专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07159242B2 Secure IPsec tunnels with a background system accessible via a gateway implementing NAT 有权
标题翻译：可通过实施NAT的网关访问后台系统的安全IPsec隧道
公开(公告)号：US07159242B2
公开(公告)日：2007-01-02
申请号：US10142608
申请日：2002-05-09
申请人： Denise Marie Genty , James Stanley Tesauro , Ramachandran Unnikrishnan
发明人： Denise Marie Genty , James Stanley Tesauro , Ramachandran Unnikrishnan
IPC分类号： H04L9/00
CPC分类号： H04L63/029 , H04L29/12009 , H04L29/12367 , H04L29/125 , H04L61/2514 , H04L61/2564 , H04L63/0272 , H04L63/061 , H04L63/08 , H04L63/164
摘要： A method and system for enabling secure IPsec tunnels within NAT without compromising security. A local network is configured with a gateway machine connected to the Internet and having an IPsec ID for interfacing with the Internet and a local IP/interface address for interfacing with the local network. Client machines are connected to the gateway machine and communicate with the Internet via the gateway and network address translation (NAT) techniques. Each client machine is configured with a local IP/interface address. The client machines are also provided with an alias of the IPsec ID for the gateway machine. When an IPsec request is received by the gateway machine to establish a tunnel (secure communication) with one of the clients, the gateway machine forwards the packet to the particular client using NAT. The client machine receives the request and since it has an alias of the gateway's IPsec ID, the client machine will confirm that it has one of the IPsec IDs in the packet. The client machine sends the reply packet back to the gateway machine, which then forwards it to the requesting machine over the Internet. The requesting machine receives the packet and a confirmation that it has reached its intended recipient and opens the secure IKE tunnel with the particular client via the gateway machine. In this manner authentication of the IKE tunnel and establishment of a secure IPsec session is completed with a client machine that is accessible only via a gateway implementing NAT.
摘要翻译：一种在NAT内实现安全IPsec隧道的方法和系统，不会影响安全性。本地网络配置有连接到因特网的网关机器，并且具有用于与因特网进行接口的IPsec ID和用于与本地网络接口的本地IP /接口地址。客户端机器连接到网关机器，并通过网关和网络地址转换（NAT）技术与互联网进行通信。每个客户机都配置了本地IP /接口地址。客户端计算机还提供了网关机器的IPsec ID的别名。当网关机器接收到与其中一个客户端建立隧道（安全通信）的IPsec请求时，网关机器将NAT使用NAT转发到特定客户端。客户端机器接收到请求，并且由于它具有网关的IPsec ID的别名，所以客户机将确认它具有数据包中的一个IPsec ID。客户端机器将回复包发送回网关机器，网关机器然后通过因特网将其转发给请求机器。请求机器接收分组并确认其已经到达其预期接收者，并通过网关机器与特定客户端打开安全IKE隧道。以这种方式，IKE隧道的认证和安全IPsec会话的建立由仅通过实现NAT的网关可访问的客户机完成。

2. 发明授权

US06473863B1 Automatic virtual private network internet snoop avoider 有权
标题翻译：自动虚拟专用网络互联网窥探avoider
公开(公告)号：US06473863B1
公开(公告)日：2002-10-29
申请号：US09428400
申请日：1999-10-28
申请人： Denise Marie Genty , Gerald Francis McBrearty , Shawn Patrick Mullen , Johnny Meng-Han Shieh , Ramachandran Unnikrishnan
发明人： Denise Marie Genty , Gerald Francis McBrearty , Shawn Patrick Mullen , Johnny Meng-Han Shieh , Ramachandran Unnikrishnan
IPC分类号： H04L900
CPC分类号： H04L45/00 , H04L45/22 , H04L63/0272 , H04L63/1458 , H04L63/1466 , H04L67/14 , H04L69/24 , H04L69/329
摘要： Disclosed is a system and method for enhancing the security of virtual private network (VPN) connections by automatic pre-negotiation of a secondary configuration. If snooping or other security breaches are detected, the VPN tunnel is modified automatically to the secondary pre-arranged configuration, stymieing attempted security violations.
摘要翻译：公开了一种通过二次配置的自动预协商来增强虚拟专用网（VPN）连接的安全性的系统和方法。如果检测到窥探或其他安全漏洞，则VPN隧道将自动修改为辅助预排配的配置，从而阻止企图安全违规。

