Identity based flow control of IP traffic

US 20070271453A1
Filed: 01/30/2007
Published: 11/22/2007
Est. Priority Date: 05/19/2006
Status: Abandoned Application

First Claim

Patent Images

1. A firewall managing server comprising:

a receiving unit configured to receive authentication information of a first node used for verification of remote nodes'"'"' authentication attempts, and to receive a token from at least one remote node;

an authentication unit configured to perform authentication of the at least one remote node based on the token; and

a setting unit configured to, if the authentication is successful, set rules of a firewall through which all communication towards a first node goes to accept packets from an address of the remote node to the address of the first node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Authentication information of a first node is received which are used for verification of remote nodes'"'"' authentication attempts, and a token is received from at least one remote node. Authentication of the at least one remote node is performed based on the token, and, if the authentication is successful, rules of a firewall are set through which all communication towards a first node goes to accept packets from an address of the remote node to the address of the first node.

Citations

42 Claims

1. A firewall managing server comprising:
- a receiving unit configured to receive authentication information of a first node used for verification of remote nodes'"'"' authentication attempts, and to receive a token from at least one remote node;
  
  an authentication unit configured to perform authentication of the at least one remote node based on the token; and
  
  a setting unit configured to, if the authentication is successful, set rules of a firewall through which all communication towards a first node goes to accept packets from an address of the remote node to the address of the first node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The firewall managing server of claim 1, wherein the authentication information comprises public keys.
  - 3. The firewall managing server of claim 1, wherein the authentication information comprises a shared secret.
  - 4. The firewall managing server of claim 1, wherein the authentication comprises an authentication challenge presented to the at least one remote node.
  - 5. The firewall managing server of claim 1, wherein the authentication comprises checking that a shared secret provided comprised in the authentication information is valid.
  - 6. The firewall managing server of claim 1, wherein the authentication unit is configured to hold an address of the remote node.
  - 7. The firewall managing server of claim 1, comprisinga monitoring unit configured to monitor an amount of traffic through the firewall caused by the remote node and to output a message for controlling the amount of traffic in accordance with traffic restriction requirements defined for the remote node.
  - 8. The firewall managing server of claim 7, wherein the receiving unit is configured to receive the traffic restriction requirements for the remote node.
  - 9. The firewall managing server of claim 7, wherein the monitoring unit is configured to send the message to at least one remote node.

10. A node comprising:
- a providing unit configured to provide a ticket to a remote node of a communication network, the ticket authenticating the remote node to access the node through a firewall node.
- View Dependent Claims (11, 12, 13)
- - 11. The node of claim 10, wherein the ticket is valid for a limited period of time.
  - 12. The node of claim 10, comprising:
    - a generating unit configured to generate public keys used for verification of remote host authentication attempts; and
      
      a sending unit configured to provide the public keys to a firewall managing server.
  - 13. The node of claim 10, comprising:
    - a traffic control unit configured to send traffic restriction requirements to a firewall managing server for remote nodes.

14. A node comprising:
- an authentication unit configured to perform authentication of a second node at a firewall of a first node;
  
  a sending unit configured to, if the authentication is successful, allow packets from an address of the second node to an address of the first node through the firewall; and
  
  a traffic control unit configured to receive a message for controlling an amount of traffic towards the first node.
- View Dependent Claims (15)
- - 15. The node of claim 14, wherein the traffic control unit is configured to control the traffic towards the first node based on the message.

16. A firewall managing method comprising:
- receiving authentication information of a first node used for verification of remote nodes'"'"' authentication attempts, and receiving a token from at least one remote node;
  
  performing authentication of the at least one remote node based on the token; and
  
