GB2316841A - Method for controlling a firewall - Google Patents

Method for controlling a firewall Download PDF

Info

Publication number
GB2316841A
GB2316841A GB9718374A GB9718374A GB2316841A GB 2316841 A GB2316841 A GB 2316841A GB 9718374 A GB9718374 A GB 9718374A GB 9718374 A GB9718374 A GB 9718374A GB 2316841 A GB2316841 A GB 2316841A
Authority
GB
United Kingdom
Prior art keywords
terminal
firewall
mobile terminal
network
inner network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB9718374A
Other versions
GB9718374D0 (en
GB2316841B (en
Inventor
Ayumu Kubota
Kazuki Katagishi
Tohru Asami
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
KDDI Corp
Original Assignee
Kokusai Denshin Denwa KK
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kokusai Denshin Denwa KK filed Critical Kokusai Denshin Denwa KK
Publication of GB9718374D0 publication Critical patent/GB9718374D0/en
Publication of GB2316841A publication Critical patent/GB2316841A/en
Application granted granted Critical
Publication of GB2316841B publication Critical patent/GB2316841B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/04Network layer protocols, e.g. mobile IP [Internet Protocol]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

When a mobile terminal 21 connected to an Internet service provider (ISP) 30 intends to access an inner network 20 within a firewall 22 via the Internet 10, the ISP sends terminal user information to the inner network. An agent host 32 investigates the Internet protocol (IP) address and the account of the terminal and determines whether the mobile terminal is a terminal moved from the inner network based on this information. If this is the case, a host 23 managing the firewall sets a filter in the firewall allowing telecommunication between the mobile terminal and the inner network. The communication between the terminal and inner network may be by means of a two-way IP tunnel 40.

