System, method and computer program product for updating the states of a firewall
First Claim
Patent Images
1. A method for use in managing a communication, comprising:
- determining a session identifier that identifies a filtering mechanism to update in a security device;
determining a filter identifier that identifies a filter rule within the filtering mechanism to update;
determining an action to be performed on the filter rule;
determining a value attribute with which to update the filter rule;
generating a message, wherein the message includes the session identifier, the filter identifier, the action, and the value attribute; and
providing the message to the security device to enable a dynamic update of the filtering mechanism that allows a first computing device to communicate with a second computing device while the first computing device changes at least one of a network address, or a port number, wherein at least a portion of the communication is routed to the security device.
5 Assignments
0 Petitions
Accused Products
Abstract
The preferred embodiment of the present invention is a method and computer program product that specifies an array of elements to be incorporated into a firewall configuration protocol. When added to the configuration protocol, these added attributes allow the existing packet filtering mechanism to accommodate a terminal device that has moved and received a new IP address in a timely and efficient manner.
-
Citations
23 Claims
-
1. A method for use in managing a communication, comprising:
-
determining a session identifier that identifies a filtering mechanism to update in a security device;
determining a filter identifier that identifies a filter rule within the filtering mechanism to update;
determining an action to be performed on the filter rule;
determining a value attribute with which to update the filter rule;
generating a message, wherein the message includes the session identifier, the filter identifier, the action, and the value attribute; and
providing the message to the security device to enable a dynamic update of the filtering mechanism that allows a first computing device to communicate with a second computing device while the first computing device changes at least one of a network address, or a port number, wherein at least a portion of the communication is routed to the security device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for use in managing a communication over a network, comprising:
-
determining a plurality of attributes associated with an update to a filter in a security device for use in managing the communication between a first computing device and a second computing device, at least a portion of the communication being routed to the security device;
providing the plurality of attributes to the security device, wherein the security device employs the attributes to dynamically update the filter to further enable the communication while the first computing device changes a network location. - View Dependent Claims (12)
-
-
13. A computer-readable medium encoded with a data structure for use in updating a state of a security device, the data structure comprising:
-
a first data field configured to include a session identifier that indicates a set of filters within the security device;
a second data field configured to include a field identifier employable to indicate a packet filter with the set of filters to be updated by an action;
a third data field configured to include the action performable on the packet filter; and
a fourth data field configured to include a value useable to update the indicated packet filter, wherein the data structure is employable by the security device to dynamically update the state. - View Dependent Claims (14, 15, 16)
-
-
17. A computer-readable medium having computer-executable components for use in managing an update to a security device comprising:
-
a transceiver for receiving and sending content over the network;
a processor in communication with the transceiver; and
a memory in communication with the processor and for use in storing data and machine instructions that cause the processor to perform a plurality of operations, including;
determining a message, wherein the message comprises;
a session identifier that recognizes a set of filters within the security device, an indicator of a packet filter within the set of filters to update, an action performable on the packet filter; and
a value useable to update the indicated packet filter; and
providing the message to the security device to dynamically update the security device so as to allow a first computing device to communicate with a second computing device while the first computing device changes a network location, the communication being routed to the security device. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A system for use in updating a state of a security device, comprising:
-
a mobile terminal that is configured to perform actions, including;
determining a plurality of attributes associated with an update to the state of the security device to manage a communication between the mobile terminal and a second computing device, at least a portion of the communication being routable to the security device; and
providing a message including the plurality of attributes to the security device; and
the security device being in communication with the mobile terminal and configured to perform actions, including;
receiving the message including the plurality of attributes, employing an enhanced configuration protocol;
verifying an authenticity of the message by confirming that the mobile terminal owns the message; and
if the message is verified, dynamically updating the state based on information within the message including the plurality of attributes, to allow the mobile device to maintain the communication with the other computing device while the mobile device changes a network location and at least a portion of the communication is routed to the security device.
-
-
23. An apparatus useable in managing an update to a security device comprising:
-
a transceiver for receiving and sending content over the network;
a means for determining a message, wherein the message comprises;
a session identifier indicating a set of filters within the security device, an indicator of a packet filter with the set of filters to update, an action performable on the packet filter; and
a value useable to update the indicated packet filter; and
a means for providing the message to the security device to dynamically update the security device and allow a first computing device to communicate with a second computing device while the first computing device changes a network location, the communication being routed to the security device.
-
Specification