System and method for traversing firewalls, NATs, and proxies with rich media communications and other application protocols
First Claim
1. A computer program product for use in conjunction with a computer device, the computer program product comprising a computer-readable medium and a computer program product embodied therein that causes the computer device to perform data transfers across a security device interposed between the computer device and a second device, the computer program product having:
- computer program codes to cause the computer device to monitor requests for data transfer to one or more determinable ports of the second device;
computer program codes to cause the computer device to create at least one reliable connection-based data channel to the second device in response to one or more of said requests;
computer program codes to cause the computer device to intercept data destined for one or more determinable destination ports of the second device, wherein the intercepted data comprises packets of a connectionless protocol; and
computer program codes to cause the computer device to encapsulate the intercepted data within a connection-based protocol and to send the encapsulated data to the second device via the reliable connection-based data channel.
20 Assignments
0 Petitions
Accused Products
Abstract
A tunneling system and method is described for traversing firewalls, NATs, and proxies. Upon a request from a device on the secure private network or on a public network such as the Internet, a connection to a designated or permitted device of the secure private network by way of the public network can be established, allowing selected devices of the private network to access devices on the public network. A bi-directional channel can be established where information such as rich multimedia and real-time voice and video can be accessed or communicated.
-
Citations
33 Claims
-
1. A computer program product for use in conjunction with a computer device, the computer program product comprising a computer-readable medium and a computer program product embodied therein that causes the computer device to perform data transfers across a security device interposed between the computer device and a second device, the computer program product having:
-
computer program codes to cause the computer device to monitor requests for data transfer to one or more determinable ports of the second device;
computer program codes to cause the computer device to create at least one reliable connection-based data channel to the second device in response to one or more of said requests;
computer program codes to cause the computer device to intercept data destined for one or more determinable destination ports of the second device, wherein the intercepted data comprises packets of a connectionless protocol; and
computer program codes to cause the computer device to encapsulate the intercepted data within a connection-based protocol and to send the encapsulated data to the second device via the reliable connection-based data channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product for use in conjunction with a computer device, the computer program product comprising a computer-readable medium and a computer program product embodied therein that causes the computer device to perform data transfers across a proxy interposed between the computer device and a second device, the computer program product having:
-
computer program codes to cause the computer device to monitor requests for data transfer to one or more determinable ports of the second device;
computer program codes to cause the computer device to create at least one reliable connection-based data channel to the second device;
computer program codes to cause the computer device to intercept data destined for one or more determinable destination ports of the second device;
computer program codes to cause the computer device to encapsulate the intercepted data within a connection-based protocol and to send the encapsulated data to the second device via the reliable connection-based data channel; and
computer program codes to cause the computer device to respond with a dummy packet upon receiving a retransmission request from the proxy for at least a portion of the encapsulated data. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A computer program product for use in conjunction with a computer device, the computer program product comprising a computer-readable medium and a computer program product embodied therein that causes the computer device to receive connectionless-based data transfer across a network security device interposed between the computer device and a second device, the computer program product having:
-
computer program codes to cause the computer device to monitor incoming packets of a connection-based protocol; and
computer program codes to cause the computer device to de-encapsulate the incoming packets of a connection-based protocol to obtain packets of a connectionless protocol. - View Dependent Claims (18, 19, 20)
-
-
21. A method of transferring data from a first computer device to a second computer device, the method comprising:
-
monitoring requests for data transfer to one or more determinable ports of the second device;
creating at least one reliable connection-based data channel to the second device in response to one or more of said requests;
intercepting data destined for one or more determinable destination ports of the second device, wherein the intercepted data comprises packets of a connectionless protocol; and
encapsulating the intercepted data within a connection-based protocol and to send the encapsulated data to the second device via the reliable connection-based data channel. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A software module embodied in a computer-readable medium, said software module being useful for allowing transfer of data through a network security firewall and between first endpoint and second endpoint coupled to opposite sides of the network security firewall, said software module comprising:
-
a first program component configured to run on the first endpoint at a protocol stack level, the first program component for monitoring requests for data transfer on destination ports of the second endpoint and for establishing a reliable communication channel between the first endpoint and the second endpoint in response to one or more of the requests; and
a second program component configured to run on the first endpoint at a driver level, wherein the second program component, in response to commands from the first program component, selectively encapsulates packets of a connection-based protocol and packets of a connectionless protocol with a reliable connection-based protocol and transmits the encapsulated packets to the second endpoint via the reliable communication channel. - View Dependent Claims (31, 32, 33)
-
Specification