Method for permitting two parties to establish connectivity with both parties behind firewalls
First Claim
1. A method for enabling a first communications system and a second communications system, said method comprising:
- the said first and second communications systems respectively located behind a first firewall and a second firewall, to directly communicate with each other,wherein said first firewall prevents communication initiated from an external data network from reaching said first communications system and said second firewall prevents communication initiated from said external data network from reaching said second communication system;
establishing a first secure connection via said external data network between said first communications system and a central communications station through said first firewall, wherein said first secure connection is initiated by said first communications system thereby being allowed to pass through said first firewall;
establishing a second secure connection via said external data network between said second communications system and said central communications station through said second firewall, wherein said second secure connection is initiated by said second communications system thereby being allowed to pass through said second firewall;
forwarding connection information for said second communications system to said first communications system via said first secure connection using said central communications station; and
transmitting data directly from said first communications system to said second communications system, wherein said data uses said connection information for said second communications system as destination information and uses connection information for said central communications station as source information, said data originating from said first communications system appearing to originate from said central communications station, wherein said connection information for said second communications system includes an Internet protocol address and port of said second communications system and wherein said connection information for said central communications station includes an Internet protocol address and port of said central communications station.
5 Assignments
0 Petitions
Accused Products
Abstract
A communications scheme enables a central communications station to assist two communications systems located behind firewalls that prevent communication initiated from an external data network to establish direct communication with each other. In one embodiment, the systems separately establish communications with the central communications station and obtain from it the connection information (e.g., IP address, port, etc.) of the other. The systems then directly communicate with each other using the obtained connection information while pretending to be the central communications station. In another embodiment in which the firewalls include NAT devices that implement network address translation, the systems exchange connection information for establishing a new connection through the central communications station and then complete a three-way handshake with the assistance of the central communications station, thereby allowing the central communications station to remove itself from the communication.
103 Citations
20 Claims
-
1. A method for enabling a first communications system and a second communications system, said method comprising:
-
the said first and second communications systems respectively located behind a first firewall and a second firewall, to directly communicate with each other, wherein said first firewall prevents communication initiated from an external data network from reaching said first communications system and said second firewall prevents communication initiated from said external data network from reaching said second communication system; establishing a first secure connection via said external data network between said first communications system and a central communications station through said first firewall, wherein said first secure connection is initiated by said first communications system thereby being allowed to pass through said first firewall; establishing a second secure connection via said external data network between said second communications system and said central communications station through said second firewall, wherein said second secure connection is initiated by said second communications system thereby being allowed to pass through said second firewall; forwarding connection information for said second communications system to said first communications system via said first secure connection using said central communications station; and transmitting data directly from said first communications system to said second communications system, wherein said data uses said connection information for said second communications system as destination information and uses connection information for said central communications station as source information, said data originating from said first communications system appearing to originate from said central communications station, wherein said connection information for said second communications system includes an Internet protocol address and port of said second communications system and wherein said connection information for said central communications station includes an Internet protocol address and port of said central communications station. - View Dependent Claims (2, 3)
-
-
4. A method for enabling a first communications system and a second communications system, said method comprising:
-
the said first and second communication systems respectively located behind a first firewall and a second firewall and having respective associated first and second network address translation devices, to directly communicate with each other, wherein each of said first firewall prevents communication initiated from an external data network from reaching said first communications system and said second firewall prevents communication initiated from an external data network from reaching said second communications system and wherein each of said first and second network address translation devices respectively provides public source information for outbound data originated from said first and second communications systems; establishing a first secure connection via an external data network between said first communications system and a central communications station through said first firewall, wherein said first secure connection is initiated by said first communications system thereby being allowed to pass through said first firewall; establishing a second secure connection via said external data network between said second communications system and said central communications station through said second firewall, wherein said second secure connection is initiated by said second communications system thereby being allowed to pass through said second firewall; transmitting first connection information for establishing a new connection with said first communications system, said transmitting being from said first communications system to said central communications station via said first secure connection; transmitting second connection information for establishing a new connection with said second communications system, said transmitting being from said second communications system to said central communications station via said second secure connection; forwarding said second connection information system to said first communications system via said first secure connection using said central communications station; transmitting a connection request from said first communications system to said second communications system wherein said connection request uses said second connection information as its second communications system destination information; forwarding said first connection information to said second communications system via said second secure connection using said central communications station; transmitting a connection acknowledgement and request from said second communications system to said first communications system wherein said connection acknowledgement and request uses said first connection information as first communications system destination information; and in response to receiving said connection acknowledgement and request from said second communications system, transmitting a connection acknowledgement directly from said first communications system to said second communications system, wherein; said first connection information includes a public Internet protocol address provided by said first network address translation device and port for said first communications system'"'"'s next connection; and
said second connection information includes a public Internet protocol address provided by said second network address translation device and port for said second communications system'"'"'s next connection.