3. 发明授权

US06675225B1 Method and system for algorithm-based address-evading network snoop avoider 有权
标题翻译：基于算法的地址逃避网络侦听器的方法和系统
公开(公告)号：US06675225B1
公开(公告)日：2004-01-06
申请号：US09383740
申请日：1999-08-26
申请人： Denise Marie Genty , Gerald Francis McBrearty , Shawn Patrick Mullen , Johnny Meng-Han Shieh , Ramachandran Unnikrishnan
发明人： Denise Marie Genty , Gerald Francis McBrearty , Shawn Patrick Mullen , Johnny Meng-Han Shieh , Ramachandran Unnikrishnan
IPC分类号： G06F15173
CPC分类号： H04L63/0272 , H04L12/4641 , H04L29/12009 , H04L29/12783 , H04L61/35 , H04L63/0428 , H04L63/1475 , H04L63/18 , H04Q11/04 , H04Q2213/13056 , H04Q2213/13093 , H04Q2213/13097 , H04Q2213/13103 , H04Q2213/13106 , H04Q2213/13196 , H04Q2213/13299 , H04Q2213/13339 , H04Q2213/13384 , H04Q2213/13389 , H04Q2213/13399
摘要： A method and system for an algorithm-based network snoop avoider is provided. A first data processing system and a second data processing system communicate on a physical network by transmitting data packets on the network using a virtual private network (VPN). Data packets are transmitted through a first VPN tunnel between the first data processing system with a first network address terminating a first end of the VPN tunnel and the second data processing system with a second network address terminating a second end of the first VPN tunnel. The VPN is automatically reconfigured to use alternate addresses on the network for the tunnel endpoints by automatically determining, in accordance with a predetermined algorithm, a third network address and a fourth network address and by automatically assigning the third network address to the first data processing system and the fourth network address to the second data processing system. Data packets may then be transmitted through a second VPN tunnel in which a first end of the second VPN tunnel is terminated by the first data processing system using the third network address and a second end of the second VPN tunnel is terminated by the second data processing system using the fourth network address. The data packets may be transmitted using Internet Protocol (IP), and a portion of the network may include the Internet.
摘要翻译：提供了一种基于算法的网络侦听器的方法和系统。第一数据处理系统和第二数据处理系统在物理网络上通过使用虚拟专用网（VPN）在网络上发送数据分组进行通信。数据分组通过第一数据处理系统之间的第一VPN隧道传输，其中第一网络地址终止VPN隧道的第一端，而第二数据处理系统具有终止第一VPN隧道的第二端的第二网络地址。通过根据预定的算法自动地确定第三网络地址和第四网络地址，并且通过自动地将第三网络地址分配给第一数据处理系统，VPN被自动重新配置为在网络上为隧道端点使用备用地址以及第四网络地址到第二数据处理系统。然后可以通过第二VPN隧道传输数据包，其中第二VPN隧道的第一端由第一数据处理系统使用第三网络地址终止，并且第二VPN隧道的第二端被第二数据处理终止系统使用第四个网络地址。可以使用因特网协议（IP）来发送数据分组，并且网络的一部分可以包括因特网。

4. 发明授权

US06738910B1 Manual virtual private network internet snoop avoider 失效
标题翻译：手动虚拟专用网络互联网窥探avoider
公开(公告)号：US06738910B1
公开(公告)日：2004-05-18
申请号：US09428401
申请日：1999-10-28
申请人： Denise Marie Genty , Gerald Francis McBrearty , Shawn Patrick Mullen , Johnny Meng-Han Shieh , Ramachandran Unnikrishnan
发明人： Denise Marie Genty , Gerald Francis McBrearty , Shawn Patrick Mullen , Johnny Meng-Han Shieh , Ramachandran Unnikrishnan
IPC分类号： G06F124
CPC分类号： H04L63/0272 , H04L12/4633 , H04L12/4641 , H04L45/22 , H04L45/28
摘要： Disclosed is a system and method for enhancing the security and reliability of virtual private network (VPN) connections by manually exchanging secondary configuration information. If a compromise is detected on a main VPN tunnel, a new VPN tunnel can be created by the system administrators using the secondary configuration, stymieing attempted security violations and providing nearly continuous service to the users. A compromise may be indicative of a security breach or other problem with the VPN. The main VPN tunnel may be abandoned or fed with false data to confuse would-be intruders if the compromise is a security compromise.
摘要翻译：公开了通过手动交换辅助配置信息来增强虚拟专用网（VPN）连接的安全性和可靠性的系统和方法。如果在主VPN隧道上检测到妥协，则可以由系统管理员使用辅助配置创建新的VPN隧道，阻止尝试的安全违规，并向用户提供几乎连续的服务。妥协可能表示VPN的安全漏洞或其他问题。如果妥协是安全妥协，主要的VPN隧道可能被放弃或馈送虚假数据来混淆将来的入侵者。

