US2006168321A1PendingUtilityA1
System and method for traversing firewalls, NATs, and proxies with rich media communications and other application protocols
Est. expiryMar 27, 2022(expired)· nominal 20-yr term from priority
H04L 69/326H04L 61/256H04L 9/40H04L 69/166H04L 67/34H04L 63/168H04L 63/0281H04L 69/164H04L 63/0209H04L 69/32H04L 63/0218H04L 69/329H04L 69/14H04L 63/029H04L 69/165H04L 63/0272H04L 69/162H04L 61/2592H04L 69/161H04L 69/16
42
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A tunneling system and method is described for traversing firewalls, NATs, and proxies. Upon a request from a device on the secure private network or on a public network such as the Internet, a connection to a designated or permitted device of the secure private network by way of the public network can be established, allowing selected devices of the private network to access devices on the public network. A bi-directional channel can be established where information such as rich multimedia and real-time voice and video can be accessed or communicated.
Claims
exact text as granted — not AI-modified1 . A computer program product for use in conjunction with a computer device, the computer program product comprising a computer-readable medium and a computer program product embodied therein that causes the computer device to perform data transfers across a security device interposed between the computer device and a second device, the computer program product having:
computer program codes to cause the computer device to monitor requests for data transfer to one or more determinable ports of the second device; computer program codes to cause the computer device to create at least one reliable connection-based data channel to the second device in response to one or more of said requests; computer program codes to cause the computer device to intercept data destined for one or more determinable destination ports of the second device, wherein the intercepted data comprises packets of a connectionless protocol; and computer program codes to cause the computer device to encapsulate the intercepted data within a connection-based protocol and to send the encapsulated data to the second device via the reliable connection-based data channel.
2 . The computer program product of claim 1 , wherein the intercepted data comprises packets of a connection-based protocol.
3 . The computer program product of claim 1 , further comprising computer program codes to cause the computer device to perform a security device detection process to determine whether establishment of the reliable connection-based data channel is necessary.
4 . The computer program product of claim 1 , further comprising computer program codes to cause the computer device to respond with a dummy packet upon receiving a retransmission request for at least a portion of the encapsulated data.
5 . The computer program product of claim 4 , wherein the dummy packet includes an alternating bit pattern.
6 . The computer program product of claim 1 , wherein the computer device is a server coupled to one or more client endpoints.
7 . The computer program product of claim 6 , further comprising computer program codes to cause the computer device to receive connectionless-based data from the client endpoints.
8 . The computer program product of claim 7 , further comprising computer program codes to cause the computer device to send connectionless-based data to the client endpoints.
9 . The computer program product of claim 1 , further comprising computer program codes to cause the computer device to receive connectionless-based data from and transmit connectionless-based data to an application endpoint appliance.
10 . A computer program product for use in conjunction with a computer device, the computer program product comprising a computer-readable medium and a computer program product embodied therein that causes the computer device to perform data transfers across a proxy interposed between the computer device and a second device, the computer program product having:
computer program codes to cause the computer device to monitor requests for data transfer to one or more determinable ports of the second device; computer program codes to cause the computer device to create at least one reliable connection-based data channel to the second device; computer program codes to cause the computer device to intercept data destined for one or more determinable destination ports of the second device; computer program codes to cause the computer device to encapsulate the intercepted data within a connection-based protocol and to send the encapsulated data to the second device via the reliable connection-based data channel; and computer program codes to cause the computer device to respond with a dummy packet upon receiving a retransmission request from the proxy for at least a portion of the encapsulated data.
11 . The computer program product of claim 10 , wherein the wherein the intercepted data comprises packets of a connection-based protocol and packets of a connectionless protocol.
12 . The computer program product of claim 10 , further comprising computer program codes to cause the computer device to perform a security device detection process to determine whether establishment of the reliable connection-based data channel is necessary.
13 . The computer program product of claim 10 , wherein the computer device is a server coupled to one or more client endpoints.
14 . The computer program product of claim 13 , further comprising computer program codes to cause the computer device to receive connectionless-based data from the client endpoints.
15 . The computer program product of claim 14 , further comprising computer program codes to cause the computer device to send connectionless-based data to the client endpoints.
16 . The computer program product of claim 10 , further comprising computer program codes to cause the computer device to receive connectionless-based data from and transmit connectionless-based data to an application endpoint appliance.
17 . A computer program product for use in conjunction with a computer device, the computer program product comprising a computer-readable medium and a computer program product embodied therein that causes the computer device to receive connectionless-based data transfer across a network security device interposed between the computer device and a second device, the computer program product having:
computer program codes to cause the computer device to monitor incoming packets of a connection-based protocol; and computer program codes to cause the computer device to de-encapsulate the incoming packets of a connection-based protocol to obtain packets of a connectionless protocol.
18 . The computer program product of claim 17 , further comprising computer program codes to cause the computer device to assign a fake address to the second device.
19 . The computer program product of claim 18 , further comprising computer program codes to cause the computer device to replace addresses of the packets of the connectionless protocol with the fake address.
20 . The computer program product of claim 17 , further comprising:
computer program codes to cause the computer device to identify dummy packets from the packets of the connectionless protocol; and computer program codes to cause the computer device to discard the dummy packets.
21 . A method of transferring data from a first computer device to a second computer device, the method comprising:
monitoring requests for data transfer to one or more determinable ports of the second device; creating at least one reliable connection-based data channel to the second device in response to one or more of said requests; intercepting data destined for one or more determinable destination ports of the second device, wherein the intercepted data comprises packets of a connectionless protocol; and encapsulating the intercepted data within a connection-based protocol and to send the encapsulated data to the second device via the reliable connection-based data channel.
22 . The method of claim 21 , wherein the intercepted data comprises packets of a connection-based protocol.
23 . The method of claim 21 , further comprising performing a security device detection process to determine whether establishment of the reliable connection-based data channel is necessary.
24 . The method of claim 21 , further comprising responding with a dummy packet upon receiving a retransmission request for at least a portion of the encapsulated data.
25 . The method of claim 24 , wherein the dummy packet includes an alternating bit pattern.
26 . The method of claim 21 , wherein the computer device is a server coupled to one or more client endpoints.
27 . The method of claim 26 , further comprising receiving connectionless-based data from the client endpoints.
28 . The method of claim 27 , further comprising sending connectionless-based data to the client endpoints.
29 . The method of claim 21 , further comprising receiving connectionless-based data from and transmit connectionless-based data to an application endpoint appliance.
30 . A software module embodied in a computer-readable medium, said software module being useful for allowing transfer of data through a network security firewall and between first endpoint and second endpoint coupled to opposite sides of the network security firewall, said software module comprising:
a first program component configured to run on the first endpoint at a protocol stack level, the first program component for monitoring requests for data transfer on destination ports of the second endpoint and for establishing a reliable communication channel between the first endpoint and the second endpoint in response to one or more of the requests; and a second program component configured to run on the first endpoint at a driver level, wherein the second program component, in response to commands from the first program component, selectively encapsulates packets of a connection-based protocol and packets of a connectionless protocol with a reliable connection-based protocol and transmits the encapsulated packets to the second endpoint via the reliable communication channel.
31 . The software module of claim 30 wherein the reliable connection-based protocol is Transport Control Protocol (TCP).
32 . The software module of claim 31 wherein the connectionless protocol is User Defined Protocol (UDP).
33 . The software module of claim 32 , wherein the connection-based protocol is Transport Control Protocol (TCP).Join the waitlist — get patent alerts
Track US2006168321A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.