Real time firewall security

US 6,400,707 B1
Filed: 08/27/1998
Issued: 06/04/2002
Est. Priority Date: 08/27/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method of conducting an analog to analog communication between an originating terminal and a terminating terminal through a packet switched network coupled to a switched telephone network via at least one gateway wherein said terminating terminal is coupled to said switched telephone network;

comprising;

establishing a static filter device between said gateway and said originating terminal;

transmitting through said filter device to said gateway a request for the establishment of a communication path through said gateway and through said telephone network to said terminating terminal;

engaging in a signaling dialog between said originating terminal and said gateway through said filter device;

generating a real time copy of at least a portion of said signaling dialog;

creating a filter device control signal containing parameters derived from said dialog;

configuring said filter device pursuant to said filter control signal;

conducting said analog to analog communication between said originating terminal and said terminating terminal via packet signaling through said packet switched network and said filter device to said gateway;

filtering said packet signaling through the configured filter device and blocking packet signals that fail to conform to the configuration of said static filter created from said dialog.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for conducting a voice communication through a hybrid network which includes a packet internetwork, such as the Internet, connected to a circuit switched telephone network. The packet internetwork is connected to the switched telephone network through a static filter device, a packet switch, and a telephone network controlled gateway. A control processor is connected to the packet switch and to the filter device. The filter device generates a real time copy of call set up signaling dialog between the party requesting connection and the gateway which passes through or to the filter device. This duplicate of set up signaling is delivered from the filter device through the packet switch to the control processor. The control processor generates therefrom a filter device control signal which specifies the filter parameters derived from the set-up signaling dialog. This filter device control signal is delivered to the filter device and reconfigures the filter device to set filter parameters which are customized to the specific communication. The filter device thereupon filters the conversation stream of packetized voice.

85 Citations

View as Search Results

33 Claims

1. A method of conducting an analog to analog communication between an originating terminal and a terminating terminal through a packet switched network coupled to a switched telephone network via at least one gateway wherein said terminating terminal is coupled to said switched telephone network;
- comprising;
  
  establishing a static filter device between said gateway and said originating terminal;
  
  transmitting through said filter device to said gateway a request for the establishment of a communication path through said gateway and through said telephone network to said terminating terminal;
  
  engaging in a signaling dialog between said originating terminal and said gateway through said filter device;
  
  generating a real time copy of at least a portion of said signaling dialog;
  
  creating a filter device control signal containing parameters derived from said dialog;
  
  configuring said filter device pursuant to said filter control signal;
  
  conducting said analog to analog communication between said originating terminal and said terminating terminal via packet signaling through said packet switched network and said filter device to said gateway;
  
  filtering said packet signaling through the configured filter device and blocking packet signals that fail to conform to the configuration of said static filter created from said dialog.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method according to claim 1 wherein said analog communication is a voice communication.
  - 3. A method according to claim 2 wherein said packet switched network comprises the Internet.
  - 4. A method according to claim 1 wherein said parameters include the identity of said originating and terminating terminals, the identity of a port in said static filter, and the protocol to be used in the communication.
  - 5. A method according to claim 4 wherein said parameters are valid solely for the communication initiated with said dialog.
  - 6. A method according to claim 5 wherein said parameters include Internet protocol (IP) addresses for said gateway and for a server by which said originating terminal accessed said packet switched network.

7. A method of conducting a voice communication between an originating terminal and a terminating terminal through a packet switched network coupled to a switched telephone network via at least one gateway wherein said terminating terminal is coupled to said switched telephone network;
- comprising;
  
  establishing a static filter device between said gateway and said originating terminal;
  
  transmitting through said filter device to said gateway a request for the establishment of a communication path through said gateway and through said telephone network to said terminating terminal;
  
  engaging in a call set up signaling dialog between said originating terminal and said gateway through said filter device;
  
  generating a real time copy of at least a portion of said set up signaling dialog;
  
  creating a filter device control signal containing parameters derived from said set up dialog;
  
  configuring said filter device pursuant to said filter device control signal;
  
  conducting said voice communication between said originating terminal and said terminating terminal via packet signaling through said packet switched network and said filter device to said gateway;
  
  filtering said packet signaling through the configured filter device and blocking packet signals that fail to conform to the configuration of said filter device created from said dialog.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. A method according to claim 7 wherein said dialog utilizes Q.931 signaling protocol and H.323 packet standards.
  - 9. A method according to claim 7 wherein said dialog includes the steps of accessing a storage to authenticate the originating terminal, providing the originating terminal with the packet switched network address of said gateway, setting at least a port parameter from said gateway, and authorizing commencement of said voice communication from said gateway.
  - 10. A method according to claim 9 wherein said copying is in said filter device.
  - 11. A method according to claim 7 including the steps of copying said voice communication packet signaling, and monitoring said copied packet signaling.
  - 12. A method according to claim 7 wherein said originating terminal comprises a computer.