-
-
5. A system for enabling a first communications system and a second communications system, said system comprising:
-
a processor; the said first and second communication systems respectively located behind a first firewall and a second firewall, to directly communicate with each other, wherein said first firewall prevents communication initiated from an external data network from reaching said first communications system and said second firewall prevents communication initiated from said external data network from reaching said second communication system; means for establishing a first secure connection via said external data network between said first communications system and a central communications station through said first firewall, wherein said first secure connection is initiated by said first communications system thereby being allowed to pass through said first firewall; means for establishing a second secure connection via said external data network between said second communications system and said central communications station through said second firewall, wherein said second secure connection is initiated by said second communications system thereby being allowed to pass through said second firewall; means for forwarding connection information for said second communications system to said first communications system via said first secure connection using said central communications station; and means for transmitting data directly from said first communications system to said second communications system, wherein said data uses said connection information of-for said second communications system as destination information and uses connection information for said central communications station as source information originated said data originating from said first communications system appearing to originate from said central communications station, wherein said connection information for said second communications system includes an Internet protocol address and port of said second communications system and wherein said connection information for said central communications station includes an Internet protocol address and port of said central communications station. - View Dependent Claims (6, 7)
-
-
8. A system for enabling a first communications system and a second communications system, said system comprising:
-
the first and second communication systems respectively located behind a first firewall and a second firewall and having respective associated first and second network address translation devices, to directly communicate with each other, wherein said first firewall prevents communication initiated from an external data network from reaching said first communications system and said second firewall prevents communication initiated from an external data network from reaching said second communications system and wherein each of said first and second network address translation devices respectively provides public source information for outbound data originated from said first and second communications systems; means for establishing a first secure connection via an external data network between said first communications system and a central communications station through said first firewall, wherein said first secure connection is initiated by said first communications system thereby being allowed to pass through said first firewall; means for establishing a second secure connection via said external data network between said second communications system and said central communications station through said second firewall, wherein said second secure connection is initiated by said second communications system thereby being allowed to pass through said second firewall; means for transmitting first connection information for establishing a new connection with said first communications system, said transmitting being from said first communications system to said central communications station via said first secure connection; means for transmitting second connection information for establishing a new connection with said second communications system, said transmitting being from said second communications system to said central communications station via said second secure connection; means for forwarding said second connection information to said first communications system via said first secure connection using said central communications station; means for transmitting a connection request from said first communications system to said second communications system wherein said connection request uses said second connection information second communications system destination information; means for forwarding said first connection information to said second communications system via said second secure connection using said central communications station; means for transmitting a connection acknowledgement and request from said second communications system to said first communications system wherein said connection acknowledgement and request uses said first connection information for as first communications system destination information; and means for transmitting a connection acknowledgement directly from said first communications system to said second communications system in response to receiving said connection acknowledgement and request from said second communications system wherein; said first connection information includes a public Internet protocol address provided by said first network address translation device and port for said first communications systems next connection; and
said second connection information includes a public Internet protocol address provided by said second network address translation device and port for said second communications system'"'"'s next connection.
-
-
9. A system for enabling two communications system, located behind firewalls, to directly communicate with each other, said system comprising:
-
a central communications station; a first communications system and a second communications system, wherein each of said first and second communications system comprises a respective secure connection interface that establishes a secure connection with said central communications station via an external data network through a network access; a first firewall and a second firewall respectively located between said external data network and said first and second communications systems, wherein said first firewall prevents communication initiated from said external data network from reaching said first communications system and said second firewall prevents communication initiated from said external data network from reaching said second communications system; and said central communications station comprises; a secure connection interface that maintains secure connections with said first and second communications systems via said external communications network through a network access, and a secure redirector that forwards connection information for said second communications system to said first communications system via said secure connection with said first communications system thereby enabling said first communications system to transmit data directly to said second communications system, wherein said data uses said connection information for said second communications system as destination information and uses connection information for said central communications station as source information said data originating from said first communications system appearing to originate from said central communications station wherein said connection information for said second communications system includes an Internet protocol address and port of said second communications system and wherein said connection information for said central communications station includes an Internet protocol address and port of said central communications station. - View Dependent Claims (10, 11)
-
-
12. A system for enabling two communications system, located behind firewalls and having associated network translation devices, to directly communicate with each other;
- said system comprising;
a central communications station; a first communications system and a second communications system, wherein each of said first and second communications system comprises; a respective secure connection interface that establishes a secure connection with said central communications station via an external data network through a network access, and a respective transmitter that transmits first connection information for establishing a new connection with said first communications system to said central communications station via said secure connection and transmits second connection information for establishing another new connection with said second communications system to said central communications station via said secure connection; a first firewall and a second firewall respectively located between said external data network and said first and second communications systems, wherein said first firewall prevents communication initiated from said external data network from reaching said first communication system and said second firewall prevents communication initiated from said external data network from reaching said second communications system; and a first network address translation device and a second network address translation device respectively associated with said first and second communications systems, wherein each of said first and second network address translation devices respectively provides public source information for outbound data originated from said first and second communications systems, wherein; said central communications station comprises;
a secure connection interface that maintains secure connections with said first and second communications systems via said external communications network through a network access, anda secure redirector that; forwards said second connection information to said first communications system via said secure connection with said first communications system thereby enabling said first communications system to transmit a connection request to said second communications system wherein said connection request uses said second connection information as second communications system destination information, and forwards said first connection information to said second communications system via said secure connection with said second communications system, thereby; enabling said second communications system to transmit a connection acknowledgement and request from said second communications system to said first communications system wherein said connection acknowledgement and request uses said first connection information as first communications system destination information, and enabling said first communications system to transmit a connection acknowledgement directly from said first communications system to said second communications system, wherein; said first connection information includes a public Internet protocol address provided by said first network address translation device and port for said first communications system'"'"'s next connection; and
said second connection information said second connection information includes a public Internet protocol address provided by said second network address translation device and port for said second communications system'"'"'s next connection.
- said system comprising;
-
13. A central communications station for enabling a first communications system and a second communications system said central communications station comprising:
-
a processor; the first and second communication systems respectively located behind a first firewall and a second firewall, to directly communicate with each other, wherein said first firewall prevents communication initiated from an external data network from reaching said first communications system and said second firewall prevents communication initiated from an external data network from reaching said second communications system; means for maintaining a first secure connection with said first communications system via said external data network through said first firewall, wherein said first secure connection is initiated by said first communications system thereby being allowed to pass through said first firewall; means for maintaining a second secure connection with said second communications system via said external data network through said second firewall, wherein said second secure connection is initiated by said second communications system thereby being allowed to pass through said second firewall; and means for forwarding connection information for said second communications system to said first communications system via said first secure connection thereby enabling said first communications system to transmit data to said second communications system, wherein said data uses said connection information of-for said second communications system as its destination information and uses connection information for said central communications station as source information, said data originating from said first communications system appearing to originate from said central communications station, wherein said connection information for said second communications system includes an Internet protocol address and port of said second communications system and wherein said connection information for said central communications station includes an Internet protocol address and port of said central communications station. - View Dependent Claims (14, 15)
