Methods and system for locating network services with distributed network address translation. Digital certificates are created that allow an external network device on an external network, such as the Internet, to request a service from an internal network device on an internal distributed network address translation network, such as a stub local area network. The digital certificates include information obtained with a Port Allocation Protocol used for distributed network address translation. The digital certificates are published on the internal network so they are accessible to external network devices. An external network device retrieves a digital certificate, extracts appropriate information, and sends a service request packet to an internal network device on an internal distributed network address translation network. The external network device is able to locate and request a service from an internal network device. An external network device can also request a security... |
Citations|
| US5159592 | Oct 29, 1990 | Oct 27, 1992 | International Business Machines Corporation | Network address management for a wired network supporting wireless communication to a plurality of mobile users | | US5227778 | Apr 5, 1991 | Jul 13, 1993 | Digital Equipment Corporation | Service name to network address translation in communications network | | US5550984 | Dec 7, 1994 | Aug 27, 1996 | Matsushita Electric Corporation of America | Security system for preventing unauthorized communications between networks by translating communications received in ip protocol to non-ip protocol to remove address and routing services information | | US5636216 | Apr 8, 1994 | Jun 3, 1997 | Metricom, Inc. | Method for translating internet protocol addresses to other distributed network addressing schemes | | US5708655 | Jun 14, 1996 | Jan 13, 1998 | Telefonaktiebolaget L M Ericsson publ | Method and apparatus for addressing a wireless communication station with a dynamically-assigned address | | US5793763 | Nov 3, 1995 | Aug 11, 1998 | Cisco Technology, Inc. | Security system for network address translation systems | | US5812819 | Jun 5, 1995 | Sep 22, 1998 | Shiva Corporation | Remote access apparatus and method which allow dynamic internet protocol (IP) address management | | US5867660 | May 11, 1995 | Feb 2, 1999 | Bay Networks, Inc. | Method and apparatus for communicating between a network workstation and an internet | | US5872847 | Jul 30, 1996 | Feb 16, 1999 | ITT Industries, Inc. | Using trusted associations to establish trust in a computer network |
Referenced by|
| US6138235 | Jun 29, 1998 | Oct 24, 2000 | Sun Microsystems, Inc. | Controlling access to services between modular applications | | US6172986 | May 7, 1998 | Jan 9, 2001 | Hitachi, Ltd. | Mobile node, mobile agent and network system | | US6208649 | Mar 11, 1998 | Mar 27, 2001 | Cisco Technology, Inc. | Derived VLAN mapping technique | | US6222857 | Dec 2, 1999 | Apr 24, 2001 | Palm, Inc. | Technique for handling undesired data over a limited bandwidth channel | | US6243749 | Oct 8, 1998 | Jun 5, 2001 | Cisco Technology, Inc. | Dynamic network address updating | | US6262987 | Mar 26, 1998 | Jul 17, 2001 | | System and method for reducing latencies while translating internet host name-address bindings | | US6262988 | May 12, 2000 | Jul 17, 2001 | Cisco Technology, Inc. | Method and system for subnetting in a switched IP network | | US6269099 | Jul 1, 1998 | Jul 31, 2001 | 3Com Corporation | Protocol and method for peer network device discovery | | US6286084 | Sep 16, 1998 | Sep 4, 2001 | Cisco Technology, Inc. | Methods and apparatus for populating a network cache | | US6292838 | Aug 23, 1999 | Sep 18, 2001 | 3Com Corporation | Technique for automatic remote media access control (MAC) layer address resolution | | US6353614 | Mar 5, 1998 | Mar 5, 2002 | 3Com Corporation | Method and protocol for distributed network address translation | | US6353891 | Aug 9, 2000 | Mar 5, 2002 | 3Com Corporation | Control channel security for realm specific internet protocol | | US6360265 | Jul 8, 1998 | Mar 19, 2002 | Lucent Technologies Inc. | Arrangement of delivering internet protocol datagrams for multimedia services to the same server | | US6363082 | Nov 10, 2000 | Mar 26, 2002 | Palm Computing, Inc. | Technique for handling undesired data over a limited bandwidth channel | | US6381638 | Feb 24, 1999 | Apr 30, 2002 | 3Com Corporation | System and method for options based address reuse | | US6381646 | Nov 3, 1998 | Apr 30, 2002 | Cisco Technology, Inc. | Multiple network connections from a single PPP link with partial network address translation | | US6396833 | Dec 2, 1998 | May 28, 2002 | Cisco Technology, Inc. | Per user and network routing tables | | US6418476 | Jun 29, 1998 | Jul 9, 2002 | Nortel Networks, Limited | Method for synchronizing network address translator (NAT) tables using the open shortest path first opaque link state advertisement option protocol | | US6427170 | Dec 8, 1998 | Jul 30, 2002 | Cisco Technology, Inc. | Integrated IP address management | | US6430196 | May 1, 1998 | Aug 6, 2002 | Cisco Technology, Inc. | Transmitting delay sensitive information over IP over frame relay | | US6442612 | Mar 1, 1999 | Aug 27, 2002 | Axis AB | Device and method for communication over a network | | US6457061 | Nov 24, 1998 | Sep 24, 2002 | PMC-Sierra | Method and apparatus for performing internet network address translation | | US6490289 | Nov 3, 1998 | Dec 3, 2002 | Cisco Technology, Inc. | Multiple network connections from a single PPP link with network address translation | | US6490290 | Dec 30, 1998 | Dec 3, 2002 | Cisco Technology, Inc. | Default internet traffic and transparent passthrough | | US6499088 | Jul 9, 2001 | Dec 24, 2002 | Cisco Technology, Inc. | Methods and apparatus for populating a network cache | | US6502192 | Sep 3, 1998 | Dec 31, 2002 | Cisco Technology, Inc. | Security between client and server in a computer network | | US6539011 | Jun 8, 1999 | Mar 25, 2003 | Merlot Communications, Inc. | Method for initializing and allocating bandwidth in a permanent virtual connection for the transmission and control of audio, video, and computer data over a single network fabric | | US6553028 | Apr 30, 1999 | Apr 22, 2003 | Cisco Technology, Inc. | Method and apparatus for multicast switching using a centralized switching engine | | US6567405 | Feb 4, 2002 | May 20, 2003 | 3Com Corporation | Method and protocol for distributed network address translation | | US6567850 | Oct 27, 1999 | May 20, 2003 | Yodlee, Inc. | System and method for determining revenue from an intermediary derived from servicing data requests | | US6587468 | Feb 10, 1999 | Jul 1, 2003 | Cisco Technology, Inc. | Reply to sender DHCP option | | US6594278 | Mar 1, 2002 | Jul 15, 2003 | Cisco Technology, Inc. | Apparatus for transmitting delay sensitive information