Firewall providing enhanced network security and user transparency

US 7,249,378 B2
Filed: 11/03/2003
Issued: 07/24/2007
Est. Priority Date: 02/06/1996
Status: Expired due to Fees

First Claim

Patent Images

1. A virtual private network comprising:

a first private network including a first firewall interposed between the first private network and a public network;

a second private network including a second firewall interposed between the second private network and the public network;

the first and second firewalls being configured to provide an encrypted path for traffic flowing between the first and second firewalls; and

wherein a dedicated domain name server is associated with each of the first and second firewalls for establishing DNS mappings for the virtual private network.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Reexamination

Accused Products

Abstract

The present invention provides a firewall that achieves maximum network security and maximum user convenience. The firewall employs “envoys” that exhibit the security robustness of prior-art proxies and the transparency and ease-of-use of prior-art packet filters, combining the best of both worlds. No traffic can pass through the firewall unless the firewall has established an envoy for that traffic. Both connection-oriented (e.g., TCP) and connectionless (e.g., UDP-based) services may be handled using envoys. Establishment of an envoy may be subjected to a myriad of tests to “qualify” the user, the requested communication, or both. Therefore, a high level of security may be achieved. The usual added burden of prior-art proxy systems is avoided in such a way as to achieve fall transparency—the user can use standard applications and need not even know of the existence of the firewall. To achieve full transparency, the firewall is configured as two or more sets of virtual hosts. The firewall is, therefore, “multi-homed,” each home being independently configurable. One set of hosts responds to addresses on a first network interface of the firewall. Another set of hosts responds to addresses on a second network interface of the firewall. In one aspect, programmable transparency is achieved by establishing DNS mappings between remote hosts to be accessed through one of the network interfaces and respective virtual hosts on that interface. In another aspect, automatic transparency may be achieved using code for dynamically mapping remote hosts to virtual hosts in accordance with a technique referred to herein as dynamic DNS, or DDNS.

28 Citations

View as Search Results

15 Claims

1. A virtual private network comprising:
- a first private network including a first firewall interposed between the first private network and a public network;
  
  a second private network including a second firewall interposed between the second private network and the public network;
  
  the first and second firewalls being configured to provide an encrypted path for traffic flowing between the first and second firewalls; and
  
  wherein a dedicated domain name server is associated with each of the first and second firewalls for establishing DNS mappings for the virtual private network.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The virtual private network of claim 1, where the dedicated domain name server comprises a virtual host on the same physical machine as either of the first or second firewalls.
  - 3. The virtual private network of claim 2, wherein either of said first or second firewalls further comprises a plurality of virtual hosts, each of said virtual hosts corresponding to a home through which a connection may be made through either of said first or second firewalls.
  - 4. The virtual private network of claim 3, wherein said domain name server responds with address information to the virtual host responding to a connection request.
  - 5. The virtual private network of claim 1, wherein either of said first or second firewalls further comprise a configurator for providing a web-based front-end for configuring either of said first or second firewalls through a point-and-click interface using a web browser.

6. A virtual private network comprising:
- a first firewall means interposed between first private network and a public network means;
  
  a second firewall means interposed between a second private network and the public network;
  
  means for providing an encrypted path for traffic flowing between the first and second firewall means; and
  
  means for establishing DNS mappings for the virtual private network associated with each of the first and second firewalls means.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The virtual private network of claim 6, where the means for establishing DNS mappings comprises a virtual host means on the same physical machine as either of the first or second firewall means.
  - 8. The virtual private network of claim 7, wherein either of said first or second firewall means further comprises a plurality of virtual hosts means for allowing a connection may be made through either of said first or second firewall means.
  - 9. The virtual private network of claim 8, wherein said means for establishing DNS mappings responds with address information to the virtual host responding to a connection request.
  - 10. The virtual private network of claim 6, wherein either of said first or second firewall means further comprise a configurator means for providing a web-based front-end for configuring either of said first or second firewall means through a point-and-click interface using a web browser.

11. A virtual private network comprising:
- a first firewall interposed between a first private network and a public network;
  
  a second firewall interposed between a second private network and the public network;
  
  an encrypted path for traffic flowing between the first and second firewalls; and
  
  a dedicated domain name server associated with each of the first and second firewalls for establishing DNS mappings for the virtual private network.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The virtual private network of claim 11, where the dedicated domain name server comprises a virtual host on the same physical machine as either of the first or second firewalls.
  - 13. The virtual private network of claim 12, wherein either of said first or second firewalls further comprises a plurality of virtual hosts, each of said virtual hosts corresponding to a home through which a connection may be made through either of said first or second firewalls.
  - 14. The virtual private network of claim 13, wherein said domain name server responds with address information to the virtual host responding to a connection request.
  - 15. The virtual private network of claim 11, wherein either of said first or second firewalls further comprise a configurator for providing a web-based front-end for configuring either of said first or second firewalls through a point-and-click interface using a web browser.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
GraphOn Nes Sub, LLC (Hopto Inc.)
Original Assignee
GraphOn Nes Sub, LLC (Hopto Inc.)
Inventors
Wesigner, Ralph E., Coley, Christopher D.
Primary Examiner(s)
ZIA, SYED

Application Number

US10/700,411
Publication Number

US 20040098624A1
Time in Patent Office

1,359 Days
Field of Search

None
US Class Current

726/15
CPC Class Codes

B65B 11/004   in blanks, e.g. sheets prec...

G06F 16/958   Organisation or management ...

G06F 21/42   using separate channels for...

G06Q 20/027   involving a payment switch ...

H04L 2101/677   Multiple interfaces, e.g. m...

H04L 61/25   of the same type

H04L 61/2514   between local and global IP...

H04L 61/2521   Translation architectures o...

H04L 61/256   NAT traversal

H04L 61/35   involving non-standard use ...

H04L 61/4511   using domain name system [DNS]

H04L 61/4552   Lookup mechanisms between a...

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/0281   Proxies

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/18   using different networks or...

H04L 69/16   Implementation or adaptatio...

H04L 69/164   Adaptation or special uses ...

H04L 9/40 : Network security protocols

View All

Firewall providing enhanced network security and user transparency

First Claim

0 Assignments

0 Petitions

Reexamination

Accused Products

Abstract

28 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Firewall providing enhanced network security and user transparency

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Reexamination

Accused Products

Subscription Required

Abstract

28 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others