5. 发明申请

US20050027868A1 Method and apparatus for authenticated network address allocation 失效
标题翻译：用于认证网络地址分配的方法和装置
公开(公告)号：US20050027868A1
公开(公告)日：2005-02-03
申请号：US10631066
申请日：2003-07-31
申请人： John Dodson , Robert Foster , Minh Nguyen , Ramachandran Unnikrishnan , Christine Wang
发明人： John Dodson , Robert Foster , Minh Nguyen , Ramachandran Unnikrishnan , Christine Wang
IPC分类号： G06F15/16 , H04L29/06 , H04L29/12
CPC分类号： H04L69/16 , H04L29/12226 , H04L61/2015 , H04L63/08 , H04L69/161
摘要： A method, apparatus, and computer instructions for providing addresses to clients. A request is received from a client for an address. A determination is made as to whether authentication information is present in the request. A verification process is performed using the authentication information if the authentication information is presenting the request. A determination is made as to whether the authentication information is authenticated. A privileged address is provided to the client in response to the authentication information being authenticated.
摘要翻译：一种用于向客户端提供地址的方法，装置和计算机指令。从客户端收到一个地址请求。确定请求中是否存在认证信息。如果认证信息呈现请求，则使用认证信息执行验证过程。确定认证信息是否被认证。响应于认证信息被认证，向客户端提供特权地址。

6. 发明授权

US07519988B2 Method and apparatus for authenticated network address allocation 失效
标题翻译：用于认证网络地址分配的方法和装置
公开(公告)号：US07519988B2
公开(公告)日：2009-04-14
申请号：US10631066
申请日：2003-07-31
申请人： John Paul Dodson , Robert Kimberlin Foster , Minh Nguyen , Ramachandran Unnikrishnan , Christine I. Wang
发明人： John Paul Dodson , Robert Kimberlin Foster , Minh Nguyen , Ramachandran Unnikrishnan , Christine I. Wang
IPC分类号： G06F21/00 , G06F15/16 , H04L9/32
CPC分类号： H04L69/16 , H04L29/12226 , H04L61/2015 , H04L63/08 , H04L69/161
摘要： A method, apparatus, and computer instructions for providing addresses to clients. A request is received from a client for an address. A determination is made as to whether authentication information is present in the request. A verification process is performed using the authentication information if the authentication information is presenting the request. A determination is made as to whether the authentication information is authenticated. A privileged address is provided to the client in response to the authentication information being authenticated.
摘要翻译：一种用于向客户端提供地址的方法，装置和计算机指令。从客户端收到一个地址请求。确定请求中是否存在认证信息。如果认证信息呈现请求，则使用认证信息执行验证过程。确定认证信息是否被认证。响应于认证信息被认证，向客户端提供特权地址。

7. 发明授权

US07225331B1 System and method for securing data on private networks 有权
标题翻译：保护私有网络数据的系统和方法
公开(公告)号：US07225331B1
公开(公告)日：2007-05-29
申请号：US09594517
申请日：2000-06-15
申请人： Gerald Francis McBrearty , Shawn Patrick Mullen , Johnny Meng-Han Shieh , Ramachandran Unnikrishnan
发明人： Gerald Francis McBrearty , Shawn Patrick Mullen , Johnny Meng-Han Shieh , Ramachandran Unnikrishnan
IPC分类号： H04L9/00 , H04K1/00 , G06F17/30 , G06F15/16
CPC分类号： H04L63/0428 , H04L63/045 , H04L63/067 , H04L63/0838
摘要： A system and method for protecting data transmitted across a private network is disclosed. A secure channel is established so that the client computer can securely transmit a password to the server computer. Once the password has been transmitted, future transmissions use the password to encrypt data by the sending computer and decipher the data at the receiving computer. In one embodiment, passwords expire after a certain amount of time and are thereafter renegotiated. In another embodiment, the password is successively modified by a counter value further preventing unauthorized persons from discovering the password used to encrypt the data. By using passwords rather than public-key encryption methods, less system resources are required to maintain data confidentiality. An information handling system securely transmitting data within a private network as well as a computer program product programmed to perform the encryption processing are further disclosed.
摘要翻译：公开了一种用于保护通过专用网络传输的数据的系统和方法。建立安全通道，以便客户端计算机可以将密码安全地传送到服务器计算机。一旦密码被传输，将来的传输使用密码来加密发送计算机的数据并解密接收计算机上的数据。在一个实施例中，密码在一定量的时间之后过期，然后重新协商。在另一个实施例中，通过计数器值连续修改密码，进一步防止未授权人员发现用于加密数据的密码。通过使用密码而不是公钥加密方法，需要较少的系统资源来维护数据的机密性。还公开了一种安全地传输专用网络内的数据的信息处理系统以及被编程为执行加密处理的计算机程序产品。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式