over frame relay | | US6615357 | Jan 29, 1999 | Sep 2, 2003 | International Business Machines Corporation | System and method for network address translation integration with IP security | | US6636499 | Dec 2, 1999 | Oct 21, 2003 | Cisco Technology, Inc. | Apparatus and method for cluster network device discovery | | US6654796 | Oct 7, 1999 | Nov 25, 2003 | Cisco Technology, Inc. | System for managing cluster of network switches using IP address for commander switch and redirecting a managing request via forwarding an HTTP connection to an expansion switch | | US6658565 | Jun 1, 1998 | Dec 2, 2003 | Sun Microsystems, Inc. | Distributed filtering and monitoring system for a computer internetwork | | US6661799 | Sep 13, 2000 | Dec 9, 2003 | Alcatel USA Sourcing, L.P. | Method and apparatus for facilitating peer-to-peer application communication | | US6697354 | Aug 19, 1998 | Feb 24, 2004 | 3Com Corporation | Method and system for distributed network address translation for mobile network devices | | US6708219 | Oct 26, 1999 | Mar 16, 2004 | 3Com Corporation | Method and system for dual-network address utilization | | US6724775 | Apr 24, 2002 | Apr 20, 2004 | Hitachi, Ltd. | Mobile node, mobile agent and network system | | US6725264 | Feb 17, 2000 | Apr 20, 2004 | Cisco Technology, Inc. | Apparatus and method for redirection of network management messages in a cluster of network devices | | US6731642 | May 3, 1999 | May 4, 2004 | 3Com Corporation | Internet telephony using network address translation | | US6738828 | Jul 6, 2000 | May 18, 2004 | Nortel Networks Limited | Name resolution protocol, system and method for resolving a flat name space to an address space | | US6757269 | Feb 27, 2001 | Jun 29, 2004 | Motorola, Inc. | Mobile wireless router | | US6763040 | Apr 28, 2000 | Jul 13, 2004 | AMX Corporation | Internet control system communication protocol and method | | US6768743 | Oct 26, 1999 | Jul 27, 2004 | 3Com Corporation | Method and system for address server redirection for multiple address networks | | US6772349 | May 3, 2000 | Aug 3, 2004 | 3Com Corporation | Detection of an attack such as a pre-attack on a computer network | | US6781982 | Oct 26, 1999 | Aug 24, 2004 | 3Com Corporation | Method and system for allocating persistent private network addresses between private networks | | US6785274 | Oct 7, 1998 | Aug 31, 2004 | Cisco Technology, Inc. | Efficient network multicast switching apparatus and methods | | US6785293 | Apr 24, 2002 | Aug 31, 2004 | Hitachi, Ltd. | Mobile node, mobile agent and network system | | US6804236 | Oct 7, 2002 | Oct 12, 2004 | Cisco Technology, Inc. | Efficient network multicast switching apparatus and methods | | US6812938 | Mar 22, 2001 | Nov 2, 2004 | Citicorp Development Center, Inc. | Method and system for providing status indication and control to a computer network user | | US6822957 | Nov 7, 2000 | Nov 23, 2004 | 3Com Corporation | Distributed network address translation for a network telephony system | | US6823462 | Sep 7, 2000 | Nov 23, 2004 | International Business Machines Corporation | Virtual private network with multiple tunnels associated with one group name | | US6826684 | Aug 10, 2001 | Nov 30, 2004 | Verizon Corporate Services Group Inc. | Sliding scale adaptive self-synchronized dynamic address translation | | US6839338 | Mar 20, 2002 | Jan 4, 2005 | UTStarcom Incorporated | Method to provide dynamic internet protocol security policy service | | US6839348 | Apr 30, 1999 | Jan 4, 2005 | Cisco Technology, Inc. | System and method for distributing multicasts in virtual local area networks | | US6856591 | Dec 15, 2000 | Feb 15, 2005 | Cisco Technology, Inc. | Method and system for high reliability cluster management | | US6868089 | Aug 29, 2000 | Mar 15, 2005 | Hitachi, Ltd. | Mobile node, mobile agent-and network system | | US6871220 | Oct 27, 1999 | Mar 22, 2005 | Yodlee, Inc. | System and method for distributed storage and retrieval of personal information | | US6888845 | Apr 24, 2002 | May 3, 2005 | Hitachi, Ltd. | Mobile node, mobile agent and network system | | US6892224 | Aug 31, 2001 | May 10, 2005 | Intel Corporation | Network interface device capable of independent provision of web content | | US6895433 | Oct 23, 2003 | May 17, 2005 | Cisco Technology, Inc. | HTTP redirection of configuration data for network devices | | US6907525 | Sep 20, 2002 | Jun 14, 2005 | Riverhead Networks Inc. | Protecting against spoofed DNS messages | | US6912582 | Mar 30, 2001 | Jun 28, 2005 | Microsoft Corporation | Service routing and web integration in a distributed multi-site user authentication system | | US6915437 | Dec 20, 2000 | Jul 5, 2005 | Microsoft Corporation | System and method for improved network security | | US6917626 | Nov 30, 1999 | Jul 12, 2005 | Cisco Technology, Inc. | Apparatus and method for automatic cluster network device address assignment | | US6931529 | Jan 5, 2001 | Aug 16, 2005 | International Business Machines Corporation | Establishing consistent, end-to-end protection for a user datagram | | US6938087 | Sep 12, 2000 | Aug 30, 2005 | Hewlett-Packard Development Company, L.P. | Distributed universal communication module for facilitating delivery of network services to one or more devices communicating over multiple transport facilities | | US6941377 | Dec 31, 1999 | Sep 6, 2005 | Intel Corporation | Method and apparatus for secondary use of devices with encryption | | US6944617 | Dec 28, 2001 | Sep 13, 2005 | Intel Corporation | Communicating transaction types between agents in a computer system using packet headers including an extended type/extended length field | | US6948074 | Mar 9, 2000 | Sep 20, 2005 | 3Com Corporation | Method and system for distributed generation of unique random numbers for digital tokens | | US6952421 | Oct 7, 1999 | Oct 4, 2005 | Cisco Technology, Inc. | Switched Ethernet path detection | | US6957346 | Jun 15, 1999 | Oct 18, 2005 | SSH Communications Security Ltd. | Method and arrangement for providing security through network address translations using tunneling and compensations | | US6963982 | Oct 27, 2000 | Nov 8, 2005 | Lucent Technologies Inc. | Method and apparatus for application-independent end-to-end security in shared-link access networks | | US6966003 | Jan 12, 2001 | Nov 15, 2005 | 3Com Corporation | System and method for switching security associations | | US6978308 | Mar 21, 2001 | Dec 20, 2005 | International Business Machines Corporation | System and method for nesting virtual private networking connections with coincident endpoints | | US6981038 | Jan 23, 2001 | Dec 27, 2005 | International Business Machines Corporation | Methods, systems and computer program products for determining simple network management protocol (SNMP) object identifiers in a management information base (MIB) file | | US6981278 | Sep 5, 2000 | Dec 27, 2005 | Sterling