Personal remote firewall

US 7,734,647 B2
Filed: 08/30/2004
Issued: 06/08/2010
Est. Priority Date: 08/29/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

configuring a user database of a virtual private network gateway server that provides rules for wireless access over a secure tunnel connection to a corporate network so as to provide user specific rules for the access over the secure tunnel connection, the configuring including associating different specific users with respective sets of allowed transmission control protocol server ports, wherein the allowed transmission control protocol server ports associated with a specific user are allowed client side transmission control protocol server ports, and the configuring further includes configuring the user database to associate an allowed client side transmission control protocol server port with a server side transmission control protocol server port;

authenticating a user connecting to the secure tunnel connection; and

limiting the authenticated user'"'"'s access to the corporate network by forwarding only user data received in the secure tunnel that as a destination has a port that is included in the set of allowed transmission control protocol server ports associated with the user in the user database such that user data received in the secure tunnel is forwarded to a server side transmission control protocol server port associated with an allowed client side transmission control protocol server port over a separate transmission control protocol connection, in which connection of the gateway server acts as a client, and further such that when receiving at the gateway server at least one application request over said secure tunnel for connection to an allowed client side transmission control protocol server port, said gateway server acts as a client to establish a new separate transmission control protocol connection for each of said application requests.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a method and a virtual private network (VPN) gateway server 10 providing rules for wireless access over a secure tunnel connection to a corporate network 20. The corporate network 20 is protected by firewall functionality, with different access configurations for different remote users. The VPN gateway server 10 includes a user database 15 which provides rules specific for each user for the access to the corporate network 20 using the secure tunnel. The rules include specific sets of TCP ports associated with respective specific users. The gateway server 10 limits an authenticated user'"'"'s access to the corporate network 20, which access is performed by means of the tunnel connection provided by the gateway server 10, to the associated allowed TCP server ports.

28 Citations

View as Search Results

17 Claims

1. A method comprising:
- configuring a user database of a virtual private network gateway server that provides rules for wireless access over a secure tunnel connection to a corporate network so as to provide user specific rules for the access over the secure tunnel connection, the configuring including associating different specific users with respective sets of allowed transmission control protocol server ports, wherein the allowed transmission control protocol server ports associated with a specific user are allowed client side transmission control protocol server ports, and the configuring further includes configuring the user database to associate an allowed client side transmission control protocol server port with a server side transmission control protocol server port;
  
  authenticating a user connecting to the secure tunnel connection; and
  
  limiting the authenticated user'"'"'s access to the corporate network by forwarding only user data received in the secure tunnel that as a destination has a port that is included in the set of allowed transmission control protocol server ports associated with the user in the user database such that user data received in the secure tunnel is forwarded to a server side transmission control protocol server port associated with an allowed client side transmission control protocol server port over a separate transmission control protocol connection, in which connection of the gateway server acts as a client, and further such that when receiving at the gateway server at least one application request over said secure tunnel for connection to an allowed client side transmission control protocol server port, said gateway server acts as a client to establish a new separate transmission control protocol connection for each of said application requests.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as claimed in claim 1, including configuring the secure tunnel to be bound to a specific transmission control protocol server port of the gateway server.
  - 3. The method as claimed in claim 1, wherein said configuring includes configuring the user database to associate different allowed client side transmission control protocol server ports, which are associated with a specific user, with the same server side transmission control protocol port but with different respective internet protocol addresses, the method including forwarding user data received in the secure tunnel to the internet protocol address associated with an allowed client side transmission control protocol server port.
  - 4. The method as claimed in claim 3, wherein the configuring includes configuring the database to associate different allowed client side transmission control protocol server ports with server side transmission control protocol server ports of different electronic mail servers having respective internet protocol addresses.
  - 5. The method as claimed in claim 1, wherein the configuring includes configuring the database to associate an allowed client side transmission control protocol server port with a server side transmission control protocol server port and internet protocol address of a corporate domain name system server within the corporate network.
  - 6. The method as claimed in claim 1, including the transmitting to the authenticated user, over the secure tunnel, the set of allowed transmission control protocol server ports that are associated with the authenticated user in the user database.
  - 7. The method as claimed in claim 6, wherein the configuring includes configuring the user database to associate a port specific protocol with an allowed transmission control protocol server port, which port specific protocol is transmitted together with the allowed transmission control protocol server port to the authenticated user.

