System and method for traversing firewalls, NATs, and proxies with rich media communications and other application protocols

US 7,979,528 B2
Filed: 03/27/2003
Issued: 07/12/2011
Est. Priority Date: 03/27/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A computer program product for use in conjunction with a computer device, the computer program product comprising a non-transitory computer-readable storage medium and a computer program product mechanism embodied therein that causes the computer device to perform data transfers across a security device interposed between the computer device and a second computer device, the computer program product having:

computer program codes to cause a gatekeeper computer device to monitor requests for data transfer to one or more determinable ports of an endpoint computer device, wherein the monitoring includes detecting whether a network security device is interposed between the gatekeeper computer device and the endpoint computer device;

computer program codes to cause the gatekeeper computer device to create a first data channel to the endpoint computer device in response to the detection of the network security device, wherein data communicated over the first data channel is transmitted using a connection-based protocol;

computer program codes to cause the gatekeeper computer device to, in response to detecting a registration request from the endpoint computer device, substitute private address information associated with the endpoint computer device in the registration request with alternate address information and transmit the alternate address information to the endpoint computer device;

computer program codes to cause the gatekeeper computer device to, in response to detecting a request to participate in a conference, initiate the conference using the alternate address information and instructing the endpoint computer device to create a second data channel to a conference server and provide the conference server with the alternate address information, wherein the computer program codes are further configured, for the data transmitted in the conference, to;

intercept data destined for one or more determinable destination ports of the endpoint computer device, wherein the intercepted data comprises packets of a connectionless protocol;

encapsulate the intercepted packets of the connectionless protocol within payload packets of a connection-based protocol and to send the encapsulated data to the endpoint computer device via the first data channel; and

in response to receiving a retransmission request for at least a portion of the encapsulated data from the endpoint computer device, transmit identifier packets of dummy packets or packets of a known sequence to the endpoint computer device, wherein the identifier packets satisfy the retransmission request and direct the endpoint computer device to discard the identifier packets;

further comprising computer program codes to cause the gatekeeper computer device to perform a security device detection process to determine whether establishment of the data channel is necessary.

View all claims

20 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A tunneling system and method is described for traversing firewalls, NATs, and proxies. Upon a request from a device on the secure private network or on a public network such as the Internet, a connection to a designated or permitted device of the secure private network by way of the public network can be established, allowing selected devices of the private network to access devices on the public network. A bi-directional channel can be established where information such as rich multimedia and real-time voice and video can be accessed or communicated.

64 Citations

View as Search Results

20 Claims

1. A computer program product for use in conjunction with a computer device, the computer program product comprising a non-transitory computer-readable storage medium and a computer program product mechanism embodied therein that causes the computer device to perform data transfers across a security device interposed between the computer device and a second computer device, the computer program product having:
- computer program codes to cause a gatekeeper computer device to monitor requests for data transfer to one or more determinable ports of an endpoint computer device, wherein the monitoring includes detecting whether a network security device is interposed between the gatekeeper computer device and the endpoint computer device;
  
  computer program codes to cause the gatekeeper computer device to create a first data channel to the endpoint computer device in response to the detection of the network security device, wherein data communicated over the first data channel is transmitted using a connection-based protocol;
  
  computer program codes to cause the gatekeeper computer device to, in response to detecting a registration request from the endpoint computer device, substitute private address information associated with the endpoint computer device in the registration request with alternate address information and transmit the alternate address information to the endpoint computer device;
  
  computer program codes to cause the gatekeeper computer device to, in response to detecting a request to participate in a conference, initiate the conference using the alternate address information and instructing the endpoint computer device to create a second data channel to a conference server and provide the conference server with the alternate address information, wherein the computer program codes are further configured, for the data transmitted in the conference, to;
  
  intercept data destined for one or more determinable destination ports of the endpoint computer device, wherein the intercepted data comprises packets of a connectionless protocol;
  
