Extensions to filter on IPv6 header

US 20050268332A1
Filed: 07/02/2004
Published: 12/01/2005
Est. Priority Date: 05/25/2004
Status: Abandoned Application

First Claim

Patent Images

1. An network implementing at least one firewall for providing protection for at least one user or resource on the network, the network comprising:

at least one host system protected by the at least one firewall, the host system being configured to send and receive information from external host systems through the at least one firewall; and

the at least one firewall comprising installation means for installing policy rules that are transmitted from at least one network entity to the at least one firewall, wherein the policy rules comprise an option field for allowing the at least one network entity to send additional information to the at least one firewall, the additional information relating to at least one type of information used in at least one of a Internet Protocol version 6 protocol or a mobile Internet Protocol version 6 protocol, wherein the at least one firewall optionally includes the additional information in the policy rules and thereafter uses the installed policy rules to filter traffic travelling through the firewall.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network implementing at least one firewall for providing protection for users on the network. The network includes at least one host system protected by the at least one firewall, the host system being configured to send and receive information from external host systems through the at least one firewall. The at least one firewall including installation means for installing policy rules that are transmitted from at least one network entity to the at least one firewall. The policy rules include an option field for allowing the at least one network entity to send additional information to the firewall. The additional information relating to at least one type of information used in at least one of a Internet Protocol version 6 protocol or a mobile Internet Protocol version 6 protocol. The additional information is optionally used by the at least one firewall to filter on data travelling through the at least one firewall.

Citations

25 Claims

1. An network implementing at least one firewall for providing protection for at least one user or resource on the network, the network comprising:
- at least one host system protected by the at least one firewall, the host system being configured to send and receive information from external host systems through the at least one firewall; and
  
  the at least one firewall comprising installation means for installing policy rules that are transmitted from at least one network entity to the at least one firewall, wherein the policy rules comprise an option field for allowing the at least one network entity to send additional information to the at least one firewall, the additional information relating to at least one type of information used in at least one of a Internet Protocol version 6 protocol or a mobile Internet Protocol version 6 protocol, wherein the at least one firewall optionally includes the additional information in the policy rules and thereafter uses the installed policy rules to filter traffic travelling through the firewall.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The network of claim 1, wherein the option field comprises at least one code for indicating the type of information stored in the option field and at least one value for the information identified by the at least one code.
  - 3. The network of claim 2, wherein the option field comprises at least one code for indicating that at least one of a destination option or a routing option is stored in the option field and at least one value for the at least one of the destination option or the routing option identified by the at least one code.
  - 4. The network of claim 2, wherein the option field comprises at least one code for indicating that at least one of Internet Protocol version 6 header options is stored in the option field and at least one value for the at least one of Internet Protocol version 6 header options identified by the at least one code.
  - 5. The network of claim 1, wherein the option field comprises means for enabling the firewall to determine how many types of values are stored in the option fields.

6. A firewall for providing protection for at least one user or resource on a network, the firewall comprising:
- installation means for installing policy rules that are transmitted from at least one network entity to the firewall, wherein the policy rules comprise an option field for allowing the at least one network entity to send additional information to the firewall, the additional information relating to at least one type of information used in at least one of a Internet Protocol version 6 protocol or a mobile Internet Protocol version 6 protocol, wherein the firewall optionally includes the additional information in the policy rules and thereafter uses the installed policy rules to filter traffic travelling through the firewall.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The firewall of claim 6, wherein the option field comprises at least one code for indicating that at least one of a destination option or a routing option is stored in the option field and at least one value for the at least one of the destination option or the routing option identified by the at least one code.
  - 8. The firewall of claim 7, wherein the option field comprises at least one code for indicating that at least one of Internet Protocol version 6 header options is stored in the option field and at least one value for the at least one of Internet Protocol version 6 header options identified by the at least one code.
  - 9. The firewall of claim 6, wherein the option field comprises means for enabling the firewall to determine how many types of values are stored in the option fields.
  - 10. The firewall of claim 6, wherein the at least one network entity is one of a host system or a processing entity connected to a network.

