Firewall apparatus

US 20030070095A1
Filed: 07/19/2002
Published: 04/10/2003
Est. Priority Date: 10/04/2001
Status: Active Grant

First Claim

Patent Images

1. A firewall device comprising:

first communication means connected to a first network for transmitting/receiving data through said first network by use of an Internet protocol (IP) protocol;

means for acquiring a network identifier of said first network;

second communication means connected to a second network for transmitting/receiving data through said second network by use of said IP protocol;

means for acquiring a network identifier of said second network; and

IP address converting means by which a portion of a destination IP address of a message received from an apparatus connected to said first network and corresponding to said first network identifier is converted to said second network identifier, and a portion of a source IP address of a message received from an apparatus connected to said second network and corresponding to said second network identifier is converted to said first network identifier;

wherein communication can be provided between said apparatus connected to said first network and said apparatus connected to said second network.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Communication using IPv6 is carried out, and conversion is given to a prefix of an IPv6 address in a firewall. A security channel for mutual authentication with an out-of-home apparatus or the like is carried out by the firewall, and only identification of an in-home apparatus is carried out on an in-home network by the firewall. A PC is connected to a PC in-home network different from the in-home network, and communication between the PC and the in-home apparatus is always carried out via the firewall.

24 Citations

View as Search Results

12 Claims

1. A firewall device comprising:
- first communication means connected to a first network for transmitting/receiving data through said first network by use of an Internet protocol (IP) protocol;
  
  means for acquiring a network identifier of said first network;
  
  second communication means connected to a second network for transmitting/receiving data through said second network by use of said IP protocol;
  
  means for acquiring a network identifier of said second network; and
  
  IP address converting means by which a portion of a destination IP address of a message received from an apparatus connected to said first network and corresponding to said first network identifier is converted to said second network identifier, and a portion of a source IP address of a message received from an apparatus connected to said second network and corresponding to said second network identifier is converted to said first network identifier;
  
  wherein communication can be provided between said apparatus connected to said first network and said apparatus connected to said second network.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A firewall device according to claim 1, further comprising:
    - means for performing security communication with said apparatus connected to said first network by use of a cipher communication function or an authentication function.
  - 3. A firewall device according to claim 1, wherein:
    - said apparatus connected to said first network is a domestic personal computer.
  - 4. A firewall device according to claim 1, further comprising:
    - a database for registering said apparatus connected to said second network; and
      
      means for performing processing of registration into said database;
      
      wherein processing and contents of information included in communication between an apparatus not registered in said database and an apparatus registered in said database are monitored.
  - 5. An information apparatus comprising:
    - communication means for transmitting/receiving data to/from a firewall device according to claim 1 by use of an IP protocol;
      
      means for acquiring a network identifier of a first network according to claim 1;
      
      means for acquiring an apparatus identifier of an apparatus connected to a second network according to claim 1;
      
      means for generating an IP address by use of said network identifier and said apparatus identifier; and
      
      communication means for transmitting/receiving data to/from said apparatus connected to said second network through said firewall device by use of said IP protocol;
      
      wherein said information apparatus is connected to said first network.
  - 6. An information apparatus comprising:
    - communication means for transmitting/receiving data to/from a firewall device according to claim 1 by use of an IP protocol;
      
      means for acquiring a network identifier of a second network according to claim 1;
      
      means for generating an IP address by use of said network identifier and an apparatus identifier of said information apparatus itself; and
      
      communication means for transmitting said IP address to said firewall device;
      
      communication means for transmitting/receiving data to/from an apparatus connected to a first network through said firewall device by use of said IP protocol;
      
      wherein said information apparatus is connected to said second network.

