GB2316841A - Method for controlling a firewall - Google Patents
Method for controlling a firewall Download PDFInfo
- Publication number
- GB2316841A GB2316841A GB9718374A GB9718374A GB2316841A GB 2316841 A GB2316841 A GB 2316841A GB 9718374 A GB9718374 A GB 9718374A GB 9718374 A GB9718374 A GB 9718374A GB 2316841 A GB2316841 A GB 2316841A
- Authority
- GB
- United Kingdom
- Prior art keywords
- terminal
- firewall
- mobile terminal
- network
- inner network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/26—Network addressing or numbering for mobility support
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W80/00—Wireless network protocols or protocol adaptations to wireless operation
- H04W80/04—Network layer protocols, e.g. mobile IP [Internet Protocol]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
When a mobile terminal 21 connected to an Internet service provider (ISP) 30 intends to access an inner network 20 within a firewall 22 via the Internet 10, the ISP sends terminal user information to the inner network. An agent host 32 investigates the Internet protocol (IP) address and the account of the terminal and determines whether the mobile terminal is a terminal moved from the inner network based on this information. If this is the case, a host 23 managing the firewall sets a filter in the firewall allowing telecommunication between the mobile terminal and the inner network. The communication between the terminal and inner network may be by means of a two-way IP tunnel 40.
Description
Specification
TITLE OF THE INVENTION Method for dynamically controlling a firewall
FIELD OF THE INVENTION This invention relates to a method for dynamically controlling a firewall.
BACKGROUND OF THE INVENTION
In a case of connecting a private network with the Internet, it is necessary to prevent a dishonest access from the Internet. However, if perfectly shut down a telecamnunication between an internal network and an external network, it is impossible for a user of the internal network to access to his home network via the Internet.
Therefore, it is necessary to construct a firewall which selectively permits a telecommunication from an outside via the
Internet.
In a prior art of a firewall, out of all data packets between the internal network and the external network, a previously permitted packet is only passed, but, another packet is shut down by using a filter.
Generally, such a filter is set by designating an IP (Thternet Protokol) address of a terminal sending a packet, an IP address of a terminal receiving the packet, a kind of used protokol and a port number etc. For example, in a case of a telecommunication from an specific external IP address to any internal host (terminal) by using TCP (Transmission Control Protokol), a telecaixonication using a specific port number (for example, 110) is permitted.
Wherein, the port number is an identifier for indicating a process of an upper layer in TCP or UDP (User Datagram Protokol).
However, it is difficult to obtain a pertinent filtering when a user accesses to his home network, by a dial-up or ppp connection via an
ISP (Thternet Service Provider) at outside of the home network, by using a mobile computer such as a note-type personal computer (a note-type
PC), because upper 4 digits indicates a network with which the mobile
PC is connected and lower 4 digits indicates an identifier of the mobile
PC in the network, while the IP address used in the Internet telecommunication is indicated by 4 bytes number.
Namely, in a case of dial-up connection by a mobile host (MH) moved from its home network, the IP address assigned to the mobile host is different every connection, then it is impossible to take a telecommunication using an IP address assigned in its home network.
THerefore, it is difficult to set a filter in the firewall by designating an IP (Thternet Protokol) address of the terminal sending a data packet and an IP address of the terminal receiving the data packet, because an IP address of a moved terminal is not constant in the dailup connection.
Furthermore, it is not always possible for the user to use inner resources (a disk, data base and WWW etc.) of the home network to which he usually accesses, even if the filter of the firewall is pertinently set and it is possible only for an authorized mobile host and its user to permit an access from outside to the home network, because an access to the inner resources is individually limited and the access is permitted or is not permitted based on an IP address of a client terminal.
Next, referring to Fig.3, a mobile-IP address is explained, the mobile-IP is under work for standardization.
The mobile IP is a technique which enables to use a same IP address to the mobile terminal which moves anywhere, whenever the mobile terminal connects the Internet.
However, now, the mobile-IP is not adaptive to a network having the firewall.