11. A host system comprising a firewall for providing protection, the host system entity comprising:
- installation means on the firewall for installing policy rules that are transmitted from at least one network entity through the firewall, wherein the policy rules comprise an option field for allowing the at least one network entity to send additional information to the firewall, the additional information relating to at least one type of information used in at least one of a Internet Protocol version 6 protocol or a mobile Internet Protocol version 6 protocol, wherein the firewall optionally includes the additional information in the policy rules and thereafter uses the installed policy rules to filter traffic travelling through the firewall.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The host system entity of claim 11, wherein the option field comprises at least one code for indicating the type of information stored in the option field and at least one value for the information identified by the at least one code.
  - 13. The host system of claim 12 wherein the option field comprises at least one code for indicating that at least one of a destination option or a routing option is stored in the option field and at least one value for the at least one of the destination option or the routing option identified by the at least one code.
  - 14. The host systems of claim 12, wherein the option field comprises at least one code for indicating that at least one of Internet Protocol version 6 header options is stored in the option field and at least one value for the at least one of Internet Protocol version 6 header options identified by the at least one code.
  - 15. The host system of claim 11, wherein the option field comprises means for enabling the firewall to determine how many types of values are stored in the option fields.
  - 16. The host system of claim 11, wherein the at least one network entity is a processing unit connected to a network.

17. A method for protecting systems connected to at least one firewall by providing additional information to the at least one firewall, the method comprises the steps of:
- transmitting policy rules from at least one network entity connected to the at least one firewall;
  
  installing the policy rules on the at least one firewall, wherein the policy rules comprise an option field for allowing the at least one network entity to send additional information to the at least one firewall, the additional information relating to at least one type of information used in at least one of a Internet Protocol version 6 protocol or a mobile Internet Protocol version 6 protocol; and
  
  optionally using the additional information in the policy rules, by the at least one firewall, to filter data travelling through the at least one firewall.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The method of claim 17 further comprising the step of storing, in the option field, at least one code for indicating the type of information in the option field and at least one value for the information identified by the at least one code.
  - 19. The method of claim 18, further comprising the step of storing, in the option field, at least one code for indicating at least one of Internet Protocol version 6 header options and at least one value for the at least one of Internet Protocol version 6 header options identified by the at least one code.
  - 20. The method of claim 18, further comprising the step of storing, in the option field, at least one code for indicating at least one of a destination option or a routing option and at least one value for the at least one of the destination option or the routing option identified by the at least one code.
  - 21. The method of claim 17, further comprising the step of using the option field to enable the firewall to determine how many types of values are stored in the option fields.

22. An apparatus for protecting systems connected to at least one firewall by providing additional information to the at least one firewall, the method comprises the steps of:
- transmitting means for transmitting policy rules from at least one network entity connected to the at least one firewall;
  
  installation means for installing the policy rules on the at least one firewall, wherein the policy rules comprise an option field for allowing the at least one network entity to send additional information to the at least one firewall, the additional information relating to at least one type of information used in at least one of a Internet Protocol version 6 protocol or a mobile Internet Protocol version 6 protocol; and
  
  implementation means for optionally using the additional information by the at least one firewall to filter data travelling through the at least one firewall.

23. The apparatus of claim 23 further comprising storage means for storing, in the option field, at least one code for indicating the type of information in the option field and at least one value for the information identified by the at least one code.
- View Dependent Claims (24, 25)
- - 24. The apparatus of claim 23, further comprising utilization means for using the option field to enable the firewall to determine how many types of values are stored in the option fields.
  - 25. The apparatus of claim 23, wherein the at least one network entity is a processing unit connected to a network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Spyder Navigations LLC (Intellectual Ventures LLC)
Original Assignee
Spyder Navigations LLC (Intellectual Ventures LLC)
Inventors
Faccin, Stefano, Le, Franck

Application Number

US10/882,675
Publication Number

US 20050268332A1
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 63/0236   Filtering by address, proto...

H04L 63/0254   Stateful filtering

H04L 63/0263   Rule management

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/20   for managing network securi...

Extensions to filter on IPv6 header

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Extensions to filter on IPv6 header

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links