System and method for traversing firewalls, NATs, and proxies with rich media communications and other application protocols
First Claim
1. A computer program product for use in conjunction with a computer device, the computer program product comprising a non-transitory computer-readable storage medium and a computer program product mechanism embodied therein that causes the computer device to perform data transfers across a security device interposed between the computer device and a second computer device, the computer program product having:
- computer program codes to cause a gatekeeper computer device to monitor requests for data transfer to one or more determinable ports of an endpoint computer device, wherein the monitoring includes detecting whether a network security device is interposed between the gatekeeper computer device and the endpoint computer device;
computer program codes to cause the gatekeeper computer device to create a first data channel to the endpoint computer device in response to the detection of the network security device, wherein data communicated over the first data channel is transmitted using a connection-based protocol;
computer program codes to cause the gatekeeper computer device to, in response to detecting a registration request from the endpoint computer device, substitute private address information associated with the endpoint computer device in the registration request with alternate address information and transmit the alternate address information to the endpoint computer device;
computer program codes to cause the gatekeeper computer device to, in response to detecting a request to participate in a conference, initiate the conference using the alternate address information and instructing the endpoint computer device to create a second data channel to a conference server and provide the conference server with the alternate address information, wherein the computer program codes are further configured, for the data transmitted in the conference, to;
intercept data destined for one or more determinable destination ports of the endpoint computer device, wherein the intercepted data comprises packets of a connectionless protocol;
encapsulate the intercepted packets of the connectionless protocol within payload packets of a connection-based protocol and to send the encapsulated data to the endpoint computer device via the first data channel; and
in response to receiving a retransmission request for at least a portion of the encapsulated data from the endpoint computer device, transmit identifier packets of dummy packets or packets of a known sequence to the endpoint computer device, wherein the identifier packets satisfy the retransmission request and direct the endpoint computer device to discard the identifier packets;
further comprising computer program codes to cause the gatekeeper computer device to perform a security device detection process to determine whether establishment of the data channel is necessary.
20 Assignments
0 Petitions
Accused Products
Abstract
A tunneling system and method is described for traversing firewalls, NATs, and proxies. Upon a request from a device on the secure private network or on a public network such as the Internet, a connection to a designated or permitted device of the secure private network by way of the public network can be established, allowing selected devices of the private network to access devices on the public network. A bi-directional channel can be established where information such as rich multimedia and real-time voice and video can be accessed or communicated.
-
Citations
20 Claims
-
1. A computer program product for use in conjunction with a computer device, the computer program product comprising a non-transitory computer-readable storage medium and a computer program product mechanism embodied therein that causes the computer device to perform data transfers across a security device interposed between the computer device and a second computer device, the computer program product having:
-
computer program codes to cause a gatekeeper computer device to monitor requests for data transfer to one or more determinable ports of an endpoint computer device, wherein the monitoring includes detecting whether a network security device is interposed between the gatekeeper computer device and the endpoint computer device; computer program codes to cause the gatekeeper computer device to create a first data channel to the endpoint computer device in response to the detection of the network security device, wherein data communicated over the first data channel is transmitted using a connection-based protocol; computer program codes to cause the gatekeeper computer device to, in response to detecting a registration request from the endpoint computer device, substitute private address information associated with the endpoint computer device in the registration request with alternate address information and transmit the alternate address information to the endpoint computer device; computer program codes to cause the gatekeeper computer device to, in response to detecting a request to participate in a conference, initiate the conference using the alternate address information and instructing the endpoint computer device to create a second data channel to a conference server and provide the conference server with the alternate address information, wherein the computer program codes are further configured, for the data transmitted in the conference, to; intercept data destined for one or more determinable destination ports of the endpoint computer device, wherein the intercepted data comprises packets of a connectionless protocol; encapsulate the intercepted packets of the connectionless protocol within payload packets of a connection-based protocol and to send the encapsulated data to the endpoint computer device via the first data channel; and in response to receiving a retransmission request for at least a portion of the encapsulated data from the endpoint computer device, transmit identifier packets of dummy packets or packets of a known sequence to the endpoint computer device, wherein the identifier packets satisfy the retransmission request and direct the endpoint computer device to discard the identifier packets; further comprising computer program codes to cause the gatekeeper computer device to perform a security device detection process to determine whether establishment of the data channel is necessary. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product for use in conjunction with a computer device, the computer program product comprising a non-transitory computer-readable medium and a computer program product mechanism embodied therein that causes the computer device to perform data transfers across a proxy interposed between the computer device and a second computer device, the computer program product having:
-
computer program codes to cause a gatekeeper computer device to monitor requests for data transfer to one or more determinable ports of the an endpoint computer device, wherein the monitoring includes detecting whether a network security device is interposed between the gatekeeper computer device and the endpoint computer device; computer program codes to cause the gatekeeper computer device to create a first data channel by transmitting a tunnel connect message to the endpoint computer device in response to the detection of the network security device, wherein the tunnel connect message includes sequencing information, wherein data communicated over the first data channel is transmitted using a connection-based protocol; computer program codes to cause the gatekeeper computer device to determine whether the proxy is interposed between the gatekeeper computer device and an endpoint computer device based at least on the tunnel connection message and the sequencing information; computer program codes to cause the gatekeeper computer device to, in response to detecting a registration request from the endpoint computer device, substitute private address information associated with the endpoint computer device in the registration request with alternate address information and transmit the alternate address information to the endpoint computer device; computer program codes to cause the gatekeeper computer device to, in response to detecting a request to participate in a conference, initiate the conference using the alternate address information and instructing the endpoint computer device to create a second data channel to a conference server and provide the conference server with the alternate address information, wherein the computer program codes are further configured, for the data transmitted in the conference, to; intercept data destined for one or more determinable destination ports of the endpoint computer device, wherein the intercepted data comprises packets of a connectionless protocol; encapsulate the intercepted packets of the connectionless protocol within payload packets of a connection-based protocol and to send the encapsulated data to the endpoint computer device via the first data channel; and in response to receiving a retransmission request for at least a portion of the encapsulated data from the endpoint computer device, transmit identifier packets of dummy packets or packets of a known sequence to the endpoint computer device, wherein the identifier packets satisfy the retransmission request and direct the endpoint computer device to discard the identifier packets; further comprising computer program codes to cause the gatekeeper computer device to perform a security device detection process to determine whether establishment of the data channel is necessary. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method of transferring data from a first computer device to a second computer device, the method comprising:
-
monitoring requests for data transfer to one or more determinable ports of an endpoint computer device, wherein the monitoring includes detecting whether a network security device is interposed between a gatekeeper computer device and the endpoint computer device; creating a first data channel to the endpoint computer device in response to the detection of the network security device, wherein data communicated over the first data channel is transmitted using a connection-based protocol; in response to detecting a registration request from the endpoint computer device, substituting private address information associated with the endpoint computer device in the registration request with alternate address information and transmitting the alternate address information to the endpoint computer device; in response to detecting a request to participate in a conference, initiating the conference using the alternate address information and instructing the endpoint computer device to create a second data channel to a conference server and provide the conference server with the alternate address information;
wherein data for the conference is transmitted by;intercepting data destined for one or more determinable destination ports of the endpoint computer device, wherein the intercepted data comprises packets of a connectionless protocol; encapsulating the intercepted packets of the connectionless protocol within payload packets of a connection-based protocol and to send the encapsulated data to the endpoint computer device via the first data channel; and in response to receiving, a retransmission request for at least a portion of the encapsulated data from the endpoint computer device, transmitting identifier packets of dummy packets or packets of a known sequence to the endpoint computer device, wherein the identifier packets satisfy the retransmission request and direct the endpoint computer device to discard the identifier packets; further comprising performing a security device detection process to determine whether establishment of the data channel is necessary. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification