Method for permitting two parties to establish connectivity with both parties behind firewalls

US 7,992,199 B1
Filed: 12/31/2003
Issued: 08/02/2011
Est. Priority Date: 12/31/2003
Status: Active Grant

First Claim

Patent Images

1. A method for enabling a first communications system and a second communications system, said method comprising:

the said first and second communications systems respectively located behind a first firewall and a second firewall, to directly communicate with each other,wherein said first firewall prevents communication initiated from an external data network from reaching said first communications system and said second firewall prevents communication initiated from said external data network from reaching said second communication system;

establishing a first secure connection via said external data network between said first communications system and a central communications station through said first firewall, wherein said first secure connection is initiated by said first communications system thereby being allowed to pass through said first firewall;

establishing a second secure connection via said external data network between said second communications system and said central communications station through said second firewall, wherein said second secure connection is initiated by said second communications system thereby being allowed to pass through said second firewall;

forwarding connection information for said second communications system to said first communications system via said first secure connection using said central communications station; and

transmitting data directly from said first communications system to said second communications system, wherein said data uses said connection information for said second communications system as destination information and uses connection information for said central communications station as source information, said data originating from said first communications system appearing to originate from said central communications station, wherein said connection information for said second communications system includes an Internet protocol address and port of said second communications system and wherein said connection information for said central communications station includes an Internet protocol address and port of said central communications station.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communications scheme enables a central communications station to assist two communications systems located behind firewalls that prevent communication initiated from an external data network to establish direct communication with each other. In one embodiment, the systems separately establish communications with the central communications station and obtain from it the connection information (e.g., IP address, port, etc.) of the other. The systems then directly communicate with each other using the obtained connection information while pretending to be the central communications station. In another embodiment in which the firewalls include NAT devices that implement network address translation, the systems exchange connection information for establishing a new connection through the central communications station and then complete a three-way handshake with the assistance of the central communications station, thereby allowing the central communications station to remove itself from the communication.

103 Citations

View as Search Results

20 Claims

1. A method for enabling a first communications system and a second communications system, said method comprising:
- the said first and second communications systems respectively located behind a first firewall and a second firewall, to directly communicate with each other,wherein said first firewall prevents communication initiated from an external data network from reaching said first communications system and said second firewall prevents communication initiated from said external data network from reaching said second communication system;
  
  establishing a first secure connection via said external data network between said first communications system and a central communications station through said first firewall, wherein said first secure connection is initiated by said first communications system thereby being allowed to pass through said first firewall;
  
  establishing a second secure connection via said external data network between said second communications system and said central communications station through said second firewall, wherein said second secure connection is initiated by said second communications system thereby being allowed to pass through said second firewall;
  
  forwarding connection information for said second communications system to said first communications system via said first secure connection using said central communications station; and
  
  transmitting data directly from said first communications system to said second communications system, wherein said data uses said connection information for said second communications system as destination information and uses connection information for said central communications station as source information, said data originating from said first communications system appearing to originate from said central communications station, wherein said connection information for said second communications system includes an Internet protocol address and port of said second communications system and wherein said connection information for said central communications station includes an Internet protocol address and port of said central communications station.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 further comprising:
    - forwarding connection information for said first communications system to said second communications system via said second secure connection using said central communications station; and
      
      transmitting data from said second communications system to said first communications system, wherein said data uses said connection information for said first communications system as destination information and uses connection information for said central communications station as its source information, said data originating from said second communications system appearing to originate from said central communications station.
  - 3. The method of claim 2 wherein said connection information for said first communications system includes Internet protocol address and port of said first communications system.

