Security system and method for firewall and associated product

US 20050188197A1
Filed: 01/14/2005
Published: 08/25/2005
Est. Priority Date: 01/15/2004
Status: Abandoned Application

First Claim

Patent Images

1. Security system for firewall, comprising:

means of communicating with an application provided to make connections via said firewall, means of identifying at least one delegation parameter supplied by said application, said identification means being provided to recognize said application as capable of establishing connections via the firewall when said delegation parameter complies with at least one reference parameter recorded in a storage space, and command means for establishing connections via the firewall, said commands being based on requests originating from said application, wherein said security system also comprises means of producing said reference parameter, said production means including means of automatically generating said reference parameter intended to be recorded in the storage space.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a system and a method of security for a firewall. The system comprises means of communication with an application provided to make connections via the firewall, means of identifying at least one delegation parameter supplied by this application, provided to recognize this application as capable of establishing connections when the delegation parameter complies with at least one reference parameter and command means for establishing connections, based on requests originating from this application. The security system also comprises means of producing the reference parameter, including means of automatic generation and/or command means for automatic distribution, to a list of permitted users, of the reference parameter. It is thus possible to communicate in advance to users the reference parameter to be supplied as the delegation parameter.

8 Citations

View as Search Results

20 Claims

1. Security system for firewall, comprising:
- means of communicating with an application provided to make connections via said firewall, means of identifying at least one delegation parameter supplied by said application, said identification means being provided to recognize said application as capable of establishing connections via the firewall when said delegation parameter complies with at least one reference parameter recorded in a storage space, and command means for establishing connections via the firewall, said commands being based on requests originating from said application, wherein said security system also comprises means of producing said reference parameter, said production means including means of automatically generating said reference parameter intended to be recorded in the storage space.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 17)
- - 2. Security system according to claim 1, wherein it comprises periodic means of activating said production means.
  - 3. Security system according to claim 1, wherein it comprises connection filtering means, provided for filtering the commands for the establishment of connections by said command means, as a function of predefined selection criteria.
  - 4. Security system according to claim 3, wherein said connection filtering means are provided in order to exclude at least one of said connections on the basis of at least one item of selection information chosen from at least one source address, at least one destination address, at least one source port and at least one destination port.
  - 5. Security system according to claim 3, wherein said connection filtering means are provided in order to authorize the commands for the establishment of connections by the command means for said delegation parameter only during a predefined validity period.
  - 6. Security system according to claim 1, wherein it comprises means of authenticating said delegation parameter.
  - 7. Security system according to claim 1, wherein it comprises means of decrypting said delegation parameter.
  - 17. Firewall comprising a security system complying with claim 1.

8. Security system for firewall, comprising:
- means of communicating with an application provided for making connections via said firewall, means of identifying at least one delegation parameter supplied by said application, said identification means being provided to recognize said application as capable of establishing connections via the firewall when said delegation parameter complies with at least one reference parameter recorded in a storage space, and command means for establishing connections via the firewall, said commands being based on requests originating from said application, wherein said security system also comprises means of producing said reference parameter, said production means including command means for automatic distribution of said reference parameter to a list of permitted users, at the time of any new recording of said reference parameter in the storage space.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 18)
- - 9. Security system according to claim 8, wherein said production means also include means of automatically generating said reference parameter intended to be recorded in the storage space.
  - 10. Security system for firewall according to claim 8, wherein the command means for automatic distribution are also capable of communicating the reference parameter to any new permitted user, when said user is registered in said list of permitted users.
  - 11. Security system according to claim 8, wherein it comprises periodic means of activating said production means.
  - 12. Security system according to claim 8, wherein it comprises connection filtering means, provided for filtering the commands for the establishment of connections by said command means, as a function of predefined selection criteria.
  - 13. Security system according to claim 12, wherein said connection filtering means are provided in order to exclude at least one of said connections on the basis of at least one item of selection information chosen from at least one source address, at least one destination address, at least one source port and at least one destination port.
  - 14. Security system according to claim 12, wherein said connection filtering means are provided in order to authorize the commands for the establishment of connections by the command means for said delegation parameter only during a predefined validity period.
  - 15. Security system according to claim 8, wherein it comprises means of authenticating said delegation parameter.
  - 16. Security system according to claim 8, wherein it comprises means of decrypting said delegation parameter.
  - 18. Firewall comprising a security system complying with claim 8.

19. Security method for firewall comprising steps of:
- communication with an application provided in order to make connections via said firewall, automatic identification of at least one delegation parameter supplied by said application and automatic recognition of said application as capable of establishing connections via the firewall when said delegation parameter complies with at least one reference parameter recorded in a storage space, and commands for automatic establishment of connections via the firewall, said commands being based on requests originating from said application, wherein said method also comprises an advance step of sending to at least one user of said application said reference parameter to be supplied as the delegation parameter.
- View Dependent Claims (20)
- - 20. Computer program product, wherein it comprises program code instructions for the execution of the steps of the security method according to claim 19 when said program is executed on a computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Thomson Licensing SA (Vantiva SA)
Original Assignee
Thomson Licensing SA (Vantiva SA)
Inventors
Guillotel, Philippe, Bordes, Philippe, Viellard, Thierry

Application Number

US11/036,743
Publication Number

US 20050188197A1
Time in Patent Office

Days
Field of Search
US Class Current

713/160
CPC Class Codes

H04L 63/029 Firewall traversal, e.g. tu...

Security system and method for firewall and associated product

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

8 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security system and method for firewall and associated product

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links