Null-packet transmission from inside a firewall to open a communication window for an outside transmitter

US 8,079,072 B2
Filed: 06/22/2005
Issued: 12/13/2011
Est. Priority Date: 07/18/2001
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-usable medium having a program embodied thereon which, when executed by one or more processors, causes said processors to carry out a method for managing communication over a data communication network, the method comprising:

providing an external communication manager on the data communication network outside of a first firewall;

first registering, at the external communication manager, first communication channel information about a first communication application, first IP address data associated with said first communication application and firewall window data for said first firewall, said first communication application being separated from the data communication network by the first firewall;

second registering, at the external communication manager, second communication channel information about a second communication application and second IP address data associated with said second communication application, said second communication application being blocked from directly communicating with the first communication application by the first firewall;

receiving, at the external communication manager, a request for communication between the first communication application and the second communication application after said first and second registering steps; and

instructing, from the external communication manager, the first and second communication applications to initiate and accept direct communications with each-other through the firewall based on the first and second registered communication channel information after said receiving step the second communication application being separated from the data communication network by a second firewall,said second registering including registering second firewall window data for said second firewall, andsaid instructing including instructing the second communication application to transmit a null UDP packet as an opening packet from a port associated with the second firewall window at the second IP address to a port associated with the first firewall window at the first IP address.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A high-bandwidth direct communication path between two clients is used for voice or video calls over the Internet. An opening or a window in a firewall is made for the direct path by sending a null packet out from inside the firewall. The null packet can be a UDP packet directed to a UDP port of the other client. Initially, each client makes a TCP connection to port 80 of an external manager. Each client registers its UDP port number with the external manager. A call request from one client to the external manager results in a message from the external manager to the other client. The other client then creates the window in its firewall by transmitting the null UDP packet. Then the external manager is notified and tells the calling client to begin sending UDP packets directly to the other client through the firewall window.

14 Citations

View as Search Results

16 Claims

1. A non-transitory computer-usable medium having a program embodied thereon which, when executed by one or more processors, causes said processors to carry out a method for managing communication over a data communication network, the method comprising:
- providing an external communication manager on the data communication network outside of a first firewall;
  
  first registering, at the external communication manager, first communication channel information about a first communication application, first IP address data associated with said first communication application and firewall window data for said first firewall, said first communication application being separated from the data communication network by the first firewall;
  
  second registering, at the external communication manager, second communication channel information about a second communication application and second IP address data associated with said second communication application, said second communication application being blocked from directly communicating with the first communication application by the first firewall;
  
  receiving, at the external communication manager, a request for communication between the first communication application and the second communication application after said first and second registering steps; and
  
  instructing, from the external communication manager, the first and second communication applications to initiate and accept direct communications with each-other through the firewall based on the first and second registered communication channel information after said receiving step the second communication application being separated from the data communication network by a second firewall,said second registering including registering second firewall window data for said second firewall, andsaid instructing including instructing the second communication application to transmit a null UDP packet as an opening packet from a port associated with the second firewall window at the second IP address to a port associated with the first firewall window at the first IP address.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The medium of claim 1, where said direct communications between the first and second communication applications through the firewall is by TCP/IP protocol.
  - 3. The medium of claim 2, wherein the direct communications between the first and second communication applications is by VoIP.
  - 4. The medium of claim 1, wherein direct communications between the first and second communication applications through the firewall is by UDP protocol.
  - 5. The medium of claim 1, said first communication application being blocked from directly communicating with the second communication application by the second firewall.
  - 6. The medium of claim 1, said firewall window data including an identified UDP port.

7. A method for managing communication over a data communication network, the method comprising:
- providing an external communication manager on the data communication network outside of a first firewall;
  
  first registering, at the external communication manager, first communication channel information about a first communication application, first IP address data associated with said first communication application and firewall window data for said first firewall, said first communication application being separated from the data communication network by the first firewall;
  
  second registering, at the external communication manager, second communication channel information about a second communication application and second IP address data associated with said second communication application, said second communication application being blocked from directly communicating with the first communication application by the first firewall;
  
  receiving, at the external communication manager, a request for communication between the first communication application and the second communication application after said first and second registering steps; and
  
  instructing, from the external communication manager, the first and second communication applications to initiate and accept direct communications with each-other through the firewall based on the first and second registered communication channel information after said receiving step;
  
  the second communication application being separated from the data communication network by a second firewall,said second registering including registering second firewall window data for said second firewall, andsaid instructing including instructing the second communication application to transmit a null UDP packet as an opening packet from a port associated with the second firewall window at the second IP address to a port associated with the first firewall window at the first IP address.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, where said direct communications between the first and second communication applications through the firewall is by TCP/IP protocol.
  - 9. The method of claim 7, wherein the direct communications between the first and second communication applications is by VoIP.
  - 10. The method of claim 7, wherein the direct communications between the first and second communication originators is by UDP protocol.
  - 11. The method of claim 7, said first communication application being blocked from directly communicating with the second communication application by the second firewall.
  - 12. The method of claim 7, said firewall window data including an identified UDP port.

13. A non-transitory computer-usable medium having a program embodied thereon which, when executed by one or more processors, causes said processors to carry out a method for managing communication over a data communication network, the method comprising:
- providing an external communication manager on the data communication network outside of a first firewall;
  
  first registering, at the external communication manager, first communication channel information about a first communication application, first IP address data associated with said first communication application, and firewall window data for said first firewall, said first communication application being separated from the data communication network by the first firewall;
  
  second registering, at the external communication manager, second communication channel information about a second communication application and second IP address data associated with said second communication application, said second communication application being blocked from directly communicating with the first communication application by the first firewall;
  
  receiving, at the external communication manager, a request for communication between the first communication application and the second communication application after said first and second registering steps; and
  
  instructing, from the external communication manager, the first and second communication applications to initiate and accept direct communications with each-other through the firewall based on the first and second registered communication channel information after said receiving step;
  
  andsaid instructing including instructing the first communication application to transmit a null UDP packet as an opening packet from a UDP port associated with the firewall window at the first IP address to a UDP port associated with the second communication application at the second IP address.

14. A method for managing communication over a data communication network, the method comprising:
- providing an external communication manager on the data communication network outside of a first firewall;
  
  first registering, at the external communication manager, first communication channel information about a first communication application, first IP address data associated with said first communication application and firewall window data for said first firewall, said first communication application being separated from the data communication network by the first firewall;
  
  second registering, at the external communication manager, second communication channel information about a second communication application and second IP address data associated with said second communication application, said second communication application being blocked from directly communicating with the first communication application by the first firewall;
  
  receiving, at the external communication manager, a request for communication between the first communication application and the second communication application after said first and second registering steps; and
  
  instructing, from the external communication manager, the first and second communication applications to initiate and accept direct communications with each-other through the firewall based on the first and second registered communication channel information after said receiving step,andsaid instructing including instructing the first communication application to transmit a null UDP packet as an opening packet from a UDP port associated with the firewall window at the first IP address to a UDP port associated with the second communication application at the second IP address.

15. An external communication manager apparatus for managing communication over a data communication network, the apparatus comprising:
- a data communication portion that receives and transmits data from/to a data communication network;
  
  a communication channel registration unit that registers first communication channel information about a first communication application, said first application being separated from the data communication network by a first firewall;
  
  a registration storage table that stores registered communication channel information;
  
  a direct communication request processing unit that receives a request for communication between the first communication application and a second communication application;
  
  where the first communication application is associated with registered first communication channel information and the second communication application is associated with registered second communication channel information,and where said second application is blocked from directly communicating with the first application by the firewall; and
  
  an instruction generator that instructs the first and second communication application to initiate and accept direct communications with the first communication application through the firewall based on the first and second registered communication channel information in response to the request for communication and instructs the second communication application to transmit a null UDP packet to the firewall to create a firewall window that permits direct UDP communication between the first and second communication applications;
  
  where the external communication manager is located outside of the firewall.

16. A system for managing communication through a firewall over a data communication network, the apparatus comprising:
- a first communication device separated from said data network by a firewall, said first originator being associated with a first communication application located behind said firewall;
  
  a second communication device associated with a second communication application;
  
  an external communication manager connected to said data network and located outside of the firewall, said manager including;
  
  a data communication portion that receives and transmits data from/to a data communication network;
  
  a communication channel registration unit that registers communication channel information about a communication application and any applicable firewall data associated with a communication device;
  
  a registration storage table that stores registered communication channel information;
  
  a direct communication request processing unit that receives a request for communication between the first communication application and a second communication application;
  
  where the first communication application is associated with registered first communication channel information and the second communication application is associated with registered second communication channel information,and where said second communication device is blocked from directly communicating with the first communication device via the second communication application by the firewall; and
  
  an instruction generator that instructs the first and second communication applications to initiate and accept direct communications between the first and second communication devices through the firewall based on the first and second registered communication channel information in response to the request for communication,where said initiating and accepting direct communications includes transmitting a null UDP packet from the second communication application to the firewall to open a window in the firewall for direct UDP communication between the first and second communication applications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Boyle, Steven C., Kirchhoff, Debra C.
Primary Examiner(s)
DADA, BEEMNET W

Application Number

US11/159,505
Publication Number

US 20050235349A1
Time in Patent Office

2,365 Days
Field of Search

726/11, 726/12, 726/14, 709/230, 709/231, 709225-228, 709/229, 370/356, 370/389, 370/395.21, 370/401, 713/150, 713/153, 713/154
US Class Current

726/11
CPC Class Codes

H04L 63/029 Firewall traversal, e.g. tu...

Null-packet transmission from inside a firewall to open a communication window for an outside transmitter

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Null-packet transmission from inside a firewall to open a communication window for an outside transmitter

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links