System and method for managing dynamic network sessions
First Claim
1. A method operative at an Internet access gateway operative between an area network and a public network for processing a dynamic network session between said area network and said public network when a primary server of said public network in a primary session with a client of said area network initiates an additional session with an additional server of said public network and said client, said method comprising steps of:
- receiving a data packet at said gateway from said additional server; and
processing said packet provided i) said gateway received said packet at an input port exceeding 1023, ii) said additional session comprises a pre-defined Session Triggering Event, and iii) at least one internal network component of said area network indicates willingness to receive said packet, wherein said gateway otherwise applies a default process to said packet.
3 Assignments
0 Petitions
Accused Products
Abstract
For an Internet Access Gateway operative between an area network and a public network, managing dynamic network sessions therebetween whereby a primary server on the public network in a primary session with a client of the area network initiates an additional session with an additional server on the public network, for which an unexpected data packet received at the gateway from the additional server is associated with the primary session, and accordingly allowed access to the area network through the gateway, provided the gateway received the data packet at an input port exceeding 1023, the additional session comprises a pre-defined Session Triggering Event, and at least one internal network component of the area network indicates willingness to receive the data packet. Wherefore, a preferred Application Level Gateway is thereby provided for firewall and NAT implementations to enhance network security.
106 Citations
22 Claims
-
1. A method operative at an Internet access gateway operative between an area network and a public network for processing a dynamic network session between said area network and said public network when a primary server of said public network in a primary session with a client of said area network initiates an additional session with an additional server of said public network and said client, said method comprising steps of:
-
receiving a data packet at said gateway from said additional server; and processing said packet provided i) said gateway received said packet at an input port exceeding 1023, ii) said additional session comprises a pre-defined Session Triggering Event, and iii) at least one internal network component of said area network indicates willingness to receive said packet, wherein said gateway otherwise applies a default process to said packet. - View Dependent Claims (2, 3, 4, 13, 14, 15, 16, 17)
-
-
5. A method operative at an Internet access gateway operative between an area network and a public network for processing a dynamic network session between said area network and said public network when a primary server of said public network in a primary session with a client of said area network initiates an additional session with an additional server of said public network and said client, said method comprising steps of:
-
receiving a data packet at said gateway from said additional server; and processing said packet provided i) said aateway received said packet at an input port exceeding 1023, ii) said additional session comprises a pre-defined Session Ttiggering Event, and iii) at least one internal network component of said area network indicates willingness to receive said packet, wherein said component indicates said willingness to receive said packet via port probing from said gateway. - View Dependent Claims (6, 7)
-
-
8. A method operative at an Internet access gateway operative between an area network and a public network for processing a dynamic network session between said area network and said public network when a primary server of said public network in a primary session with a client of said area network initiates an additional session with an additional server of said pablic network and said client, said method comprising steps of:
-
receiving a data packet at said gateway from said additional server; and processing said packet provided i) said gateway received said packet at an input port exceeding 1023, ii) said additional session comprises a pre-defined Session Triggering Event, and iii) at least one internal network component of said area network indicates willingness to receive said packet, wherein said component indicates said willingness to receive said packet via one or more SNMP queries.
-
-
9. A method operative at an Internet access gateway operative between an area network and a public network for processing a dynamic network session between said area network and said public network when a primary server of said public network in a primary session with a client of said area network initiates an additional session with an additional server of said public network and said client, said method comprising steps of:
-
receiving a data packet at said gateway from said additional server; and processing said packet provided i) said gateway received said packet at an input port exceeding 1023, ii) said additional session comprises a pre-defined Session Triggering Event, and iii) at least one internal network component of said area network indicates willingness to receive said packet, wherein said component indicates said willingness to receive said packet via an intranet host tracking protocol comprising periodic snapshots of said area network via one or more SNMP inquiries.
-
-
10. A method operative at an Internet access gateway operative between an area network and a public network for processing a dynamic network session between said area network and said public network when a primary server of said public network in a primary session with a client of said area network initiates an additional session with an additional server of said public network and said client, said method comprising steps of:
-
receiving a data packet at said gateway from said additional server; and processing said packet provided i) said gateway received said packet at an innut port exceeding 1023, ii) said additional session comprises a pre-defined Session Triggering Event, and iii) at least one internal network component of said area network indicates willingness to receive said packet, wherein said component indicates said willingness to receive said packet within a predetermined activity limitation. - View Dependent Claims (11)
-
-
12. A method operative at an Internet access gateway operative between an area network and a public network for processing a dynamic network session between said area network and said public network when a primary server of said public network in a primary session with a client of said area network initiates an additional session with an additional server of said public network and said client, said method comprising steps of:
-
receiving a data packet at said gateway from said additional server; and processing said packet provided i) said gateway received said packet at an input port exceeding 1023, ii) said additional session comprises a pre-defined Session Triggering Event, and iii) at least one internal network component of said area network indicates willingness to receive said packet, wherein said packet is processed as if transmitted from said primary server to said gateway.
-
-
18. A computer-readable storage medium containing computer executable code for instructing an Internet access gateway operative between an area network and a public network to operate as follows when processing a dynamic network session between said area network and said public network when a primary server of said public network in a primary session with a client of said area network initiates an additional session with an additional server of said public network and said client:
-
receive a data packet at said gateway from said additional server; and process said packet provided i) said gateway received said packet at an input port exceeding 1023, ii) said additional session comprises a pre-defrned Session Triggering Event, and iii) at least one internal network component of said area network indicates willingness to receive said packet, wherein said executable code instructs said gateway to otherwise apply a default process to said packet. - View Dependent Claims (19, 20, 21, 22)
-
Specification