Joyce Anne Porter

US Patent:

7962652, Jun 14, 2011

Filed:

Feb 14, 2006

Appl. No.:

11/307598

Inventors:

Wuchieh James Jong - Raleigh NC, US
Joyce Anne Porter - Apex NC, US
David John Wierbowski - Owego NY, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

H06F 15/16

US Classification:

709245, 726 11, 726 14, 726 2, 726 5, 709225, 709232, 709237

Abstract:

The invention determines if a security association (SA) extends end-to-end between a source node originating a connection and a destination node. In such a case, there will be no ambiguities in routing due to network address translation, and the SA is allowed. In the preferred embodiment, both end nodes of a security connection test themselves and the remote node for gateway status to determine if any ambiguities might exist in network routing due to the presence of a network address translator.

US Patent:

8250229, Aug 21, 2012

Filed:

Sep 29, 2005

Appl. No.:

11/238613

Inventors:

Joyce A. Porter - Apex NC, US
David J. Wierbowski - Owego NY, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

G06F 15/16

US Classification:

709232, 709225

Abstract:

Embodiments of the present invention address deficiencies of the art in respect to secure communications for multiple hosts in an address translation environment and provide a method, system and computer program product for IPsec SA management for multiple clients sharing a single network address. In one embodiment, a computer implemented method for IPsec SA management for multiple hosts sharing a single network address can include receiving a packet for IPsec processing for a specified client among the multiple clients sharing the single network address. A dynamic SA can be located among multiple dynamic SAs for the specified client using client identifying information exclusive of a 5-tuple produced for the dynamic SA. Finally, IPsec processing can be performed for the packet.

US Patent:

20060227770, Oct 12, 2006

Filed:

Apr 11, 2005

Appl. No.:

10/907659

Inventors:

Patricia Jakubik - Raleigh NC, US
Linwood Overby - Raleigh NC, US
Joyce Porter - Apex NC, US
David Wierbowski - Owego NY, US

Assignee:

INTERNATIONAL BUSINESS MACHINES CORPORATION - Armonk NY

International Classification:

H04L 12/56
H04L 12/28

US Classification:

370389000, 370431000

Abstract:

Preventing duplicate sources on a protocol connection that uses network addresses, protocols and port numbers to identify connections that include port number translation. In response to an inbound IPsec packet from a remote source client, a determination is made as to whether or not a port number is available within a range of port numbers that comply with a security association governing the connection. If so, an available port number is assigned to the connection, thereby avoiding a possibility of a duplicate source. If a port number is not available, the packet is rejected.

US Patent:

20060227807, Oct 12, 2006

Filed:

Apr 11, 2005

Appl. No.:

10/907661

Inventors:

Patricia Jakubik - Raleigh NC, US
Linwood Overby Jr. - Raleigh NC, US
Joyce Porter - Apex NC, US
David Wierbowski - Owego NY, US

Assignee:

INTERNATIONAL BUSINESS MACHINES CORPORATION - Armonk NY

International Classification:

H04J 3/22
H04L 12/56
H04J 3/16
H04L 12/28

US Classification:

370466000

Abstract:

Preventing duplicate sources on a protocol connection that uses network addresses, protocols and port numbers to identify source applications that are served by a NAPT. If an arriving packet encapsulates an encrypted packet and has passed through an NAPT en route to the destination host, the encapsulated packet is decrypted to obtain an original source port number and original packet protocol from the decrypted packet. A source port mapping table (SPMT) is searched for an association between the NAPT source address, the original source port, and the original packet protocol associated with the NAPT source address and port number. If an incorrect association is found, the packet is rejected as representing an illegal duplicate source; that is, a second packet from a different host served by a NAPT that is USING the same SOURCE port and protocol.

US Patent:

20130013915, Jan 10, 2013

Filed:

Jul 12, 2012

Appl. No.:

13/547603

Inventors:

Joyce A. Porter - Apex NC, US
David J. Wierbowski - Owego NY, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

H04L 29/06

US Classification:

713154

Abstract:

Embodiments of the present invention address deficiencies of the art in respect to secure communications for multiple hosts in an address translation environment and provide a method, system and computer program product for IPsec SA management for multiple clients sharing a single network address. In one embodiment, a computer implemented method for IPsec SA management for multiple hosts sharing a single network address can include receiving a packet for IPsec processing for a specified client among the multiple clients sharing the single network address. A dynamic SA can be located among multiple dynamic SAs for the specified client using client identifying information exclusive of a 5-tuple produced for the dynamic SA. Finally, IPsec processing can be performed for the packet.

US Patent:

20190306079, Oct 3, 2019

Filed:

Mar 27, 2018

Appl. No.:

15/936698

Inventors:

- Armonk NY, US
Christopher Meyer - Cary NC, US
John R. Moore - Raleigh NC, US
Joyce A. Porter - Apex NC, US

International Classification:

H04L 12/911
G06F 17/30
H04L 29/08

Abstract:

Aspects of the present invention disclose a method, computer program product, and system for determining a number of allowed lists and initiating a change in a number of lists. The method includes receiving a defined list count of a plurality of lists of a coupling facility structure, monitoring list usage by the coupling facility structure, determining that additional lists are required by the coupling facility structure above the defined list count, based on the monitored list usage. The method includes, in response to determining that additional lists are required by the coupling facility structure, determining a new number of lists, where the new number of lists are based on an availability of space for the new number of lists on the coupling facility structure and the new number of lists exceeds the defined list count. The method includes rebuilding coupling facility structure based upon the determined new number of lists.

US Patent:

20140244862, Aug 28, 2014

Filed:

May 6, 2014

Appl. No.:

14/270810

Inventors:

- Armonk NY, US
Joyce Anne Porter - Apex NC, US
David John Wierbowski - Owego NY, US

Assignee:

International Business Machines Corporation - Armonk NY

International Classification:

H04L 29/12

US Classification:

709245

Abstract:

Preventing duplicate sources on a protocol connection that uses network addresses, protocols and port numbers to identify connections that include port number translation. In response to an inbound IPsec packet from a remote source client, a determination is made as to whether or not a port number is available within a range of port numbers that comply with a security association governing the connection. If so, an available port number is assigned to the connection, thereby avoiding a possibility of a duplicate source. If a port number is not available, the packet is rejected.