Commerce, Inc. | System and method for secure dual channel communication through a firewall | | US6982953 | Jul 11, 2000 | Jan 3, 2006 | Scorpion Controls, Inc. | Automatic determination of correct IP address for network-connected devices | | US6982978 | Feb 28, 2002 | Jan 3, 2006 | Cisco Technology, Inc. | Per user and network routing tables | | US6983319 | Apr 6, 2001 | Jan 3, 2006 | Permeo Technologies, Inc. | Dynamic port management | | US6986061 | Nov 20, 2000 | Jan 10, 2006 | International Business Machines Corporation | Integrated system for network layer security and fine-grained identity-based access control | | US6988148 | Jan 19, 2001 | Jan 17, 2006 | Cisco Technology, Inc. | IP pool management utilizing an IP pool MIB | | US6993050 | Aug 8, 2001 | Jan 31, 2006 | AT&T Corp. | Transmit and receive system for cable data service | | US6993353 | Aug 8, 2001 | Jan 31, 2006 | AT&T Corp. | Cable data service method | | US6996621 | Dec 6, 2000 | Feb 7, 2006 | 3Com Corporation | Method for supporting secondary address delivery on remote access servers | | US6996711 | Feb 28, 2001 | Feb 7, 2006 | Sun Microsystems, Inc. | Certification validation system | | US7003481 | May 30, 2001 | Feb 21, 2006 | Flatrock II, Inc. | Method and apparatus for providing network dependent application services | | US7006436 | Nov 13, 2001 | Feb 28, 2006 | AT&T Corp. | Method for providing voice-over-IP service | | US7007152 | Dec 28, 2001 | Feb 28, 2006 | Storage Technology Corporation | Volume translation apparatus and method | | US7010303 | Dec 21, 2001 | Mar 7, 2006 | Research In Motion Limited | Wireless router system and method | | US7010608 | Sep 28, 2001 | Mar 7, 2006 | Intel Corporation | System and method for remotely accessing a home server while preserving end-to-end security | | US7016351 | Feb 29, 2000 | Mar 21, 2006 | Cisco Technology, Inc. | Small group multicast in a computer network | | US7023863 | Aug 19, 2004 | Apr 4, 2006 | 3Com Corporation | Apparatus and method for processing encrypted packets in a computer network device | | US7028335 | Aug 27, 1999 | Apr 11, 2006 | 3Com Corporation | Method and system for controlling attacks on distributed network address translation enabled networks | | US7032242 | Mar 17, 1999 | Apr 18, 2006 | 3Com Corporation | Method and system for distributed network address translation with network security features | | US7036143 | Sep 19, 2001 | Apr 25, 2006 | Cisco Technology, Inc. | Methods and apparatus for virtual private network based mobility | | US7042988 | Sep 27, 2002 | May 9, 2006 | Bluesocket, Inc. | Method and system for managing data traffic in wireless networks | | US7043633 | Aug 10, 2001 | May 9, 2006 | Verizon Corporation Services Group Inc. | Method and apparatus for providing adaptive self-synchronized dynamic address translation | | US7051116 | Oct 22, 2001 | May 23, 2006 | America Online, Inc. | Client device identification when communicating through a network address translator device | | US7058619 | Apr 21, 2003 | Jun 6, 2006 | International Business Machines Corporation | Method, system and computer program product for facilitating digital certificate state change notification | | US7065079 | May 4, 2000 | Jun 20, 2006 | Cisco Technology, Inc. | VC sharing for multicast in a computer network | | US7068645 | Apr 2, 2001 | Jun 27, 2006 | Cisco Technology, Inc. | Providing different QOS to layer-3 datagrams when transported on tunnels | | US7072981 | Feb 8, 2001 | Jul 4, 2006 | Cisco Technology, Inc. | Preallocation of client network address translation addresses for client-server networks | | US7073055 | Feb 22, 2001 | Jul 4, 2006 | 3Com Corporation | System and method for providing distributed and dynamic network services for remote access server users | | US7089328 | Feb 8, 2001 | Aug 8, 2006 | Cisco Technology, Inc. | Method allocation scheme for maintaining server load balancers services in a high throughput environment | | US7099318 | Dec 28, 2001 | Aug 29, 2006 | Intel Corporation | Communicating message request transaction types between agents in a computer system using multiple message groups | | US7099319 | Jan 23, 2002 | Aug 29, 2006 | International Business Machines Corporation | Virtual private network and tunnel gateway with multiple overlapping, remote subnets | | US7107464 | Jul 10, 2001 | Sep 12, 2006 | Telecom Italia S.p.A. | Virtual private network mechanism incorporating security association processor | | US7107614 | May 23, 2000 | Sep 12, 2006 | International Business Machines Corporation | System and method for network address translation integration with IP security | | US7113519 | Apr 15, 2002 | Sep 26, 2006 | Skypilot Networks, Inc. | Network channel access protocol—slot scheduling | | US7120930 | Jun 13, 2002 | Oct 10, 2006 | NVIDIA Corporation | Method and apparatus for control of security protocol negotiation | | US7124173 | Apr 30, 2001 | Oct 17, 2006 | | Method and apparatus for intercepting performance metric packets for improved security and intrusion detection | | US7130629 | Mar 8, 2000 | Oct 31, 2006 | Cisco Technology, Inc. | Enabling services for multiple sessions using a single mobile node | | US7134019 | Nov 13, 2001 | Nov 7, 2006 | Microsoft Corporation | Methods and systems for unilateral authentication of messages | | US7139828 | Aug 30, 2002 | Nov 21, 2006 | IP Dynamics, Inc. | Accessing an entity inside a private network | | US7142541 | Aug 9, 2002 | Nov 28, 2006 | Intel Corporation | Determining routing information for an information packet in accordance with a destination address and a device address | | US7143137 | Jun 13, 2002 | Nov 28, 2006 | NVIDIA Corporation | Method and apparatus for security protocol and address translation integration | | US7143188 | Jun 13, 2002 | Nov 28, 2006 | NVIDIA Corporation | Method and apparatus for network address translation integration with internet protocol security | | US7149183 | Apr 15, 2002 | Dec 12, 2006 | SkyPilot Networks, Inc. | Network channel access protocol - slot allocation | | US7152238 | Dec 29, 2000 | Dec 19, 2006 | Cisco Technology, Inc. | Enabling mobility for point to point protocol (PPP) users using a node that does not support mobility | | US7152239 | Jul 14, 2000 | Dec 19, 2006 | Symantec Corporation | System and method for preventing detection of a computer connection to an external device | | US7171492 | Feb 24, 2000 | Jan 30, 2007 | UTStarcom, Inc. | Method and application programming interface for assigning multiple network addresses | | US7171683 | Aug 29, 2002 | Jan 30, 2007 | Riverhead Networks Inc. | Protecting against distributed denial of service attacks | | US7177324 | Nov 2, 2001 | Feb 13, 2007 | AT&T Corp. | Network having bandwidth sharing | | US7177932 | Oct 23, 2002 | Feb 13, 2007 | Errikos Pitsos | Method, gateway and system for transmitting data between a device in a public network and a device in an internal network | | US7184399 | Dec 28, 2001 | Feb 27, 2007 | Intel Corporation | Method for handling completion packets with a non-successful completion status | | US7185194 | May 16, 2001 | Feb 27, 2007 | Fujitsu Limited | System and method for distributed group management | | US7188365 | Apr 4, 2002 | Mar 6, 2007 | AT&T Corp. | Method and system for securely scanning network traffic | | US7191375 | Dec 28, 2001 | Mar 13, 2007 | Intel Corporation | Method and apparatus for signaling an error condition to an agent not expecting a completion | | US7197549 | Jun 4, 2001 | Mar 27, 2007 | Cisco Technology, Inc. | On-demand address pools | | US7203166 | Oct 28, 2005 | Apr 10, 2007 | AT&T Corp. | Method for providing voice-over-IP service | | US7203837 | Apr 12, 2001 | Apr 10, 2007 | Microsoft Corporation | Methods and systems for unilateral authentication of messages | | US7203957 | Apr 4, 2002 | Apr 10, 2007 | AT&T Corp. | Multipoint server for providing secure, scaleable connections between a plurality of network devices | | US7207846 | Nov 23, 2004 | Apr 24, 2007 | Panduit Corp. | Patch panel with a motherboard for connecting communication jacks | | US7213061 | Apr 28, 2000 | May 1, 2007 | AMX LLC | Internet control system and method | | US7222255 | Feb 28, 2001 | May 22, 2007 | 3Com Corporation | System and method for network performance testing | | US7224366 | Aug 28, 2003 | May 29, 2007 | AMX, LLC | Method and system for control system software | | US7234158 | Apr 1, 2002 | Jun 19, 2007 | Microsoft Corporation | Separate client state object and user interface domains | | US7237260 | Jul 8, 2003 | Jun 26, 2007 | Matsushita Electric Industrial Co., Ltd. | Method for dynamic selection for secure and firewall friendly communication protocols between multiple distributed modules | | US7246231 | Oct 31, 2002 | Jul 17, 2007 | NTT DoCoMo, Inc. | Location privacy through IP address space scrambling | | US7246373 | Mar 10, 2006 | Jul 17, 2007 | Cisco Technology, Inc. | Methods and apparatus for virtual private network based mobility | | US7260536 | Oct 6, 2000 | Aug 21, 2007 | Hewlett-Packard Development Company, L.P. | Distributed voice and wireless interface modules for exposing messaging/collaboration data to voice and wireless devices | | US7260638 | Jul 23, 2001 | Aug 21, 2007 | Bluesocket, Inc. | Method and system for enabling seamless roaming in a wireless network | | US7260650 | Nov 28, 2001 | Aug 21, 2007 | Cisco Technology, Inc. | Method and apparatus for tunneling information | | US7283494 | Apr 15, 2002 | Oct 16, 2007 | Skypilot Networks, Inc. | Network channel access protocol-interference and load adaptive | | US7305480 | Aug 14, 2001 | Dec 4, 2007 | Hitachi, Ltd. | Method and system for persistent translation between protocols | | US7313815 | Sep 17, 2004 | Dec 25, 2007 | Cisco Technology, Inc. | Protecting against spoofed DNS messages | | US7337219 | May 30, 2003 | Feb 26, 2008 | AOL LLC, a Delaware Limited Liability Company | Classifying devices using a local proxy server | | US7339903 | Jun 14, 2002 | Mar 4, 2008 | QUALCOMM Incorporated | Enabling foreign network multicasting for a roaming mobile node, in a foreign network, using a persistent address | | US7339947 | Apr 15, 2002 | Mar 4, 2008 | Skypilot Networks, Inc. | Network channel access protocol—frame execution | | US7352868 | Oct 9, 2001 | Apr 1, 2008 | | Method and apparatus for security in a data processing system | | US7353280 | Mar 19, 2001 | Apr 1, 2008 | AOL LLC, a Delaware Limited Liability Company | Home-networking | | US7356020 | Apr 7, 2003 | Apr 8, 2008 | QUALCOMM Incorporated | Support of disparate addressing plans and dynamic HA address allocation in mobile IP | | US7356043 | Aug 17, 2006 | Apr 8, 2008 | Skypilot Networks, Inc. | Network channel access protocol—slot scheduling | | US7356711 | May 30, 2002 | Apr 8, 2008 | Microsoft Corporation | Secure registration | | US7359973 | Mar 19, 2001 | Apr 15, 2008 | AOL LLC, a Delaware Limited Liability Company | Home-networking | | US7362742 | Jan 28, 2003 | Apr 22, 2008 | Cisco Technology, Inc. | Methods and apparatus for synchronizing subnet mapping tables | | US7367052 | Dec 4, 2002 | Apr 29, 2008 | Cisco Technology, Inc. | Access list key compression | | US7370197 | Sep 12, 2002 | May 6, 2008 | Microsoft Corporation | Method and system for authenticating messages | | US7373506 | Jan 19, 2001 | May 13, 2008 | Sony Corporation | Data authentication system | | US7376134 | Aug 2, 2004 | May 20, 2008 | Novell, Inc. | Privileged network routing | | US7376734 | Feb 13, 2003 | May 20, 2008 | Panduit Corp. | VOIP telephone location system | | US7383339 | Jul 31, 2002 | Jun 3, 2008 | AOL LLC, a Delaware Limited Liability Company | Local proxy server for establishing device controls | | US7386727 | Oct 24, 1998 | Jun 10, 2008 | Encorus Holdings Limited | Method for digital signing of a message | | US7401354 | Mar 12, 2003 | Jul 15, 2008 | International Business Machines Corporation | System and method for network address translation integration with IP Security | | US7406043 | Apr 10, 2007 | Jul 29, 2008 | AT&T Corp. | Method for providing voice-over-IP service | | US7409544 | Mar 27, 2003 | Aug 5, 2008 | Microsoft Corporation | Methods and systems for authenticating messages | | US7418492 | Jun 20, 2002 | Aug 26, 2008 | P-Cube Ltd. | System and a method for testing network communication devices | | US7418511 | Sep 10, 2003 | Aug 26, 2008 | Matsushita Electric Indutrial Co., Ltd. | Secured TCP/IP communication system for devices and private networks connected to the internet | | US7420932 | Apr 4, 2002 | Sep 2, 2008 | Cisco Technology, Inc. | Default internet traffic and transparent passthrough | | US7426702 | Oct 9, 2003 | Sep 16, 2008 | AMX LLC | System and method for multimedia display | | US7430292 | Apr 8, 2002 | Sep 30, 2008 | Telenublink Corporation | Methods and systems for securing information communicated between communication devices | | US7437457 | Sep 8, 2003 | Oct 14, 2008 | AOL LLC, a Delaware Limited Liability Company | Regulating concurrent logins associated with a single account | | US7437548 | Sep 23, 2002 | Oct 14, 2008 | NVIDIA Corporation | Network level protocol negotiation and operation | | US7443865 | Apr 4, 2002 | Oct 28, 2008 | Cisco Technology, Inc. | Multiple network connections from a single PPP link with network address translation | | US7447188 | Jun 22, 2004 | Nov 4, 2008 | Cisco Technology, Inc. | Methods and apparatus for supporting mobile IP proxy registration in a system implementing mulitple VLANs | | US7447203 | Jul 29, 2003 | Nov 4, 2008 | AT&T Intellectual Property I, L.P. | Broadband access for virtual private networks | | US7448081 | Sep 22, 2006 | Nov 4, 2008 | AT&T Intellectual Property II, L.P. | Method and system for securely scanning network traffic | | US7450560 | May 31, 2000 | Nov 11, 2008 | 3Com Corporation | Method for