4. A method for enabling a first communications system and a second communications system, said method comprising:
- the said first and second communication systems respectively located behind a first firewall and a second firewall and having respective associated first and second network address translation devices, to directly communicate with each other,wherein each of said first firewall prevents communication initiated from an external data network from reaching said first communications system and said second firewall prevents communication initiated from an external data network from reaching said second communications system and wherein each of said first and second network address translation devices respectively provides public source information for outbound data originated from said first and second communications systems;
  
  establishing a first secure connection via an external data network between said first communications system and a central communications station through said first firewall, wherein said first secure connection is initiated by said first communications system thereby being allowed to pass through said first firewall;
  
  establishing a second secure connection via said external data network between said second communications system and said central communications station through said second firewall, wherein said second secure connection is initiated by said second communications system thereby being allowed to pass through said second firewall;
  
  transmitting first connection information for establishing a new connection with said first communications system, said transmitting being from said first communications system to said central communications station via said first secure connection;
  
  transmitting second connection information for establishing a new connection with said second communications system, said transmitting being from said second communications system to said central communications station via said second secure connection;
  
  forwarding said second connection information system to said first communications system via said first secure connection using said central communications station;
  
  transmitting a connection request from said first communications system to said second communications system wherein said connection request uses said second connection information as its second communications system destination information;
  
  forwarding said first connection information to said second communications system via said second secure connection using said central communications station;
  
  transmitting a connection acknowledgement and request from said second communications system to said first communications system wherein said connection acknowledgement and request uses said first connection information as first communications system destination information; and
  
  in response to receiving said connection acknowledgement and request from said second communications system, transmitting a connection acknowledgement directly from said first communications system to said second communications system, wherein;
  
  said first connection information includes a public Internet protocol address provided by said first network address translation device and port for said first communications system'"'"'s next connection; and
  
  said second connection information includes a public Internet protocol address provided by said second network address translation device and port for said second communications system'"'"'s next connection.

5. A system for enabling a first communications system and a second communications system, said system comprising:
- a processor;
  
  the said first and second communication systems respectively located behind a first firewall and a second firewall, to directly communicate with each other,wherein said first firewall prevents communication initiated from an external data network from reaching said first communications system and said second firewall prevents communication initiated from said external data network from reaching said second communication system;
  
  means for establishing a first secure connection via said external data network between said first communications system and a central communications station through said first firewall, wherein said first secure connection is initiated by said first communications system thereby being allowed to pass through said first firewall;
  
  means for establishing a second secure connection via said external data network between said second communications system and said central communications station through said second firewall, wherein said second secure connection is initiated by said second communications system thereby being allowed to pass through said second firewall;
  
  means for forwarding connection information for said second communications system to said first communications system via said first secure connection using said central communications station; and
  
  means for transmitting data directly from said first communications system to said second communications system, wherein said data uses said connection information of-for said second communications system as destination information and uses connection information for said central communications station as source information originated said data originating from said first communications system appearing to originate from said central communications station, wherein said connection information for said second communications system includes an Internet protocol address and port of said second communications system and wherein said connection information for said central communications station includes an Internet protocol address and port of said central communications station.
- View Dependent Claims (6, 7)
- - 6. The system of claim 5 further comprising:
    - means for forwarding connection information for said first communications system to said second communications system via said second secure connection using said central communications station; and
      
      means for transmitting data from said second communications system to said first communications system, wherein said data uses said connection information of said first communications system as destination information and uses said connection information of said central communications station as source information, said data originating from said second communications system appearing to originate from said central communications station.
  - 7. The system of claim 6 wherein said connection information for said first communications system includes Internet protocol address and port of said first communications system.

8. A system for enabling a first communications system and a second communications system, said system comprising:
- the first and second communication systems respectively located behind a first firewall and a second firewall and having respective associated first and second network address translation devices, to directly communicate with each other,wherein said first firewall prevents communication initiated from an external data network from reaching said first communications system and said second firewall prevents communication initiated from an external data network from reaching said second communications system and wherein each of said first and second network address translation devices respectively provides public source information for outbound data originated from said first and second communications systems;
  
  means for establishing a first secure connection via an external data network between said first communications system and a central communications station through said first firewall, wherein said first secure connection is initiated by said first communications system thereby being allowed to pass through said first firewall;
  