13. A system for conducting a voice communication through a hybrid network including:
- a packet internetwork;
  
  a switched telephone network connected to the packet internetwork via a static filter device, a packet switch, and a gateway, said telephone network including a central office switching system connected to a voice terminal; and
  
  a control processor connected to said packet switch and to said filter device;
  
  wherein said filter device generates a real time copy of call set up signaling therethrough, which copy of set up signaling is delivered through said packet switch to said control processor, said control processor generating therefrom a filter device control signal delivered to said filter device and reconfiguring said filter device.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. A system according to claim 13 wherein said filter device is reconfigured solely for the single call for which the set up was performed.
  - 15. A system according to claim 13 including an authorization database which is accessed by said gateway prior to said gateway authorizing a call set up.
  - 16. A system according to claim 15 wherein said gateway accesses said authorization database via said packet internetwork.
  - 17. A system according to claim 16 wherein said internetwork comprises the Internet.
  - 18. A system according to claim 17 including a gateway address database which is accessed in an attempt to set up a voice communication through said hybrid network to obtain the internetwork address of said gateway.
  - 19. A system according to claim 18 wherein said gateway address database is accessed via said internetwork.
  - 20. A system according to claim 13 wherein said filter device control signal delivered to said filter device includes information identifying a calling terminal, a called terminal, and a port number assigned for conducting the voice communication.
  - 21. A system according to claim 13 wherein, upon the reconfiguring of said filter device, said filter device commences generation of a real time copy of call set up signaling for a different call.

22. In a communication system comprising a packet internetwork, a switched telephone network connected to the packet internetwork via a static filter device and a gateway, and a control processor connected to said filter device;
- a method comprising;
  
  transmitting from said filter device to said control processor a real time copy of call set up signaling passing through said filter device, generating in said control processor a filter device control signal and delivering said filter device control signal to said filter device, reconfiguring said filter device in accord with said filter device control signal, and filtering through said reconfigured filter device a packetized voice communication signal.
- View Dependent Claims (23, 24)
- - 23. A method according to claim 22 wherein said filter device control signal is delivered to said filter device substantially immediately upon completion of said call set up signaling.
  - 24. A method according to claim 23 including the step of said filter device producing real time copy of call set up signaling for a different call through a different port substantially immediately upon its said reconfiguration for the first call through a first port.

25. In a communication system comprising a packet internetwork, a switched telephone network connected to the packet internetwork via a static filter device, a packet switch, and a gateway, and a control processor connected to said filter device;
- a method comprising;
  
  transmitting from said filter device to said packet switch duplicate streams of call set up signaling;
  
  switching one of said streams to said gateway and the other of said streams to said control processor;
  
  generating in said control processor a filter device control signal and delivering said filter device control signal to said filter device;
  
  reconfiguring said filter device in accord with said filter device control signal; and
  
  filtering through said reconfigured filter device the packetized voice communication set up by said set up signaling.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
- - 26. A method according to claim 25 including porting said set up signaling through a Q.931 port in said filter device.
  - 27. A method according to claim 25 wherein said filter device is reconfigured solely for the single call for which the set up was performed.
  - 28. A method according to claim 27 including the step of said gateway accessing an authorization database prior to said gateway authorizing a call set up.
  - 29. A method according to claim 28 wherein said gateway accesses said authorization database via said packet internetwork.
  - 30. A method according to claim 29 wherein said internetwork comprises the Internet.
  - 31. A method according to claim 30 including the step of accessing a gateway address database in an attempt to set up a voice communication through said communication system to obtain the internetwork address of said gateway.
  - 32. A method according to claim 31 wherein said gateway address database is accessed via the Internet.

33. A firewall device for providing protection of a network object to which said firewall device is connected, comprising a static filter device, a control processor, and a packet switch, said static filter device providing real time duplication of a packet stream passed therethrough and through said packet switch, said static filter device sending the duplicate packet stream through said packet switch to said control processor, said control processor sending a filter device control signal to said filter device based on information obtained from said duplicate packet stream causing said filter device to be reconfigured in accord with said filter device control signal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palo Alto Networks Incorporated
Original Assignee
Bell Atlantic Network Services, Inc. (Verizon Communications Inc.)
Inventors
Baum, Robert T., Eggerl, Edward M., Burton, William R., Cloutier, Leo C.
Primary Examiner(s)
Patel, Ajit

Application Number

US09/141,726
Time in Patent Office

1,377 Days
Field of Search

370/351-356, 370/229, 370/230.1, 370/235, 370/254, 370/389, 709/220-225, 709/232-235, 713/200, 713/201, 713/100, 708/300, 708/819
US Class Current

370/352
CPC Class Codes

H04L 63/0263   Rule management

H04L 65/103   in the network

H04L 65/104   in the network

H04L 65/1101   Session protocols

H04M 7/0078   Security; Fraud detection; ...

H04M 7/1205   where the types of switchin...

Real time firewall security

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

33 Claims

Specification

Use Cases

Quick Links

Others

Real time firewall security

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

33 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others