System for protecting identity in a network environment
First Claim
Patent Images
1. A system comprising:
- at least one network device having at least one identifier, the network device being on a private side of a network and capable of communicating with a destination device on a public side of a network;
a plurality of masking devices for facilitating communications from the network device to the destination device, and configured to protect the at least one identifier from detection by the destination device by masking the identifier from the public side of the network, the identifiers of the at least one network device being protected by one or masking devices, wherein the masking devices operate in a coordinated manner,where the masking device protects the identifier of the network device by replacing the identifier on the private side of the network with a masking identifier on the public side of the network, andwhere the masking device further comprises a network address translation exploder (“
NATE”
).
6 Assignments
0 Petitions
Accused Products
Abstract
A system for protecting identify of network devices (102, 104, and 106) in a network environment. The system includes an apparatus having an interface to the network for completing connections to destination devices (152, 154, and 156) on the public side of the network. The apparatus includes a masking element (140) for associating at least one masking identifier with a communication from the network device and masking the identifier of the network device from the destination device.
-
Citations
44 Claims
-
1. A system comprising:
-
at least one network device having at least one identifier, the network device being on a private side of a network and capable of communicating with a destination device on a public side of a network; a plurality of masking devices for facilitating communications from the network device to the destination device, and configured to protect the at least one identifier from detection by the destination device by masking the identifier from the public side of the network, the identifiers of the at least one network device being protected by one or masking devices, wherein the masking devices operate in a coordinated manner, where the masking device protects the identifier of the network device by replacing the identifier on the private side of the network with a masking identifier on the public side of the network, and where the masking device further comprises a network address translation exploder (“
NATE”
). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 19, 20, 21)
-
-
9. A system comprising:
-
at least one network device having at least one identifier, the network device being on a private side of a network and capable of communicating with a destination device on a public side of a network; a plurality of masking devices for facilitating communications from the network device to the destination device, and configured to protect the at least one identifier from detection by the destination device by masking the identifier from the public side of the network, the identifiers of the at least one network device being protected by one or masking devices, wherein the masking devices operate in a coordinated manner, where the masking device protects the identifier of the network device by replacing the identifier on the private side of the network with a masking identifier on the public side of the network, and where the masking device further comprises a network address translation exploder (“
NATE”
) for associating a single masking identifier with a plurality of network devices. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
22. A system comprising:
-
at least one network device having at least one identifier, the network device being on a private side of a network and capable of communicating with a destination device on a public side of a network; a plurality of masking devices for facilitating communications from the network device to the destination device, and configured to protect the at least one identifier from detection by the destination device by masking the identifier from the public side of the network, the identifiers of the at least one network device being protected by one or masking devices, wherein the masking devices operate in a coordinated manner; a Virtual Private Network (VPN) concentrator connected to the network device, the VPN concentrator operable to direct a communication request from the network device to a network router, the network router operable to direct a communication to a destination server in accordance with a routing request from the network device; and a proxy server having a NATE, the proxy server being identified in the routing request and operable to provide a gateway for connecting to the destination server using a masking identifier provided by the NATE. - View Dependent Claims (23, 24)
-
-
25. A method of protecting identity comprising:
-
requesting a connection between a network device and a destination server at a network routing device; and routing the connection via a gateway having a NATE server configured to operate a plurality of masking devices, wherein the masking devices operate in a coordinated manner, and operable to generate a masking identifier to protect an identifier of the network device. - View Dependent Claims (26, 27, 28, 29)
-
-
30. A method for providing identity protection to a plurality of networks comprising:
-
providing a plurality of network devices in the plurality of network devices with access to a plurality of masking servers having an interface to a plurality of destination servers over a network, wherein the masking devices operate in a coordinated manner; receiving requests to connect network devices in the at least one private network at the masking server, the requests comprising at least one identifier associated with the network devices; protecting the at least one identifier by substituting the at least one identifier with a masking identifier in each request to connect; and completing the connections for each request, wherein the masking server substitutes the identifier associated with the network devices using a Network Address Translator Exploder (NATE). - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A method for gathering information from a destination server comprising:
-
requesting a connection between a network device and the destination server on a network at one of a plurality of masking servers, wherein the masking devices operate in a coordinated manner, the connection comprising at least one identifier of the network device; substituting the identifier of the network device with at least one masking identifier in the connection at the one of the plurality of masking servers; completing the connection to allow communication between the network device and the destination server where the destination server does not have access to the identifier of the network device; receiving a request for selected information from the network device and sending the request to the destination server; and receiving the selected information from the destination server and sending the selected information to the network device, where the step of substituting the masking identifier comprises using a Network Address Translation Exploder (“
NATE”
). - View Dependent Claims (42, 43, 44)
-
Specification