Network gateway system having rules for exchanging packet, network gateway method, and network gateway device therefor

US 20040010572A1
Filed: 05/12/2003
Published: 01/15/2004
Est. Priority Date: 02/04/2002
Status: Active Grant

First Claim

Patent Images

1. A network gateway system having a network gateway device that interconnects networks, said network gateway system comprising:

an administration center that holds and creates a gateway rule for controlling a packet, wherein;

said network gateway device holds the gateway rule;

when receiving a packet, if a gateway rule corresponding to the received packet exists, said network gateway device handles the received packet according to the gateway rule; and

if there is no gateway rule corresponding to the received packet, said network gateway device transfers the received packet to the administration center, and then receives a gateway rule corresponding to the packet from the administration center to perform update.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Handling a packet according to a gateway rule used to control the packet in the network gateway device ensures the security, and centrally controlling the gateway rule in an administration center eliminates the need for individual user'"'"'s consciousness of operation such as a fire wall, which makes a network gateway system easy to use. At the same time, under certain conditions, the packet is handled according to a gateway rule in the network gateway device to reduce a network load.

The administration center that holds and creates a gateway rule used to control a packet is provided. The network gateway device holds the gateway rule. When receiving a packet, if a gateway rule corresponding to the packet exists, the received packet is handled according to the gateway rule. If no gateway rule corresponding to the packet exists, the packet is transferred to the administration center, and then the corresponding gateway rule is received from the administration center so that update is performed.

35 Citations

View as Search Results

20 Claims

1. A network gateway system having a network gateway device that interconnects networks, said network gateway system comprising:
- an administration center that holds and creates a gateway rule for controlling a packet, wherein;
  
  said network gateway device holds the gateway rule;
  
  when receiving a packet, if a gateway rule corresponding to the received packet exists, said network gateway device handles the received packet according to the gateway rule; and
  
  if there is no gateway rule corresponding to the received packet, said network gateway device transfers the received packet to the administration center, and then receives a gateway rule corresponding to the packet from the administration center to perform update.
- View Dependent Claims (2, 3, 4)
- - 2. A network gateway system according to claim 1, wherein:
    - if the administration center holds a gateway rule corresponding to the packet transmitted from the network gateway device, the administration center transmits the gateway rule; and
      
      if the administration center does not hold the gateway rule corresponding to the packet transmitted from the network gateway device, the administration center newly creates a gateway rule corresponding to the packet, transmits the gateway rule to the network gateway device, and handles the packet according to the corresponding gateway rule.
  - 3. A network gateway system according to claim 1 or 2, wherein, in the network gateway device, an effective time during which the gateway rule is held is determined, and thereby a gateway rule whose effective time has expired is deleted.
  - 4. A network gateway system according to claim 3, wherein:
    - said network gateway device comprises a gateway-rule storing table for holding the gateway rules; and
      
      when receiving the gateway rule from the administration center, if no space area in the gateway-rule storing table exists, a gateway-rule entry with the shortest remaining effective time is first deleted from among the gateway rules stored in the gateway-rule storing table.

5. A network gateway system having a network gateway device that interconnects networks, said network gateway system comprising:
- an administration center that holds and creates a gateway rule for controlling a packet, wherein;
  
  said network gateway device holds the gateway rule;
  
  when receiving a packet, if a gateway rule corresponding to the received packet exists, said network gateway device handles the received packet according to the gateway rule; and
  
  if no gateway rule corresponding to the received packet exists, an inquiry about a gateway rule corresponding to the received packet is sent to the administration center, and the gateway rule corresponding to the packet is received from the administration center so that update is performed, and according to the received gateway rule, the received packet is controlled.
- View Dependent Claims (6, 7, 8)
- - 6. A network gateway system according to claim 5, wherein:
    - when the administration center receives an inquiry from the network gateway device, if the administration center holds a gateway rule corresponding to the inquired packet, the administration center transmits the gateway rule; and
      
      if the administration center does not hold a gateway rule corresponding to the inquired packet, the administration center newly creates a gateway rule corresponding to the packet, and then transmits the gateway rule to the network gateway device.
  - 7. A network gateway system according to claim 5 or 6, wherein:
    - in the network gateway device, an effective time during which the gateway rule is held is determined, and thereby a gateway rule whose effective time has expired is deleted.
  - 8. A network gateway system according to claim 7, wherein:
    - said network gateway device comprises a gateway-rule storing table for holding the gateway rules; and
      
      when receiving the gateway rule from the administration center, if no space area in the gateway-rule storing table exists, a gateway-rule entry with the shortest remaining effective time is first deleted from among the gateway rules stored in the gateway-rule storing table.