address mapping in a network access system and a network access device for use therewith | | US7453905 | Feb 9, 2005 | Nov 18, 2008 | Hitachi, Ltd. | Mobile node, mobile agent and network system | | US7455527 | Apr 29, 2005 | Nov 25, 2008 | Panduit Corp. | Powered patch panel | | US7457289 | Dec 16, 2002 | Nov 25, 2008 | Cisco Technology, Inc. | Inter-proxy communication protocol for mobile IP | | US7457956 | Jul 5, 2001 | Nov 25, 2008 | Telefonaktiebolaget L M Ericsson (Publ) | Securing arbitrary communication services | | US7464178 | Nov 21, 2003 | Dec 9, 2008 | Markport Limited | Open messaging gateway | | US7468981 | Feb 15, 2005 | Dec 23, 2008 | Cisco Technology, Inc. | Clock-based replay protection | | US7471661 | Feb 20, 2002 | Dec 30, 2008 | Cisco Technology, Inc. | Methods and apparatus for supporting proxy mobile IP registration in a wireless local area network | | US7471678 | May 25, 2004 | Dec 30, 2008 | Ktfreetel Co., Ltd. | System and apparatus for tunneling service of explicit multicast | | US7474650 | Dec 18, 2003 | Jan 6, 2009 | QUALCOMM Incorporated | Methods and apparatus for controlling resource allocation where tunneling and access link packet aggregation are used in combination | | US7480722 | Mar 12, 2002 | Jan 20, 2009 | Sony Corporation | Information processing apparatus and method, recording medium product, and program | | US7480938 | Dec 22, 2005 | Jan 20, 2009 | Sterling Commerce, Inc. | System and method for secure dual channel communication through a firewall | | US7484005 | Feb 10, 2006 | Jan 27, 2009 | AOL, LLC, a Delaware corporation | Client device identification when communicating through a network address translator device | | US7484245 | Sep 29, 2000 | Jan 27, 2009 | GigaTrust | System and method for providing data security | | US7496748 | Jul 23, 2001 | Feb 24, 2009 | ITT Manufacturing Enterprises | Method for establishing a security association between two or more computers communicating via an interconnected computer network | | US7500004 | Dec 29, 1999 | Mar 3, 2009 | | System for tracking files transmitted over the internet | | US7500102 | Jan 25, 2002 | Mar 3, 2009 | Microsoft Corporation | Method and apparatus for fragmenting and reassembling internet key exchange data packets | | US7502925 | Apr 19, 2004 | Mar 10, 2009 | Nvidia Corporation | Method and apparatus for reducing TCP frame transmit latency | | US7505432 | Apr 28, 2003 | Mar 17, 2009 | Cisco Technology, Inc. | Methods and apparatus for securing proxy Mobile IP | | US7509435 | Mar 12, 2001 | Mar 24, 2009 | International Business Machines Corporation | Network Address Translation and Port Mapping | | US7519000 | May 16, 2003 | Apr 14, 2009 | Panduit Corp. | Systems and methods for managing a network | | US7522594 | Sep 8, 2005 | Apr 21, 2009 | Eye Ball Networks, Inc. | Method and apparatus to permit data transmission to traverse firewalls | | US7523490 | May 15, 2002 | Apr 21, 2009 | Microsoft Corporation | Session key security protocol | | US7525947 | Jun 14, 2004 | Apr 28, 2009 | KTFREETEL Co., Ltd | Method and apparatus for tunneling service of explicit multicast in mobile IP network | | US7529230 | Aug 24, 2005 | May 5, 2009 | Research In Motion Limited | Wireless router system and method | | US7536548 | Jun 4, 2002 | May 19, 2009 | Rockwell Automation Technologies, Inc. | System and methodology providing multi-tier-security for network data exchange with industrial control components | | US7539194 | Apr 27, 2005 | May 26, 2009 | Cisco Technology, Inc. | Per user and network routing tables | | US7543332 | Feb 6, 2007 | Jun 2, 2009 | AT&T Corporation | Method and system for securely scanning network traffic | | US7545820 | May 25, 2005 | Jun 9, 2009 | Cisco Technology, Inc. | Apparatus and method for automatic cluster network device address assignment | | US7552190 | Oct 27, 1999 | Jun 23, 2009 | VerticalOne Corporation | System and method for automated electronic notification and transaction execution | | US7554959 | Oct 15, 2003 | Jun 30, 2009 | Cisco Technology, Inc. | Apparatus and method for cluster network device discovery | | US7558873 | May 8, 2002 | Jul 7, 2009 | NVIDIA Corporation | Method for compressed large send | | US7562386 | Feb 6, 2007 | Jul 14, 2009 | AT&T Intellectual Property, II, L.P. | Multipoint server for providing secure, scaleable connections between a plurality of network devices | | US7568224 | Feb 3, 2005 | Jul 28, 2009 | Cisco Technology, Inc. | Authentication of SIP and RTP traffic | | US7573873 | Apr 28, 2004 | Aug 11, 2009 | 3Com Corporation | Internet telephony using network address translation | | US7574738 | Nov 6, 2002 | Aug 11, 2009 | AT&T Intellectual Property II, L.P. | Virtual private network crossovers based on certificates | | US7577725 | Feb 25, 2000 | Aug 18, 2009 | Cisco Technology, Inc. | IP address allocation in a network environment | | US7581026 | Dec 28, 2001 | Aug 25, 2009 | Intel Corporation | Communicating transaction types between agents in a computer system using packet headers including format and type fields | | US7581247 | Apr 17, 2006 | Aug 25, 2009 | Symantec Operating Corporation | Network address translation gateway for networks using non-translatable port addresses | | US7587493 | Dec 12, 2005 | Sep 8, 2009 | Cisco Technology, Inc. | Local network address management | | US7600026 | Mar 26, 2003 | Oct 6, 2009 | Realtek Semiconductor Corp. | Apparatus and method for NAT/NAPT session management | | US7602784 | Feb 19, 2002 | Oct 13, 2009 | Eyeball Networks, Inc. | Method and apparatus to permit data transmission to traverse firewalls | | US7610487 | Jun 28, 2005 | Oct 27, 2009 | Microsoft Corporation | Human input security codes | | US7616597 | Dec 19, 2002 | Nov 10, 2009 | Intel Corporation | System and method for integrating mobile networking with security-based VPNs | | US7620070 | Jun 24, 2003 | Nov 17, 2009 | NVIDIA Corporation | Packet processing with re-insertion into network interface circuitry | | US7620733 | Mar 30, 2005 | Nov 17, 2009 | Cisco Technology, Inc. | DNS anti-spoofing using UDP | | US7624264 | Jun 22, 2005 | Nov 24, 2009 | Microsoft Corporation | Using time to determine a hash extension | | US7624268 | Nov 7, 2005 | Nov 24, 2009 | Fuji Xerox Co., Ltd. | Device and method for managing public key certificate attached to electronic mail and storage medium | | US7624447 | Sep 8, 2005 | Nov 24, 2009 | Cisco Technology, Inc. | Using threshold lists for worm detection | | US7636941 | Mar 10, 2004 | Dec 22, 2009 | Microsoft Corporation | Cross-domain authentication | | US7643447 | Oct 21, 2008 | Jan 5, 2010 | Hitachi, Ltd. | Mobile node, mobile agent and network system | | US7656788 | Feb 14, 2005 | Feb 2, 2010 | Cisco Technology, Inc. | High-reliability cluster management | | US7660318 | Sep 7, 2006 | Feb 9, 2010 | Cisco Technology, Inc. | Internetworking support between a LAN and a wireless mesh network | | US7660909 | Jul 3, 2006 | Feb 9, 2010 | Cisco Technology, Inc. | Preallocation of client network address translation addresses for client-server networks | | US7664121 | Apr 22, 2002 | Feb 16, 2010 | Siemens Aktiengesellschaft | Method and router for switching data between a local area network and an external appliance | | US7669052 | Dec 20, 2006 | Feb 23, 2010 | Sony Corporation