-
-
16. A central communications station for enabling a first communications system and a second communications system said central communications station comprising:
-
the first and second communication systems respectively located behind a first firewall and a second firewall and having respective associated first and second network address translation devices, to directly communicate with each other, wherein said first firewall prevents communication initiated from an external data network from reaching said first communications system and said second firewall prevents communication initiated from an external data network from reaching said second communications system and wherein each of said first and second network address translation devices respectively provides public source information for outbound data originated from said first and second communications system; means for maintaining a first secure connection via an external data network with said first communications system through said first firewall, wherein said first secure connection is initiated by said first communications system thereby being allowed to pass through said first firewall; means for maintaining a second secure connection via said external data network with said second communications system through said second firewall, wherein said second secure connection is initiated by said second communications system thereby being allowed to pass through said second firewall; means for obtaining first connection information for establishing anew connection with said first communications system from said first communications systems via said first secure connection; means for obtaining second connection information for establishing another new connection with said second communications system from said second communications system via said second secure connection; means for forwarding said second connection information to said first communications system via said first secure connection thereby enabling said first communications system to transmit a connection request to said second communications system, wherein said connection request uses said second connection information as second communications system destination information; and means for forwarding said first connection information system to said second communications system via said second secure connection, thereby; enabling said second communications system to transmit a connection acknowledgement and request to said first communications system wherein said connection acknowledgement and request uses said first connection information system as first communications system destination information, and enabling said first communications system to transmit a connection acknowledgement directly to said second communications system in response to receiving said connection acknowledgement and request from said second communications system wherein; said first connection information includes a public Internet protocol address provided-by said first network address translation device and port for said first communications system'"'"'s next connection; and
said second connection information includes a public Interact protocol address provided by said second network address translation device and port for said second communications system'"'"'s next connection.
-
-
17. A central communications station for enabling a first communications system and a second communications system said central communications station comprising:
-
said first and second communication systems respectively located behind a first firewall and a second firewall to directly communicate with each other, wherein said first firewall prevents communication initiated from an external data network from reaching said first communications system and said second firewall prevents communication initiated from an external data network from reaching said second communications system; a secure connection interface that maintains secure connections with said first and second communications systems through a network access to said external communications network; and a secure redirector that forwards connection information of said second communications system to said first communications system via said secure connection with said first communications system thereby enabling said first communications system to transmit data directly to said second communications system, wherein said data uses said connection information for said second communications system as destination information and uses connection information for said central communications station as source information, said data originating from said first communications system appearing to originate from said central communications station, wherein said connection information for said second communications system includes an Internet protocol address and port of said second communications system and wherein said connection information for said central communications station includes an Internet protocol address and port of said central communications station. - View Dependent Claims (18, 19)
-
-
20. A central communications station for enabling a first communications system and a second communications system said central communications station comprising:
-
said first and second communication systems respectively located behind a first firewall and a second firewall and having respective associated first and second network address translation devices, to directly communicate with each other, wherein said first firewall prevents communication initiated from an external data network from reaching said first communications system and said second firewall prevents communications initiated from an external data network from reaching said second communications system and wherein each of said first and second network address translation devices respectively provides public source information for outbound data originated from said first and second communications systems; a secure connection interface that maintains secure connections with said first and second communications systems via said external communications network through a network access; and a secure redirector that; forwards second connection information for establishing a new connection with said second communications system to said first communications system via said secure connection with said first communications system thereby enabling said first communications system to transmit a connection request to said second communications system wherein said connection request uses said connection information second communications system destination information, and forwards first connection information for establishing a new connection with said first communications system to said second communications system via said secure connection with said second communications system, thereby; enabling said second communications system to transmit a connection acknowledgement and request from said second communications system to said first communications system wherein said connection acknowledgement and request uses said first connection information as first communications system destination information, and enabling said first communications system to transmit a connection acknowledgement directly from said first communications system to said second communications system wherein; said first connection information includes a public Internet protocol address provided by said first network address translation device and port for said first communications system'"'"'s next connection; and
said second connection information includes a public Internet protocol address provided by said second network address translation device and port for said second communications system'"'"'s next connection.
-
Specification