  encapsulate the intercepted packets of the connectionless protocol within payload packets of a connection-based protocol and to send the encapsulated data to the endpoint computer device via the first data channel; and
  
  in response to receiving a retransmission request for at least a portion of the encapsulated data from the endpoint computer device, transmit identifier packets of dummy packets or packets of a known sequence to the endpoint computer device, wherein the identifier packets satisfy the retransmission request and direct the endpoint computer device to discard the identifier packets;
  
  further comprising computer program codes to cause the gatekeeper computer device to perform a security device detection process to determine whether establishment of the data channel is necessary.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer program product of claim 1, wherein the intercepted data comprises packets of a connection-based protocol.
  - 3. The computer program product of claim 1, wherein the identifier packets include an alternating bit pattern.
  - 4. The computer program product of claim 1, wherein the gatekeeper computer device is a server coupled to one or more client endpoints.
  - 5. The computer program product of claim 4, further comprising computer program codes to cause the gatekeeper computer device to receive connectionless-based data from the client endpoints.
  - 6. The computer program product of claim 5, further comprising computer program codes to cause the gatekeeper computer device to send connectionless-based data to the client endpoints.
  - 7. The computer program product of claim 1, further comprising computer program codes to cause the gatekeeper computer device to receive connectionless-based data from and transmit connectionless-based data to an application endpoint appliance.

8. A computer program product for use in conjunction with a computer device, the computer program product comprising a non-transitory computer-readable medium and a computer program product mechanism embodied therein that causes the computer device to perform data transfers across a proxy interposed between the computer device and a second computer device, the computer program product having:
- computer program codes to cause a gatekeeper computer device to monitor requests for data transfer to one or more determinable ports of the an endpoint computer device, wherein the monitoring includes detecting whether a network security device is interposed between the gatekeeper computer device and the endpoint computer device;
  
  computer program codes to cause the gatekeeper computer device to create a first data channel by transmitting a tunnel connect message to the endpoint computer device in response to the detection of the network security device, wherein the tunnel connect message includes sequencing information, wherein data communicated over the first data channel is transmitted using a connection-based protocol;
  
  computer program codes to cause the gatekeeper computer device to determine whether the proxy is interposed between the gatekeeper computer device and an endpoint computer device based at least on the tunnel connection message and the sequencing information;
  
  computer program codes to cause the gatekeeper computer device to, in response to detecting a registration request from the endpoint computer device, substitute private address information associated with the endpoint computer device in the registration request with alternate address information and transmit the alternate address information to the endpoint computer device;
  
  computer program codes to cause the gatekeeper computer device to, in response to detecting a request to participate in a conference, initiate the conference using the alternate address information and instructing the endpoint computer device to create a second data channel to a conference server and provide the conference server with the alternate address information, wherein the computer program codes are further configured, for the data transmitted in the conference, to;
  
  intercept data destined for one or more determinable destination ports of the endpoint computer device, wherein the intercepted data comprises packets of a connectionless protocol;
  
  encapsulate the intercepted packets of the connectionless protocol within payload packets of a connection-based protocol and to send the encapsulated data to the endpoint computer device via the first data channel; and
  
  in response to receiving a retransmission request for at least a portion of the encapsulated data from the endpoint computer device, transmit identifier packets of dummy packets or packets of a known sequence to the endpoint computer device, wherein the identifier packets satisfy the retransmission request and direct the endpoint computer device to discard the identifier packets;
  
  further comprising computer program codes to cause the gatekeeper computer device to perform a security device detection process to determine whether establishment of the data channel is necessary.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer program product of claim 8, wherein the intercepted data comprises packets of a connection-based protocol and packets of a connectionless protocol.
  - 10. The computer program product of claim 8, wherein the gatekeeper computer device is a server coupled to one or more client endpoints.
  - 11. The computer program product of claim 10, further comprising computer program codes to cause the gatekeeper computer device to receive connectionless-based data from the client endpoints.
  - 12. The computer program product of claim 11, further comprising computer program codes to cause the gatekeeper computer device to send connectionless-based data to the client endpoints.
  - 13. The computer program product of claim 8, further comprising computer program codes to cause the gatekeeper computer device to receive connectionless-based data from and transmit connectionless-based data to an application endpoint appliance.