In Fig.3, 100 denotes the Internet, 200 denotes a home network of a mobile terminal 201, 202 denotes a home agent (HA) on the home network 200, 203 denotes a router, 300 denotes an ISP, 400 denotes another network and 401 denotes a terminal on the network 400.
In Fig.3, an IP address of the home network 200 to which the mobile terminal 201 is usually connected is [133.128.8.0], an IP address of the mobile terminal 201 on the home network 200 is [133.128.8.
81], an IP address of the home agent 202 is [133.128.8.100], and, an IP address of the mobile terminal 201 is [130.54.20.199] which is assigned by the ISP when the terminal 201 connects to the ISP by dial-up connection.
Generally, when a packet is sent from the terminal 401 on the network 400 to the terminal 201, as a rout 501 shown in Fig.3, the packet is transferred to the home network 200 to which the terminal 201 is usually connected. Therefore, when the terminal has been moved to another network, for example the ISP 300, it is necessary to transfer the packet to the network 300.
For transferring the packet, in the mobile-IP, an agent host is respectively provided to the network from which the mobile terminal is moved and the network to which the mobile terminal is moved. The agent in the network from which the mobile terminal is moved is called as a home agent and the agent in the network to which the mobile terminal is moved is called as a foreign agent. It is possible that the mobile terminal has a function of the foreign agent. In Fig.3, the mobile terminal 201 has a function of the foreign agent.
When the terminal 201 moved from its home network 200 connects to the ISP 300 by dial-up connection 301, a temporary IP address [130.54.2 0.199] is assigned to the terminal 201 by the ISP.
The IP address [130.54.20.199] of the mobile terminal 201 and its IP address [133.128.8.81] in the home network 200 are informed to the home agent 202 in the home network 200 via the ISP and the Internet100.
Then, the home-agent 202 records that the terminal 201 having the IP [133.
128.8.81] is moving and its temporary IP address is [130.54.20.199] in its data base, based on the received information.
When a packet is sent from the terminal 401 in the network 400 to the terminal 201 by using the usual IP address [133.128.8.81], as shown by route 502, the home agent 202 receives the packet instead of the mobile terminal 201. Then, as shown by the route 503, the home agent 202 transfers the packet from the terminal 401 to the mobile terminal 201 via the Internet 100 and the ISP 300 to the mobile terminal 201, by embedding the packet from the terminal 401 into a packet forwarded to the temporary IP address [130.54.20.199]. The mobile terminal 201 obtains the original packet of the terminal 401 from the received packet, if necessary, as shown by the route 504, any packet to the terminal 401 via the ISP and the Internet.
As mentioned-above, in the mobile-IP, it is possible to a packet from the terminal 401 to the mobile terminal 201 by using the usual IP address [133.128.8.81].
However, the telecommunication using the temporary IF address [130.
54.20.199] is necessary between the mobile terminal 201 and the home agent 202.
Namely, in the mobile-IP, since any process is not applied to the packet send from the mobile terminal 201, an usual routing is necessary.
Therefore, it is impossible for the mobile terminal 201 to another terminal inside the home network 200 except for the home agent 202 under the above-mentioned firewall, because only the telecommunication between the mobile terminal 201 and the home agent 202 is allowed.
This means that the mobile terminal 201 is limited to access to the resource of its home network 200.
An object of the present invention is to provide a method for dynamically controlling a firewall which enables to set a filter pertinent to the mobile terminal being connected with the ISP (Thternet Service Provider) by the dial-up connection and its user.
An object of embodiments of the present invention is to provide a method for dynamically controlling a firewall which enables to pertinently permit that said mobile terminal and its user access to the resource of the home network from outside.
The present invention enables to set a pertinent filter by obtaining a user information from an Internet service provider. Embodiments of the present invention resolve an limitation of an access to a resource of a home network by combining the filter setting with a mobile-Ip According to the present invention there is provided a method for enabling a pertinent filter comprising the steps of: a step for sending a user information of a terminal being connected to an internet service provider by dial-up connection to an inner network inside a firewall from said internet service provider when said terminal accesses to said inner network via the Internet.
a step that said inner network determines whether said terminal is a mobile terminal moved from said inner network, based on said user information; a step for setting a filter of said firewall to permit a telecommunication between said terminal when said terminal is said mobile terminal moved from said inner network.
In a method embodying the present invention for resolving an limitation of an access, further an IP tunnel is used after setting of said filter for a telecommunication between said terminal and inner network.
In another embodiment for resolving an limitation of an access, said user information is transferred between an agent host provided in said internet service provider and a host for managing said firewall which sets said filter of said firewall provided in said inner network, and said telecommunication using said IP tunnel is done between said terminal and a home agent provided in said inner network.
BRIEF DESCRIPTION OF THE DRAWINGS
Fig. 1 shows a configuration of a system to which a method ernbodying the present invention is applied.
Fig. 2 shows a mobile-IP which is adaptive to a firewall.
Fig. 3 shows an prior art mobile-IP which is not adaptive to a firewall.
DETAILED DESaUPITON OF PREFERRED EMBODIMENTS An embodiment of the present invention will be explained referring to the drawings.
In Fig. 1, 10 denotes the Internet, 20 denotes an inner network having plural home networks 20A, 20B and 20C, 21 denotes a mobile terminal which is usually connected to the inner network 20, 22 denotes a firewall, 23 denotes a host for managing the firewall, 24 denotes a home agent provided in each of home networks 20A, 20B and 20C,
30 denotes an ISP (Thternet Service Provider), 31 denotes a server for authentication in the ISP, 32 denotes an agent host in the ISP.
The mobile terminal 21 has a function of a foreign agent for mobile-IP. The mobile terminal 21 is intended to connect the inner network 20 via the Internet, by dial-up connection to the ISP at any location after moving from the home network.
In this embodiment, a mechanism for controlling the firewall based on a user information obtained from the ISP and a mobile-IP mechanism adaptive to the firewall are provided.
The mechanism for controlling the firewall 22 based on the user information obtained from ISP 30 will be explained referring to Fig. 1.
A user account (ID) and a pass word are input to the ISP 30, when a user of the mobile terminal 21 intends to connect to the ISP 30 by the dial-up connection. In the ISP 30, the authentication server 31 determines whether the user input data are proper or not. Only when the user input data are proper, an IP address is assigned to the mobile terminal 21, then the mobile terminal 21 is connected to the Internee 100. For this purpose, the ISP 30 can always grasp which user is connecting to the ISP 30 based on the user information and which IP address is assigned to the mobile terminal 21.
When the inner network 20 can know the user and an IP address used by the user, by obtaining the user information from the ISP 30, it is possible to properly set the filter. Then, it is possible to permit a telecommunication from a user who is previously allowed to access to the inner network 20 and to exclude an access from a user who has not authority for the access.
In Fig.1, a mechanism for adding and/or deleting a filter is provided, by providing the host 23 for managing the firewall within the inner network 20. Further, the agent host 32 is provided within the
ISP so that only the telecommunication between the agent host 32 and the host 23 for managing the firewall can be allowed. Since the hosts 23 and 32 can use a fixed IF address for this telecommunication, there is no problem on setting the filter for the firewall.
Concretely, the filter is set by the following steps (1)(7).
The step (n) corresponds to an symbol (n) in Fig,1.
(1) When the mobile terminal 21 intends to access to the inner network 20 from outside of it, the mobile terminal 21 requests an establishment of the connection between the mobile terminal 21 and the inner network 20 via the the agent host 32 in the ISP.
(2) The agent host 32 investigates an IP address and an account at dialup connection of the mobile terminal 21.
(3) The agent host 32 relays a message from the mobile terminal 21 to the host 23 for managing the firewall, only when the mobile terminal 21 is connected by using a specific account which is allowed to access inside the firewall 22.
(4) An authentication is done by end-to-end method between the mobile terminal 21 and the home agent 24 via the host 23 for managing the firewall, because, in mobile-IP, an authentication must be done between the mobile terminal and the home agent.
(5) If the authentication is successful, the home agent sends a message of the success to the host 23 for managing the firewall.
(6) Then, the host 23 for managing the firewall changes the setting of the firewall 22 so as to permit the telecommunication between the mobile terminal 21 and the home agent 24.