9. A network gateway method of a network gateway system having a network gateway device that interconnects networks, wherein:
- said network gateway system comprises an administration center that holds and creates a gateway rule for controlling a packet; and
  
  said network gateway device comprises the steps of;
  
  holding the gateway rules, and when receiving a packet, if a gateway rule corresponding to the received packet exists, handling the received packet according to the gateway rule;
  
  if no gateway rule corresponding to the received packet exists, transferring the received packet to the administration center; and
  
  receiving a gateway rule corresponding to the packet from the administration center to perform update.
- View Dependent Claims (10, 11, 12)
- - 10. A network gateway method according to claim 9, wherein:
    - said administration center comprising the steps of;
      
      if a gateway rule corresponding to a packet transmitted from the network gateway device is held, transmitting the gateway rule;
      
      if a gateway rule corresponding to the packet transmitted from the network gateway device is not held, newly creating a gateway rule corresponding to the packet, and then transmitting the gateway rule to the network gateway device; and
      
      handling the packet according to the corresponding gateway rule.
  - 11. A network gateway method according to claim 9 or 10, further comprising the step of:
    - in the network gateway device, determining an effective time during which the gateway rule is held, and deleting a gateway rule whose effective time has expired.
  - 12. A network gateway method according to claim 11, wherein:
    - said network gateway device comprises a gateway-rule storing table for holding the gateway rules; and
      
      said network gateway device comprises the step of;
      
      when receiving the gateway rule from the administration center, if no space area in the gateway-rule storing table exists, first deleting a gateway-rule entry with the shortest remaining effective time from among the gateway rules stored in the gateway-rule storing table.

13. A network gateway method of a network gateway system having a network gateway device that interconnects networks, wherein:
- said network gateway system comprises an administration center that holds and creates a gateway rule for controlling a packet; and
  
  said network gateway device comprises the steps of;
  
  holding the gateway rule, and when receiving a packet, if a gateway rule corresponding to the received packet exists, handling the received packet according to the gateway rule;
  
  if no gateway rule corresponding to the received packet exists, sending an inquiry about a gateway rule corresponding to the received packet to the administration center; and
  
  receiving the gateway rule corresponding to the packet from the administration center to perform update, and thereby controlling the received packet according to the received gateway rule.
- View Dependent Claims (14, 15, 16)
- - 14. A network gateway method according to claim 13, wherein:
    - said administration center comprises the steps of;
      
      when receiving an inquiry from the network gateway device, if the administration center holds a gateway rule corresponding to the inquired packet, transmitting the gateway rule; and
      
      if the administration center does not hold a gateway rule corresponding to the inquired packet, newly creating a gateway rule corresponding to the packet, and then transmitting the gateway rule to the network gateway device.
  - 15. A network gateway method according to claim 13 or 14, further comprising the step of:
    - in the network gateway device, determining an effective time during which the gateway rule is held, and deleting a gateway rule whose effective time has expired.
  - 16. A network gateway method according to claim 15, wherein:
    - said network gateway device comprises a gateway-rule storing table for holding the gateway rules; and
      
      said network gateway device comprises the step of;
      
      when receiving the gateway rule from the administration center, if no space area in the gateway-rule storing table exists, first deleting a gateway-rule entry with the shortest remaining effective time from among the gateway rules stored in the gateway-rule storing table.

17. A network gateway device that interconnects networks, wherein:
- said network gateway device has a function of handling a received packet according to a gateway rule for controlling the packet;
  
  a network system in which said network gateway device is used comprises an administration center that creates and holds the gateway rule;
  
  said network gateway device holds the gateway rule;
  
  said network gateway device comprises anther function whereby when receiving a packet, if no gateway rule corresponding to the received packet exists, a gateway rule corresponding to the packet is received from the administration center so that update is performed; and
  
  in said network gateway device, an effective time during which the gateway rule is held is determined, and thereby a gateway rule whose effective time has expired is deleted.

18. A network gateway device that interconnects networks, wherein:
- said network gateway device has a function of handling a received packet according to a gateway rule for controlling the packet;
  
  a network system in which said network gateway device is used comprises an administration center that creates and holds the gateway rule;
  
  said network gateway device holds the gateway rule;
  
  said network gateway device comprises another function whereby when receiving a packet, if no gateway rule corresponding to the received packet exists, a gateway rule corresponding to the packet is received from the administration center so that update is performed; and
  
  a condition for deleting the gateway rule is the number of packets handled or occurrence of an uniform event continuing for a fixed period of time.

19. A network connection program used in a network gateway device that interconnects networks, said network connection program comprising:
- a function of handling a received packet according to a gateway rule for controlling the packet, wherein;
  
  a network system in which said network gateway device is used comprises an administration center function of holding and creating the gateway rule;
  
  said network gateway device holds the gateway rule;
  
  said network gateway device comprises another function whereby when receiving a packet, if no gateway rule corresponding to the received packet exists, a gateway rule corresponding to the packet is received from the administration center so that update is performed; and
  
  in said network gateway device, an effective time during which the gateway rule is held is determined, and thereby a gateway rule whose effective time has expired is deleted.

20. A network connection program used in a network gateway device that interconnects networks, said network connection program comprising:
- a function of handling a received packet according to a gateway rule for controlling the packet, wherein;
  
  a network system in which said network gateway device is used comprises an administration center function of holding and creating the gateway rule;
  
  said network gateway device holds the gateway rule;
  
  said network gateway device comprises another function whereby when receiving a packet, if no gateway rule corresponding to the received packet exists, a gateway rule corresponding to the packet is received from the administration center function so that update is performed; and
  
  a condition for deleting the gateway rule is the number of packets handled or occurrence of an uniform event continuing for a fixed period of time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Watanabe, Tomonori

Granted Patent

US 7,225,269 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/220
CPC Class Codes

H04L 63/0263 Rule management

Network gateway system having rules for exchanging packet, network gateway method, and network gateway device therefor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Network gateway system having rules for exchanging packet, network gateway method, and network gateway device therefor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others