Method and apparatus for firewall with multiple addresses

US 20010034844A1
Filed: 01/29/2001
Published: 10/25/2001
Est. Priority Date: 01/28/2000
Status: Abandoned Application

First Claim

Patent Images

1. A method of processing packets at a firewall in a packet-switched network comprising:

receiving an outbound packet from a process group network address; and

authorizing subsequent inbound packet traffic destined for the process group network address.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention takes advantage of the capability of assigning multiple addresses to a single host to improve the processing performed by a firewall in a packet-switched network. The host utilizes a plurality of addresses to refer to groups of related tasks on the host. When the firewall receives an outbound packet having one of these source addresses, it authorizes further inbound packets addressed to the particular source address.

15 Citations

View as Search Results

18 Claims

1. A method of processing packets at a firewall in a packet-switched network comprising:
- receiving an outbound packet from a process group network address; and
  
  authorizing subsequent inbound packet traffic destined for the process group network address.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The invention of claim 1 further comprising the subsequent step of canceling authorization for subsequent inbound packet traffic destined for the process group network address after a period of time.
  - 3. The invention of claim 2 wherein the outbound packet begins a connection protocol and authorization is canceled after the connection terminates.
  - 4. The invention of claim 1 wherein the addresses are expressed as IPv4 address.
  - 5. The invention of claim 1 wherein the addresses are expressed as IPv6 addresses, wherein a portion of the address is reserved to identify a host process group.

6. A method of processing packets at a host which are destined for a firewall in a packet-switched network comprising the steps of:
- assigning a process group network address to a first outbound packet commencing a process;
  
  transmitting the outbound packet to a firewall on its path to its destination in a packet-switched network;
  
  receiving inbound packets addressed to the process group network address; and
  
  receiving and associating inbound packets addressed to the process group network address with the process.
- View Dependent Claims (7, 8, 9)
- - 7. The invention of claim 6 wherein the process is a connection across the packet-switched network to another host.
  - 8. The invention of claim 6 further comprising the step of notifying the firewall when the process terminates.
  - 9. The invention of claim 6 wherein the host uses a dynamic host configuration protocol to dynamically assign the process group network address.

10. A computer readable medium containing executable program instructions for performing a method on a firewall connected to a packet-switched network comprising the steps of:
- receiving an outbound packet from a process group network address; and
  
  authorizing subsequent inbound packet traffic destined for the process group network address.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The invention of claim 10 further comprising the subsequent step of canceling authorization for subsequent inbound packet traffic destined for the process group network address after a period of time.
  - 12. The invention of claim 11 wherein the outbound packet begins a connection protocol and authorization is canceled after the connection terminates.
  - 13. The invention of claim 10 wherein the addresses are expressed as IPv4 address.
  - 14. The invention of claim 10 wherein the addresses are expressed as IPv6 addresses, wherein a portion of the address is reserved to identify a host process group.

15. A computer readable medium containing executable program instructions for performing a method on a host connected to a packet-switched network comprising the steps of:
- assigning a process group network address to a first outbound packet commencing a process;
  
  transmitting the outbound packet to a firewall on its path to its destination in a packet-switched network;
  
  receiving inbound packets addressed to the process group network address; and
  
  receiving and associating inbound packets addressed to the process group network address with the process.
- View Dependent Claims (16, 17, 18)
- - 16. The invention of claim 15 wherein the process is a connection across the packet-switched network to another host.
  - 17. The invention of claim 15 further comprising the step of notifying the firewall when the process terminates.
  - 18. The invention of claim 15 wherein the host uses a dynamic host configuration protocol to dynamically assign the process group network address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Corporation (AT&T, Inc.)
Original Assignee
AT&T Corporation (AT&T, Inc.)
Inventors
Bellovin, Steven Michael

Application Number

US09/771,811
Publication Number

US 20010034844A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5069   for group communication, mu...

H04L 63/0254   Stateful filtering

H04L 63/108   when the policy decisions a...

H04L 9/40   Network security protocols

Method and apparatus for firewall with multiple addresses

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for firewall with multiple addresses

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links