[미국특허]
Method and system for enabling firewall traversal
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-009/00
G06F-015/16
G06F-017/00
출원번호
UP-0941719
(2004-09-15)
등록번호
US-7594259
(2009-10-20)
발명자
/ 주소
Audet, Francois
Aoun, Cedric
출원인 / 주소
Nortel Networks Limited
대리인 / 주소
Anderson Gorecki & Manaras LLP
인용정보
피인용 횟수 :
26인용 특허 :
32
초록▼
A method and system for enabling firewall traversal of media communications from a client device. The firewall infers authentication or validation of the client device based upon communications between the client device and a device controller known to the firewall. The firewall monitors packets sen
A method and system for enabling firewall traversal of media communications from a client device. The firewall infers authentication or validation of the client device based upon communications between the client device and a device controller known to the firewall. The firewall monitors packets sent from the device controller to the client device. If the device controller sends packets to the client device for a sufficiently long period of time and with sufficient frequency, or if the packets are of a certain type, then the firewall deems the client device to be validated and permits the client device to send data packets through the firewall. The device controller may include a media gateway controller, a port discovery server, or similar such device controllers. The device controller and client device communicate based upon a protocol, which need not be understood by the firewall.
대표청구항▼
What is claimed is: 1. A method for establishing a trust relationship with a client device so as to enable future packet communications from the client device to a remote location through a firewall, the firewall being located between the client device and a device controller, the method comprising
What is claimed is: 1. A method for establishing a trust relationship with a client device so as to enable future packet communications from the client device to a remote location through a firewall, the firewall being located between the client device and a device controller, the method comprising the steps of: associating the client device with the device controller based upon a packet exchanged between the client device and the device controller; monitoring communications from the device controller to the client device to determine whether the client device is authorized; and creating a firewall rule allowing the transmission of data packets from the client device to the remote location if the client device is authorized, wherein the firewall rule permits the transmission of data packets based on the fact they are sent from the client device address, and wherein the data packets are addressed to the remote location and not the device controller. 2. The method claimed in claim 1, wherein said step of associating includes storing the client device address in association with a device controller address based upon said packet. 3. The method claimed in claim 2, wherein said device controller address includes IP address information corresponding to a signalling port for the known device controller. 4. The method claimed in claim 1, wherein said step of monitoring includes determining whether a time interval between packets sent from the device controller to the client device exceeds a predetermined maximum and, if so, deeming the client device to be unauthorized. 5. The method claimed in claim 4, wherein said step of monitoring further includes determining whether a duration of association between the client device and the device controller exceeds a predetermined minimum and, if so, holding the client device to be authorized. 6. The method claimed in claim 1, wherein said step of monitoring includes identifying a session established between the client device and the device controller, and authorizing the client device based upon said session. 7. The method claimed in claim 1, wherein said step of monitoring includes identifying a security relationship between the client device and the device controller, and authorizing the client device based upon said security relationship. 8. The method claimed in claim 1, wherein said firewall rule includes a restriction on permissible destination IP address and/or port. 9. The method claimed in claim 1, further including a step, following said step of allowing, of observing communications from the device controller to the client device to determine whether the client device remains authorized. 10. The method claimed in claim 9, further including a step of disallowing the transmission of data packets from the client device to the remote location if said step of observing determines that the client device ceases to remain authorized. 11. The method claimed in claim 1, wherein said communications from the device controller to the client device comprise control and/or signalling packets. 12. A system for establishing a trust relationship with a client device so as to enable future packet communications from the client device to a remote location through a firewall, the firewall being located between a client device and a device controller, the system comprising: memory storing an association between the client device and the device controller; a processor; a detection component for detecting a packet exchange between the client device and the device controller and, based upon said detection, storing said association in said memory, and wherein said association includes a client device address and a device controller address; a monitoring component for monitoring packets received from the device controller and addressed to the client device and for determining if the client device is authorized based upon said received packets; and a firewall update component responsive to said monitoring component for setting a firewall rule, said firewall rule permitting passage of data packets from said client device to the remote location, wherein the firewall rule permits the transmission of data packets based on the fact they are sent from the client device address, and wherein the data packets are addressed to the remote location and not the device controller. 13. The system claimed in claim 12, wherein said monitoring component includes a component for determining whether an interval between said packets received from the device controller exceeds a predetermined maximum and, if so, determining that the client device is unauthorized. 14. The system claimed in claim 13, wherein said monitoring component further includes a component for determining whether said packets have been received over a period of time exceeding a predetermined minimum and, if so, determining that the client device is authorized. 15. The system claimed in claim 12, wherein said monitoring component includes a component for identifying a session established between the client device and the device controller based upon said packets, and authorizing the client device based upon said session. 16. The system claimed in claim 12, wherein said monitoring component includes a component for identifying a security relationship between the client device and the device controller based upon said packets, and authorizing the client device based upon said security relationship. 17. The system claimed in claim 12, wherein said monitoring component continues monitoring said packets for determining whether the client device remains authorized following said setting of said firewall rule. 18. The system claimed in claim 17, wherein said firewall update component cancels said firewall rule in response to a determination by said monitoring component that the client device ceases to be authorized. 19. The system claimed in claim 12, wherein the device controller comprises a media gateway controller and the client device comprises a media gateway. 20. The system claimed in claim 12, wherein the device controller comprises a port discovery server.
Chow,Albert T.; Miller, II,Robert Raymond; Murray,John F.; Rice,Christopher W, Architecture and method for using IEEE 802.11-like wireless LAN system to emulate private land mobile radio system (PLMRS) radio service.
Krause,Joel M.; Lockhart,G. Lance; Truetken,John L.; Martin,Christopher A.; Haltom,Jeffery A., Method and apparatus for providing integrated voice and data services over a common interface device.
Lamb, Christopher H.; Petrack, Scott B.; Slaughter, III, Frank G.; Toga, James E., Methods and apparatus for providing communications services between connectionless and connection-oriented networks.
Minear Spence ; Stockwell Edward B. ; de Jongh Troy, Secure firewall supporting different levels of authentication based on address or encryption status.
Schmidt,Jeffrey C.; Gutierrez,Philip A.; Barker, Jr.,Charles R., System and method for a routing device to securely share network data with a host utilizing a hardware firewall.
Xu,Charles; Ju,Paul Pay Lun; Liu,Fu Hua; Chang,Chen Huei; Cheng,Shih An, System and method for providing real time connectionless communication of media data through a firewall.
Havens, David E.; Everhart, Matthew C.; Cable, Kristin Marie; Traxler, Eric W.; Fiegenbaum, Carl Ray; Priest, Jeffrey W.; Caster, Kodi Elizabeth Ann, Method for removing a SMP apparatus from a cured composite part.
Havens, David E.; Everhart, Matthew C.; Kysar, Randy Rex; Fiegenbaum, Carl Ray; Priest, Jeffrey W.; Strelow, Delbert Leon; Ford, Kevin John; Pickell, Kristin Dru, Methods and systems for co-bonding or co-curing composite parts using a rigid/malleable SMP apparatus.
Havens, David E.; Everhart, Matthew C.; Margraf, Thomas Wood; Everhart, Joel James; Kysar, Randy Rex; Fiegenbaum, Carl Ray; Priest, Jeffrey W.; Strelow, Delbert Leon; Pickell, Kristin Dru, Methods and systems for fabricating composite parts using a SMP apparatus as a rigid lay-up tool and bladder.
Nistor, Marius Pavel; Ribault, Nicolas; Constantinescu, Mihail Florin; Singh, Taran, Methods, systems, and computer readable media for receiving test configuration information.
Huelskamp, Scott Robert; Everhart, Joel James; Havens, David E.; Hanson, Steven Fillmore; Priest, Jeffrey W.; Fiegenbaum, Carl Ray; Barnell, Thomas Joseph, Reconfigurable shape memory polymer tooling supports.
Park, Juha; Marcus, Vinicius Stradiotto Farbiarz; Rachid, Euler Mendes; Figueiredo, Felipe Augusto Pereira de Figueiredo; Ywata, Luiz Gustavo De Silva; Junquera, Glauco Barroso; Chiossi, Rodrigo Rafael Santos Costa; Schnick, Guilherme Augusto Kusano, System for data flow protection and use control of applications and portable devices configured by location.
Vijayakumar, Rajesh; Dade, Nicolas S.; Thomas, Jacob; Verma, Anurag, Wireless local area network infrastructure devices having improved firewall features.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.