Method and apparatus supporting network communications through a firewall

US 7,506,358 B1
Filed: 12/09/1999
Issued: 03/17/2009
Est. Priority Date: 12/09/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

providing a plurality of sockets, whereineach socket has an associated connection and an associated security token,each associated connection is inbound relative to a relay program, andthe associated security token is provided by the associated connection;

receiving a first connection and a first security token at a relay program, whereinthe first connection is inbound relative to the relay program;

creating a socket associated with the first connection, whereinthe creating comprises associating the first security token with the first connection;

comparing the first security token with the associated security tokens; and

in response to said comparing,if none of the associated security tokens match the first security token, includingthe socket in the plurality of sockets, andif the first security token and a security token associated with one of the plurality of sockets match, coupling an end point of the first connection to an end point of a connection associated with the socket associated with the matching security token, whereina security token is a password, andthe connection associated with the socket is inbound relative to the relay program.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of communicating information between a first program and a second program over a network is described. The method includes relaying the information between the first program and a first communications program over a first network connection, relaying the information between the first communications program and a second communications program over a second network connection and relaying the information between the second communications program and the second program over a third network connection. Further, the first communications program creates the second network connection to the second communications program through a first firewall program, which prevents access to the first program initiated by the second program. Thus, the second network connection is initiated by the first communications program. The first communications program can be, for example, a protocol daemon and the second communications program can be, for example, a relay program. The first firewall program can also be configured to prevent access to the first program initiated by the second communications program.

29 Citations

View as Search Results

46 Claims

1. A method comprising:
- providing a plurality of sockets, whereineach socket has an associated connection and an associated security token,each associated connection is inbound relative to a relay program, andthe associated security token is provided by the associated connection;
  
  receiving a first connection and a first security token at a relay program, whereinthe first connection is inbound relative to the relay program;
  
  creating a socket associated with the first connection, whereinthe creating comprises associating the first security token with the first connection;
  
  comparing the first security token with the associated security tokens; and
  
  in response to said comparing,if none of the associated security tokens match the first security token, includingthe socket in the plurality of sockets, andif the first security token and a security token associated with one of the plurality of sockets match, coupling an end point of the first connection to an end point of a connection associated with the socket associated with the matching security token, whereina security token is a password, andthe connection associated with the socket is inbound relative to the relay program.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 further comprising:
    - in response to said comparing, if none of the associated security tokens match the first security token,upon a determination that the first connection is not to be associated with a socket, disconnecting the first connection.
  - 3. The method of claim 1, wherein the coupling comprises:
    - relaying a data stream between the first connection and the connection associated with the socket.
  - 4. The method of claim 1, wherein the coupling comprises:
    - creating a single connection comprising the first connection and the connection associated with the socket.
  - 5. The method of claim 1 further comprising:
    - decoupling the first connection and the connection associated with the socket from one another.
  - 6. The method of claim 5, whereinthe decoupling decouples the first connection and the connection associated with the socket upon one of failure and disconnect of one of the first connection and the connection associated with the socket.
  - 7. The method of claim 1, whereinthe first connection is transmitted through a first firewall program.
  - 8. The method of claim 7, whereinthe first connection is created by a protocol daemon.
  - 9. The method of claim 8, whereina second connection connects the protocol daemon to a first program, andthe protocol daemon couples the first connection and the second connection to one another.
  - 10. The method of claim 9, wherein the protocol daemon couples the first connection and the second connection to one another by virtue of the protocol daemonrelaying a data stream between the first socket and the socket associated with the matching security token.
  - 11. The method of claim 10, whereinthe first program provides the first security token.

12. A method comprising:
- creating a first connection from a first program to a relay program, whereinthe first connection is inbound to the relay program;
  
  receiving a first security token from the first program at the relay program, whereinthe first security token is a password;
  
  providing the first security token to the relay program;
  
  creating a socket associated with the first connection, whereinthe creating comprises associating the first security token with the first connection;
  
  comparing the first security token with one or more security tokens associated with one or more corresponding connections, whereineach one of the one or more corresponding connections is inbound to the relay program; and
  
  in response to said comparing,if the first security token and a security token associated with a corresponding connection match,coupling the second connection to the connection associated with the matching security token, andif none of the associated security tokens match the first security token,creating a second connection to the relay program, whereinthe second connection is inbound to the relay program,upon successful creation of the second connection,including the second connection with said one or more corresponding connections, andcoupling the first connection and the second connection to one another.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12, whereinthe second connection is transmitted through a firewall program.
  - 14. The method of claim 13, whereina protocol daemon program performsthe creating the first connection,the creating the second connection,the receiving the first security token from the first program,the providing the first security token to the relay program, andthe coupling the first connection to the second connection.
  - 15. The method of claim 14, whereinthe protocol daemon program and the firewall program are resident on a single computer.
  - 16. The method of claim 14, whereinthe protocol daemon program and the first program are resident on a single computer.
  - 17. The method of claim 12 further comprising:
    - relaying a data stream between the first connection and the second connection.
  - 18. The method of claim 12 further comprising:
    - terminating the first connection and the second connection.
  - 19. The method of claim 12, whereinthe connection associated with the matching security token is initiated by a second program.
  - 20. The method of claim 12, whereinthe relay program relays data between the second connection and the connection associated with the matching security token.