  means for establishing a second secure connection via said external data network between said second communications system and said central communications station through said second firewall, wherein said second secure connection is initiated by said second communications system thereby being allowed to pass through said second firewall;
  
  means for transmitting first connection information for establishing a new connection with said first communications system, said transmitting being from said first communications system to said central communications station via said first secure connection;
  
  means for transmitting second connection information for establishing a new connection with said second communications system, said transmitting being from said second communications system to said central communications station via said second secure connection;
  
  means for forwarding said second connection information to said first communications system via said first secure connection using said central communications station;
  
  means for transmitting a connection request from said first communications system to said second communications system wherein said connection request uses said second connection information second communications system destination information;
  
  means for forwarding said first connection information to said second communications system via said second secure connection using said central communications station;
  
  means for transmitting a connection acknowledgement and request from said second communications system to said first communications system wherein said connection acknowledgement and request uses said first connection information for as first communications system destination information; and
  
  means for transmitting a connection acknowledgement directly from said first communications system to said second communications system in response to receiving said connection acknowledgement and request from said second communications system wherein;
  
  said first connection information includes a public Internet protocol address provided by said first network address translation device and port for said first communications systems next connection; and
  
  said second connection information includes a public Internet protocol address provided by said second network address translation device and port for said second communications system'"'"'s next connection.

9. A system for enabling two communications system, located behind firewalls, to directly communicate with each other, said system comprising:
- a central communications station;
  
  a first communications system and a second communications system, wherein each of said first and second communications system comprises a respective secure connection interface that establishes a secure connection with said central communications station via an external data network through a network access;
  
  a first firewall and a second firewall respectively located between said external data network and said first and second communications systems, wherein said first firewall prevents communication initiated from said external data network from reaching said first communications system and said second firewall prevents communication initiated from said external data network from reaching said second communications system; and
  
  said central communications station comprises;
  
  a secure connection interface that maintains secure connections with said first and second communications systems via said external communications network through a network access, anda secure redirector that forwards connection information for said second communications system to said first communications system via said secure connection with said first communications system thereby enabling said first communications system to transmit data directly to said second communications system, wherein said data uses said connection information for said second communications system as destination information and uses connection information for said central communications station as source information said data originating from said first communications system appearing to originate from said central communications station wherein said connection information for said second communications system includes an Internet protocol address and port of said second communications system and wherein said connection information for said central communications station includes an Internet protocol address and port of said central communications station.
- View Dependent Claims (10, 11)
- - 10. The system of claim 9, wherein said secure redirector additionally forwards connection information for said first communications system to said second communications system via said secure connection with said second communications system thereby enabling said second communications system to transmit data to said first communications system, wherein said data uses said connection information of said first communications system as destination information and uses connection information of said central communications station as source information, said data originating from said second communications system appearing to originate from said central communications station.
  - 11. The system of claim 10 wherein said connection information for said first communications system includes Internet protocol address and port of said first communications system.

12. A system for enabling two communications system, located behind firewalls and having associated network translation devices, to directly communicate with each other;
- said system comprising;
  
  a central communications station;
  
  a first communications system and a second communications system, wherein each of said first and second communications system comprises;
  
  a respective secure connection interface that establishes a secure connection with said central communications station via an external data network through a network access, anda respective transmitter that transmits first connection information for establishing a new connection with said first communications system to said central communications station via said secure connection and transmits second connection information for establishing another new connection with said second communications system to said central communications station via said secure connection;
  
  a first firewall and a second firewall respectively located between said external data network and said first and second communications systems, wherein said first firewall prevents communication initiated from said external data network from reaching said first communication system and said second firewall prevents communication initiated from said external data network from reaching said second communications system; and
  
  a first network address translation device and a second network address translation device respectively associated with said first and second communications systems, wherein each of said first and second network address translation devices respectively provides public source information for outbound data originated from said first and second communications systems, wherein;
  
  said central communications station comprises;
  
  a secure connection interface that maintains secure connections with said first and second communications systems via said external communications network through a network access, anda secure redirector that;
  