8. A virtual private network gateway server providing rules for wireless access over a secure tunnel connection to a corporate network, the server comprising:
- an addressable memory for storage of a user database, the user database providing user specific rules for the access over the secure tunnel connection by storing associations between different specific users and respective sets of allowed transmission control protocol server ports, wherein the allowed transmission control protocol server ports associated with a specific user are allowed client side transmission control protocol server ports, and the user database further associates an allowed client side transmission control protocol server port with a server side transmission control protocol server port;
  
  an authenticating unit for authenticating a user connecting to the secure tunnel connection; and
  
  a port filter for limiting the authenticated user'"'"'s access to the corporate network by forwarding only user data received in the secure tunnel that as a destination has a port that is included by the set of allowed transmission control protocol server ports associated with the user in the user database such that user data received in the secure tunnel is forwarded to a server side transmission control protocol server port associated with an allowed client side transmission control protocol server port over a separate transmission control protocol connection, in which connection the gateway server acts as a client, and further wherein when receiving at the gateway server at least one application request over said secure tunnel for connection to an allowed client side transmission control protocol server port, said gateway server acts as a client to establish a new separate transmission control protocol connection for each of said application requests.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The gateway server as claimed in claim 8, wherein the secure tunnel is bound to a specific transmission control protocol server port of the gateway server.
  - 10. The gateway server as claimed in claim 8, wherein the user database associates different allowed client side transmission control protocol server ports, which are associated with a specific user, with the same server side transmission control protocol port but with different respective internet protocol addresses, wherein the port filter is arranged for forwarding user data received in the secure tunnel to the IP address associated with an allowed client side transmission control protocol server port.
  - 11. The gateway server as claimed in claim 10, wherein the user database associates different allowed client side transmission control protocol server ports with server side transmission control protocol server ports of different electronic mail servers having respective internet protocol addresses.
  - 12. The gateway server as claimed in claim 8, wherein the user database associates an allowed client side transmission control protocol server port with a server side transmission control protocol server port and internet protocol address of a corporate domain name system server within the corporate network.
  - 13. The gateway server as claimed in claim 8, including a transmitter for transmitting to the authenticated user, over the secure tunnel, the set of allowed transmission control protocol server ports that are associated with the authenticated user in the user database.
  - 14. The gateway server as claimed in claim 13, wherein the user database associates a port specific protocol with an allowed transmission control protocol server port, said transmitter being arranged for transmitting the port specific protocol together with the allowed transmission control protocol server port to the authenticated user.
  - 15. A virtual private network system including:
    - a corporate network;
      
      a virtual private network gateway server in accordance with claim 8 for providing wireless access over a secure tunnel connection to the corporate network; and
      
      at least one wireless client terminal,wherein the client terminal is configured to use a specific transmission control protocol server port and internet protocol address when connecting to the virtual private network gateway server over the tunnel connection and a specific set of transmission control protocol server ports within the tunnel connection when accessing the corporate network.
  - 16. The system as claimed in claim 15, wherein the wireless client terminal is configured to receive the transmission control protocol server ports, to be used within the tunnel connection, from the gateway server in response to an authentication message transmitted to the gateway server.

17. A virtual private network gateway server providing rules for wireless access over a secure tunnel connection to a corporate network, the server comprising:
- means for storing a user database, the user database providing user specific rules for the access over the secure tunnel connection by storing associations between different specific users and respective sets of allowed transmission control protocol server ports, wherein the allowed transmission control protocol server ports associated with a specific user are allowed client side transmission control protocol server ports, and the user database further associates an allowed client side transmission control protocol server port with a server side transmission control protocol server port;
  
  means for authenticating a user connecting to the secure tunnel connection; and
  
  means for limiting the authenticated user'"'"'s access to the corporate network by forwarding only user data received in the secure tunnel that as a destination has a port that is included by the set of allowed transmission control protocol server ports associated with the user in the user database such that user data received in the secure tunnel is forwarded to a server side transmission control protocol server port associated with an allowed client side transmission control protocol server port over a separate transmission control protocol connection, in which connection the gateway server acts as a client, and further wherein when receiving at the gateway server at least one application request over said secure tunnel for connection to an allowed client side transmission control protocol server port, said gateway server acts as a client to establish a new separate transmission control protocol connection for each of said application requests.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Nokia Corporation
Inventors
Stenvall, Jyrki, Suhonen, Harri, Lassila, Ari
Primary Examiner(s)
Pham; Khanh B

Application Number

US10/931,262
Publication Number

US 20050060328A1
Time in Patent Office

2,108 Days
Field of Search

707/10
US Class Current

707/781
CPC Class Codes

H04L 63/0263   Rule management

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/104   Grouping of entities

Personal remote firewall

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Personal remote firewall

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links