Description

Specification TITLE OF THE INVENTION Method for dynamically controlling a firewall FIELD OF THE INVENTION This invention relates to a method for dynamically controlling a firewall.
BACKGROUND OF THE INVENTION In a case of connecting a private network with the Internet, it is necessary to prevent a dishonest access from the Internet. However, if perfectly shut down a telecamnunication between an internal network and an external network, it is impossible for a user of the internal network to access to his home network via the Internet.
Therefore, it is necessary to construct a firewall which selectively permits a telecommunication from an outside via the Internet.
In a prior art of a firewall, out of all data packets between the internal network and the external network, a previously permitted packet is only passed, but, another packet is shut down by using a filter.
Generally, such a filter is set by designating an IP (Thternet Protokol) address of a terminal sending a packet, an IP address of a terminal receiving the packet, a kind of used protokol and a port number etc. For example, in a case of a telecommunication from an specific external IP address to any internal host (terminal) by using TCP (Transmission Control Protokol), a telecaixonication using a specific port number (for example, 110) is permitted.
Wherein, the port number is an identifier for indicating a process of an upper layer in TCP or UDP (User Datagram Protokol).
However, it is difficult to obtain a pertinent filtering when a user accesses to his home network, by a dial-up or ppp connection via an ISP (Thternet Service Provider) at outside of the home network, by using a mobile computer such as a note-type personal computer (a note-type PC), because upper 4 digits indicates a network with which the mobile PC is connected and lower 4 digits indicates an identifier of the mobile PC in the network, while the IP address used in the Internet telecommunication is indicated by 4 bytes number.
Namely, in a case of dial-up connection by a mobile host (MH) moved from its home network, the IP address assigned to the mobile host is different every connection, then it is impossible to take a telecommunication using an IP address assigned in its home network.
THerefore, it is difficult to set a filter in the firewall by designating an IP (Thternet Protokol) address of the terminal sending a data packet and an IP address of the terminal receiving the data packet, because an IP address of a moved terminal is not constant in the dailup connection.
Furthermore, it is not always possible for the user to use inner resources (a disk, data base and WWW etc.) of the home network to which he usually accesses, even if the filter of the firewall is pertinently set and it is possible only for an authorized mobile host and its user to permit an access from outside to the home network, because an access to the inner resources is individually limited and the access is permitted or is not permitted based on an IP address of a client terminal.
Next, referring to Fig.3, a mobile-IP address is explained, the mobile-IP is under work for standardization.
The mobile IP is a technique which enables to use a same IP address to the mobile terminal which moves anywhere, whenever the mobile terminal connects the Internet.
However, now, the mobile-IP is not adaptive to a network having the firewall.
In Fig.3, 100 denotes the Internet, 200 denotes a home network of a mobile terminal 201, 202 denotes a home agent (HA) on the home network 200, 203 denotes a router, 300 denotes an ISP, 400 denotes another network and 401 denotes a terminal on the network 400.
In Fig.3, an IP address of the home network 200 to which the mobile terminal 201 is usually connected is [133.128.8.0], an IP address of the mobile terminal 201 on the home network 200 is [133.128.8.
81], an IP address of the home agent 202 is [133.128.8.100], and, an IP address of the mobile terminal 201 is [130.54.20.199] which is assigned by the ISP when the terminal 201 connects to the ISP by dial-up connection.
Generally, when a packet is sent from the terminal 401 on the network 400 to the terminal 201, as a rout 501 shown in Fig.3, the packet is transferred to the home network 200 to which the terminal 201 is usually connected. Therefore, when the terminal has been moved to another network, for example the ISP 300, it is necessary to transfer the packet to the network 300.
For transferring the packet, in the mobile-IP, an agent host is respectively provided to the network from which the mobile terminal is moved and the network to which the mobile terminal is moved. The agent in the network from which the mobile terminal is moved is called as a home agent and the agent in the network to which the mobile terminal is moved is called as a foreign agent. It is possible that the mobile terminal has a function of the foreign agent. In Fig.3, the mobile terminal 201 has a function of the foreign agent.
When the terminal 201 moved from its home network 200 connects to the ISP 300 by dial-up connection 301, a temporary IP address [130.54.2 0.199] is assigned to the terminal 201 by the ISP.
The IP address [130.54.20.199] of the mobile terminal 201 and its IP address [133.128.8.81] in the home network 200 are informed to the home agent 202 in the home network 200 via the ISP and the Internet100.
Then, the home-agent 202 records that the terminal 201 having the IP [133.