Sony Computer Entertainment Inc. | Authentication and encryption utilizing command identifiers | | US7672879 | Oct 27, 2000 | Mar 2, 2010 | Yodlee.com, Inc. | Interactive activity interface for managing personal data and performing transactions over a data packet network | | US7673030 | Nov 17, 2006 | Mar 2, 2010 | AMX LLC | Internet control system communication protocol, method and computer program | | US7676679 | Feb 15, 2005 | Mar 9, 2010 | Cisco Technology, Inc. | Method for self-synchronizing time between communicating networked systems using timestamps | | US7680104 | Nov 9, 2004 | Mar 16, 2010 | Cisco Technology, Inc. | Address tagging for network address translation (NAT) traversal | | US7693508 | Aug 20, 2001 | Apr 6, 2010 | QUALCOMM Incorporated | Method and apparatus for broadcast signaling in a wireless communication system | | US7697501 | May 4, 2004 | Apr 13, 2010 | Qualcomm Incorporated | Methods and apparatus for separating home agent functionality | | US7716369 | Aug 11, 2003 | May 11, 2010 | | Data transmission system with a mechanism enabling any application to run transparently over a network address translation device | | US7720019 | Jan 27, 2006 | May 18, 2010 | Cisco Technology, Inc. | Small group multicast in a computer network | | US7738131 | Jun 30, 2008 | Jun 15, 2010 | Canon Kabushiki Kaisha | Control apparatus and its method, and control program and storage medium holding it | | US7739497 | Mar 21, 2002 | Jun 15, 2010 | Verizon Corporate Services Group Inc. | Method and apparatus for anonymous IP datagram exchange using dynamic network address translation | | US7747850 | Nov 2, 2005 | Jun 29, 2010 | The TriZetto Group, Inc. | Automated, internet-based secure digital certificate distribution and maintenance | | US7751391 | Jul 26, 2006 | Jul 6, 2010 | International Business Machines Corporation | Virtual private network and tunnel gateway with multiple overlapping, remote subnets | | US7752535 | Dec 1, 2005 | Jul 6, 2010 | Yodlec.com, Inc. | Categorization of summarized information | | US7760674 | Apr 22, 2005 | Jul 20, 2010 | Hitachi, Ltd. | Method of translating protocol at translator, method of providing protocol translation information at translation server, and address translation server | | US7761500 | Feb 29, 2000 | Jul 20, 2010 | Cisco Technology, Inc. | URL based communication protocol from a client computer to a network device | | US7765279 | Oct 27, 1999 | Jul 27, 2010 | VerticalOne Corporation | System and method for scheduling harvesting of personal information | | US7769883 | Jun 13, 2006 | Aug 3, 2010 | Intel Corporation | Communicating message request transaction types between agents in a computer system using multiple message groups | | US7774609 | Apr 14, 2008 | Aug 10, 2010 | First Data Mobile Holdings Limited | Process for digital signing of a message | | US7787361 | Feb 27, 2006 | Aug 31, 2010 | Cisco Technology, Inc. | Hybrid distance vector protocol for wireless mesh networks | | US7788345 | Sep 13, 2001 | Aug 31, 2010 | Cisco Technology, Inc. | Resource allocation and reclamation for on-demand address pools | | US7793098 | May 20, 2003 | Sep 7, 2010 | Nokia Corporation | Providing privacy to nodes using mobile IPv6 with route optimization | | US7797433 | Jun 29, 2001 | Sep 14, 2010 | Net2Phone | System, method, and computer program product for resolving addressing in a network including a network address translator | | US7810136 | Jan 10, 2005 | Oct 5, 2010 | Microsoft Corporation | Service routing and web integration in a distributed, multi-site user authentication system | | US7814208 | Apr 3, 2001 | Oct 12, 2010 | Science Applications International Corporation | System and method for projecting content beyond firewalls | | US7814230 | Dec 18, 2008 | Oct 12, 2010 | | Client device identification when communicating through a network address translator device | | US7827278 | Jul 23, 2001 | Nov 2, 2010 | AT&T Intellectual Property II, L.P. | System for automated connection to virtual private networks related applications | | US7827292 | Jul 23, 2001 | Nov 2, 2010 | AT&T Intellectual Property II, L.P. | Flexible automated connection to virtual private networks | | US7827605 | Oct 27, 2008 | Nov 2, 2010 | Symantec Corporation | System and method for preventing detection of a selected process running on a computer | | US7854005 | Aug 18, 2006 | Dec 14, 2010 | Symantec Corporation | System and method for generating fictitious content for a computer | | US7856386 | Sep 17, 2009 | Dec 21, 2010 | Yodlee, Inc. | Host exchange in bill paying services | | US7856655 | Jun 30, 2004 | Dec 21, 2010 | Microsoft Corporation | System and method for improved network security | | US7865946 | Apr 15, 2004 | Jan 4, 2011 | Sony Corporation | Data transmission controlling method and data transmission system | | US7869451 | Dec 14, 2005 | Jan 11, 2011 | France Telecom | Method for operating a local computer network connected to a remote private network by an IPsec tunnel, software module and IPsec gateway | | US7869803 | Apr 30, 2007 | Jan 11, 2011 | QUALCOMM Incorporated | Profile modification for roaming in a communications environment | | US7882247 | Jan 13, 2003 | Feb 1, 2011 | Netmotion Wireless, Inc. | Method and apparatus for providing secure connectivity in mobile and other intermittent computing environments | | US7882346 | May 9, 2003 | Feb 1, 2011 | QUALCOMM Incorporated | Method and apparatus for providing authentication, authorization and accounting to roaming nodes | | US7885637 | Aug 28, 2006 | Feb 8, 2011 | | Billing in mobile communications system employing wireless application protocol | | US7904054 | Sep 12, 2002 | Mar 8, 2011 | | Billing in mobile communications system employing wireless application protocol | | US7908481 | Jun 30, 2004 | Mar 15, 2011 | Avaya Inc. | Routing data to one or more entities in a network | | US7908651 | Feb 28, 2006 | Mar 15, 2011 | Asavie R&D Limited | Method of network communication | | US7913294 | Jun 24, 2003 | Mar 22, 2011 | NVIDIA Corporation | Network protocol processing for filtering packets | | US7925693 | Jan 26, 2007 | Apr 12, 2011 | Microsoft Corporation | NAT access control with IPSec | | US7929689 | Jun 30, 2004 | Apr 19, 2011 | Microsoft Corporation | Call signs | | US7937471 | Jun 3, 2002 | May 3, 2011 | Inpro Network Facility, LLC | Creating a public identity for an entity on a network | | US7949785 | Mar 31, 2003 | May 24, 2011 | Inpro Network Facility, LLC | Secure virtual community network