Search Images Maps Play YouTube News Gmail Drive More »
Advanced Patent Search | Web History | Sign in

Patents

A system, apparatus and method to use private IP addresses to designate host devices or nodes in different networks for communication purposes are described. Various embodiments of the invention address the problem of a shortage of public IP addresses under IPv4 architecture. In one embodiment of the invention, dynamic NAT penetration capabilities are provided which consequently expand the capability of running peer-to-peer applications on the Internet.

InventorsZheng Yang, Zhe Wang, Jie Sun
Primary Examiner: Alpus H Hsu
Secondary Examiner: Saad Hassan
Attorney: North Weber & Baugh LLP
Current U.S. Classification370/395.52; 370/401; 370/409; 709/249

View patent at USPTO
Search USPTO Assignment Database

Citations

Cited PatentFiling dateIssue dateOriginal AssigneeTitle
US20040139227Jan 15, 2003Relayed network address translator (NAT) traversal
US20040148439Jan 14, 2003Motorola, Inc.Apparatus and method for peer to peer network connectivty
US20040168049Feb 13, 2004Method for encrypting data of an access virtual private network (VPN)
US20040218611Jan 21, 2004SAMSUNG ELECTRONICS CO., LTD.Gateway for supporting communications between network devices of different private networks
US20050117588Aug 16, 2004System and method for network address port translation
US20050175031Feb 9, 2004Method and apparatus for remotely monitoring and controlling devices

Referenced by

Citing PatentFiling dateIssue dateOriginal AssigneeTitle
US7778200Mar 14, 2007Aug 17, 2010Samsung Techwin Co., Ltd.Remote management apparatus and method of setting IP address thereof
US7873060Oct 18, 2008Jan 18, 2011Fortinet, Inc.Accelerating data communication using tunnels
US8090843Apr 15, 2011Jan 3, 2012Impro Network Facility, LLCCreating a public identity for an entity on a network
US8098662Jun 7, 2007Jan 17, 2012QUALCOMM IncorporatedMethod and apparatus for using short addresses in a communication system
US8134952Jun 7, 2007Mar 13, 2012QUALCOMM IncorporatedPN code based addressing methods and apparatus for airlink communications

Claims

1. A system for communicating between a first private network and a second private network, the system comprising:

a first device in the first private network, having a first interface at which a first end of a tunnel is terminated, the first device being coupled to a first NAPT (Network Address Port Translation)-enabled device, and comprising a first address module and a first tunneling module that corresponds to a first local address within the second private network;

a second device in the second private network, having a second interface at which a second end of the tunnel is terminated, the second device being coupled to a second NAPT-enabled device and comprising a second address module and a second tunneling module that corresponds to a second local address within the first private network;

a server device, coupled to the first device and the second device, that provides information related to a location of the first device in the first private network and the second device in the second private network and facilitates NAPT penetration and the tunnel; and

wherein the first address module enables the first tunneling module to communicate with the second device by penetrating the second NAPT-enabled device based on the second local address and the information received from the server device.

2. The system of claim 1, wherein the first device is coupled to a first redirector that forwards data received from the first device to the first address module for communicating with the second device.

3. The system of claim 2, wherein the first redirector intercepts data sent from the first device based on Internet Protocol standard.

4. The system of claim 2, wherein the first redirector is coupled to a virtual DNS service module to retrieve the first local address, the virtual DNS server module associating the first local address with the second device.

5. The system of claim 1, wherein the first address module determines whether the second device corresponds to the first local address of the first network.

6. The system of claim 1, wherein the first address module assigns the first local address of the first private network to the second device.

7. The system of claim 1, wherein the first local address is a private IP subnet address used by a local area network (LAN).

8. The system of claim 1, wherein the first local address is a public IP address acquired by the first network for the second device.

9. The system of claim 1, wherein the first NAPT-enabled device and the second NAPT-enabled device include routing devices and firewall.

10. The system of claim 1, wherein the first tunneling module selectively penetrates the first NAPT-enabled device when the first device communicates with the second device.

11. The system of claim 1, wherein the second tunneling module selectively enables penetration of the second NAPT-enabled device when the second device communicates with the first device.