  forwards said second connection information to said first communications system via said secure connection with said first communications system thereby enabling said first communications system to transmit a connection request to said second communications system wherein said connection request uses said second connection information as second communications system destination information, andforwards said first connection information to said second communications system via said secure connection with said second communications system, thereby;
  
  enabling said second communications system to transmit a connection acknowledgement and request from said second communications system to said first communications system wherein said connection acknowledgement and request uses said first connection information as first communications system destination information, and enabling said first communications system to transmit a connection acknowledgement directly from said first communications system to said second communications system, wherein;
  
  said first connection information includes a public Internet protocol address provided by said first network address translation device and port for said first communications system'"'"'s next connection; and
  
  said second connection information said second connection information includes a public Internet protocol address provided by said second network address translation device and port for said second communications system'"'"'s next connection.

13. A central communications station for enabling a first communications system and a second communications system said central communications station comprising:
- a processor;
  
  the first and second communication systems respectively located behind a first firewall and a second firewall, to directly communicate with each other, wherein said first firewall prevents communication initiated from an external data network from reaching said first communications system and said second firewall prevents communication initiated from an external data network from reaching said second communications system;
  
  means for maintaining a first secure connection with said first communications system via said external data network through said first firewall, wherein said first secure connection is initiated by said first communications system thereby being allowed to pass through said first firewall;
  
  means for maintaining a second secure connection with said second communications system via said external data network through said second firewall, wherein said second secure connection is initiated by said second communications system thereby being allowed to pass through said second firewall; and
  
  means for forwarding connection information for said second communications system to said first communications system via said first secure connection thereby enabling said first communications system to transmit data to said second communications system, wherein said data uses said connection information of-for said second communications system as its destination information and uses connection information for said central communications station as source information, said data originating from said first communications system appearing to originate from said central communications station, wherein said connection information for said second communications system includes an Internet protocol address and port of said second communications system and wherein said connection information for said central communications station includes an Internet protocol address and port of said central communications station.
- View Dependent Claims (14, 15)
- - 14. The central communications station of claim 13 further comprising:
    - means for forwarding connection information for said first communications system to said second communications system via said second secure connection thereby enabling said second communications system to transmit data to said first communications system, wherein said data uses said connection information of said first communications system as destination information and uses connection information for said central communications station as source information, said data originating from said second communications system appearing to originate from said central communications station.
  - 15. The central communications station of claim 14 wherein said connection information for said first communications system includes Internet protocol address and port of said first communications system.

16. A central communications station for enabling a first communications system and a second communications system said central communications station comprising:
- the first and second communication systems respectively located behind a first firewall and a second firewall and having respective associated first and second network address translation devices, to directly communicate with each other, wherein said first firewall prevents communication initiated from an external data network from reaching said first communications system and said second firewall prevents communication initiated from an external data network from reaching said second communications system and wherein each of said first and second network address translation devices respectively provides public source information for outbound data originated from said first and second communications system;
  
  means for maintaining a first secure connection via an external data network with said first communications system through said first firewall, wherein said first secure connection is initiated by said first communications system thereby being allowed to pass through said first firewall;
  
  means for maintaining a second secure connection via said external data network with said second communications system through said second firewall, wherein said second secure connection is initiated by said second communications system thereby being allowed to pass through said second firewall;
  
  means for obtaining first connection information for establishing anew connection with said first communications system from said first communications systems via said first secure connection;
  
  means for obtaining second connection information for establishing another new connection with said second communications system from said second communications system via said second secure connection;
  
  means for forwarding said second connection information to said first communications system via said first secure connection thereby enabling said first communications system to transmit a connection request to said second communications system, wherein said connection request uses said second connection information as second communications system destination information; and
  
  means for forwarding said first connection information system to said second communications system via said second secure connection, thereby;
  
  enabling said second communications system to transmit a connection acknowledgement and request to said first communications system wherein said connection acknowledgement and request uses said first connection information system as first communications system destination information, andenabling said first communications system to transmit a connection acknowledgement directly to said second communications system in response to receiving said connection acknowledgement and request from said second communications system wherein;
  
  said first connection information includes a public Internet protocol address provided-by said first network address translation device and port for said first communications system'"'"'s next connection; and
  
  said second connection information includes a public Interact protocol address provided by said second network address translation device and port for said second communications system'"'"'s next connection.