system | | US7950055 | Oct 19, 2009 | May 24, 2011 | Microsoft Corporation | Cross-domain authentication | | US7962741 | Sep 12, 2002 | Jun 14, 2011 | Juniper Networks, Inc. | Systems and methods for processing packets for encryption and decryption | | US7971240 | Apr 20, 2009 | Jun 28, 2011 | Microsoft Corporation | Session key security protocol | | US7978718 | May 7, 2006 | Jul 12, 2011 | Cisco Technology, Inc. | Small group multicast in a computer network | | US7986660 | Oct 9, 2001 | Jul 26, 2011 | QUALCOMM Incorporated | Channel allocation for communication system | | US7990977 | Apr 23, 2010 | Aug 2, 2011 | AT&T Intellectual Property I, L.P. | Method, system, and device for sending data in a cable data service | | US8000241 | Dec 18, 2003 | Aug 16, 2011 | QUALCOMM Incorporated | Methods and apparatus for controlling access link packet flow aggregation and resource allocation in a mobile communications system | | US8000331 | Apr 23, 2010 | Aug 16, 2011 | AT&T Intellectual Property II, L.P. | Receive device for a cable data service | | US8010698 | Aug 22, 2007 | Aug 30, 2011 | Novell Inc. | Network application layer routing | | US8014328 | Jul 16, 2010 | Sep 6, 2011 | Hitachi, Ltd. | Method of translating protocol at translator, method of providing protocol translation information at translation server, and address translation server | | US8023410 | Dec 30, 2005 | Sep 20, 2011 | Qualcomm Incorporated | Messages and control methods for controlling resource allocation and flow admission control in a mobile communications system | | US8027339 | Sep 29, 2008 | Sep 27, 2011 | NOMADIX, Inc. | System and method for establishing network connection | | US8037530 | Aug 10, 2001 | Oct 11, 2011 | Verizon Corporate Services Group Inc.
Raytheon BBN Technologies Corp. | Method and apparatus for providing adaptive self-synchronized dynamic address translation as an intrusion detection sensor | | US8050684 | Jan 22, 2009 | Nov 1, 2011 | Research In Motion Limited | Wireless router system and method | | US8069407 | Sep 7, 2000 | Nov 29, 2011 | Yodlee.com, Inc. | Method and apparatus for detecting changes in websites and reporting results to web developers for navigation template repair purposes | | US8077679 | Oct 24, 2001 | Dec 13, 2011 | QUALCOMM Incorporated | Method and apparatus for providing protocol options in a wireless communication system | | US8077695 | Mar 30, 2010 | Dec 13, 2011 | QUALCOMM Incorporated | Methods and apparatus for separating home agent functionality | | US8077738 | Jun 23, 2008 | Dec 13, 2011 | Cisco Technology, Inc. | Default internet traffic and transparent passthrough | | US8078868 | Feb 16, 2011 | Dec 13, 2011 | IGT | Multi-party encryption systems and methods | | US8086842 | Apr 21, 2006 | Dec 27, 2011 | Microsoft Corporation | Peer-to-peer contact exchange | | US8090843 | Apr 15, 2011 | Jan 3, 2012 | Impro Network Facility, LLC | Creating a public identity for an entity on a network | | US8098818 | Jul 7, 2003 | Jan 17, 2012 | QUALCOMM Incorporated | Secure registration for a multicast-broadcast-multimedia system (MBMS) | | US8102792 | Mar 3, 2008 | Jan 24, 2012 | QUALCOMM Incorporated | Enabling foreign network multicasting for a roaming mobile node, in a foreign network, using a persistent address | | US8118677 | Dec 23, 2005 | Feb 21, 2012 | Bally Gaming International, Inc. | Device identification | | US8121296 | Aug 20, 2001 | Feb 21, 2012 | QUALCOMM Incorporated | Method and apparatus for security in a data processing system | | US8127348 | May 12, 2005 | Feb 28, 2012 | Tectia Oyj | Method and arrangement for providing security through network address translations using tunneling and compensations | | US8136152 | Apr 18, 2008 | Mar 13, 2012 | Worcester Technologies LLC | Method and system for securely scanning network traffic | | US8156246 | Sep 26, 2011 | Apr 10, 2012 | NOMADIX, Inc. | Systems and methods for providing content and services on a network system | | US8156557 | Jan 4, 2007 | Apr 10, 2012 | Cisco Technology, Inc. | Protection against reflection distributed denial of service attacks | | US8165140 | Nov 12, 2008 | Apr 24, 2012 | Symantec Corporation | Network address translation gateway for local area networks using local IP addresses and non-translatable port addresses | | US8165575 | May 19, 2011 | Apr 24, 2012 | Research In Motion Limited | Wireless router system and method | | US8190629 | Jul 13, 2006 | May 29, 2012 | Yodlee.com, Inc. | Network-based bookmark management and web-summary system | | US8190708 | Oct 20, 2000 | May 29, 2012 | NOMADIX, Inc. | Gateway device having an XML interface and associated method | | US8190888 | May 13, 2009 | May 29, 2012 | Rockwell Automation Technologies, Inc. | System and methodology providing multi-tier security for network data with industrial control components | | US8203946 | Jul 29, 2008 | Jun 19, 2012 | AT&T Intellectual Property II, L.P. | Method for providing voice-over-IP service | | US8234358 | Aug 30, 2002 | Jul 31, 2012 | Inpro Network Facility, LLC | Communicating with an entity inside a private network using an existing connection to initiate communication | | US8234405 | Jan 21, 2009 | Jul 31, 2012 | Xurius Digital Ltd. LLC | System for tracking digital information over a communications network | | US8239531 | Sep 16, 2002 | Aug 7, 2012 | AT&T Intellectual Property II, L.P. | Method and apparatus for connection to virtual private networks for secure transactions | | US8243732 | Oct 6, 2008 | Aug 14, 2012 | AT&T Intellectual Property I, L.P. | Broadband access for virtual private networks | | US8244886 | Sep 2, 2010 | Aug 14, 2012 | NOMADIX, Inc. | Systems and methods for providing content and services on a network system | | US8245288 | Sep 8, 2011 | Aug 14, 2012 | Tectia Oyj | Method and arrangement for providing security through network address translations using tunneling and compensations | | USRE41750 | Sep 14, 2004 | Sep 21, 2010 | Cisco Technology, Inc. | Apparatus and method for redirection of network management messages in a cluster of network devices | | USRE43057 | Dec 9, 2005 | Jan 3, 2012 | Alcatel Lucent | Method and apparatus for facilitating peer-to-peer application communication |
Claims1. A method for identifying internal network services on an internal distributed network address translation network, comprising the following steps: - creating a digital certificate including a network address for an internal network device valid outside an internal distributed network address translation network, a service name, service parameters and an optional public encryption key;
- signing the digital certificate with a secure digital signature, wherein the secure digital signature can be independently validated by an external network device on an external network; and