128.8.81] is moving and its temporary IP address is [130.54.20.199] in its data base, based on the received information.
When a packet is sent from the terminal 401 in the network 400 to the terminal 201 by using the usual IP address [133.128.8.81], as shown by route 502, the home agent 202 receives the packet instead of the mobile terminal 201. Then, as shown by the route 503, the home agent 202 transfers the packet from the terminal 401 to the mobile terminal 201 via the Internet 100 and the ISP 300 to the mobile terminal 201, by embedding the packet from the terminal 401 into a packet forwarded to the temporary IP address [130.54.20.199]. The mobile terminal 201 obtains the original packet of the terminal 401 from the received packet, if necessary, as shown by the route 504, any packet to the terminal 401 via the ISP and the Internet.
As mentioned-above, in the mobile-IP, it is possible to a packet from the terminal 401 to the mobile terminal 201 by using the usual IP address [133.128.8.81].
However, the telecommunication using the temporary IF address [130.
54.20.199] is necessary between the mobile terminal 201 and the home agent 202.
Namely, in the mobile-IP, since any process is not applied to the packet send from the mobile terminal 201, an usual routing is necessary.
Therefore, it is impossible for the mobile terminal 201 to another terminal inside the home network 200 except for the home agent 202 under the above-mentioned firewall, because only the telecommunication between the mobile terminal 201 and the home agent 202 is allowed.
This means that the mobile terminal 201 is limited to access to the resource of its home network 200.
An object of the present invention is to provide a method for dynamically controlling a firewall which enables to set a filter pertinent to the mobile terminal being connected with the ISP (Thternet Service Provider) by the dial-up connection and its user.
An object of embodiments of the present invention is to provide a method for dynamically controlling a firewall which enables to pertinently permit that said mobile terminal and its user access to the resource of the home network from outside.
The present invention enables to set a pertinent filter by obtaining a user information from an Internet service provider. Embodiments of the present invention resolve an limitation of an access to a resource of a home network by combining the filter setting with a mobile-Ip According to the present invention there is provided a method for enabling a pertinent filter comprising the steps of: a step for sending a user information of a terminal being connected to an internet service provider by dial-up connection to an inner network inside a firewall from said internet service provider when said terminal accesses to said inner network via the Internet.
a step that said inner network determines whether said terminal is a mobile terminal moved from said inner network, based on said user information; a step for setting a filter of said firewall to permit a telecommunication between said terminal when said terminal is said mobile terminal moved from said inner network.
In a method embodying the present invention for resolving an limitation of an access, further an IP tunnel is used after setting of said filter for a telecommunication between said terminal and inner network.
In another embodiment for resolving an limitation of an access, said user information is transferred between an agent host provided in said internet service provider and a host for managing said firewall which sets said filter of said firewall provided in said inner network, and said telecommunication using said IP tunnel is done between said terminal and a home agent provided in said inner network.
BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 shows a configuration of a system to which a method ernbodying the present invention is applied.
Fig. 2 shows a mobile-IP which is adaptive to a firewall.
Fig. 3 shows an prior art mobile-IP which is not adaptive to a firewall.
DETAILED DESaUPITON OF PREFERRED EMBODIMENTS An embodiment of the present invention will be explained referring to the drawings.
In Fig. 1, 10 denotes the Internet, 20 denotes an inner network having plural home networks 20A, 20B and 20C, 21 denotes a mobile terminal which is usually connected to the inner network 20, 22 denotes a firewall, 23 denotes a host for managing the firewall, 24 denotes a home agent provided in each of home networks 20A, 20B and 20C, 30 denotes an ISP (Thternet Service Provider), 31 denotes a server for authentication in the ISP, 32 denotes an agent host in the ISP.
The mobile terminal 21 has a function of a foreign agent for mobile-IP. The mobile terminal 21 is intended to connect the inner network 20 via the Internet, by dial-up connection to the ISP at any location after moving from the home network.
In this embodiment, a mechanism for controlling the firewall based on a user information obtained from the ISP and a mobile-IP mechanism adaptive to the firewall are provided.
The mechanism for controlling the firewall 22 based on the user information obtained from ISP 30 will be explained referring to Fig. 1.
A user account (ID) and a pass word are input to the ISP 30, when a user of the mobile terminal 21 intends to connect to the ISP 30 by the dial-up connection. In the ISP 30, the authentication server 31 determines whether the user input data are proper or not. Only when the user input data are proper, an IP address is assigned to the mobile terminal 21, then the mobile terminal 21 is connected to the Internee 100. For this purpose, the ISP 30 can always grasp which user is connecting to the ISP 30 based on the user information and which IP address is assigned to the mobile terminal 21.
When the inner network 20 can know the user and an IP address used by the user, by obtaining the user information from the ISP 30, it is possible to properly set the filter. Then, it is possible to permit a telecommunication from a user who is previously allowed to access to the inner network 20 and to exclude an access from a user who has not authority for the access.
In Fig.1, a mechanism for adding and/or deleting a filter is provided, by providing the host 23 for managing the firewall within the inner network 20. Further, the agent host 32 is provided within the ISP so that only the telecommunication between the agent host 32 and the host 23 for managing the firewall can be allowed. Since the hosts 23 and 32 can use a fixed IF address for this telecommunication, there is no problem on setting the filter for the firewall.
Concretely, the filter is set by the following steps (1)(7).
The step (n) corresponds to an symbol (n) in Fig,1.
(1) When the mobile terminal 21 intends to access to the inner network 20 from outside of it, the mobile terminal 21 requests an establishment of the connection between the mobile terminal 21 and the inner network 20 via the the agent host 32 in the ISP.
(2) The agent host 32 investigates an IP address and an account at dialup connection of the mobile terminal 21.
(3) The agent host 32 relays a message from the mobile terminal 21 to the host 23 for managing the firewall, only when the mobile terminal 21 is connected by using a specific account which is allowed to access inside the firewall 22.
(4) An authentication is done by end-to-end method between the mobile terminal 21 and the home agent 24 via the host 23 for managing the firewall, because, in mobile-IP, an authentication must be done between the mobile terminal and the home agent.
(5) If the authentication is successful, the home agent sends a message of the success to the host 23 for managing the firewall.
(6) Then, the host 23 for managing the firewall changes the setting of the firewall 22 so as to permit the telecommunication between the mobile terminal 21 and the home agent 24.
(7) At the time when the host 23 for managing the firewall enables the telecommunication between the mobile terminal 21 and the home agent 24 by changing the setting of the firewall 22, the host 23 informs it to the home agent 24 and the host 23 informs it to the mobile terminal 21 via the agent host 32. After receiving the message, the home agent 24 sets an IP tunnel to the mobile terminal 21 and the mobile terminal 21 sets an IP tunnel to the home agent 24, then a two-way IP tunnel 40 is set.
By using the two-way IP tunnel 40, the mobile terminal 21 telecomuunicates with each terminal of the inner network 20. Wherein, the mobile terminal 21 periodically sends a message for maintaining the connection to the host 23 for managing the firewall. When the message for maintaining the connection from a certain mobile terminal stops, the host 23 for managing the firewall automatically deletes the filter setting to the mobile terminal.
As mentioned above, it is possible to set the firewall 22 only within a necessary term and only for the telecommunication of which start point and end point are distinctly restricted.
A specification of the mobile-IP which is under work for standardization is not adaptive to the network 20 having the firewall 22.
Then, the mobile-IP is improved to adapt to the firewall 22 as follows, and the improved mobile-IP is combined with the abovementioned filter setting.
An combination of the mobile-IP and the dynamic firewall control will be explained referring to Fig. 2.
As a route 52 shown in Fig.2, a packet from the mobile terminal 21 to the terminal 25 inside the firewall 22 is embedded in a packet to the home agent 24, then sent out. The home agent 24 obtains an original packet out of the received packet. The home agent 24 sends the obtained packet to the inner terminal 25, as a route 53 shown in Fig.2, by sends again the obtained packet to the Internet. In Fig.2, 26 denotes a router. When the mobile terminal exist in the inner network 20, the mobile terminal 21 telecoitinunicates with the inner terminal 25 via a route 51.
As mentioned-above, even if an authority is individually allowed in the inner network 20, it is possible to permit the access based on the IP address of the mobile terminal 21 which is usually connected with the network 20 by using the two-way tunnel between the mobile terminal 21 and the home agent 24. Therefore, it is possible to communicate between the mobile terminal 21 and the inner terminal 25.
According to the present invention, it is possible to set the firewall so as to permit the communication from the specific user in connection with the ISP by dail-up connection.
Further, according to embodiments of the present invention, because of an improvement and an combination of the moile-IP, it is possible to access to the resources of the inner network fran outside as same as connected with the inner network.

Claims (4)

WHAT IS CLAIMED IS:
1. A method for dynamically controlling a firewall comprising steps of: a step for sending a user information of a terminal being connected to an internet service provider by dial-up connection to an inner network inside a firewall from said internet service provider when said terminal accesses to said inner network via the Internee; a step that said inner network determines whether said terminal is a mobile terminal moved from said inner network, based on said user information; a step for setting a filter of said firewall to permit a telecommunication between said terminal when said terminal is said mobile terminal moved from said inner network.
2. The method claimed in claim 1 wherein, an IP tunnel is used after setting of said filter for a telecommunication between said terminal and said inner network.
3. The method claimed in claim 2 wherein, said user information is transferred between an agent host provided in said internet service provider and a host for managing said firewall which sets said filter of said firewall provided in said inner network, and said telecommunication using said IP tunnel is done between said terminal and a home agent provided in said inner network.
4. A method for dynamically controlling a firewall substantially as hereinbefore described with reference to the acccmpanying drawings.
GB9718374A 1996-08-29 1997-08-29 Method for dynamically controlling a firewall Expired - Fee Related GB2316841B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP22796996A JP3662080B2 (en) 1996-08-29 1996-08-29 Firewall dynamic control method

Publications (3)

Publication Number Publication Date
GB9718374D0 GB9718374D0 (en) 1997-11-05
GB2316841A true GB2316841A (en) 1998-03-04
GB2316841B GB2316841B (en) 2001-03-28

Family

ID=16869102

Family Applications (1)

Application Number Title Priority Date Filing Date
GB9718374A Expired - Fee Related GB2316841B (en) 1996-08-29 1997-08-29 Method for dynamically controlling a firewall

Country Status (2)

Country Link
JP (1) JP3662080B2 (en)
GB (1) GB2316841B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000036812A1 (en) * 1998-12-17 2000-06-22 Portus Pty Limited Local and remote monitoring using a standard web browser
WO2001057626A2 (en) * 2000-02-01 2001-08-09 Sun Microsystems, Inc. Internet server for client authentification
GB2373418A (en) * 2001-03-16 2002-09-18 Kleinwort Benson Ltd Method and system to provide and manage secure access to internal computer systems from an external client
WO2002082730A1 (en) * 2001-04-09 2002-10-17 Colubris Networks Inc. Authentication and encryption method and apparatus for a wireless local access network
EP1293908A1 (en) * 2000-09-27 2003-03-19 Sony Corporation Home network system
DE10201627A1 (en) * 2002-01-16 2003-07-31 Orga Kartensysteme Gmbh Process and digital network component for protection against unwanted data
WO2004034672A1 (en) * 2002-10-09 2004-04-22 Tycho Technologies Oy Management of a distributed firewall
WO2004057822A2 (en) * 2002-12-19 2004-07-08 Intel Corporation System and method for integrating mobile ip with virtual private networks (vpn)
DE10336108B3 (en) * 2003-08-06 2005-05-25 Siemens Ag Method and device for preventing packet attacks on mobile subscribers
EP1686755A1 (en) * 2005-01-27 2006-08-02 NEC Corporation Filtering method and firewall system
CN101040497B (en) * 2004-10-12 2010-05-12 松下电器产业株式会社 Firewall system and firewall control method
USRE46459E1 (en) 1998-05-04 2017-06-27 Linksmart Wireless Technology, Llc User specific automatic data redirection system
US9819649B2 (en) 1998-10-30 2017-11-14 Virnetx, Inc. System and method employing an agile network protocol for secure communications using secure domain names
US9860283B2 (en) 1998-10-30 2018-01-02 Virnetx, Inc. Agile network protocol for secure video communications with assured system availability
US10187387B2 (en) 1998-10-30 2019-01-22 Virnetx, Inc. Method for establishing connection between devices
US10511573B2 (en) 1998-10-30 2019-12-17 Virnetx, Inc. Agile network protocol for secure communications using secure domain names