17. A central communications station for enabling a first communications system and a second communications system said central communications station comprising:
- said first and second communication systems respectively located behind a first firewall and a second firewall to directly communicate with each other, wherein said first firewall prevents communication initiated from an external data network from reaching said first communications system and said second firewall prevents communication initiated from an external data network from reaching said second communications system;
  
  a secure connection interface that maintains secure connections with said first and second communications systems through a network access to said external communications network; and
  
  a secure redirector that forwards connection information of said second communications system to said first communications system via said secure connection with said first communications system thereby enabling said first communications system to transmit data directly to said second communications system, wherein said data uses said connection information for said second communications system as destination information and uses connection information for said central communications station as source information, said data originating from said first communications system appearing to originate from said central communications station, wherein said connection information for said second communications system includes an Internet protocol address and port of said second communications system and wherein said connection information for said central communications station includes an Internet protocol address and port of said central communications station.
- View Dependent Claims (18, 19)
- - 18. The central communications station of claim 17, wherein said secure redirector additionally forwards connection information for said first communications system to said second communications system via said secure connection with said second communications system thereby enabling said second communications system to transmit data to said first communications system, wherein said data uses said connection information of said first communications system as destination information and uses connection information for said central communications station as source information, said data originating from said second communication system appearing to originate from said central communications station.
  - 19. The central communications station of claim 18 wherein said connection information for said first communications system includes Internet protocol address and port of said first communications system.

20. A central communications station for enabling a first communications system and a second communications system said central communications station comprising:
- said first and second communication systems respectively located behind a first firewall and a second firewall and having respective associated first and second network address translation devices, to directly communicate with each other, wherein said first firewall prevents communication initiated from an external data network from reaching said first communications system and said second firewall prevents communications initiated from an external data network from reaching said second communications system and wherein each of said first and second network address translation devices respectively provides public source information for outbound data originated from said first and second communications systems;
  
  a secure connection interface that maintains secure connections with said first and second communications systems via said external communications network through a network access; and
  
  a secure redirector that;
  
  forwards second connection information for establishing a new connection with said second communications system to said first communications system via said secure connection with said first communications system thereby enabling said first communications system to transmit a connection request to said second communications system wherein said connection request uses said connection information second communications system destination information, andforwards first connection information for establishing a new connection with said first communications system to said second communications system via said secure connection with said second communications system, thereby;
  
  enabling said second communications system to transmit a connection acknowledgement and request from said second communications system to said first communications system wherein said connection acknowledgement and request uses said first connection information as first communications system destination information, andenabling said first communications system to transmit a connection acknowledgement directly from said first communications system to said second communications system wherein;
  
  said first connection information includes a public Internet protocol address provided by said first network address translation device and port for said first communications system'"'"'s next connection; and
  
  said second connection information includes a public Internet protocol address provided by said second network address translation device and port for said second communications system'"'"'s next connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ademco Inc. (Resideo Technologies, Inc.)
Original Assignee
Honeywell International Inc.
Inventors
Romanczyk, Piotr, Winick, Steven J., Blum, William R.
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
TABOR, AMARE F

Application Number

US10/749,651
Time in Patent Office

2,771 Days
Field of Search

725 11- 14, 713/153
US Class Current

726/11
CPC Class Codes

H04L 41/0806 for initial configuration o...

H04L 63/0209 Architectural arrangements,...

Method for permitting two parties to establish connectivity with both parties behind firewalls

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

103 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Method for permitting two parties to establish connectivity with both parties behind firewalls

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

103 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others