7. A communication method for an information apparatus, comprising:
- the step in which a first apparatus connected to a first network transmits a processing request message to a firewall through said first network, said processing request message including an IP address of said first apparatus as a source and a first IP address as a destination;
  
  the step in which said firewall confirms whether processing contents contained in said processing request message are secure or not;
  
  the step in which said firewall converts said destination from said first IP address to a second IP address;
  
  the step in which said firewall transmits a processing request message to a second apparatus through a second network, said second apparatus being connected to said second network, said processing request message including said IP address of said first apparatus as a source and said second IP address as a destination;
  
  the step in which said second apparatus performs processing peculiar to said second apparatus;
  
  the step in which said second apparatus transmits a reply message to said firewall through said second network in response to said processing request message, said reply message including said second IP address as a source and said IP address of said first apparatus as a destination;
  
  the step in which said firewall confirms whether information contained in said reply message is secure or not;
  
  the step in which said firewall converts said source from said second IP address to said first IP address; and
  
  the step in which said firewall transmits a reply message to said first apparatus through said first network, said reply message including said first IP address as a source and said IP address of said first apparatus as a destination.
- View Dependent Claims (8)
- - 8. A communication method for an information apparatus according to claim 7, wherein:
    - communication between said first apparatus and said firewall is security communication using a cipher communication function or an authentication function; and
      
      communication between said second apparatus and said firewall is communication not using a cipher communication function or an authentication function.

9. A firewall device comprising:
- first communication means connected to a first network for transmitting/receiving data through said first network by use of an IP address;
  
  second communication means connected to a second network for transmitting/receiving data through said second network by use of an IP address; and
  
  IP address converting means by which said IP address transmitted from one of said first communication means and said second communication means is converted into an IP address corresponding to one of said first and second networks.

10. A firewall device comprising:
- first communication means by which a first apparatus connected to a first network transmits an IP address of said first apparatus to a firewall through said first network;
  
  security confirmation means by which said firewall confirms whether contents of said IP address of said first apparatus transmitted from said first communication means are secure or not;
  
  conversion means by which said firewall converts said IP address of said first apparatus from a first IP address to a second IP address;
  
  firewall communication means by which said firewall transmits said converted IP address of said first apparatus to a second apparatus through a second network, said second apparatus being connected to said second network;
  
  execution means by which said second apparatus performs processing peculiar to said second apparatus;
  
  second communication means by which said second apparatus transmits said second IP address to said firewall through said second network;
  
  said confirmation means by which said firewall confirms whether information of said transmitted IP address of said second apparatus is secure or not;
  
  said conversion means by which said firewall converts said IP address of said second apparatus from said second IP address to said first IP address; and
  
  said firewall communication means by which said firewall transmits said first IP address to said first apparatus through said first network.

11. A firewall system comprising:
- a first apparatus connected to a first network;
  
  first communication means for transmitting/receiving data through said first network by use of an IP address second communication means connected to a second network for transmitting/receiving data through said second network by use of an IP address; and
  
  IP address converting means by which said IP address transmitted from one of said first communication means and said second communication means is converted into an IP address corresponding to one of said first and second networks.

12. A communication method for an information apparatus, comprising:
- the step in which a first apparatus connected to a first network transmits an IP address of said first apparatus to a firewall through said first network;
  
  the step in which said firewall confirms whether processing contents of said transmitted IP address of said first apparatus are secure or not;
  
  the step in which said firewall converts said IP address of said first apparatus from a first IP address to a second IP address;
  
  the step in which said firewall transmits said converted IP address of said first apparatus to a second apparatus through a second network, said second apparatus being connected to said second network;
  
  the step in which said second apparatus performs processing peculiar to said second apparatus;
  
  the step in which said second apparatus transmits said second IP address to said firewall through said second network;
  
  the step in which said firewall confirms whether information of said transmitted IP address of said second apparatus is secure or not;
  
  the step in which said firewall converts said IP address of said second apparatus from said second IP address to said first IP address; and
  
  the step in which said firewall transmits said first IP address to said first apparatus through said first network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Maxell, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Oeda, Shigeto, Ito, Hiromichi, Okamoto, Chikashi

Granted Patent

US 7,392,538 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 63/029 Firewall traversal, e.g. tu...

H04L 63/0869 for achieving mutual authen...

Firewall apparatus

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Firewall apparatus

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links