Franklin A Gruber

US Patent:

6615357, Sep 2, 2003

Filed:

Jan 29, 1999

Appl. No.:

09/240720

Inventors:

Edward B. Boden - Vestal NY
Franklin A. Gruber - Vestal NY

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

H04L 900

US Classification:

713201, 713153, 709238

Abstract:

IP security is provided in a virtual private network using network address translation (NAT) by performing one or a combination-of the three types of VPN NAT, including VPN NAT type a outbound source IP NAT, VPN NAT type c inbound source IP NAT, and VPN NAT type d inbound destination IP NAT. This involves dynamically generating NAT rules and associating them with the manual or dynamically generated (IKE) Security Associations, before beginning IP security that uses the Security Associations. Then, as IP Sec is performed on outbound and inbound datagrams, the NAT function is also performed.

US Patent:

6631414, Oct 7, 2003

Filed:

Aug 31, 1998

Appl. No.:

09/144757

Inventors:

Mark C. Bullock - Apalachin NY
Glenn W. Davis - Vestal NY
Franklin A. Gruber - Vestal NY

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 1516

US Classification:

709227, 709221, 709222, 709228

Abstract:

A system and method for dedicating an externally configurable modem under system software control at a local peer for communication with one, single, predetermined remote peer, thereby providing the equivalent of a dedicate line by operating a single modem at the local node. The modem to be dedicated to the predetermined, single remote node is initialized to answer mode and reconfigured to originate mode when needed. The process of configuring the modem of the local node establishes a point-to-point protocol (PPP) route for establishing a physical connection path to the remote node.

US Patent:

6717949, Apr 6, 2004

Filed:

Aug 31, 1998

Appl. No.:

09/144247

Inventors:

Edward B. Boden - Vestal NY
Wesley A. Brzozowski - Endicott NY
Franklin A. Gruber - Vestal NY
Donald A. Palermo - Johnson City NY
Michael D. Williams - Owego NY

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

H04L 1228

US Classification:

370401, 370467

Abstract:

An address management system and method. ADDRESS statements and HIDE rule statements are processed to generate a file of masquerade rules for associating subsets of internal addresses among a plurality of public addresses. Responsive to these masquerade rules, network address translation is performed for incoming and outgoing IP datagrams. IP Network Address Translation (NAT) and IP Filtering functions provide firewall-type capability to a gateway system, such as the IBM AS/400 system. A customers system administrator specifies specific NAT and Filtering rules (via the AS/400 Operational Navigator GUI). A type of NAT, called masquerade NAT, defines a many-to-one mapping in such a way as to allow the âmanyâ to specify subsets of IP addresses. This allows traffic separation, which improves throughput to and from external networks (e. g. the Internet), and also improves flexibility in IP address management.

US Patent:

6978308, Dec 20, 2005

Filed:

Mar 21, 2001

Appl. No.:

09/813911

Inventors:

Edward B. Boden - Vestal NY, US
Franklin A. Gruber - Vestal NY, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F015/16

US Classification:

709229, 713153, 370389

Abstract:

A communication network includes a plurality of nodes, selectively including a client, a remote gateway Internet service provider, the Internet, a local enterprise gateway, and an enterprise internal network. A local coincident endpoint is established at a first node for an outer connection with a remote node and an inner connection with a different remote node. The nodes participate in negotiations on the outer connection to set up the inner connection as a secure connection. Thereafter, responsive to communications on the inner connection, the first node establishes links to the outer connection selectively to receive or send communications double nested on the outer connection.

US Patent:

6993037, Jan 31, 2006

Filed:

Mar 21, 2001

Appl. No.:

09/813910

Inventors:

Edward B. Boden - Vestel NY, US
Franklin A. Gruber - Vestal NY, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

H04L 12/28
H04L 12/56

US Classification:

370401, 370466

Abstract:

A communication network includes a plurality of nodes, selectively including a client, a remote gateway Internet service provider, the Internet, a local enterprise gateway, and an enterprise internal network. A local coincident endpoint is established at the local gateway for an outer connection with a remote node and an inner connection with the same or a different remote node. Nested traffic received at the gateway on the outer connection is decapsulated and then source-in NATed. Traffic received at the gateway for transmission on the outer connection is first source-in NATed, and then encapsulated for communication on the outer connection.

US Patent:

7401354, Jul 15, 2008

Filed:

Mar 12, 2003

Appl. No.:

10/386989

Inventors:

Edward B. Boden - Vestal NY, US
Franklin A. Gruber - Vestal NY, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 9/00
H04L 9/00

US Classification:

726 11, 380277, 713150

Abstract:

IP security is provided in a virtual private network using network address translation (NAT) by performing one or a combination of the three types of VPN NAT, including VPN NAT type a outbound source IP NAT, VPN NAT type c inbound source IP NAT, and VPN NAT type d inbound destination IP NAT. This involves dynamically generating NAT rules and associating them with the manual or dynamically generated (IKE) Security Associations, before beginning IP security that uses the Security Associations. Then, as IP Sec is performed on outbound and inbound datagrams, the NAT function is also performed.

US Patent:

7461152, Dec 2, 2008

Filed:

Mar 31, 2004

Appl. No.:

10/815235

Inventors:

John Joseph Bird - Rochester MN, US
Bob Richard Cernohous - Rochester MN, US
Christopher Thomas Gloe - Rochester MN, US
Franklin A. Gruber - Vestal NY, US
Scott Jon Prunty - Rochester MN, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 15/16

US Classification:

709227, 370331, 370338, 370401

Abstract:

An apparatus and method for sharing a resource (such as a modem or virtual private network) allow virtualizing the shared resource in a simple and efficient manner that allows both accepting and initiating virtual or physical connections through the shared resource across logical partitions or systems. An L2TP tunnel is established between the server that owns the shared resource and the client that desires to use the shared resource. Messages are defined that allow the client to initiate an outgoing connection through the shared resource, and that allow the client to accept an incoming connection received from the shared resource. Once the connection is made, the client and ultimate destination communicate through the shared resource via point-to-point communications.

US Patent:

7711830, May 4, 2010

Filed:

Apr 16, 2008

Appl. No.:

12/103802

Inventors:

John Joseph Bird - Rochester MN, US
Bob Richard Cernohous - Rochester MN, US
Christopher Thomas Gloe - Rochester MN, US
Franklin A. Gruber - Vestal NY, US
Scott Jon Prunty - Rochester MN, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 15/16

US Classification:

709227, 370331, 370338, 370401

Abstract:

An apparatus and method for sharing a resource (such as a modem or virtual private network) allow virtualizing the shared resource in a simple and efficient manner that allows both accepting and initiating virtual or physical connections through the shared resource across logical partitions or systems. An L2TP tunnel is established between the server that owns the shared resource and the client that desires to use the shared resource. Messages are defined that allow the client to initiate an outgoing connection through the shared resource, and that allow the client to accept an incoming connection received from the shared resource. Once the connection is made, the client and ultimate destination communicate through the shared resource via point-to-point communications.