Security gateway communication
First Claim
1. A method in a gateway device for establishing a communication channel between a client device communicatively coupled to a client interface of the gateway device and a server communicatively coupled to a host interface of the gateway device, the method comprising:
- receiving client messages on the client interface,refraining from sending a client response message out the client interface until a predetermined sequence of client messages is received on the client interface;
sending a predetermined sequence of server messages out the host interface; and
establishing a communication channel to communicate user messages between the client device and the server, the communication channel being established after;
receiving the predetermined sequence of client messages on the client interface; and
receiving a server response message on the host interface only after the predetermined sequence of server messages has been sent by the gateway device;
wherein the predetermined sequence of client messages is a predetermined sequence of client synchronize messages, and the predetermined sequence of server messages is a predetermined sequence of server synchronize messages;
wherein the client interface comprises a plurality of client ports, and the predetermined sequence of client messages comprises client synchronize messages that are received on the plurality of client ports in a predetermined client port order.
1 Assignment
0 Petitions
Accused Products
Abstract
A gateway device and methods performed therein to prevent unauthorized client devices from connecting to the host network of the gateway device is described. The gateway device does not respond right away to an individual client message sent to the gateway device. Instead, the gateway device only responds to a predetermined sequence of the client messages, which is only known to the gateway device and authorized client devices. Because the gateway device will not respond to random client messages and the likelihood that an unauthorized client device can correctly guess the predetermined sequence of the client messages is low, the risk of a malicious party being able to hack into the host network, for example, by using port scanning techniques, can be mitigated.
47 Citations
18 Claims
-
1. A method in a gateway device for establishing a communication channel between a client device communicatively coupled to a client interface of the gateway device and a server communicatively coupled to a host interface of the gateway device, the method comprising:
-
receiving client messages on the client interface, refraining from sending a client response message out the client interface until a predetermined sequence of client messages is received on the client interface; sending a predetermined sequence of server messages out the host interface; and establishing a communication channel to communicate user messages between the client device and the server, the communication channel being established after; receiving the predetermined sequence of client messages on the client interface; and receiving a server response message on the host interface only after the predetermined sequence of server messages has been sent by the gateway device; wherein the predetermined sequence of client messages is a predetermined sequence of client synchronize messages, and the predetermined sequence of server messages is a predetermined sequence of server synchronize messages; wherein the client interface comprises a plurality of client ports, and the predetermined sequence of client messages comprises client synchronize messages that are received on the plurality of client ports in a predetermined client port order. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A gateway device comprising:
-
a client interface including a plurality of client ports; a host interface including a plurality of host ports; a processor coupled to the client interface and the host interface; and a machine readable storage medium storing executable program code, which when executed by the processor, causes the processor to; receive client messages on the client interface from a client device, refrain from sending a client response message out the client interface until a predetermined sequence of client messages is received on the client interface; send a predetermined sequence of server messages out the host interface to a server; and establish a communication channel to communicate user messages between the client device and the server, the communication channel being established after receiving the predetermined sequence of client messages on the client interface, and receiving a server response message on the host interface only after the predetermined sequence of server messages has been sent; wherein the predetermined sequence of client messages is a predetermined sequence of client synchronize messages, and the predetermined sequence of server messages is a predetermined sequence of server synchronize messages; wherein the client interface comprises a plurality of client ports, and the predetermined sequence of client messages comprises client synchronize messages that are received on the plurality of client ports in a predetermined client port order. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification