Extension to the firewall configuration protocols and features

US 20050268331A1
Filed: 05/25/2004
Published: 12/01/2005
Est. Priority Date: 05/25/2004
Status: Abandoned Application

First Claim

Patent Images

1. An network implementing at least one firewall for providing protection for users on the network, the network comprising:

at least one host system protected by the at least one firewall, the host system being configured to send and receive information from external host systems through the at least one firewall; and

the at least one firewall comprising installation means for installing policy rules that are transmitted from at least one network entity to the at least one firewall, wherein the policy rules comprise an option field for allowing the at least one network entity to send additional information to the at least one firewall on at least one state to be created and the additional information is optionally used by the at least one firewall to perform services on data travelling through the at least one firewall.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network implementing at least one firewall for providing protection for users on the network. The network includes at least one host system protected by the at least one firewall, the host system being configured to send and receive information from external host systems through the at least one firewall. The at least one firewall including installation means for installing policy rules that are transmitted from at least one network entity to the at least one firewall. The policy rules include an option field for allowing the at least one network entity to send additional information to the firewall on at least one state to be created. The additional information is optionally used by the at least one firewall to perform services on data travelling through the at least one firewall.

91 Citations

View as Search Results

26 Claims

1. An network implementing at least one firewall for providing protection for users on the network, the network comprising:
- at least one host system protected by the at least one firewall, the host system being configured to send and receive information from external host systems through the at least one firewall; and
  
  the at least one firewall comprising installation means for installing policy rules that are transmitted from at least one network entity to the at least one firewall, wherein the policy rules comprise an option field for allowing the at least one network entity to send additional information to the at least one firewall on at least one state to be created and the additional information is optionally used by the at least one firewall to perform services on data travelling through the at least one firewall.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The network of claim 1, wherein the option field comprises at least one code for indicating the type of information stored in the option field and at least one value for the information identified by the at least one code.
  - 3. The network of claim 2, wherein the option field comprises at least one code for indicating that a Security Parameter Index used in a IP security protocol is stored in the option field and at least one value for the Security Parameter Index identified by the at least one code.
  - 4. The network of claim 2, wherein the option field comprises at least one code for indicating that at least one TCP sequence number used during TCP communication is stored in the option field and at least one value for the at least one TCP sequence number identified by the at least one code.
  - 5. The network of claim 1, wherein the option field comprises means for enabling the firewall to determine how many types of values are stored in the option fields.

6. A firewall for providing protection for users on a network, the firewall comprising:
- installation means for installing policy rules that are transmitted from at least one network entity to the firewall, wherein the policy rules comprise an option field for allowing the at least one network entity to send additional information to the firewall on at least one state to be created and the additional information is optionally used by the firewall to perform services on data travelling through the firewall.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The firewall of claim 6, wherein the option field comprises at least one code for indicating the type of information stored in the option field and at least one value for the information identified by the at least one code.
  - 8. The firewall of claim 7, wherein the option field comprises at least one code for indicating that a Security Parameter Index used in a IP security protocol is stored in the option field and at least one value for the Security Parameter Index identified by the at least one code.
  - 9. The firewall of claim 7, wherein the option field comprises at least one code for indicating that at least one TCP sequence number used during TCP communication is stored in the option field and at least one value for the at least one TCP sequence number identified by the at least one code.
  - 10. The firewall of claim 6, wherein the option field comprises means for enabling the firewall to determine how many types of values are stored in the option fields.
  - 11. The firewall of claim 6, wherein the at least one network entity is one of a host system or a processing entity connected to a network.

12. A host system comprising a firewall for providing protection, the host system entity comprising:
- installation means on the firewall for installing policy rules that are transmitted from at least one network entity through the firewall, wherein the policy rules comprise an option field for allowing the at least one network entity to send additional information to the firewall on at least one state to be created and the additional information is optionally used by the firewall to perform services on data travelling through the firewall.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The host system entity of claim 12, wherein the option field comprises at least one code for indicating the type of information stored in the option field and at least one value for the information identified by the at least one code.
  - 14. The host system of claim 13 wherein the option field comprises at least one code for indicating that a Security Parameter Index used in a IP security protocol is stored in the option field and at least one value for the Security Parameter Index identified by the at least one code.
  - 15. The host systems of claim 13, wherein the option field comprises at least one code for indicating that at least one TCP sequence number used during TCP communication is stored in the option field and at least one value for the at least one TCP sequence number identified by the at least one code.
  - 16. The host system of claim 12, wherein the option field comprises means for enabling the firewall to determine how many types of values are stored in the option fields.
  - 17. The host system of claim 12, wherein the at least one network entity is a processing unit connected to a network.

18. A method for protecting systems connected to at least one firewall by providing additional information to the at least one firewall on states to be created, the method comprises the steps of:
- transmitting policy rules from at least one network entity connected to the at least one firewall;
  
  installing the policy rules on the at least one firewall, wherein the policy rules comprise an option field for allowing the at least one network entity to send additional information to the at least one firewall on at least one state to be created; and
  
  optionally using the additional information by the at least one firewall to perform services on data travelling through the at least one firewall.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The method of claim 18 further comprising the step of storing, in the option field, at least one code for indicating the type of information in the option field and at least one value for the information identified by the at least one code.
  - 20. The method of claim 19, further comprising the step of storing, in the option field, at least one code for indicating a Security Parameter Index used in a IP security protocol and at least one value for the Security Parameter Index identified by the at least one code.
  - 21. The method of claim 19, further comprising the step of storing, in the option field, at least one code for indicating at least one TCP sequence number used during TCP communication and at least one value for the at least one TCP sequence number identified by the at least one code.
  - 22. The method of claim 18, further comprising the step of using the option field to enable the firewall to determine how many types of values are stored in the option fields.

23. An apparatus for protecting systems connected to at least one firewall by providing additional information to the at least one firewall on states to be created, the method comprises the steps of:
- transmitting means for transmitting policy rules from at least one network entity connected to the at least one firewall;
  
  installation means for installing the policy rules on the at least one firewall, wherein the policy rules comprise an option field for allowing the at least one network entity to send additional information to the at least one firewall on at least one state to be created; and
  
  implementation means for optionally using the additional information by the at least one firewall to perform services on data travelling through the at least one firewall.
- View Dependent Claims (24, 25, 26)
- - 24. The apparatus of claim 23 further comprising storage means for storing, in the option field, at least one code for indicating the type of information in the option field and at least one value for the information identified by the at least one code.
  - 25. The apparatus of claim 23, further comprising utilization means for using the option field to enable the firewall to determine how many types of values are stored in the option fields.
  - 26. The apparatus of claim 23, wherein the at least one network entity is a processing unit connected to a network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Original Assignee
Intellectual Ventures I LLC (Intellectual Ventures LLC)
Inventors
Faccin, Stefano, Le, Franck

Application Number

US10/852,680
Publication Number

US 20050268331A1
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/0254   Stateful filtering

H04L 63/0263   Rule management

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/20   for managing network securi...

Extension to the firewall configuration protocols and features

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

91 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Extension to the firewall configuration protocols and features

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others