- publishing the signed digital certificate in a location accessible to external network devices on external networks, wherein the signed digital certificate is used by an external network device to request a desired service from an internal network device on the internal distributed network address translation network.
2. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 1. 3. The method of claim 1 wherein the network address in the digital certificate is a global Internet Protocol address. 4. The Method of claim 1 wherein the service parameters in the digital certificate include one or more locally unique ports obtained with a Port Allocation Protocol used for distributed network address translation. 5. The method of claim 1 wherein the service name in the digital certificate is a protocol service name. 6. The method of claim 5 wherein the protocol service name is any of File Transfer Protocol, Telnet, Hyper Text Transfer Protocol, or Internet Key Exchange protocol. 7. The method of claim 1 wherein the step of signing the digital certificate with a secure digital signature includes signing the digital certificate with a public/private key encryption method. 8. The method of claim 1 wherein the step of publishing the signed digital certificate in a location accessible to external network devices on external networks includes publishing the digital certificate in any of a Lightweight Directory Access Protocol directory, in a public file, in a public database, or on a network server on the internal distributed network address translation network. 9. The method of claim 1 wherein the step of publishing the signed digital certificate includes publishing digital certificates for Internet Protocol Security Services. 10. The method of claim 1 wherein the internal network is a local area network and the external network is the Internet. 11. The method of claim 1 wherein the signed digital certificate is a public key encryption digital certificate. 12. A method for requesting services from internal network devices on an internal distributed network address translation network, comprising the following steps: - retrieving a signed digital certificate on an external network device on an external network for a desired service from an internal distributed network address translation network, wherein the digital certificate includes a digital signature, a network address for an internal network device valid outside the internal distributed network address translation network, a service name, service parameters and an optional public encryption key;
- extracting information from the signed digital certificate;
- creating a service request packet with information extracted from the signed digital certificate to request the desired service; and
- sending the service request packet to a router on the internal distributed address translation network to request the desired service from an internal network device on the internal distributed network address translation network.
13. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 12. 14. The method of claim 12 further comprising: - receiving the service request packet on the router on the internal distributed address translation network; and
- routing the service request packet to the appropriate internal network device on the internal network using distributed network address translation.
15. The method of claim 12 further comprising verifying the signed digital certificate using the digital signature before using information from the signed digital certificate. 16. The method of claim 12 wherein the service request packet is an Internet Protocol packet. 17. The method of claim 12 wherein the step of creating a service request packet includes adding the network address from the signed digital certificate in a destination field in the request packet and adding the service parameters from the signed digital certificate in one or more parameter fields in the service request packet. 18. The method of claim 12 wherein the step of creating a service request packet includes creating a service request packet to request a security service. 19. The method of claim 18 wherein the security service is an Internet Protocol security service. 20. The method of claim 19 wherein the Internet Protocol security service is an Internet Key Exchange protocol service. 21. A method for requesting security services from internal network devices on an internal distributed network address translation network, comprising the following steps: - retrieving a public key certificate on an external network device on an external network for a desired security service from an internal distributed network address translation network, wherein the public key certificate includes a digital signature, a network address for an internal network device valid outside an internal distributed network address translation network, a service name, service parameters and an optional public encryption key;
- verifying the authenticity of the public key certificate on the external network device using a private encryption key; extracting information from the public key certificate;
- creating a security service request packet with information extracted from the public key certificate to request the desired security service; and
- sending the security service request packet to a router on the internal distributed address translation network to request the desired security service from an internal network device on the internal distributed network translation network.
22. A computer readable medium having stored therein instructions for causing a central processing unit to execute the method of claim 21. 23. The method of claim 21 wherein the desired security service is an Internet Protocol security service. 24. The method of claim 23 wherein the Internet Protocol security service is an Internet Key Exchange protocol service. 25. The method of claim 21 further comprising: - receiving the security service request packet on the router on the internal distributed address translation network;
- routing the security service request packet to the appropriate internal network device on the internal distributed network address translation network; and
- establishing a security association between the internal network device and the external network device using information from security service request packet.
26. The method of claim 21 wherein the security service request packet is an Internet protocol security packet. 27. The method of claim 21 wherein the service parameters include one or more locally unique ports obtained with a Port Allocation Protocol used for distributed network address translation. 28. The method of claim 21 wherein a Security Association is established using security values allocated by a Port Allocation Protocol used for distributed network address translation. 29. The method of claim 21 wherein the security service request packet is an Internet Protocol security packet. |
