Initiating connections through firewalls and network address translators

US 20030140142A1
Filed: 01/18/2002
Published: 07/24/2003
Est. Priority Date: 01/18/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method performed by a hub for enabling a first device to allow communications from a second device wherein the first device is separated from the second device by access blocking apparatus, said method comprising:

terminating a virtual pipe from the first device, assigning an IP address to the first device and associating this IP address with the virtual pipe, receiving communications originated by the second device and addressed to said IP address, routing the communications addressed to said IP address to the virtual pipe, and tunneling the communications over the virtual pipe to the first device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Access to private devices that are separated from the public network by firewalls and NATs is provided without reconfiguring the firewalls and NATs. A private device wishing to provide access to external devices establishes a virtual private pipe to a secure hub, which includes functionality to terminate virtual pipes and to switch communications between these pipes and the public network. The secure hub assigns a secondary IP address to the private device/pipe and thereby provides the private device with a network appearance that is now beyond the firewall/NAT. External devices access the private device by addressing communications to the secondary IP address, which communications are routed to the secure hub and tunneled through the pipe to the private device. The private device can also restrict access through an access control list that is enforced by the secure hub.

99 Citations

View as Search Results

15 Claims

1. A method performed by a hub for enabling a first device to allow communications from a second device wherein the first device is separated from the second device by access blocking apparatus, said method comprising:
- terminating a virtual pipe from the first device, assigning an IP address to the first device and associating this IP address with the virtual pipe, receiving communications originated by the second device and addressed to said IP address, routing the communications addressed to said IP address to the virtual pipe, and tunneling the communications over the virtual pipe to the first device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising the steps of:
    - receiving second communications originated by the first device through the virtual pipe, and routing the second communications from the first device to the second device.
  - 3. The method of claim 1 further comprising the step of:
    - encrypting the communications prior to tunneling the communications over the virtual pipe.
  - 4. The method of claim 1 further comprising the steps of:
    - receiving a plurality of communications originated by a plurality of second devices and addressed to the IP address, routing the plurality of communications addressed to the IP address to the virtual pipe, and tunneling the plurality of communications over the virtual pipe to the first device.
  - 5. The method of claim 1 further comprising the steps of:
    - establishing an access control list to control access to the first device, and based on the access control list, routing the communications from the second device to the first device only if the second device has permission to access the first device.
  - 6. The method of claim 1 further comprising the steps of:
    - terminating a second virtual pipe from the second device, assigning a second IP address to the second device, and receiving the communications from the second device through the second virtual pipe.
  - 7. The method of claim 6 wherein the IP addresses assigned to the first and second devices are private IP addresses.

8. A system for enabling communications between a first device and a second device wherein said first device is separated from said second device by access blocking apparatus, said system comprising:
- a secure hub, and a virtual pipe between the first device and said secure hub, said secure hub including a pool of available IP addresses from which an IP address can be assigned to the first device, means for associating the assigned IP address with the virtual pipe, means for routing communications from the second device and addressed to the first device to the virtual pipe, and means for tunneling said communications over the virtual pipe to the first device.
- View Dependent Claims (9, 10, 11)
- - 9. The system of claim 8 wherein said means for tunneling tunnels second communications over the virtual pipe from the first device, and wherein said means for routing routes the second communications to the second device.
  - 10. The system of claim 8 further comprising:
    - a virtual pipe between the second device and said secure hub, and wherein said means for associating associates a second IP address from the pool of available IP addresses with the second virtual pipe, and wherein said means for tunneling tunnels said communications from the second device through the second virtual pipe.
  - 11. The system of claim 8 further comprising:
    - an access control list to control access to the first device, and wherein, based on the access control list, said means for routing the communications from the second device to the first device routes the communications only if the second device has permission to access the first device.

12. A system for enabling communication to a first communication device through the public network from a second communication device, said first and second communication devices being separated by at least one security access blocking apparatus, said system comprising a secure hub having routing and switching functionality and pipe termination functionality and having interfaces to said public network, and means for creating a virtual pipe between said secure hub and said first communication device for tunneling communication, said secure hub further including means for assigning an IP address to said first communication device and associating said IP address with said virtual pipe.
- View Dependent Claims (13, 14, 15)
- - 13. The system of claim 12 further including means for establishing said communication from said second communication device through said public network to said secure hub.
  - 14. The system of claim 13 wherein said means for establishing said communication from said second communication device includes means for defining a second virtual pipe.
  - 15. The system of claim 12 wherein said secure hub includes means for defining an access control list, said routing and switching functionality routing said communication from said second communication device to said virtual pipe only if such access is permitted by said access control list.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telcordia Technologies Incorporated (Telefonaktiebolaget LM Ericsson)
Original Assignee
Telcordia Technologies Incorporated (Telefonaktiebolaget LM Ericsson)
Inventors
Huitema, Christian, Moyer, Stanley, Marples, David

Application Number

US10/052,094
Publication Number

US 20030140142A1
Time in Patent Office

Days
Field of Search
US Class Current

709/225
CPC Class Codes

H04L 61/2567   for reachability, e.g. inqu...

H04L 61/2578   without involvement of the ...

H04L 61/5038   for local use, e.g. in LAN ...

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/101   Access control lists [ACL]

Initiating connections through firewalls and network address translators

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

99 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Initiating connections through firewalls and network address translators

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

99 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others