Firewall port switching
First Claim
Patent Images
1. A network system comprising an authorized client terminal connected to a network, a server connected to a network, and a firewall interposed between said server and said network, wherein:
- said client terminal accesses said server using publicly known protocol via a port with a publicly known port number in said firewall;
in the case when said client terminal conducting access is authorized, said server downloads a program for realizing effective dedicated protocol solely between said client terminal and said server to said client terminal via said port having said publicly known port number; and
said client terminal and said server conduct data communication via said network and said port having said publicly known port number using said dedicated protocol by executing said program, wherein said network system further comprises a proxy server which conducts port switching in said firewall, and wherein;
in the case when said client terminal conducting access is authorized, said server downloads a program for realizing effective dedicated protocol solely between said client terminal and said server to said client terminal via a first port having a publicly known port number, whereafter communicates said first port to said client terminal as a port for communications, and sets a port used by said server as a second port having a port number other than said publicly known port number;
said proxy server switches a port seen from said client terminal from said first port to said second port, and switches a port seen from said server from said second port to said first port; and
said client terminal and said server conducts data communication via said network, said firewall, and said proxy server using said dedicated protocol by executing said program.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to a network system, the network system of the present invention comprises an authorized client terminal which is connected to a network, a server which is connected to the network, and a firewall which is interposed between the server and the network. The client terminal accesses the server by means of a publicly known protocol via a port having a publicly known port number in the firewall. In the case in which the accessing client terminal is authorized, the server downloads program for realizing effective dedicated protocols solely between the client terminal and itself to the client terminal via the port having the publicly known port number. Furthermore, the server access with the client terminal conducts data communication by executing the program and by means of the dedicated protocols, via the network and the port having the publicly known port number.
40 Citations
6 Claims
-
1. A network system comprising an authorized client terminal connected to a network, a server connected to a network, and a firewall interposed between said server and said network, wherein:
-
said client terminal accesses said server using publicly known protocol via a port with a publicly known port number in said firewall;
in the case when said client terminal conducting access is authorized, said server downloads a program for realizing effective dedicated protocol solely between said client terminal and said server to said client terminal via said port having said publicly known port number; and
said client terminal and said server conduct data communication via said network and said port having said publicly known port number using said dedicated protocol by executing said program, wherein said network system further comprises a proxy server which conducts port switching in said firewall, and wherein;
in the case when said client terminal conducting access is authorized, said server downloads a program for realizing effective dedicated protocol solely between said client terminal and said server to said client terminal via a first port having a publicly known port number, whereafter communicates said first port to said client terminal as a port for communications, and sets a port used by said server as a second port having a port number other than said publicly known port number;
said proxy server switches a port seen from said client terminal from said first port to said second port, and switches a port seen from said server from said second port to said first port; and
said client terminal and said server conducts data communication via said network, said firewall, and said proxy server using said dedicated protocol by executing said program. - View Dependent Claims (2)
said client terminal is provided with a first encrypted communication control unit which conducts encryption and decoding of data in said data communication; and
said server is provided with a second encrypted communication control unit which conducts encryption and decoding of data in said data communication.
-
-
3. A server for a network system, wherein is provided a processing unit which, in the case when a client terminal conducting access by publicly known protocol, via a port having a publicly known port number in a firewall, is authorized, downloads a program, for realizing effective dedicated protocol solely between said client terminal and said server, to said client terminal via said port having said publicly known port number, and said server conducts data communication with said client terminal via said network and said port having said publicly known port number conducts using said dedicated protocol,
wherein, in the case when a proxy server which conducts port switching in said firewall is present in said network system, said network server is further provided with a processing unit which communicates a first port to said client terminal as a port for communication, and sets a port used by said server as a second port having a port number other than said publicly known port number, and the server conducts data communication with said client terminal via said network, said firewall, and said proxy server using said dedicated protocol.
-
5. A computer program product containing a computer readable program recorded on a computer usable medium, said program affecting the process of:
-
determining as to whether a client terminal conducting access using publicly known protocol via a port having a publicly known port number in a firewall is authorized or not;
in the case when the client terminal is authorized, downloading a program, for realizing effective dedicated protocol solely between said client terminal and a server, to said client terminal via said port having said publicly known port number; and
conducting data communication with said client terminal using said dedicated protocol via said network and said port having said publicly known port number, wherein, in the case when a proxy server which conducts port switching in said firewall is present in said network system, said program further effecting the process of;
communicating a first port to said client terminal as a port for communication, and setting a port used by said server as a second port having a port number other than said publicly known port number; and
conducting data communication with said client terminal using said dedicated protocol via said network, said firewall, and said proxy server. - View Dependent Claims (6)
conducting the encryption and decoding of data in said data communication.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeNTT Comware Corporation (Nippon Telegraph and Telephone Corporation)
-
Original AssigneeNTT Comware Corporation (Nippon Telegraph and Telephone Corporation)
-
InventorsSakata, Masashi, Nagaoka, Toru, Kobayashi, Kazue
-
Primary Examiner(s)Hayes, Gail
-
Assistant Examiner(s)REVAK, CHRISTOPHER A
-
Application NumberUS09/274,384Time in Patent Office1,701 DaysField of Search713/200, 713/201, 713/202, 713/150, 713/168, 713/169, 710/12, 709/223, 709/224, 709/225, 709/227, 709/228, 709/230, 709/238, 709/239, 709/250, 703/25, 370/351, 370/357, 370/359US Class Current726/11CPC Class CodesH04L 63/0218 Distributed architectures, ...H04L 63/0263 Rule management