  if the authentication is successful, setting rules of a firewall through which all communication towards a first node goes to accept packets from an address of the remote node to the address of the first node.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 31, 33, 35)
- - 17. The firewall managing method of claim 16, wherein the authentication information comprises public keys.
  - 18. The firewall managing method of claim 16, wherein the authentication information comprises a shared secret.
  - 19. The firewall managing method of claim 16, wherein the authentication comprises an authentication challenge presented to the at least one remote node.
  - 20. The firewall managing method of claim 16, wherein the authentication comprises checking that a shared secret provided comprised in the authentication information is valid.
  - 21. The firewall managing method of claim 16, comprising holding an address of the remote node.
  - 22. The firewall managing method of claim 16, comprising:
    - monitoring an amount of traffic through the firewall caused by the remote node and outputting a message for controlling the amount of traffic in accordance with traffic restriction requirements defined for the remote node.
  - 23. The firewall managing method of claim 22, comprising receiving the traffic restriction requirements for the remote node.
  - 24. The firewall managing method of claim 22, comprising sending the message to at least one remote node.
  - 31. A computer program comprising processor implementable instructions for performing all the steps of a method according to any one of claims 16 to 28.
  - 33. A computer software medium storing a computer program according to claim 31.
  - 35. A computer program product loadable into a programmable processing device, comprising software code portions for performing the steps of the method according to any one of claims 16 to 28, when the computer program product is run on a programmable device.

25. A method comprising:
- providing a ticket to a remote node of a communication network, the ticket authenticating the remote node to access a node through a firewall node.
- View Dependent Claims (26, 27, 28)
- - 26. The method of claim 25, wherein the ticket is valid for a limited period of time.
  - 27. The method of claim 25, comprising:
    - generating public keys used for verification of remote host authentication attempts; and
      
      providing the public keys to a firewall managing server.
  - 28. The method of claim 25, comprising:
    - sending traffic restriction requirements to a firewall managing server for remote nodes.

29. A method comprising:
- performing authentication at a firewall of a first node;
  
  if the authentication is successful, sending packets from an address of the node to an address of the first node through the firewall; and
  
  receiving a message for controlling an amount of traffic towards the first node.
- View Dependent Claims (30, 32, 34, 36)
- - 30. The method of claim 29, comprising controlling the traffic towards the first node based on the message.
  - 32. A computer program comprising processor implementable instructions for performing all the steps of a method according to claim 29 or 30.
  - 34. A computer software medium storing a computer program according to claim 32.
  - 36. A computer program product loadable into a programmable processing device, comprising software code portions for performing the steps of the method according to claim 29 or 30, when the computer program product is run on a programmable device.

37. A firewall managing server comprising:
- means for receiving authentication information of a first node used for verification of remote nodes'"'"' authentication attempts, and for receiving a token from at least one remote node;
  
  means for performing authentication of the at least one remote node based on the token; and
  
  means for, if the authentication is successful, setting rules of a firewall through which all communication towards a first node goes to accept packets from an address of the remote node to the address of the first node.

38. A semiconductor chip comprising:
- a receiving unit configured to receive authentication information of a first node used for verification of remote nodes'"'"' authentication attempts, and to receive a token from at least one remote node;
  
  an authentication unit configured to perform authentication of the at least one remote node based on the token; and
  
  a setting unit configured to, if the authentication is successful, set rules of a firewall through which all communication towards a first node goes to accept packets from an address of the remote node to the address of the first node.

39. A node comprising:
- means for providing a ticket to a remote node of a communication network, the ticket authenticating the remote node to access the node through a firewall node.

40. A semiconductor chip comprising:
- a providing unit configured to provide a ticket to a remote node of a communication network, the ticket authenticating the remote node to access the node through a firewall node.

41. A node comprising:
- means for performing authentication at a firewall of a first node;
  
  means for, if the authentication is successful, sending packets from an address of the node to an address of the first node through the firewall; and
  
  means for receiving a message for controlling an amount of traffic towards the first node.

42. A semiconductor chip comprising:
- an authentication unit configured to perform authentication at a firewall of a first node;
  
  a sending unit configured to, if the authentication is successful, send packets from an address of the node to an address of the first node through the firewall; and
  
  a traffic control unit configured to receive a message for controlling an amount of traffic towards the first node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Nokia Corporation
Inventors
Hietasarka, Juha, Nykanen, Petri, Mononen, Jari, Oinonen, Kari, Konkarikoski, Ulla, Pohja, Seppo, Valli, Jyrki, Leinonen, Jarno

Application Number

US11/699,471
Publication Number

US 20070271453A1
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0807   using tickets, e.g. Kerbero...

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

Identity based flow control of IP traffic

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Identity based flow control of IP traffic

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links