12. The system of claim 1, wherein the first tunneling module and the second tunneling module establish a communication channel to penetrate the first NAPT-enabled device and the second NAPT-enabled device.

13. The system of claim 1, wherein the second address module modifies data received from the first device based on the first local address and the second local address.

14. The system of claim 13, wherein the data received from the first device includes the information related to the addresses of the first device and the second device in the first network.

15. The system of claim 1, wherein the server device assigns a first unique domain name to the first device and a second unique domain name to the second device.

16. The system of claim 1, wherein the server device enables the first tunneling module and the second tunneling module to communicate the first device with the second device.

17. The system of claim 1, wherein the server device authenticates the identity of the first device and the second device.

18. A private computing network, comprising:

a first host device having a first private interface, coupled to a NAPT (Network Address Port Translation)-enabled device, that communicates with a second private interface on a second host device which is located outside of a private computer network containing the first host device,

wherein the first host device comprises;

an IP application module;

an address module for assigning a first local IP address of the private computer network to the second host device;
a redirector, coupled to the IP application module and the address module, for redirecting data received from the IP application module to the address module; and
a tunneling module, coupled to the address module and a server device for establishing tunneling service, the tunneling module establishes a communication channel by penetrating the NAPT-enabled device.

19. The computing network of claim 18, further comprising a virtual DNS service module, coupled to the first host device, for storing the first local IP address of the second host device.

20. The computing network of claim 18, wherein the first host device is coupled to a device for assigning a domain name to the first host device.

21. The computing network of claim 18, wherein the first host device and the second host device are coupled to a device for authenticating the identity of the first host device and the second host device.

22. The computing network of claim 18, wherein the address module receives data from the second host device and modify the received data based on the first local IP address of the second host device.

23. The computing network of claim 18, wherein the NAPT-enabled device includes a routing device.

24. The computing network of claim 18, wherein the NAPT-enabled device includes a firewall.

25. The computing network of claim 18, wherein the first host device is operative of peer-to-peer applications based on Internet Protocol.

26. The computing network of claim 18, wherein the first host device is a computer.

27. The computing network of claim 18, wherein the first host device is a mobile communication device.

28. A method for tunneling between a first private interface on a sender host and a second private interface on a recipient host, the sender and recipient hosts residing in different private networks, the method comprising:

intercepting data between the sender host and the recipient host;

associating the data with the recipient host based at least partially on a first IP address stored within the sender host, the first IP address being a local private IP address of the recipient host; and

transmitting the data through the tunnel between the sender host and the recipient host, the tunnel penetrating at least one NAPT (Network Address Port Translation)-enabled device coupled between the sender and recipient hosts.

29. The method of claim 28, further comprising the steps of:

creating a signature of the sender host; and

authenticating the identity of the sender by host by the recipient host based on the signature.

30. A method to securely communicate between a sender host and a recipient host, the sender host and the recipient host being coupled to at least one NAPT (Network Address Port Translation)-enabled device, the method comprising:

establishing a communication channel between the sender host and the recipient host, the sender host and the recipient host being located in different private computing networks;

establishing a tunnel through the at least one NAPT-enabled device by penetrating a first NAPT-enabled device within the at least one NAPT-enable device, the tunnel terminating at a first private interface on the sender host and a second private interface on the recipient host;

receiving data from the sender host;

modifying at least a portion of the data based on a first local address assigned to the sender host by a computing network where the recipient is located; and
forwarding the modified data to the recipient host.

31. A computing device operative within a private computing network, coupled to a NAPT (Network Address Port Translation)-enabled device and a tunneling service device, comprising:

an application module for operating an IP-based application to communicate with a receiving device which is operative outside the private computing network;

a redirection module coupled to the application module, for intercepting a data packet sent from the application module to the receiving device, and for redirecting the data packet to a communication channel to penetrate the NAPT-enabled device based on a local IP address assigned by the private computing network for the receiving device; and

wherein the tunneling service device participates in establishing the communication channel by facilitating the computing device to penetrate a NAPT-enabled device.

32. A computing device of claim 31, wherein the redirection module is coupled to a tunneling module, the tunneling module coupled to the tunneling service device for establishing tunneling service and selectively penetrating the NAPT-enabled device.

Drawings