Firewall control for secure private networks with public VoIP access

US 7,254,832 B1
Filed: 08/28/2000
Issued: 08/07/2007
Est. Priority Date: 08/28/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of remotely controlling a firewall from a firewall controller in order to permit the flow of packet data through said firewall, the method comprising:

sending a request message from a firewall controller to a firewall requesting that a pinhole be opened;

opening a pinhole in said firewall;

sending a request message from a firewall controller to said firewall requesting that a pinhole be closed; and

closing said pinhole.

View all claims

15 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A private network firewall 225 is treated as if it were a media gateway network entity. Doing so allows a media gateway controller 205 to exchange messages with the firewall 225 for purposes of securely setting up and tearing down pinholes in the firewall. With this ability comes the ability to provide secure VoIP calls between public 250 and private 220 networks. A call server or media gateway controller 205, that is approving the VoIP communication stream in a private packet data network requests, via a secure tunnel 230, that the firewall 225 open a pinhole filter for a specific source and destination address pair corresponding to media gateway endpoints, 210 and 260 respectively, using either MGCP (H.248) or COPS messages, for instance. The pinhole filter is then disabled when the session is complete.

Citations

29 Claims

1. A method of remotely controlling a firewall from a firewall controller in order to permit the flow of packet data through said firewall, the method comprising:
- sending a request message from a firewall controller to a firewall requesting that a pinhole be opened;
  
  opening a pinhole in said firewall;
  
  sending a request message from a firewall controller to said firewall requesting that a pinhole be closed; and
  
  closing said pinhole.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising:
    - determining the need for a pinhole in said firewall.
  - 3. The method of claim 2 wherein said step of determining occurs at said firewall controller.
  - 4. The method of claim 3 wherein said firewall controller is a media gateway controller.
  - 5. The method of claim 1 further including the step of determining the need for a pinhole prior to sending a request that a pinhole be opened.
  - 6. The method of claim 1 wherein said request messages are formatted in the H.248 protocol.
  - 7. The method of claim 1 wherein said request messages are formatted in the common open policy services (COPS) protocol.

8. A firewall controller for permitting the flow of packet data, said firewall controller comprising:
- means for determining a need for a pinhole in a firewall;
  
  means for sending a request message to said firewall requesting that a pinhole be opened in said firewall; and
  
  means for sending a request message to said firewall requesting that said pinhole be closed in said firewall.
- View Dependent Claims (9, 10, 11)
- - 9. The firewall controller of claim 8 wherein said request messages are formatted in the H.248 protocol.
  - 10. The firewall controller of claim 8 wherein said request messages are formatted in the common open policy services (COPS) protocol.
  - 11. The firewall controller of claim 8 wherein said firewall controller is a media gateway controller.

12. A firewall responsive to a firewall controller for permitting the flow of packet data, said firewall comprising:
- means for receiving a request message from said firewall controller requesting that a pinhole be opened in said firewall;
  
  means for opening a pinhole in said firewall;
  
  means for receiving a request message from said firewall controller requesting that said pinhole be closed in said firewall; and
  
  means for closing said pinhole in said firewall.
- View Dependent Claims (13, 14)
- - 13. The firewall of claim 12 wherein said request messages are formatted in the H.248 protocol.
  - 14. The firewall of claim 12 wherein said request messages are formatted in the common open policy services (COPS) protocol.

15. A firewall responsive to a media gateway controller for permitting the flow of packet data, said firewall comprising:
- means for receiving a request message from said media gateway controller requesting that a pinhole be opened in said firewall;
  
  means for opening a pinhole in said firewall;
  
  means for receiving a request message from said media gateway controller requesting that said pinhole be closed in said firewall; and
  
  means for closing said pinhole in said firewall.

16. A computer program product for remotely controlling a firewall from a firewall controller in order to permit the flow of packet data through said firewall, the computer program product having a medium with a computer program embodied thereon, the computer program product comprising:
- computer program code in said firewall controller for sending a request message to said firewall requesting that a pinhole be opened; and
  
  computer program code in said firewall for opening a pinhole;
  
  computer program code in said firewall controller for sending a request message to said firewall requesting that said pinhole be closed; and
  
  computer program code for in said firewall for closing said pin hole.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16 further comprising:
    - computer program code in said firewall controller for determining the need for a pinhole in said firewall.
  - 18. The computer program product of claim 16 wherein said request messages are formatted in the H.248 protocol.
  - 19. The computer program product of claim 16 wherein said request messages are formatted in the common open policy services (COPS) protocol.
  - 20. The computer program product of claim 17 wherein said firewall controller is a media gateway controller.

21. A computer program product in a firewall controller, said firewall controller operative with a firewall, the computer program product having a medium with a computer program embodied thereon, the computer program product comprising:
- computer program code for determining the need for a pinhole in said firewall;
  
  computer program code for sending a request message to said firewall requesting that a pinhole be opened in said firewall; and
  
  computer program code for sending a request message to said firewall requesting that said pinhole be closed in said firewall.
- View Dependent Claims (22, 23, 24)
- - 22. The computer program product of claim 21 wherein said request messages are formatted in the H.248 protocol.
  - 23. The computer program product of claim 21 wherein said request messages are formatted in the common open policy services (COPS) protocol.
  - 24. The computer program product of claim 21 wherein said firewall controller is a media gateway controller.

25. A computer program product in a firewall, said firewall responsive to a firewall controller, the computer program product having a medium with a computer program embodied thereon, the computer program product comprising:
- computer program code for receiving a request message from said firewall controller requesting that a pinhole be opened in said firewall;
  
  computer program code for opening a pinhole in said firewall;
  
  computer program code for receiving a request message from said firewall controller requesting that said pinhole be closed in said firewall; and
  
  computer program code for closing said pinhole in said firewall.

26. A computer program product in a firewall, said firewall responsive to a media gateway controller, the computer program product having a medium with a computer program embodied thereon, the computer program product comprising:
- computer program code for receiving a request message from said media gateway controller requesting that a pinhole be opened in said firewall;
  
  computer program code for opening a pinhole in said firewall;
  
  computer program code for receiving a request message from said media gateway controller requesting that said pinhole be closed in said firewall; and
  
  computer program code for closing said pinhole in said firewall.

27. A computer system for remotely controlling a firewall from a firewall controller comprising:
- a firewall operatively connected to a private computer network and at least one external computer network;
  
  a firewall controller operatively connected to said firewall for remotely instructing said firewall to open and close pinholes in said firewall.
- View Dependent Claims (28, 29)
- - 28. The computer system of claim 27 wherein said firewall controller is a media gateway controller acting as a call server in a VoIP telephony network.
  - 29. The computer system of claim 28 wherein said media gateway controller instructs said firewall to open and close pinholes in said firewall such that media gateway endpoints within said private network can communicate with media gateway endpoints outside said private network on a per call basis.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Genband US LLC (Ribbon Communications, Inc.)
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Christie, Samuel H. IV
Primary Examiner(s)
Arani; Taghi
Assistant Examiner(s)
Sherkat; Arezoo

Application Number

US09/650,120
Time in Patent Office

2,535 Days
Field of Search

709/230, 709/225, 709/223, 709/277, 713/201, 370/352
US Class Current

726/11
CPC Class Codes

H04L 63/029   Firewall traversal, e.g. tu...

H04M 7/006   Networks other than PSTN/IS...

H04M 7/0078   Security; Fraud detection; ...

Firewall control for secure private networks with public VoIP access

First Claim

15 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Firewall control for secure private networks with public VoIP access

First Claim

15 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links