21. An apparatus comprising:
- means for providing a plurality of sockets, whereineach socket has an associated connection and an associated security token,each associated connection is inbound relative to a relay program, andthe associated security token is provided by the associated connection;
  
  means for receiving a first connection and a first security token;
  
  means for creating a socket associated with the first connection, whereinmeans for creating comprises means for associating the first security token with the first connection;
  
  means for comparing the first security token with the associated security tokens; and
  
  in response to said comparing,means for including the socket in the plurality of sockets, if none of the associated security tokens match the first security token, andmeans for coupling an endpoint of the first connection to an endpoint of the connection associated with the socket associated with the matching security token, if the first security token and a security token associated with one of the plurality of sockets match, whereina security token is a password.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The apparatus of claim 21 further comprising:
    - in response to said comparing, if none of the associated security tokens match the first security token,means for disconnecting the first connection, upon a determination that the first connection is not to be associated with a socket.
  - 23. The apparatus of claim 21, wherein the means for coupling comprises:
    - means for relaying a data stream between the first connection and the connection associated with the socket.
  - 24. The apparatus of claim 21, wherein the means for coupling comprises:
    - means for creating a single connection comprising the first connection and the connection associated with the socket.
  - 25. The apparatus of claim 21 further comprising:
    - means for decoupling the first connection and the connection associated with the socket.
  - 26. The apparatus of claim 25, whereinthe means for decoupling is configured to decouple the first connection and the connection associated with the socket upon one of failure and disconnect of one of the first connection and the connection associated with the socket.
  - 27. The apparatus of claim 21, whereinthe first connection is transmitted through a first firewall program.

28. An apparatus comprising:
- means for creating a first connection from a first program to a relay program;
  
  the first connection is inbound to the relay program;
  
  means for receiving a first security token from the first program, whereinthe first security token is a password;
  
  means for providing the first security token to the relay program,means for creating a socket associated with the first connection, whereinthe means for creating comprises means for associating the first security token with the first connection;
  
  means for comparing the first security token with one or more security tokens associated with one or more corresponding connections, whereineach one of the one or more corresponding connections is inbound to the relay program; and
  
  in response to said comparing,means for coupling a second connection and the connection associated with the matching security token, if the first security token and a security token associated with a corresponding connection match, wherein the second connection is the corresponding connection, andmeans for creating a second connection to a relay program, if none of the associated security tokens match the first security token, whereinthe second connection is inbound to the relay program, andupon successful creation of the second connection,means for including the second connection with said one or more corresponding connections, andmeans for coupling the first connection and the second connection to one another.
- View Dependent Claims (29, 30, 31, 32, 33)
- - 29. The apparatus of claim 28 further comprisingmeans for transmitting the second connection through a firewall program.
  - 30. The apparatus of claim 28 further comprising:
    - means for relaying a data stream between the first connection and the second connection.
  - 31. The apparatus of claim 28 further comprising:
    - means for terminating the first connection and the second connection.
  - 32. The apparatus of claim 28, whereinthe connection associated with the matching security token is initiated by a second program.
  - 33. The apparatus of claim 28, wherein the relay program further comprises:
    - means for relaying data between the second connection and the connection associated with the matching security token.

34. A computer program product encoded in a computer readable storage media, the computer program product comprising:
- a first set of instructions, executable by a processor and configured to cause the processor to provide a plurality of sockets, whereineach socket has an associated connection and an associated security token,each associated connection is inbound relative to a relay program, andthe associated security token is provided by the associated connection;
  
  a second set of instructions, executable by the processor and configured to cause the processor to receive a first connection and a first security token at the relay program, whereinthe first connection is inbound relative to the relay program;
  
  a third set of instructions, executable by the processor and configured to cause the processor to create a socket associated with the first connection, wherein-the third set of instructions comprisesa first subset of instructions, executable by a processor and configured to cause the processor to associate the first security token with the first connection;
  
  a fourth set of instructions, executable by the processor and configured to cause the processor to compare the first security token with the associated security tokens;
  
