DE60325264D1 - Filterung von Datenpaketen an einem Netzwerk-Gateway, das als Policy Enforcement Point für dienstbasierte Richtlinien (SBLP) arbeitet - Google Patents

Filterung von Datenpaketen an einem Netzwerk-Gateway, das als Policy Enforcement Point für dienstbasierte Richtlinien (SBLP) arbeitet

Info

Publication number
DE60325264D1
DE60325264D1 DE60325264T DE60325264T DE60325264D1 DE 60325264 D1 DE60325264 D1 DE 60325264D1 DE 60325264 T DE60325264 T DE 60325264T DE 60325264 T DE60325264 T DE 60325264T DE 60325264 D1 DE60325264 D1 DE 60325264D1
Authority
DE
Germany
Prior art keywords
data packets
network gateway
address
sblp
works
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
DE60325264T
Other languages
English (en)
Inventor
Xiaobao Chen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Orange SA
Original Assignee
Orange SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Orange SA filed Critical Orange SA
Application granted granted Critical
Publication of DE60325264D1 publication Critical patent/DE60325264D1/de
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/167Adaptation for transition between two IP versions, e.g. between IPv4 and IPv6
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/037Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/06Optimizing the usage of the radio link, e.g. header compression, information sizing, discarding information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/04Network layer protocols, e.g. mobile IP [Internet Protocol]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/16Gateway arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)
DE60325264T 2002-11-11 2003-11-07 Filterung von Datenpaketen an einem Netzwerk-Gateway, das als Policy Enforcement Point für dienstbasierte Richtlinien (SBLP) arbeitet Expired - Lifetime DE60325264D1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GBGB0226289.7A GB0226289D0 (en) 2002-11-11 2002-11-11 Telecommunications
PCT/GB2003/004812 WO2004045159A2 (en) 2002-11-11 2003-11-07 Filtering data packets at a network gateway working as a service-based policy (sblp) enforcement point

Publications (1)

Publication Number Publication Date
DE60325264D1 true DE60325264D1 (de) 2009-01-22

Family

ID=9947613

Family Applications (1)

Application Number Title Priority Date Filing Date
DE60325264T Expired - Lifetime DE60325264D1 (de) 2002-11-11 2003-11-07 Filterung von Datenpaketen an einem Netzwerk-Gateway, das als Policy Enforcement Point für dienstbasierte Richtlinien (SBLP) arbeitet

Country Status (10)

Country Link
US (1) US7554949B2 (de)
EP (2) EP1860834A1 (de)
JP (1) JP4690045B2 (de)
CN (1) CN100454886C (de)
AT (1) ATE417438T1 (de)
AU (1) AU2003276482A1 (de)
DE (1) DE60325264D1 (de)
ES (1) ES2316869T3 (de)
GB (1) GB0226289D0 (de)
WO (1) WO2004045159A2 (de)

Families Citing this family (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10120772A1 (de) * 2001-04-24 2002-11-07 Siemens Ag Heterogenes Mobilfunksystem
GB0328756D0 (en) * 2003-12-11 2004-01-14 Nokia Corp Controlling transportation of data packets
JP4298530B2 (ja) * 2004-01-30 2009-07-22 キヤノン株式会社 通信装置
JP2005217976A (ja) * 2004-01-30 2005-08-11 Canon Inc 電子機器及びその制御方法
US7385946B2 (en) 2004-06-03 2008-06-10 Nokia Corporation Service based bearer control and traffic flow template operation with mobile IP
US7512085B2 (en) * 2004-06-24 2009-03-31 International Business Machines Corporation Method for multicast tunneling for mobile devices
US8042170B2 (en) 2004-07-15 2011-10-18 Qualcomm Incorporated Bearer control of encrypted data flows in packet data communications
US8265060B2 (en) 2004-07-15 2012-09-11 Qualcomm, Incorporated Packet data filtering
JP4405360B2 (ja) * 2004-10-12 2010-01-27 パナソニック株式会社 ファイアウォールシステム及びファイアウォール制御方法
US8166547B2 (en) * 2005-09-06 2012-04-24 Fortinet, Inc. Method, apparatus, signals, and medium for managing a transfer of data in a data network
WO2007038445A2 (en) 2005-09-26 2007-04-05 Advanced Cluster Systems, Llc Clustered computer system
CN1870631B (zh) * 2005-11-11 2010-04-14 华为技术有限公司 媒体网关的门控方法
JP5080490B2 (ja) 2005-12-23 2012-11-21 テレフオンアクチーボラゲット エル エム エリクソン(パブル) 通信ネットワークにおけるルート最適化のための方法および装置
CN100442778C (zh) * 2006-01-12 2008-12-10 华为技术有限公司 对数据流进行防攻击过滤的方法、系统及其重定向设备
CN100512300C (zh) * 2006-01-13 2009-07-08 华为技术有限公司 一种在传输实时流时业务切换的方法
US8082289B2 (en) * 2006-06-13 2011-12-20 Advanced Cluster Systems, Inc. Cluster computing support for application programs
CN101005496B (zh) * 2006-06-27 2011-09-14 华为技术有限公司 媒体网关分组过滤方法及媒体网关
CN1997010B (zh) * 2006-06-28 2010-08-18 华为技术有限公司 一种包过滤的实现方法
JP4791285B2 (ja) * 2006-08-04 2011-10-12 富士通株式会社 ネットワーク装置およびフィルタリングプログラム
US8446874B2 (en) * 2006-08-21 2013-05-21 Samsung Electronics Co., Ltd Apparatus and method for filtering packet in a network system using mobile IP
KR100922939B1 (ko) * 2006-08-22 2009-10-22 삼성전자주식회사 모바일 아이피를 사용하는 네트워크 시스템에서 패킷필터링 장치 및 방법
CN101141386B (zh) * 2006-09-08 2011-04-13 华为技术有限公司 路由优化管理方法及其装置
KR100842289B1 (ko) * 2006-12-08 2008-06-30 한국전자통신연구원 IPv6에서의 효율적인 대역폭 사용을 위한 통신 방법
WO2009007985A2 (en) * 2007-07-06 2009-01-15 Elitecore Technologies Limited Identity and policy-based network security and management system and method
US7844728B2 (en) * 2007-07-31 2010-11-30 Alcatel-Lucent Usa Inc. Packet filtering/classification and/or policy control support from both visited and home networks
US9043862B2 (en) * 2008-02-06 2015-05-26 Qualcomm Incorporated Policy control for encapsulated data flows
SE535689C2 (sv) 2009-04-01 2012-11-13 Synapse Int Sa Ett system och förfarande för att möjliggöra kortaste kopplingsväg för ett mobilt organ
SE535670C2 (sv) * 2009-04-01 2012-11-06 Synapse Int Sa Ett system och förfarande för att möjliggöra kortaste kopplingsväg för ett mobilt organ
US8570944B2 (en) * 2009-05-11 2013-10-29 Zte (Usa) Inc. Internetworking techniques for wireless networks
US9179499B1 (en) 2009-07-08 2015-11-03 Zte (Usa) Inc. Network selection at a wireless communication device in wireless communications based on two or more radio access technologies
GB2493508B (en) * 2011-07-27 2014-06-18 Samsung Electronics Co Ltd Controlling data transmission between a user equipment and a acket data network
US8954700B2 (en) 2011-08-02 2015-02-10 Cavium, Inc. Method and apparatus for managing processing thread migration between clusters within a processor
FR3004037A1 (fr) * 2013-04-02 2014-10-03 France Telecom Procede de transport d'information de localisation au travers d'une authentification
CN103581189B (zh) * 2013-11-06 2017-01-04 东软集团股份有限公司 应用策略的匹配方法及系统
US9544402B2 (en) * 2013-12-31 2017-01-10 Cavium, Inc. Multi-rule approach to encoding a group of rules
CN106257880B (zh) * 2015-06-17 2019-06-28 北京网御星云信息技术有限公司 一种电磁屏蔽环境下的防火墙控制方法和系统
US10382208B2 (en) * 2016-04-29 2019-08-13 Olympus Sky Technologies, S.A. Secure communications using organically derived synchronized processes

Family Cites Families (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06112944A (ja) * 1992-09-30 1994-04-22 Sharp Corp 情報通信装置
JPH11234333A (ja) 1998-02-13 1999-08-27 Chokosoku Network Computer Gijutsu Kenkyusho:Kk ゲートウェイ装置
US6636498B1 (en) * 1999-01-08 2003-10-21 Cisco Technology, Inc. Mobile IP mobile router
DE69925453T2 (de) 1999-02-26 2006-05-11 Lucent Technologies Inc. Mobiles IP ohne Einkapselung
US6915325B1 (en) * 2000-03-13 2005-07-05 Nortel Networks Ltd Method and program code for communicating with a mobile node through tunnels
CA2308697A1 (en) 2000-05-15 2001-11-15 Nortel Networks Limited Exclusion routes in border gateway protocol (bgp) routers
US6621793B2 (en) * 2000-05-22 2003-09-16 Telefonaktiebolaget Lm Ericsson (Publ) Application influenced policy
FR2812783A1 (fr) 2000-08-03 2002-02-08 Cit Alcatel Procede de transmission d'informations par paquets avec allocation de ressources et reseau mettant en oeuvre ce procede
GB2366480A (en) 2000-08-21 2002-03-06 Lucent Technologies Inc Method of operating a third generation mobile communication system
GB2366482A (en) * 2000-08-21 2002-03-06 Lucent Technologies Inc Method of operating third generation communication systems
JP4491980B2 (ja) 2001-03-05 2010-06-30 ソニー株式会社 通信処理システム、通信処理方法、および通信端末装置、並びにプログラム
CN2485724Y (zh) * 2001-03-16 2002-04-10 联想(北京)有限公司 网关级计算机网络病毒防范的装置
JP2002290444A (ja) * 2001-03-23 2002-10-04 Mitsubishi Electric Corp 移動体通信システム、通信方法およびパケットフィルタリング制御方法
GB0113901D0 (en) 2001-06-07 2001-08-01 Nokia Corp Security in area networks
US7123599B2 (en) * 2001-07-13 2006-10-17 Hitachi, Ltd. Mobile communication system
WO2003015356A1 (en) * 2001-08-08 2003-02-20 Fujitsu Limited Server, mobile communication terminal, radio device, communication method for communication system, and communication system
JP2003209890A (ja) * 2001-11-07 2003-07-25 Matsushita Electric Ind Co Ltd 移動通信方法および移動通信システム
US6973086B2 (en) * 2002-01-28 2005-12-06 Nokia Corporation Method and system for securing mobile IPv6 home address option using ingress filtering
US7272148B2 (en) * 2002-06-27 2007-09-18 Hewlett-Packard Development Company, L.P. Non-ALG approach for application layer session traversal of IPv6/IPv4 NAT-PT gateway
AU2003273340A1 (en) * 2002-09-18 2004-04-08 Flarion Technologies, Inc. Methods and apparatus for using a care of address option
US7466680B2 (en) * 2002-10-11 2008-12-16 Spyder Navigations L.L.C. Transport efficiency optimization for Mobile IPv6

Also Published As

Publication number Publication date
EP1860834A1 (de) 2007-11-28
GB0226289D0 (en) 2002-12-18
WO2004045159A2 (en) 2004-05-27
ATE417438T1 (de) 2008-12-15
AU2003276482A1 (en) 2004-06-03
ES2316869T3 (es) 2009-04-16
JP2006506007A (ja) 2006-02-16
JP4690045B2 (ja) 2011-06-01
CN100454886C (zh) 2009-01-21
WO2004045159A3 (en) 2004-09-16
EP1561316B1 (de) 2008-12-10
CN1711728A (zh) 2005-12-21
AU2003276482A8 (en) 2004-06-03
EP1561316A2 (de) 2005-08-10
US7554949B2 (en) 2009-06-30
US20060104284A1 (en) 2006-05-18

Similar Documents

Publication Publication Date Title
DE60325264D1 (de) Filterung von Datenpaketen an einem Netzwerk-Gateway, das als Policy Enforcement Point für dienstbasierte Richtlinien (SBLP) arbeitet
US10582411B2 (en) Techniques for handling network traffic
US7050396B1 (en) Method and apparatus for automatically establishing bi-directional differentiated services treatment of flows in a network
US20050268332A1 (en) Extensions to filter on IPv6 header
US7136362B2 (en) Method of operating a mobile telecommunications network
CA2293130C (en) Method and apparatus for dynamically controlling the provision of differentiated services
GB2375256A (en) Determining service level identification to data transmitted between a device and a network
CA2500343A1 (en) Method and apparatus for the use of micro-tunnels in a communications system
EP2025108A2 (de) Verfahren und system zum dynamischen konfigurieren einer verkehrsflussvorlage
US20070160015A1 (en) Applying one or more session access parameters to one or more data sessions
CN101420369A (zh) 通用分组无线业务隧道协议报文传输方法、系统及设备
WO2002041589A1 (en) A communications system
KR100891208B1 (ko) 패킷 데이터 망에서 패킷 데이터 흐름을 프로세싱하는 방법, 장치, 시스템 및 컴퓨터 프로그램이 수록된 컴퓨터 판독가능 기록 매체
GB2366481A (en) Method of providing quality of service in mobile telecommunication networks
JP3715934B2 (ja) 輻輳制御方法、エッジ型パケット転送装置及びネットワーク
Chen et al. IP connectivity for gateway GPRS support node
JP6649496B2 (ja) 電気通信ネットワークとユーザ機器との間の通信を処理するための方法
US20110149734A1 (en) Smart border router and method for transmitting flow using the same
EP1757061B1 (de) Erweiterungen zur filterung von ipv6-kopfteilen
Kure et al. Architecture for TDM circuit emulation over IP in tactical networks
Molnar et al. Application Programming Interface offering classification services to end-user applications

Legal Events

Date Code Title Description
8364 No opposition during term of opposition