Method and apparatus for application-independent end-to-end security in shared-link access networks

Assignee

• LUCENT TECHNOLOGIES INC. · US

Inventors

• Jose′ C Brustoloni · Chatham, US
• Juan A. Garay · Guttenberg, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/164
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Clients that are connected on a private network and which are assigned a private IP address that is not routable on the Internet can connect to the Internet through a router/server that includes a network address translator (NAT). For outgoing packets, the NAT translates the client's private source IP address and generalized port number (GPN) to the NAT's global IP address and GPN. For incoming packets sent to the NAT's global IP address and GPN, the NAT translates the global destination IP address and GPN to the client's private IP address and GPN. For protocols which cannot be directly supported by the NAT, such as those in the IPSec security protocol suite, the NAT is extended by creating in the NAT's translation table an entry that associates, for a specific unsupported protocol, a client's private IP address and GPN, the NAT's global IP address and GPN, and a foreign address on the Internet, that is valid until a specified or default expiration time. Outgoing packets from the client to that foreign address and incoming packets from that foreign address to the NAT's global IP address and GPN are translated according to the entry until the entry expires. In associations with the…