(7) At the time when the host 23 for managing the firewall enables the telecommunication between the mobile terminal 21 and the home agent 24 by changing the setting of the firewall 22, the host 23 informs it to the home agent 24 and the host 23 informs it to the mobile terminal 21 via the agent host 32. After receiving the message, the home agent 24 sets an IP tunnel to the mobile terminal 21 and the mobile terminal 21 sets an IP tunnel to the home agent 24, then a two-way IP tunnel 40 is set.
By using the two-way IP tunnel 40, the mobile terminal 21 telecomuunicates with each terminal of the inner network 20. Wherein, the mobile terminal 21 periodically sends a message for maintaining the connection to the host 23 for managing the firewall. When the message for maintaining the connection from a certain mobile terminal stops, the host 23 for managing the firewall automatically deletes the filter setting to the mobile terminal.
As mentioned above, it is possible to set the firewall 22 only within a necessary term and only for the telecommunication of which start point and end point are distinctly restricted.
A specification of the mobile-IP which is under work for standardization is not adaptive to the network 20 having the firewall 22.
Then, the mobile-IP is improved to adapt to the firewall 22 as follows, and the improved mobile-IP is combined with the abovementioned filter setting.
An combination of the mobile-IP and the dynamic firewall control will be explained referring to Fig. 2.
As a route 52 shown in Fig.2, a packet from the mobile terminal 21 to the terminal 25 inside the firewall 22 is embedded in a packet to the home agent 24, then sent out. The home agent 24 obtains an original packet out of the received packet. The home agent 24 sends the obtained packet to the inner terminal 25, as a route 53 shown in Fig.2, by sends again the obtained packet to the Internet. In Fig.2, 26 denotes a router. When the mobile terminal exist in the inner network 20, the mobile terminal 21 telecoitinunicates with the inner terminal 25 via a route 51.
As mentioned-above, even if an authority is individually allowed in the inner network 20, it is possible to permit the access based on the IP address of the mobile terminal 21 which is usually connected with the network 20 by using the two-way tunnel between the mobile terminal 21 and the home agent 24. Therefore, it is possible to communicate between the mobile terminal 21 and the inner terminal 25.
According to the present invention, it is possible to set the firewall so as to permit the communication from the specific user in connection with the ISP by dail-up connection.
Further, according to embodiments of the present invention, because of an improvement and an combination of the moile-IP, it is possible to access to the resources of the inner network fran outside as same as connected with the inner network.
Claims (4)
1. A method for dynamically controlling a firewall comprising steps of:
a step for sending a user information of a terminal being connected to an internet service provider by dial-up connection to an inner network inside a firewall from said internet service provider when said terminal accesses to said inner network via the Internee; a step that said inner network determines whether said terminal is a mobile terminal moved from said inner network, based on said user information;
a step for setting a filter of said firewall to permit a telecommunication between said terminal when said terminal is said mobile terminal moved from said inner network.
2. The method claimed in claim 1 wherein, an IP tunnel is used after setting of said filter for a telecommunication between said terminal and said inner network.
3. The method claimed in claim 2 wherein, said user information is transferred between an agent host provided in said internet service provider and a host for managing said firewall which sets said filter of said firewall provided in said inner network, and said telecommunication using said IP tunnel is done between said terminal and a home agent provided in said inner network.
4. A method for dynamically controlling a firewall substantially as hereinbefore described with reference to the acccmpanying drawings.
