Secure hidden route in a data network
First Claim
1. A method of conveying network traffic composed of packets sent in an internetwork between client users and a host, said method comprising:
- operating a public traffic channel to said host based on internet protocol (IP) routing tables, said traffic channel including a first border router coupling said host to said internetwork;
configuring a label table in a router connected to said host to associate a predetermined label with said host in order to provide a limited access channel to said host;
configuring a proxy device coupled to said internetwork to recognize at least one authorized client user of said host, to detect network traffic from said authorized client user to said proxy device which is intended for said host, and to forward said network traffic to said host using said predetermined label;
using the public channel to send traffic from one of the client users to the host;
detecting a malfunction condition of said public traffic channel; and
suspending operation of said public traffic channel in response to said malfunction condition;
whereby said authorized client user continues to exchange said traffic with said host during said malfunction condition via said limited access channel.
6 Assignments
0 Petitions
Accused Products
Abstract
A hidden pathway to a host is provided in an internetwork having an egress router coupled to the host. A selected port of the egress router is connected to the host as a hidden access port. A label table in the egress router is configured to associate the selected port with a predetermined label. Distribution of the predetermined label is restricted to one or more controlled access points so that access to the hidden pathway is restricted to the controlled access points. The controlled access points may reside at the users themselves, but are preferably contained within proxy devices coupled to the internetwork using secure connections.
37 Citations
11 Claims
-
1. A method of conveying network traffic composed of packets sent in an internetwork between client users and a host, said method comprising:
-
operating a public traffic channel to said host based on internet protocol (IP) routing tables, said traffic channel including a first border router coupling said host to said internetwork; configuring a label table in a router connected to said host to associate a predetermined label with said host in order to provide a limited access channel to said host; configuring a proxy device coupled to said internetwork to recognize at least one authorized client user of said host, to detect network traffic from said authorized client user to said proxy device which is intended for said host, and to forward said network traffic to said host using said predetermined label; using the public channel to send traffic from one of the client users to the host; detecting a malfunction condition of said public traffic channel; and suspending operation of said public traffic channel in response to said malfunction condition; whereby said authorized client user continues to exchange said traffic with said host during said malfunction condition via said limited access channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification
-
- Resources
-
Current AssigneeT-Mobile Innovations LLC (Deutsche Telekom AG)
-
Original AssigneeSprint Communications Company LP (Deutsche Telekom AG)
-
InventorsCook, Fred S.
-
Primary Examiner(s)Vu; Huy D.
-
Assistant Examiner(s)Nguyen; Phuongchau Ba
-
Application NumberUS10/390,250Time in Patent Office1,933 DaysField of SearchNoneUS Class Current370/216CPC Class CodesH04L 45/04 Interdomain routing, e.g. h...H04L 45/302 Route determination based o...H04L 63/0281 ProxiesH04L 63/1441 Countermeasures against mal...
