Firewall for real-time internet applications

DC CAFC

US 7,047,561 B1
Filed: 09/28/2000
Issued: 05/16/2006
Est. Priority Date: 09/28/2000
Status: Expired due to Term

- Alert
- Pin

First Claim

Patent Images

1. A firewall for Internet protocol packets carrying data for a real-time Internet application, each of said Internet protocol packets being associated with any one of a signaling channel, a control channel, or a bearer channel of said real-time Internet application, the firewall comprising:

an application proxy and a packet filter,the firewall applying the Internet protocol packets associated with the signaling channel and the control channel to the application proxy, and the firewall applying the Internet protocol packets associated with the bearer channel to the packet filter.

View all claims

15 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

The present invention relates to a firewall for use in association with real-time Internet applications such as Voice over Internet Protocol (VoIP). The firewall applies an application proxy to the signaling and control channels and a packet filter to the bearer channels. One of the features of hybrid firewall is that the application proxy can instruct the packet filter as to which bearer channels to enable and disable for the duration of a real-time Internet application session. The hybrid firewall can also intelligently perform network address translation (NAT) on Internet protocol packets incoming and outgoing to the firewall.

Citations

21 Claims

1. A firewall for Internet protocol packets carrying data for a real-time Internet application, each of said Internet protocol packets being associated with any one of a signaling channel, a control channel, or a bearer channel of said real-time Internet application, the firewall comprising:
- an application proxy and a packet filter,the firewall applying the Internet protocol packets associated with the signaling channel and the control channel to the application proxy, and the firewall applying the Internet protocol packets associated with the bearer channel to the packet filter.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The firewall of claim 1 wherein said real-time Internet application is Voice over Internet Protocol (VoIP).
  - 3. The firewall of claim 1 wherein said real-time Internet application is fax over Internet.
  - 4. The firewall of claim 1 wherein said real-time Internet application is video over Internet.
  - 5. The firewall of claim 1 wherein said real-time Internet application is voice messaging over Internet.
  - 6. The firewall of claim 1 wherein the application proxy instructs the packet filter as to which Internet protocol packets associated with a particular bearer channel to enable and disable for the duration of a session of said real-time Internet application.
  - 7. The firewall of claim 1 further including a Network Address Translation (NAT) process to translate any Internet Protocol (IP) addresses, Transmission Control Protocol (TCP) port numbers or User Datagram Protocol (UDP) port numbers contained at layer 3 and layer 4 of the Internet protocol packets associated with the signaling channel, the control channel and the bearer channel.
  - 8. The firewall of claim 1 further including a Network Address Translation (NAT) process to translate any Internet Protocol (IP) addresses, Transmission Control Protocol (TCP) port numbers or User Datagram Protocol (UDP) port numbers contained at layer 7 of the Internet protocol packets associated with the signaling channel and the control channel.
  - 9. The firewall of claim 8 wherein said application proxy instructs said NAT process to operate for the duration of a session of said real-time Internet application independent of data traffic flow.
  - 10. The firewall of claim 1 further including a control logic process for specifying the operating parameters of the firewall.
  - 11. The firewall of claim 1 wherein said application proxy and said packet filter ane housed in any one of a dual homed commercial workstation, a general purpose workstation, a dedicated hardware firewall appliance, or an application specific integrated circuit.

12. A method of protecting a computer network transmitting and receiving Internet protocol packets formatted in accordance with a real-time Internet protocol, each of said Internet protocol packets being associated with any one of a signaling channel, a control channel, or a bearer channel, the method comprising the steps of:
- i. receiving a stream of Internet protocol packets,ii. applying the Internet protocol packets associated with the signaling channel and the control channel to an application proxy, andiii. applying the Internet protocol packets associated with the bearer channel to a packet filter.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12 further comprising the step of the application proxy instructing the packet filter as to which bearer channels to enable and disable for the duration of an Internet application session utilizing said real-time Internet protocol.
  - 14. The method of claim 12 further comprising the step of applying a NAT process to translate any Internet Protocol (IP) addresses, Transmission Control Protocol (TCP) port numbers or User Datagram Protocol (UDP) port numbers contained at layer 3 and layer 4 of the Internet protocol packets associated with the signaling channel, the control channel and the bearer channel.
  - 15. The method of claim 12 further comprising the step of applying a NAT process to translate any Internet Protocol (EP) addresses, Transmission Control Protocol (TCP) port numbers or User Datagram Protocol (UDP) port numbers contained at layer 7 of the Internet protocol packets associated with the signaling channel and the control channel.
  - 16. The method of claim 14 further comprising the step of the application proxy instructing the NAT process to operate for the duration of an Internet application session utilizing said real-time Internet protocol independent of data traffic flow.

17. A computer readable medium containing computer instructions for protecting an Internet Protocol network transmitting and receiving Internet protocol packets foxed in accordance with a real-time Internet protocol, each of said Internet protocol packets being associated with any one of a signaling channel, a control channel, or a bearer channel, said computer readable medium comprising computer program code, executable by a computer, for:
- i. receiving a stream of Internet protocol packets,ii. applying the Internet protocol packets associated with the signaling channel and the control channel to an application proxy, andiii. applying the Internet protocol packets associated with the bearer channel to a packet filter.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The computer readable medium of claim 17 further comprising computer program code, executable on a computer, for the application proxy to instruct the packet filter as to which bearer channels to enable and disable for the duration of an Internet application session utilizing said real-time Internet protocol.
  - 19. The computer readable medium of claim 17 flier comprising computer program code, executable on a computer, for a NAT process, and for applying the NAT process to translate any Internet Protocol (IP) addresses, Transmission Control Protocol (TCP) port numbers or User Datagram Protocol (UDP) port numbers contained at layer 3 and layer 4 of the Internet protocol packets associated with the signaling channel, the control channel and the bearer channel.
  - 20. The computer readable medium of claim 17 further comprising computer program code, executable on a computer, for a NAT process, and for applying the NAT process to translate any Internet Protocol (IP) addresses, Transmission Control Protocol (TCP) port numbers or User Datagram Protocol (UDP) port numbers contained at layer 7 of the Internet protocol packets associated with the signaling channel and the control channel.
  - 21. The computer readable medium of claim 19 further comprising computer program code, executable on a computer, for the application proxy to instruct the NAT process to operate for the duration of an Internet application session utilizing said real-time Internet protocol independent of data traffic flow.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Genband US LLC (Ribbon Communications, Inc.)
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Lee, Michael C. G.
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
Ho, Thomas

Application Number

US09/671,250
Time in Patent Office

2,056 Days
Field of Search

706/34, 706/204, 709/218, 709/223, 709/224, 709/225, 709/231, 709/232, 370/230, 370/901, 370/351, 370/353, 370/354, 370/355, 370/356, 370/352, 726/12, 726/13
US Class Current

726/12
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 61/2564   for a higher-layer protocol...

H04L 61/2585   through application level g...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/0281   Proxies

Firewall for real-time internet applications

First Claim

15 Assignments

Litigations

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Firewall for real-time internet applications

First Claim

15 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links