the gateway computer and without additional encapsulation of the packet.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×