14. A method of transferring data from a first computer device to a second computer device, the method comprising:
- monitoring requests for data transfer to one or more determinable ports of an endpoint computer device, wherein the monitoring includes detecting whether a network security device is interposed between a gatekeeper computer device and the endpoint computer device;
  
  creating a first data channel to the endpoint computer device in response to the detection of the network security device, wherein data communicated over the first data channel is transmitted using a connection-based protocol;
  
  in response to detecting a registration request from the endpoint computer device, substituting private address information associated with the endpoint computer device in the registration request with alternate address information and transmitting the alternate address information to the endpoint computer device;
  
  in response to detecting a request to participate in a conference, initiating the conference using the alternate address information and instructing the endpoint computer device to create a second data channel to a conference server and provide the conference server with the alternate address information;
  
  wherein data for the conference is transmitted by;
  
  intercepting data destined for one or more determinable destination ports of the endpoint computer device, wherein the intercepted data comprises packets of a connectionless protocol;
  
  encapsulating the intercepted packets of the connectionless protocol within payload packets of a connection-based protocol and to send the encapsulated data to the endpoint computer device via the first data channel; and
  
  in response to receiving, a retransmission request for at least a portion of the encapsulated data from the endpoint computer device, transmitting identifier packets of dummy packets or packets of a known sequence to the endpoint computer device, wherein the identifier packets satisfy the retransmission request and direct the endpoint computer device to discard the identifier packets;
  
  further comprising performing a security device detection process to determine whether establishment of the data channel is necessary.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the intercepted data comprises packets of a connection-based protocol.
  - 16. The method of claim 14, wherein the identifier packets include an alternating bit pattern.
  - 17. The method of claim 14, wherein the gatekeeper computer device is a server coupled to one or more client endpoints.
  - 18. The method of claim 17, further comprising receiving connectionless-based data from the client endpoints.
  - 19. The method of claim 18, further comprising sending connectionless-based data to the client endpoints.
  - 20. The method of claim 14, further comprising receiving connectionless-based data from and transmit connectionless-based data to an application endpoint appliance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
RADVISION Limited (Avaya Incorporated)
Inventors
Bundy, David O., Thompson, John A., Eisenberg, Alfred J.
Primary Examiner(s)
Shaw; Peling A
Assistant Examiner(s)
DONABED, NINOS J

Application Number

US10/402,752
Publication Number

US 20030188001A1
Time in Patent Office

3,029 Days
Field of Search

709/201, 709/203, 709221-226, 709/227, 709/228, 709/229, 709/231, 713/200, 713/201, 713150-155, 714/18
US Class Current

709/224
CPC Class Codes

H04L 61/256   NAT traversal

H04L 61/2592   using tunnelling or encapsu...

H04L 63/0209   Architectural arrangements,...

H04L 63/0218   Distributed architectures, ...

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/168   above the transport layer

H04L 67/34   involving the movement of s...

H04L 69/14   Multichannel or multilink p...

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/162   involving adaptations of so...

H04L 69/164   Adaptation or special uses ...

H04L 69/165   Combined use of TCP and UDP...

H04L 69/166   IP fragmentation; TCP segme...

H04L 69/32   Architecture of open system...

H04L 69/326   in the transport layer [OSI...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

System and method for traversing firewalls, NATs, and proxies with rich media communications and other application protocols

First Claim

20 Assignments

0 Petitions

Accused Products

Abstract

64 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and method for traversing firewalls, NATs, and proxies with rich media communications and other application protocols

First Claim

20 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others