Network security system and the method thereof

US 20070192844A1
Filed: 12/29/2004
Published: 08/16/2007
Est. Priority Date: 01/05/2004
Status: Active Grant

First Claim

Patent Images

1. A network security system, comprising a firewall arranged between an internal network and an external network, said firewall comprises a first port configured at the internal network oriented side of the firewall and a second port configured at the external network oriented side of the firewall;

wherein the network security system further comprises a trusted node arranged between the firewall and the external network, which is used to provide a data channel between the internal network and external network, and forward the data transported between the internal network and external network; and

the trusted node comprises a media-stream receiving port used to converge the data from the second port.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention discloses a network security system including a firewall arranged between the internal network and the external network, and a trusted node arranged between the firewall and the external network, which is used to provide a data channel between the internal network and the external network, and forward the data transported between the internal network and the external network; the firewall includes a first port configured at the internal network oriented side of the firewall and a second port configured at the external network oriented side of the firewall; and the trusted node includes a media-stream receiving port used to converge the data from the second port. The present invention also discloses a network security method.

Citations

13 Claims

1. A network security system, comprising a firewall arranged between an internal network and an external network, said firewall comprises a first port configured at the internal network oriented side of the firewall and a second port configured at the external network oriented side of the firewall;
- wherein the network security system further comprises a trusted node arranged between the firewall and the external network, which is used to provide a data channel between the internal network and external network, and forward the data transported between the internal network and external network; and
  
  the trusted node comprises a media-stream receiving port used to converge the data from the second port.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The network security system according to claim 1, wherein the trusted node further comprises a data forward unit, which is used to forward the data transported between the internal network and the external network, a signaling channel selection unit, which is used to select signaling transmission channel for transmitting the data so as to implement the convergence of signaling, a call channel selection unit, which is used to select a media-stream receiving port in the trusted node for communicating with the internal network, and a control unit, which is used to control the operations of all the other units.
  - 3. The network security system according to claim 1, wherein the trusted node is designed to support H.323 protocol.
  - 4. The network security system according to claim 2, wherein the trusted node is designed to support H.323 protocol.
  - 5. The network security system according to claim 2, wherein the signaling channel selection unit adopts Q931 channel for transmitting signaling.

6. A network security method of realizing secure communication between the internal network and the external network by utilizing a network security system, said network security system comprises a firewall arranged between the internal network and the external network, a first port and a second port configured at the both sides of the firewall, and a trusted node arranged between the firewall and the external network;
- and the trusted node comprises a media-stream receiving port;
  
  wherein the network security method comprises the following steps of;
  
  A. establishing a call connection between the internal network and the external network by means of the trusted node;
  
  B. selecting a media-stream receiving port for communicating with the internal network in the trusted node;
  
  C. the trusted node forwarding the data transported between the internal network and the external network, and at the same time, converging the data from the second port by the selected media-stream receiving port.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The network security method according to claim 6, wherein the Step B comprises the following:
    - B1. Open Logical Channel signaling being transmitted by the internal network to the trusted node;
      
      B2. the trusted node informing the internal network of the selected media-stream receiving port;
      
      B3. the trusted node transmitting Open Logical Channel signaling to the external network to establish a corresponding channel.
  - 8. The network security method according to claim 6, wherein the Step C comprises the following:
    - C1. the selected media-stream receiving port of the trusted node receiving all the data from the internal network, and forwarding the data to the external network;
      
      C2. the selected media-stream receiving port of the trusted node forwarding the data transmitted by the external network to the internal network.
  - 9. The network security method according to claim 6, wherein the Step A comprises a step of selecting Q931 channel for transmitting signaling.
  - 10. The network security method according to claim 6, further comprises a step of implementing load balance among a plurality of trusted nodes when the data are forwarded.
  - 11. The network security method according to claim 7, further comprises a step of implementing load balance among a plurality of trusted nodes when the data are forwarded.
  - 12. The network security method according to claim 8, further comprises a step of implementing load balance among a plurality of trusted nodes when the data are forwarded.
  - 13. The network security method according to claim 9, further comprises a step of implementing load balance among a plurality of trusted nodes when the data are forwarded.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Wu, Jiaoli, Wei, Ziqiang, Chen, Xianyi, Xu, Lingfeng, Wang, Enkui

Granted Patent

US 8,032,934 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 63/029 Firewall traversal, e.g. tu...

Network security system and the method thereof

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Network security system and the method thereof

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links