  a fifth set of instructions, executable by the processor and configured to cause the processor to include the socket in the plurality of sockets, in response to said comparing, if none of the associated security tokens match the first security token; and
  
  a sixth set of instructions, executable by the processor and configured to cause the processor, in response to the fourth set of instructions, tocouple an end point of the first connection and an end point of a connection associated with the socket associated with the matching security token to one another, whereina security token is a password.
- View Dependent Claims (35, 36, 37, 38, 39, 40)
- - 35. The computer program product of claim 34 further comprising:
    - a seventh set of instructions, executable by the processor, responsive to said comparing, and configured to cause the processor to disconnect the first connection,if none of the associated security tokens match the first security token, andupon a determination that the first connection is not to be associated with a socket.
  - 36. The computer program product of claim 34 further comprising:
    - an seventh set of instructions, executable by the processor and configured to cause the processor to relay a data stream between the first connection and the connection associated with the socket.
  - 37. The computer program product of claim 34 further comprising:
    - a seventh set of instructions, executable by the processor and configured to cause the processor to create a single connection comprising the first connection and the connection associated with the socket.
  - 38. The computer program product of claim 34 further comprising:
    - a seventh set of instructions, executable by the processor and configured to cause the processor to decouple the first connection and the connection associated with the socket.
  - 39. The computer program product of claim 38 further comprising:
    - an eighth set of instructions, executable by the processor and configured to cause the processor to decouple the first connection and the connection associated with the socket upon one of failure and disconnect of one of the first connection and the connection associated with the socket.
  - 40. The computer program product of claim 34, wherein the first connection is transmitted through a first firewall program.

41. A computer program product encoded in a computer readable storage media, the computer program product comprising:
- a first set of instructions, executable by a first processor and configured to cause the first processor to create a first connection from a first program to a relay program, whereinthe first connection is inbound to the relay program;
  
  a second set of instructions, executable by the first processor and configured to cause the first processor to receive a first security token from the first program to the relay program, whereinthe first security token is a password, andsaid second set of instruction comprisesa first subset of instructions providing the first security token to the relay program;
  
  a third set of instructions, executable by the first processor and configured to cause the first processor to create a socket associated with the first connection, whereinsaid third set of instructions comprisesa second subset of instructions, executable by the first processor and configured to cause the first processor to associate the first security token with the first connection;
  
  a fourth set of instructions, executable by the first processor and configured to cause the first processor to compare the first security token with one or more security tokens associated with one or more corresponding connections;
  
  a fifth set of instructions, executable by the first processor and configured to cause the first processor to create a second connection to a relay program;
  
  a sixth set of instructions, executable by the first processor and configured to cause the first processor to provide the first security token to the relay program;
  
  a seventh set of instructions, executable by the first processor and configured to cause the first processor to couple the first connection to the second connection upon successful creation of the second connection;
  
  an eighth set of instructions executable by a second processor, responsive to said comparing, and configured to cause the second processor to couple the second connection to the connection associated with the matching security token if the first security token and a security token associated with a corresponding connection match; and
  
  a ninth set of instructions, executable by the second processor, responsive to said comparing, and configured to cause the second processor to include the second connection with said one or more corresponding connections if none of the associated security tokens match the first security token.
- View Dependent Claims (42, 43, 44, 45, 46)
- - 42. The computer program product of claim 41, wherein the second connection is transmitted through a firewall program.
  - 43. The computer program product of claim 41 further comprising:
    - a tenth set of instructions, executable by the first processor and configured to cause the first processor to relay a data stream between the first connection and the second connection.
  - 44. The computer program product of claim 41 further comprising:
    - a tenth set of instructions, executable by the first processor and configured to cause the first processor to terminate the first connection and the second connection.
  - 45. The computer program product of claim 41, wherein the connection associated with the matching security token is initiated by a second program.
  - 46. The computer program product of claim 41, wherein the relay program further comprises:
    - a subset of instructions, executable by the second processor, configured to cause the second processor to relay data between the second connection and the connection associated with the matching security token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Fry, Steven G., Sarkar, Shantanu
Primary Examiner(s)
COLIN, CARL G

Application Number

US09/456,692
Time in Patent Office

3,386 Days
Field of Search

713/201, 713/168, 713/170, 370/401, 726/2, 726/14, 726/21, 709/224, 709/227, 709/228, 709/230, 709/244, 709/249
US Class Current

726/2
CPC Class Codes

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/083   using passwords cryptograph...

H04L 69/16   Implementation or adaptatio...

H04L 69/162   involving adaptations of so...

Method and apparatus supporting network communications through a firewall

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus supporting network communications through a firewall

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links