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP22796996A JP3662080B2 (en) | 1996-08-29 | 1996-08-29 | Firewall dynamic control method |
Publications (3)
Publication Number | Publication Date |
---|---|
GB9718374D0 GB9718374D0 (en) | 1997-11-05 |
GB2316841A true GB2316841A (en) | 1998-03-04 |
GB2316841B GB2316841B (en) | 2001-03-28 |
Family
ID=16869102
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB9718374A Expired - Fee Related GB2316841B (en) | 1996-08-29 | 1997-08-29 | Method for dynamically controlling a firewall |
Country Status (2)
Country | Link |
---|---|
JP (1) | JP3662080B2 (en) |
GB (1) | GB2316841B (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2000036812A1 (en) * | 1998-12-17 | 2000-06-22 | Portus Pty Limited | Local and remote monitoring using a standard web browser |
WO2001057626A2 (en) * | 2000-02-01 | 2001-08-09 | Sun Microsystems, Inc. | Internet server for client authentification |
GB2373418A (en) * | 2001-03-16 | 2002-09-18 | Kleinwort Benson Ltd | Method and system to provide and manage secure access to internal computer systems from an external client |
WO2002082730A1 (en) * | 2001-04-09 | 2002-10-17 | Colubris Networks Inc. | Authentication and encryption method and apparatus for a wireless local access network |
EP1293908A1 (en) * | 2000-09-27 | 2003-03-19 | Sony Corporation | Home network system |
DE10201627A1 (en) * | 2002-01-16 | 2003-07-31 | Orga Kartensysteme Gmbh | Process and digital network component for protection against unwanted data |
WO2004034672A1 (en) * | 2002-10-09 | 2004-04-22 | Tycho Technologies Oy | Management of a distributed firewall |
WO2004057822A2 (en) * | 2002-12-19 | 2004-07-08 | Intel Corporation | System and method for integrating mobile ip with virtual private networks (vpn) |
DE10336108B3 (en) * | 2003-08-06 | 2005-05-25 | Siemens Ag | Method and device for preventing packet attacks on mobile subscribers |
EP1686755A1 (en) * | 2005-01-27 | 2006-08-02 | NEC Corporation | Filtering method and firewall system |
CN101040497B (en) * | 2004-10-12 | 2010-05-12 | 松下电器产业株式会社 | Firewall system and firewall control method |
USRE46459E1 (en) | 1998-05-04 | 2017-06-27 | Linksmart Wireless Technology, Llc | User specific automatic data redirection system |
US9819649B2 (en) | 1998-10-30 | 2017-11-14 | Virnetx, Inc. | System and method employing an agile network protocol for secure communications using secure domain names |
US9860283B2 (en) | 1998-10-30 | 2018-01-02 | Virnetx, Inc. | Agile network protocol for secure video communications with assured system availability |
US10187387B2 (en) | 1998-10-30 | 2019-01-22 | Virnetx, Inc. | Method for establishing connection between devices |
US10511573B2 (en) | 1998-10-30 | 2019-12-17 | Virnetx, Inc. | Agile network protocol for secure communications using secure domain names |
Families Citing this family (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7010604B1 (en) | 1998-10-30 | 2006-03-07 | Science Applications International Corporation | Agile network protocol for secure communications with assured system availability |
FR2810180B1 (en) * | 2000-06-08 | 2005-04-29 | Cit Alcatel | METHOD FOR PROVIDING ACCESS CONTROL FOR AND / OR TO USERS ACCESSING TERMINALS TO THE INTERNET NETWORK, THROUGH A PRIVATE ACCESS NODE, AND ARRANGEMENTS FOR IMPLEMENTING A SUCH METHOD |
US7349967B2 (en) | 2000-07-21 | 2008-03-25 | Samsung Electronics Co., Ltd. | Architecture for home network on world wide web with private-public IP address/URL mapping |
US6668282B1 (en) | 2000-08-02 | 2003-12-23 | International Business Machines Corporation | System and method to monitor and determine if an active IPSec tunnel has become disabled |
US6915436B1 (en) | 2000-08-02 | 2005-07-05 | International Business Machines Corporation | System and method to verify availability of a back-up secure tunnel |
CN1201533C (en) * | 2000-10-26 | 2005-05-11 | 三菱电机株式会社 | Internet telephone network system, network access method and talking device adapter |
JP4497443B2 (en) * | 2001-09-27 | 2010-07-07 | 株式会社インターリンク | User information utilization system |
