US2006168321A1PendingUtilityA1

System and method for traversing firewalls, NATs, and proxies with rich media communications and other application protocols

Assignee: EISENBERG ALFRED JPriority: Mar 27, 2002Filed: Jan 13, 2005Published: Jul 27, 2006
Est. expiryMar 27, 2022(expired)· nominal 20-yr term from priority
H04L 69/326H04L 61/256H04L 9/40H04L 69/166H04L 67/34H04L 63/168H04L 63/0281H04L 69/164H04L 63/0209H04L 69/32H04L 63/0218H04L 69/329H04L 69/14H04L 63/029H04L 69/165H04L 63/0272H04L 69/162H04L 61/2592H04L 69/161H04L 69/16
42
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A tunneling system and method is described for traversing firewalls, NATs, and proxies. Upon a request from a device on the secure private network or on a public network such as the Internet, a connection to a designated or permitted device of the secure private network by way of the public network can be established, allowing selected devices of the private network to access devices on the public network. A bi-directional channel can be established where information such as rich multimedia and real-time voice and video can be accessed or communicated.

Claims

exact text as granted — not AI-modified
1 . A computer program product for use in conjunction with a computer device, the computer program product comprising a computer-readable medium and a computer program product embodied therein that causes the computer device to perform data transfers across a security device interposed between the computer device and a second device, the computer program product having: 
 computer program codes to cause the computer device to monitor requests for data transfer to one or more determinable ports of the second device;    computer program codes to cause the computer device to create at least one reliable connection-based data channel to the second device in response to one or more of said requests;    computer program codes to cause the computer device to intercept data destined for one or more determinable destination ports of the second device, wherein the intercepted data comprises packets of a connectionless protocol; and    computer program codes to cause the computer device to encapsulate the intercepted data within a connection-based protocol and to send the encapsulated data to the second device via the reliable connection-based data channel.    
     
     
         2 . The computer program product of  claim 1 , wherein the intercepted data comprises packets of a connection-based protocol.  
     
     
         3 . The computer program product of  claim 1 , further comprising computer program codes to cause the computer device to perform a security device detection process to determine whether establishment of the reliable connection-based data channel is necessary.  
     
     
         4 . The computer program product of  claim 1 , further comprising computer program codes to cause the computer device to respond with a dummy packet upon receiving a retransmission request for at least a portion of the encapsulated data.  
     
     
         5 . The computer program product of  claim 4 , wherein the dummy packet includes an alternating bit pattern.  
     
     
         6 . The computer program product of  claim 1 , wherein the computer device is a server coupled to one or more client endpoints.  
     
     
         7 . The computer program product of  claim 6 , further comprising computer program codes to cause the computer device to receive connectionless-based data from the client endpoints.  
     
     
         8 . The computer program product of  claim 7 , further comprising computer program codes to cause the computer device to send connectionless-based data to the client endpoints.  
     
     
         9 . The computer program product of  claim 1 , further comprising computer program codes to cause the computer device to receive connectionless-based data from and transmit connectionless-based data to an application endpoint appliance.  
     
     
         10 . A computer program product for use in conjunction with a computer device, the computer program product comprising a computer-readable medium and a computer program product embodied therein that causes the computer device to perform data transfers across a proxy interposed between the computer device and a second device, the computer program product having: 
 computer program codes to cause the computer device to monitor requests for data transfer to one or more determinable ports of the second device;    computer program codes to cause the computer device to create at least one reliable connection-based data channel to the second device;    computer program codes to cause the computer device to intercept data destined for one or more determinable destination ports of the second device;    computer program codes to cause the computer device to encapsulate the intercepted data within a connection-based protocol and to send the encapsulated data to the second device via the reliable connection-based data channel; and    computer program codes to cause the computer device to respond with a dummy packet upon receiving a retransmission request from the proxy for at least a portion of the encapsulated data.    
     
     
         11 . The computer program product of  claim 10 , wherein the wherein the intercepted data comprises packets of a connection-based protocol and packets of a connectionless protocol.  
     
     
         12 . The computer program product of  claim 10 , further comprising computer program codes to cause the computer device to perform a security device detection process to determine whether establishment of the reliable connection-based data channel is necessary.  
     
     
         13 . The computer program product of  claim 10 , wherein the computer device is a server coupled to one or more client endpoints.  
     
     
         14 . The computer program product of  claim 13 , further comprising computer program codes to cause the computer device to receive connectionless-based data from the client endpoints.  
     
     
         15 . The computer program product of  claim 14 , further comprising computer program codes to cause the computer device to send connectionless-based data to the client endpoints.  
     
     
         16 . The computer program product of  claim 10 , further comprising computer program codes to cause the computer device to receive connectionless-based data from and transmit connectionless-based data to an application endpoint appliance.  
     
     
         17 . A computer program product for use in conjunction with a computer device, the computer program product comprising a computer-readable medium and a computer program product embodied therein that causes the computer device to receive connectionless-based data transfer across a network security device interposed between the computer device and a second device, the computer program product having: 
 computer program codes to cause the computer device to monitor incoming packets of a connection-based protocol; and    computer program codes to cause the computer device to de-encapsulate the incoming packets of a connection-based protocol to obtain packets of a connectionless protocol.    
     
     
         18 . The computer program product of  claim 17 , further comprising computer program codes to cause the computer device to assign a fake address to the second device.  
     
     
         19 . The computer program product of  claim 18 , further comprising computer program codes to cause the computer device to replace addresses of the packets of the connectionless protocol with the fake address.  
     
     
         20 . The computer program product of  claim 17 , further comprising: 
 computer program codes to cause the computer device to identify dummy packets from the packets of the connectionless protocol; and    computer program codes to cause the computer device to discard the dummy packets.    
     
     
         21 . A method of transferring data from a first computer device to a second computer device, the method comprising: 
 monitoring requests for data transfer to one or more determinable ports of the second device;    creating at least one reliable connection-based data channel to the second device in response to one or more of said requests;    intercepting data destined for one or more determinable destination ports of the second device, wherein the intercepted data comprises packets of a connectionless protocol; and    encapsulating the intercepted data within a connection-based protocol and to send the encapsulated data to the second device via the reliable connection-based data channel.    
     
     
         22 . The method of  claim 21 , wherein the intercepted data comprises packets of a connection-based protocol.  
     
     
         23 . The method of  claim 21 , further comprising performing a security device detection process to determine whether establishment of the reliable connection-based data channel is necessary.  
     
     
         24 . The method of  claim 21 , further comprising responding with a dummy packet upon receiving a retransmission request for at least a portion of the encapsulated data.  
     
     
         25 . The method of  claim 24 , wherein the dummy packet includes an alternating bit pattern.  
     
     
         26 . The method of  claim 21 , wherein the computer device is a server coupled to one or more client endpoints.  
     
     
         27 . The method of  claim 26 , further comprising receiving connectionless-based data from the client endpoints.  
     
     
         28 . The method of  claim 27 , further comprising sending connectionless-based data to the client endpoints.  
     
     
         29 . The method of  claim 21 , further comprising receiving connectionless-based data from and transmit connectionless-based data to an application endpoint appliance.  
     
     
         30 . A software module embodied in a computer-readable medium, said software module being useful for allowing transfer of data through a network security firewall and between first endpoint and second endpoint coupled to opposite sides of the network security firewall, said software module comprising: 
 a first program component configured to run on the first endpoint at a protocol stack level, the first program component for monitoring requests for data transfer on destination ports of the second endpoint and for establishing a reliable communication channel between the first endpoint and the second endpoint in response to one or more of the requests; and    a second program component configured to run on the first endpoint at a driver level, wherein the second program component, in response to commands from the first program component, selectively encapsulates packets of a connection-based protocol and packets of a connectionless protocol with a reliable connection-based protocol and transmits the encapsulated packets to the second endpoint via the reliable communication channel.    
     
     
         31 . The software module of  claim 30  wherein the reliable connection-based protocol is Transport Control Protocol (TCP).  
     
     
         32 . The software module of  claim 31  wherein the connectionless protocol is User Defined Protocol (UDP).  
     
     
         33 . The software module of  claim 32 , wherein the connection-based protocol is Transport Control Protocol (TCP).

Join the waitlist — get patent alerts

Track US2006168321A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.