Null-packet transmission from inside a firewall to open a communication window for an outside transmitter
First Claim
1. A non-transitory computer-usable medium having a program embodied thereon which, when executed by one or more processors, causes said processors to carry out a method for managing communication over a data communication network, the method comprising:
- providing an external communication manager on the data communication network outside of a first firewall;
first registering, at the external communication manager, first communication channel information about a first communication application, first IP address data associated with said first communication application and firewall window data for said first firewall, said first communication application being separated from the data communication network by the first firewall;
second registering, at the external communication manager, second communication channel information about a second communication application and second IP address data associated with said second communication application, said second communication application being blocked from directly communicating with the first communication application by the first firewall;
receiving, at the external communication manager, a request for communication between the first communication application and the second communication application after said first and second registering steps; and
instructing, from the external communication manager, the first and second communication applications to initiate and accept direct communications with each-other through the firewall based on the first and second registered communication channel information after said receiving step the second communication application being separated from the data communication network by a second firewall,said second registering including registering second firewall window data for said second firewall, andsaid instructing including instructing the second communication application to transmit a null UDP packet as an opening packet from a port associated with the second firewall window at the second IP address to a port associated with the first firewall window at the first IP address.
2 Assignments
0 Petitions
Accused Products
Abstract
A high-bandwidth direct communication path between two clients is used for voice or video calls over the Internet. An opening or a window in a firewall is made for the direct path by sending a null packet out from inside the firewall. The null packet can be a UDP packet directed to a UDP port of the other client. Initially, each client makes a TCP connection to port 80 of an external manager. Each client registers its UDP port number with the external manager. A call request from one client to the external manager results in a message from the external manager to the other client. The other client then creates the window in its firewall by transmitting the null UDP packet. Then the external manager is notified and tells the calling client to begin sending UDP packets directly to the other client through the firewall window.
14 Citations
16 Claims
-
1. A non-transitory computer-usable medium having a program embodied thereon which, when executed by one or more processors, causes said processors to carry out a method for managing communication over a data communication network, the method comprising:
-
providing an external communication manager on the data communication network outside of a first firewall; first registering, at the external communication manager, first communication channel information about a first communication application, first IP address data associated with said first communication application and firewall window data for said first firewall, said first communication application being separated from the data communication network by the first firewall; second registering, at the external communication manager, second communication channel information about a second communication application and second IP address data associated with said second communication application, said second communication application being blocked from directly communicating with the first communication application by the first firewall; receiving, at the external communication manager, a request for communication between the first communication application and the second communication application after said first and second registering steps; and instructing, from the external communication manager, the first and second communication applications to initiate and accept direct communications with each-other through the firewall based on the first and second registered communication channel information after said receiving step the second communication application being separated from the data communication network by a second firewall, said second registering including registering second firewall window data for said second firewall, and said instructing including instructing the second communication application to transmit a null UDP packet as an opening packet from a port associated with the second firewall window at the second IP address to a port associated with the first firewall window at the first IP address. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for managing communication over a data communication network, the method comprising:
-
providing an external communication manager on the data communication network outside of a first firewall; first registering, at the external communication manager, first communication channel information about a first communication application, first IP address data associated with said first communication application and firewall window data for said first firewall, said first communication application being separated from the data communication network by the first firewall; second registering, at the external communication manager, second communication channel information about a second communication application and second IP address data associated with said second communication application, said second communication application being blocked from directly communicating with the first communication application by the first firewall; receiving, at the external communication manager, a request for communication between the first communication application and the second communication application after said first and second registering steps; and instructing, from the external communication manager, the first and second communication applications to initiate and accept direct communications with each-other through the firewall based on the first and second registered communication channel information after said receiving step; the second communication application being separated from the data communication network by a second firewall, said second registering including registering second firewall window data for said second firewall, and said instructing including instructing the second communication application to transmit a null UDP packet as an opening packet from a port associated with the second firewall window at the second IP address to a port associated with the first firewall window at the first IP address. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-usable medium having a program embodied thereon which, when executed by one or more processors, causes said processors to carry out a method for managing communication over a data communication network, the method comprising:
-
providing an external communication manager on the data communication network outside of a first firewall; first registering, at the external communication manager, first communication channel information about a first communication application, first IP address data associated with said first communication application, and firewall window data for said first firewall, said first communication application being separated from the data communication network by the first firewall; second registering, at the external communication manager, second communication channel information about a second communication application and second IP address data associated with said second communication application, said second communication application being blocked from directly communicating with the first communication application by the first firewall; receiving, at the external communication manager, a request for communication between the first communication application and the second communication application after said first and second registering steps; and instructing, from the external communication manager, the first and second communication applications to initiate and accept direct communications with each-other through the firewall based on the first and second registered communication channel information after said receiving step; and said instructing including instructing the first communication application to transmit a null UDP packet as an opening packet from a UDP port associated with the firewall window at the first IP address to a UDP port associated with the second communication application at the second IP address.
-
-
14. A method for managing communication over a data communication network, the method comprising:
-
providing an external communication manager on the data communication network outside of a first firewall; first registering, at the external communication manager, first communication channel information about a first communication application, first IP address data associated with said first communication application and firewall window data for said first firewall, said first communication application being separated from the data communication network by the first firewall; second registering, at the external communication manager, second communication channel information about a second communication application and second IP address data associated with said second communication application, said second communication application being blocked from directly communicating with the first communication application by the first firewall; receiving, at the external communication manager, a request for communication between the first communication application and the second communication application after said first and second registering steps; and instructing, from the external communication manager, the first and second communication applications to initiate and accept direct communications with each-other through the firewall based on the first and second registered communication channel information after said receiving step, and said instructing including instructing the first communication application to transmit a null UDP packet as an opening packet from a UDP port associated with the firewall window at the first IP address to a UDP port associated with the second communication application at the second IP address.
-
-
15. An external communication manager apparatus for managing communication over a data communication network, the apparatus comprising:
-
a data communication portion that receives and transmits data from/to a data communication network; a communication channel registration unit that registers first communication channel information about a first communication application, said first application being separated from the data communication network by a first firewall; a registration storage table that stores registered communication channel information; a direct communication request processing unit that receives a request for communication between the first communication application and a second communication application; where the first communication application is associated with registered first communication channel information and the second communication application is associated with registered second communication channel information, and where said second application is blocked from directly communicating with the first application by the firewall; and an instruction generator that instructs the first and second communication application to initiate and accept direct communications with the first communication application through the firewall based on the first and second registered communication channel information in response to the request for communication and instructs the second communication application to transmit a null UDP packet to the firewall to create a firewall window that permits direct UDP communication between the first and second communication applications; where the external communication manager is located outside of the firewall.
-
-
16. A system for managing communication through a firewall over a data communication network, the apparatus comprising:
-
a first communication device separated from said data network by a firewall, said first originator being associated with a first communication application located behind said firewall; a second communication device associated with a second communication application; an external communication manager connected to said data network and located outside of the firewall, said manager including; a data communication portion that receives and transmits data from/to a data communication network; a communication channel registration unit that registers communication channel information about a communication application and any applicable firewall data associated with a communication device; a registration storage table that stores registered communication channel information; a direct communication request processing unit that receives a request for communication between the first communication application and a second communication application; where the first communication application is associated with registered first communication channel information and the second communication application is associated with registered second communication channel information, and where said second communication device is blocked from directly communicating with the first communication device via the second communication application by the firewall; and an instruction generator that instructs the first and second communication applications to initiate and accept direct communications between the first and second communication devices through the firewall based on the first and second registered communication channel information in response to the request for communication, where said initiating and accepting direct communications includes transmitting a null UDP packet from the second communication application to the firewall to open a window in the firewall for direct UDP communication between the first and second communication applications.
-
Specification