KR100452143B1 (en) * | 2001-10-16 | 2004-10-08 | 주식회사 플랜티넷 | apparatus and method for web filtering using asymmetry traffic flow mode |
JP2003209561A (en) * | 2002-01-11 | 2003-07-25 | Nec Corp | Method for strengthening security by transmission source ip address |
JP2004180155A (en) | 2002-11-28 | 2004-06-24 | Ntt Docomo Inc | Communication control apparatus, firewall device, communication control system and data communication method |
JP4666986B2 (en) * | 2004-06-03 | 2011-04-06 | 株式会社リコー | Communication method, communication permission server |
JP4563135B2 (en) * | 2004-10-19 | 2010-10-13 | エヌ・ティ・ティ・コミュニケーションズ株式会社 | Gateway device |
WO2007110942A1 (en) * | 2006-03-29 | 2007-10-04 | Fujitsu Limited | Server management program in network system |
JP4729638B2 (en) * | 2010-01-05 | 2011-07-20 | 株式会社インターリンク | User information utilization system |
JP2010220252A (en) * | 2010-06-09 | 2010-09-30 | Nec Corp | Mobile management system, mobile management server, mobile management method used therefor and program therefor |
JP5809086B2 (en) * | 2012-03-15 | 2015-11-10 | 西日本電信電話株式会社 | Port opening / closing control method based on mobile terminal location detection |
CN103415008A (en) * | 2013-07-24 | 2013-11-27 | 牟大同 | Encryption communication method and encryption communication system |
-
1996
- 1996-08-29 JP JP22796996A patent/JP3662080B2/en not_active Expired - Fee Related
-
1997
- 1997-08-29 GB GB9718374A patent/GB2316841B/en not_active Expired - Fee Related
Non-Patent Citations (1)
Title |
---|
INSPEC Abstract No.B9502-6210L-059, C9502-5620W-012 & Tenth Comp. Sec. Conference,1994,IEEE,pp212-18 * |
Cited By (29)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
USRE46459E1 (en) | 1998-05-04 | 2017-06-27 | Linksmart Wireless Technology, Llc | User specific automatic data redirection system |
US10511573B2 (en) | 1998-10-30 | 2019-12-17 | Virnetx, Inc. | Agile network protocol for secure communications using secure domain names |
US10187387B2 (en) | 1998-10-30 | 2019-01-22 | Virnetx, Inc. | Method for establishing connection between devices |
US9967240B2 (en) | 1998-10-30 | 2018-05-08 | Virnetx, Inc. | Agile network protocol for secure communications using secure domain names |
US9860283B2 (en) | 1998-10-30 | 2018-01-02 | Virnetx, Inc. | Agile network protocol for secure video communications with assured system availability |
US9819649B2 (en) | 1998-10-30 | 2017-11-14 | Virnetx, Inc. | System and method employing an agile network protocol for secure communications using secure domain names |
US8914526B1 (en) | 1998-12-17 | 2014-12-16 | Portus Singapore Pte Ltd | Local and remote monitoring using a standard web browser |
US9961097B2 (en) | 1998-12-17 | 2018-05-01 | Portus Singapore Pte Ltd | System for remote access of a user premises |
WO2000036812A1 (en) * | 1998-12-17 | 2000-06-22 | Portus Pty Limited | Local and remote monitoring using a standard web browser |
US6662228B1 (en) | 2000-02-01 | 2003-12-09 | Sun Microsystems, Inc. | Internet server authentication client |
WO2001057626A2 (en) * | 2000-02-01 | 2001-08-09 | Sun Microsystems, Inc. | Internet server for client authentification |
WO2001057626A3 (en) * | 2000-02-01 | 2002-04-18 | Sun Microsystems Inc | Internet server for client authentification |
EP1293908A1 (en) * | 2000-09-27 | 2003-03-19 | Sony Corporation | Home network system |
EP1293908A4 (en) * | 2000-09-27 | 2009-09-09 | Sony Corp | Home network system |
GB2373418A (en) * | 2001-03-16 | 2002-09-18 | Kleinwort Benson Ltd | Method and system to provide and manage secure access to internal computer systems from an external client |
US7797530B2 (en) | 2001-04-09 | 2010-09-14 | Hewlett-Packard Company | Authentication and encryption method and apparatus for a wireless local access network |
WO2002082730A1 (en) * | 2001-04-09 | 2002-10-17 | Colubris Networks Inc. | Authentication and encryption method and apparatus for a wireless local access network |
DE10201627B4 (en) * | 2002-01-16 | 2006-05-04 | Orga Systems Enabling Services Gmbh | Method and digital network component for protection against unwanted data |
