Apparatus and method for performing dynamic security in internet protocol (IP) system

US 20070199062A1
Filed: 02/12/2007
Published: 08/23/2007
Est. Priority Date: 02/21/2006
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus for performing dynamic security in an Internet Protocol (IP) system comprising at least one of a Network Address Translation (NAT) module and a firewall module, the apparatus comprising:

a resource pool for storing information on resources related to IP services, and authentication information; and

a security module for receiving a request to use resources for the IP services, requesting address translation according to the corresponding resource information stored in the resource pool, or resource reservation for the address translation or operation of a firewall, and requesting interruption of the resource use when the use of the corresponding resources is terminated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for performing dynamic security in an Internet Protocol (IP) system. The apparatus includes: a resource pool for storing information on resources related to IP services, and authentication information; and a security module for receiving a request to use resources for the IP services, requesting address translation according to the corresponding resource information stored in the resource pool, or resource reservation for the address translation or operation of a firewall, and requesting interruption of the resource use when the use of the corresponding resources is terminated.

30 Citations

View as Search Results

19 Claims

1. An apparatus for performing dynamic security in an Internet Protocol (IP) system comprising at least one of a Network Address Translation (NAT) module and a firewall module, the apparatus comprising:
- a resource pool for storing information on resources related to IP services, and authentication information; and
  
  a security module for receiving a request to use resources for the IP services, requesting address translation according to the corresponding resource information stored in the resource pool, or resource reservation for the address translation or operation of a firewall, and requesting interruption of the resource use when the use of the corresponding resources is terminated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus according to claim 1, wherein the resource information comprises information on at least one of a source IP address and port number, a destination IP address and port number, a protocol, and a service type which are related to the IP services.
  - 3. The apparatus according to claim 1, wherein the authentication information comprises information on an authentication method and an authentication key for the resources.
  - 4. The apparatus according to claim 1, wherein the security module performs a process of authenticating the requested resources using an authentication method and an authentication key in response to a request to generate the resource pool from an external call server, and stores information on the authenticated resources in the resource pool.
  - 5. The apparatus according to claim 1, further comprising a Network Address Translation (NAT) database (DB) for matching a public IP address and port with a private IP address and port, and storing the matched result.
  - 6. The apparatus according to claim 5, wherein the Network Address Translation (NAT) module receives a request from the security module, and performs address translation on the requested resources according to the matched information stored by the Network Address Translation (NAT) database (DB).
  - 7. The apparatus according to claim 1, further comprising a firewall database for storing information on whether or not to allow transmission of a packet accessing each resource.
  - 8. The apparatus according to claim 7, wherein the firewall module receives a request from the security module, and performs packet forwarding on the requested resources according to information stored by the firewall database.

9. An apparatus for performing dynamic security in an Internet Protocol (IP) system, comprising:
- a Network Address Translation (NAT) database (DB) for matching a public IP address and port with a private IP address and port, and storing the matched result;
  
  a firewall database for storing information on whether or not to allow transmission of a packet accessing each resource;
  
  a resource pool for storing information on resources related to IP services, and authentication information;
  
  a security module for receiving a request to use resources for the IP services, requesting resource reservation for address translation or operation of a firewall according to the corresponding resource information stored in the resource pool, and requesting interruption of the resource use when the use of the corresponding resources is terminated;
  
  a Network Address Translation (NAT) module for receiving a request from the security module, and performing address translation on the requested resources according to the matched information stored in the Network Address Translation (NAT) database (DB); and
  
  a firewall module for receiving a request from the security module, and performing packet forwarding on the requested resources according to information stored in the firewall database.
- View Dependent Claims (10, 11, 12)
- - 10. The apparatus according to claim 9, wherein the resource information comprises at least one of information on a source IP address and port number, a destination IP address and port number, a protocol, and a service type, all of which are related to the IP services.
  - 11. The apparatus according to claim 9, wherein the authentication information comprises information on an authentication method and an authentication key with respect to each resource.
  - 12. The apparatus according to claim 9, wherein the security module performs a process of authenticating the requested resources using the authentication method and the authentication key in response to a request from an external call server to generate the resource pool, and stores the authenticated resources in the resource pool.

13. A method for performing dynamic security in an Internet Protocol (IP) system, the method comprising steps of:
- generating a resource pool storing information on resources related to IP services, and authentication information;
  
  requesting resource use for operation of Network Address Translation (NAT) or a firewall according to resource information stored in the resource pool with respect to an externally received request for the IP services; and
  
  requesting interruption of the resources when the IP services are terminated.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method according to claim 13, wherein the resource information comprises one of information on a source IP address and port number, a destination IP address and port number, a protocol, and a service type, all of which are related to the IP services.
  - 15. The method according to claim 13, wherein the authentication information comprises information on an authentication method and an authentication key with respect to each resource.
  - 16. The method according to claim 13, wherein the step of generating the resource pool comprises the steps of:
    - performing a process of authenticating the requested resources using the authentication method and the authentication key in response to a request to generate the resource pool received from an external call server; and
      
      storing only the authenticated resources in the resource pool after the authentication process.
  - 17. The method according to claim 13, further comprising the step of receiving a request for use of the resources, and performing address translation on the requested resources according to the address translation matching information.
  - 18. The method according to claim 14, farther comprising the step of receiving a request for use of the resources, and performing packet forwarding on the requested resources according to firewall information.

19. A method for performing dynamic security in an Internet Protocol (IP) system, the method comprising steps of:
- generating a resource pool storing information on resources related to IP services, and authentication information;
  
  requesting to use resources for operation of Network Address Translation (NAT) or a firewall according to resource information stored in the resource pool in response to an externally received request for the IP services;
  
  receiving the request for resource use, and performing address translation on the requested resource according to the address translation matching information;
  
  receiving the request for resource use, and performing packet forwarding on the requested resource according to the firewall information; and
  
  requesting interruption of the resource when the IP services are terminated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Cho, Soung-Su

Application Number

US11/705,067
Publication Number

US 20070199062A1
Time in Patent Office

Days
Field of Search
US Class Current

726/12
CPC Class Codes

H04L 61/2517   using port numbers

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/20   for managing network securi...

Apparatus and method for performing dynamic security in internet protocol (IP) system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for performing dynamic security in internet protocol (IP) system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links