VPN and firewall integrated system

US 20060174336A1
Filed: 09/08/2003
Published: 08/03/2006
Est. Priority Date: 09/06/2002
Status: Active Grant

First Claim

Patent Images

1. An integrated firewall/VPN system, comprising:

at least one wide area network (WAN);

at least one local area network (LAN); and

an integrated firewall/VPN chipset adapted to send and receive data packets between said WAN and said LAN, said chipset comprising a firewall portion and to provide access control between said WAN and said LAN and a VPN portion adapted to provide security functions for data between said LAN and said WAN;

said firewall including firewall hardware and software portions wherein at least said firewall hardware portion is adapted to provide iterative functions associated with said access control;

said VPN potion including VPN hardware and software portions wherein at least VPN hardware portion is adapted to provide iterative functions associated with said security functions.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides an integrated VPN/firewall system that uses bath hardware (firmware) and software to optimize the efficiency of both VPN and firewall functions. The hardware portions of the VPN and firewall are designed in flexible and scalable layers to permit high-speed processing without sacrificing system security. The software portions are adapted to provide interfacing with hardware components, report and rules management control.

120 Citations

View as Search Results

17 Claims

1. An integrated firewall/VPN system, comprising:
- at least one wide area network (WAN);
  
  at least one local area network (LAN); and
  
  an integrated firewall/VPN chipset adapted to send and receive data packets between said WAN and said LAN, said chipset comprising a firewall portion and to provide access control between said WAN and said LAN and a VPN portion adapted to provide security functions for data between said LAN and said WAN;
  
  said firewall including firewall hardware and software portions wherein at least said firewall hardware portion is adapted to provide iterative functions associated with said access control;
  
  said VPN potion including VPN hardware and software portions wherein at least VPN hardware portion is adapted to provide iterative functions associated with said security functions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A system as claimed in claim 1, wherein said chipset further comprises a router adapted to route data between said LAN and said LAN.
  - 3. A system as claimed in claim 1, wherein said firewall hardware portion comprising circuitry to provide static and/or dynamic data packet filtering.
  - 4. A system as claimed in claim 3, wherein said circuitry includes a header match packet filtering circuit to provide pattern matching in selected headers of said data.
  - 5. A system as claimed in claim 1, wherein said chipset further adapted to analyze access control functions based on preselected bytes of said data packets.
  - 6. A system as claimed in claim 5, wherein said preselected bytes comprise the first 144 bytes of said data packet.
  - 7. A system as claimed in claim 1, wherein said VPN security functions comprise, encryption, decryption, encapsulation, and decapsulation of said data packets.
  - 8. A system as claimed in claim 1, wherein said firewall access control functions comprise user-defined access control protocols.

9. A firewall/VPN integrated circuit (IC), comprising:
- a router core adapted to interface between at least one untrusted network and at least one trusted network to send and receive data packets between said untrusted and said trusted networks;
  
  a firewall system adapted to provide access control between said untrusted and said trusted networks, and comprising firewall hardware and software portions wherein at least said firewall hardware portion is adapted to provide iterative functions associated with said access control; and
  
  a VPN engine adapted to provide security functions for data between said untrusted and said trusted networks, and comprising VPN hardware and software wherein at least said VPN hardware portion is adapted to provide iterative functions associated with said security functions.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. An IC system as claimed in claim 9, wherein said firewall hardware portion comprising circuitry to provide static and/or dynamic data packet filtering.
  - 11. An IC as claimed in claim 10, wherein said circuitry includes a header match packet filtering circuit to provide pattern matching in selected headers of said data.
  - 12. An IC as claimed in claim 9, wherein said firewall system further adapted to analyze access control functions based on preselected bytes of said data packets.
  - 13. An IC as claimed in claim 12, wherein said preselected bytes comprise the first 144 bytes of said data packet.
  - 14. A system as claimed in claim 9, wherein said VPN security functions comprise, encryption, decryption, encapsulation, and decapsulation of said data packets.
  - 15. A system as claimed in claim 9, wherein said firewall access control functions comprise user-defined access control protocols.

16. A method of providing firewall access control functions, comprising the steps of:
- defining one or more access control protocols;
  
  receiving a data packet;
  
  selecting a certain number of bytes of said data packet;
  
  processing said selected bytes using said access control protocols.
- View Dependent Claims (17)
- - 17. A method as claimed in claim 16, further comprising the steps of:
    - providing hardware implementation of static and/or dynamic packet data filtering using said access control protocols.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Ventures Assets 3 LLC (Intellectual Ventures LLC)
Original Assignee
O2 Micro International Limited (O2 Micro Incorporated)
Inventors
Chen, Jyshyang

Granted Patent

US 7,596,806 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 63/0209   Architectural arrangements,...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04L 63/104   Grouping of entities

H04L 63/145   the attack involving the pr...

H04L 63/16   Implementing security featu...

VPN and firewall integrated system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

120 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

VPN and firewall integrated system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

120 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links