DE10201627A1 (en) * | 2002-01-16 | 2003-07-31 | Orga Kartensysteme Gmbh | Process and digital network component for protection against unwanted data |
WO2004034672A1 (en) * | 2002-10-09 | 2004-04-22 | Tycho Technologies Oy | Management of a distributed firewall |
US7616597B2 (en) | 2002-12-19 | 2009-11-10 | Intel Corporation | System and method for integrating mobile networking with security-based VPNs |
WO2004057822A2 (en) * | 2002-12-19 | 2004-07-08 | Intel Corporation | System and method for integrating mobile ip with virtual private networks (vpn) |
WO2004057822A3 (en) * | 2002-12-19 | 2004-09-10 | Intel Corp | System and method for integrating mobile ip with virtual private networks (vpn) |
KR100814988B1 (en) * | 2002-12-19 | 2008-03-18 | 인텔 코오퍼레이션 | System and method for integrating mobile networking with security-based vpns |
GB2411092B (en) * | 2002-12-19 | 2007-01-10 | Intel Corp | System and method for integrating mobile networking with security-based VPNs |
GB2411092A (en) * | 2002-12-19 | 2005-08-17 | Intel Corp | System and method for integrating mobile IP with virtual private networks (VPN) |
DE10336108B3 (en) * | 2003-08-06 | 2005-05-25 | Siemens Ag | Method and device for preventing packet attacks on mobile subscribers |
CN101040497B (en) * | 2004-10-12 | 2010-05-12 | 松下电器产业株式会社 | Firewall system and firewall control method |
EP1686755A1 (en) * | 2005-01-27 | 2006-08-02 | NEC Corporation | Filtering method and firewall system |
Also Published As
Publication number | Publication date |
---|---|
JPH1070576A (en) | 1998-03-10 |
JP3662080B2 (en) | 2005-06-22 |
GB9718374D0 (en) | 1997-11-05 |
GB2316841B (en) | 2001-03-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
GB2316841A (en) | Method for controlling a firewall | |
USRE46459E1 (en) | User specific automatic data redirection system | |
US6603758B1 (en) | System for supporting multiple internet service providers on a single network | |
EP1340337B1 (en) | Location-independent packet routing and secure access in a short-range wireless networking environment | |
US7139818B1 (en) | Techniques for dynamic host configuration without direct communications between client and server | |
US7616615B2 (en) | Packet forwarding apparatus for connecting mobile terminal to ISP network | |
JP4034729B2 (en) | Mobile internet communication apparatus and method | |
EP1156626B1 (en) | Mobile communication network, terminal equipment and packet communication control method | |
JP4819953B2 (en) | Control tunnel and direct tunnel setting method in IPv4 network-based IPv6 service providing system | |
US20060056420A1 (en) | Communication apparatus selecting a source address | |
EP0944209A2 (en) | Quality of service allocation on a network | |
EP1089580A2 (en) | Mobile communications service system, mobile communications service method, authentication apparatus, and home agent apparatus | |
WO2006083414A2 (en) | Method and apparatus for l2tp dialout and tunnel switching | |
KR20050092405A (en) | Service in wlan inter-working, address management system, and method | |
EP1700430B1 (en) | Method and system for maintaining a secure tunnel in a packet-based communication system | |
JP2000138976A (en) | Mobile tcp and method for setting and maintaining mobile tcp connection | |
GB2412272A (en) | Communication between internal networks through gateways over an external network | |
EP1317112B1 (en) | Handling connections moving between firewalls | |
EP1422909B1 (en) | Service control network system | |
EP1593230B1 (en) | Terminating a session in a network | |
WO1998038817A2 (en) | Method and apparatus for assigning personality information to roaming mobile radios | |
EP2020783A1 (en) | Mobile communication control system | |
US20040117473A1 (en) | Proxy network control apparatus | |
JP4003634B2 (en) | Information processing device | |
JP3616571B2 (en) | Address resolution method for Internet relay connection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 20060829 |