Proxy network address translation

US 7,266,604 B1
Filed: 03/31/2000
Issued: 09/04/2007
Est. Priority Date: 03/31/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A system for securing data communication between an internet computer network and an external computer network, comprising:

a client located in the internal computer network;

a server located in the external computer network and in communication with the client; and

a proxy network address translation device comprising;

components for (1) performing, at a packet level, a network address translation upon a stream of packets originating from the client and (2) filtering, at a stream level, the stream of packets and transmitting the packets to the server, wherein the filtering is transparent to the client, and wherein the network address translation component redirects the stream of packets to the filtering component; and

a communications socket internal to the proxy network address translation device and communicatively connected to the components for (1) performing the network address translation and (2) filtering.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Proxy network address translation (PNAT) is disclosed, which combines proxy server capability with network address translation (NAT) capability. At a NAT component, address translation is performed at a packet level of a stream of packets originating from a client and destined for a server. The address translation redirects the packets to a proxy component, and masks the source of the packets. At the proxy component, filtering is performed at a stream level of the stream of packets. The proxy component transmits the packets to the server. A specific installed component is not required at clients for access through the PNAT. The PNAT retains the advantages of a proxy server, while retaining for the component-less nature of access of NAT.

Citations

9 Claims

1. A system for securing data communication between an internet computer network and an external computer network, comprising:
- a client located in the internal computer network;
  
  a server located in the external computer network and in communication with the client; and
  
  a proxy network address translation device comprising;
  
  components for (1) performing, at a packet level, a network address translation upon a stream of packets originating from the client and (2) filtering, at a stream level, the stream of packets and transmitting the packets to the server, wherein the filtering is transparent to the client, and wherein the network address translation component redirects the stream of packets to the filtering component; and
  
  a communications socket internal to the proxy network address translation device and communicatively connected to the components for (1) performing the network address translation and (2) filtering.
- View Dependent Claims (2)
- - 2. The system of claim 1, wherein the components of the proxy network address translation device comprise:
    - a first component for filtering said stream of packets, and also for filtering, at a stream level and transparent to the client, a second stream of packets originating from the server; and
      
      a second component for performing said network address translation, and also for performing, at a packet level, a reverse network address translation with respect to the packets in the second stream and transmitting the packets in the second stream to the client.

3. A device comprising:
- a proxy network address translation device comprising;
  
  a component for performing, at a packet level, a network address translation with respect to a stream of packets originating from a client in an internal network, wherein the client is communicating the stream of packets to a server located in an external network, and wherein the network address translation component redirects the stream of packets to a component for filtering;
  
  the component for filtering, at a stream level, the stream of packets, wherein the filtering is transparent to the client;
  
  a communication socket internal to the proxy network address translation device and communicatively connected to;
  
  the component for performing the network address translation; and
  
  the component for filtering; and
  
  a component for transmitting the packets to the server after the packets are filtered.
- View Dependent Claims (4, 5, 6, 7)
- - 4. The proxy network address translation device of claim 3, further comprising:
    - a component for filtering, at a stream level and transparently to the client, a second stream of packets originating from the server;
      
      a component for performing, at a packet level, a reverse network address translation upon the packet in the second stream; and
      
      a component for transmitting the packet in the second stream to the client.
  - 5. The proxy network address translation device of claim 3, wherein filtering the stream of packets comprises transforming the stream.
  - 6. The proxy network address translation device of claim 3, wherein filtering the stream of packets comprises compressing the stream.
  - 7. The proxy network address translation device of claim 3, wherein filtering comprises content monitoring, content restriction, stream transformation, traffic redirection and combinations thereof.

8. A computer-implemented method for communication between a first network and a second network comprising:
- intercepting, at a first external socket of a proxy network address translation device, a stream of packets;
  
  performing, at a first internal component of the proxy network address translation device, a network address translation upon the stream of packets, the network address translation occurring at a packet level;
  
  transmitting, from the first internal component of the proxy network address translation device to a second internal component of the proxy network address translation device using a communication socket internal to the proxy network address translation device, the translated stream of packets;
  
  filtering, at the second internal component of the proxy network address translation device, the translated stream of packets, the filtering occurring at a stream level; and
  
  transmitting, from the second external socket of the proxy network address translation device, the translated and filtered stream of packets.
- View Dependent Claims (9)
- - 9. The method of claim 8, wherein transmitting from the first internal component of the proxy network address translation device to the second internal component of the proxy network address translation device comprises transmitting the translated stream of packets through an internal socket of the proxy network address translation service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Nathan, Abraham, Valloppillil, Vinod V.
Primary Examiner(s)
Donaghue; Larry D.

Application Number

US09/541,461
Time in Patent Office

2,713 Days
Field of Search

709/245, 709/238, 709/218, 709201-202, 709/217, 709/225, 713/201
US Class Current

709/225
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 61/2514   between local and global IP...

H04L 61/2564   for a higher-layer protocol...

H04L 61/2585   through application level g...

H04L 61/59   using proxies for addressing

H04L 63/0281   Proxies

H04L 69/22   Parsing or analysis of headers

H04L 9/40   Network security protocols

Proxy network address translation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Proxy network address translation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links