System, method and computer program product for updating the states of a firewall
First Claim
Patent Images
1. A method for use in managing a communication, comprising:
- changing, by a first computing device, at least one of a network address or a port number;
determining a session identifier that identifies a filtering mechanism to update in a security device;
determining a filter identifier that identifies an existing filter rule within the filtering mechanism to update;
determining an action to be performed on the filter rule;
determining a value attribute with which to update the filter rule;
generating a message, wherein the message includes the session identifier, the filter identifier, the action, and the value attribute; and
providing the message to the security device to enable a dynamic update of the filter rule such that the security device is configured to allow the first computing device to communicate with a second computing device while the first computing device changes at least one of a network address, or a port number,wherein at least a portion of the communication is routed to the security device.
5 Assignments
0 Petitions
Accused Products
Abstract
The preferred instance of the present invention is a method and computer program product that specifies an array of elements to be incorporated into a firewall configuration protocol. When added to the configuration protocol, these added attributes allow the existing packet filtering mechanism to accommodate a terminal device that has moved and received a new IP address in a timely and efficient manner.
13 Citations
18 Claims
-
1. A method for use in managing a communication, comprising:
-
changing, by a first computing device, at least one of a network address or a port number; determining a session identifier that identifies a filtering mechanism to update in a security device; determining a filter identifier that identifies an existing filter rule within the filtering mechanism to update; determining an action to be performed on the filter rule; determining a value attribute with which to update the filter rule; generating a message, wherein the message includes the session identifier, the filter identifier, the action, and the value attribute; and providing the message to the security device to enable a dynamic update of the filter rule such that the security device is configured to allow the first computing device to communicate with a second computing device while the first computing device changes at least one of a network address, or a port number, wherein at least a portion of the communication is routed to the security device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for use in managing a communication over a network, comprising:
-
changing, by a first computing device, at least one of a network address or a port number used to communicate over the network; determining a plurality of attributes associated with an update to an existing filter in a security device for use in managing the communication between the first computing device and a second computing device, the attributes including a session identifier, a filter identifier, an action to be performed on the filter and a value attribute, at least a portion of the communication being routed to the security device; and providing the plurality of attributes to the security device, wherein the security device employs the attributes to dynamically update the filter such that the security device is configured to maintain the communication between the first and second communications devices while the first computing device changes a network location. - View Dependent Claims (11)
-
-
12. A system for use in managing an update to a security device comprising:
-
a transceiver for receiving and sending content over the network; a processor in communication with the transceiver; and a memory in communication with the processor and for use in storing data and machine instructions that cause the processor to perform a plurality of operations, including; changing at least one of a network address or a port number associated with a first computing device and used by the first computing device to communicate over the network; generating a message, wherein the message comprises; a session identifier that recognizes a set of filters within the security device, an indicator of an existing packet filter within the set of filters to update, an action performable on the packet filter; and a value useable to update the indicated packet filter; and providing the message to the security device to dynamically update the security device so as to allow the first computing device to communicate with a second computing device while the first computing device changes a network location, the communication being routed to the security device. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A system for use in updating a state of a security device, comprising:
-
a mobile terminal that is configured to perform actions, including; establish a communication, via a security device, with a second computing device, wherein the communication employs at least one of a network address or a port number associated with the mobile terminal; changing at least one of the network address or the port number associated with the mobile terminal; determining a plurality of attributes associated with an update to the state of the security device to manage the communication between the mobile terminal and the second computing device, at least a portion of the communication being routable to the security device; and providing a message including a session identifier, a filter identifier of an existing filter, an action to be performed on the filter and a value attribute to the security device; and the security device being in communication with the mobile terminal and configured to perform actions, including; receiving the message including the plurality of attributes, employing an enhanced configuration protocol that allows the security device to accommodate a change in the mobile terminal'"'"'s network address; verifying an authenticity of the message by confirming that the mobile terminal owns the message; and if the message is verified, dynamically updating the state based on information within the message including the plurality of attributes, to allow the mobile terminal to maintain the communication with the second computing device while the mobile device changes a network location and at least a portion of the communication is routed to the security device.
-
-
18. An apparatus useable in managing an update to a security device comprising:
- a transceiver for receiving and sending content over the network;
a means for changing at least one of a network address or a port number associated with a first computing device; a means for determining a message, wherein the message comprises;
a session identifier indicating a set of filters within the security device, an indicator of an existing packet filter with the set of filters to update, an action performable on the packet filter; and
a value useable to update the indicated packet filter; anda means for providing the message to the security device to dynamically update the security device and allow the first computing device to communicate with a second computing device while the first computing device changes a network location, the communication being routed to the security device.
- a transceiver for receiving and sending content over the network;
Specification