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7010604B1 (en) 1998-10-30 2006-03-07 Science Applications International Corporation Agile network protocol for secure communications with assured system availability
FR2810180B1 (en) * 2000-06-08 2005-04-29 Cit Alcatel METHOD FOR PROVIDING ACCESS CONTROL FOR AND / OR TO USERS ACCESSING TERMINALS TO THE INTERNET NETWORK, THROUGH A PRIVATE ACCESS NODE, AND ARRANGEMENTS FOR IMPLEMENTING A SUCH METHOD
US7349967B2 (en) 2000-07-21 2008-03-25 Samsung Electronics Co., Ltd. Architecture for home network on world wide web with private-public IP address/URL mapping
US6668282B1 (en) 2000-08-02 2003-12-23 International Business Machines Corporation System and method to monitor and determine if an active IPSec tunnel has become disabled
US6915436B1 (en) 2000-08-02 2005-07-05 International Business Machines Corporation System and method to verify availability of a back-up secure tunnel
CN1201533C (en) * 2000-10-26 2005-05-11 三菱电机株式会社 Internet telephone network system, network access method and talking device adapter
JP4497443B2 (en) * 2001-09-27 2010-07-07 株式会社インターリンク User information utilization system
KR100452143B1 (en) * 2001-10-16 2004-10-08 주식회사 플랜티넷 apparatus and method for web filtering using asymmetry traffic flow mode
JP2003209561A (en) * 2002-01-11 2003-07-25 Nec Corp Method for strengthening security by transmission source ip address
JP2004180155A (en) 2002-11-28 2004-06-24 Ntt Docomo Inc Communication control apparatus, firewall device, communication control system and data communication method
JP4666986B2 (en) * 2004-06-03 2011-04-06 株式会社リコー Communication method, communication permission server
JP4563135B2 (en) * 2004-10-19 2010-10-13 エヌ・ティ・ティ・コミュニケーションズ株式会社 Gateway device
WO2007110942A1 (en) * 2006-03-29 2007-10-04 Fujitsu Limited Server management program in network system
JP4729638B2 (en) * 2010-01-05 2011-07-20 株式会社インターリンク User information utilization system
JP2010220252A (en) * 2010-06-09 2010-09-30 Nec Corp Mobile management system, mobile management server, mobile management method used therefor and program therefor
JP5809086B2 (en) * 2012-03-15 2015-11-10 西日本電信電話株式会社 Port opening / closing control method based on mobile terminal location detection
CN103415008A (en) * 2013-07-24 2013-11-27 牟大同 Encryption communication method and encryption communication system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
INSPEC Abstract No.B9502-6210L-059, C9502-5620W-012 & Tenth Comp. Sec. Conference,1994,IEEE,pp212-18 *

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
USRE46459E1 (en) 1998-05-04 2017-06-27 Linksmart Wireless Technology, Llc User specific automatic data redirection system
US10511573B2 (en) 1998-10-30 2019-12-17 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US10187387B2 (en) 1998-10-30 2019-01-22 Virnetx, Inc. Method for establishing connection between devices
US9967240B2 (en) 1998-10-30 2018-05-08 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US9860283B2 (en) 1998-10-30 2018-01-02 Virnetx, Inc. Agile network protocol for secure video communications with assured system availability
US9819649B2 (en) 1998-10-30 2017-11-14 Virnetx, Inc. System and method employing an agile network protocol for secure communications using secure domain names
US8914526B1 (en) 1998-12-17 2014-12-16 Portus Singapore Pte Ltd Local and remote monitoring using a standard web browser
US9961097B2 (en) 1998-12-17 2018-05-01 Portus Singapore Pte Ltd System for remote access of a user premises
WO2000036812A1 (en) * 1998-12-17 2000-06-22 Portus Pty Limited Local and remote monitoring using a standard web browser
US6662228B1 (en) 2000-02-01 2003-12-09 Sun Microsystems, Inc. Internet server authentication client
WO2001057626A2 (en) * 2000-02-01 2001-08-09 Sun Microsystems, Inc. Internet server for client authentification
WO2001057626A3 (en) * 2000-02-01 2002-04-18 Sun Microsystems Inc Internet server for client authentification
EP1293908A1 (en) * 2000-09-27 2003-03-19 Sony Corporation Home network system
EP1293908A4 (en) * 2000-09-27 2009-09-09 Sony Corp Home network system
GB2373418A (en) * 2001-03-16 2002-09-18 Kleinwort Benson Ltd Method and system to provide and manage secure access to internal computer systems from an external client
US7797530B2 (en) 2001-04-09 2010-09-14 Hewlett-Packard Company Authentication and encryption method and apparatus for a wireless local access network
WO2002082730A1 (en) * 2001-04-09 2002-10-17 Colubris Networks Inc. Authentication and encryption method and apparatus for a wireless local access network
DE10201627B4 (en) * 2002-01-16 2006-05-04 Orga Systems Enabling Services Gmbh Method and digital network component for protection against unwanted data
DE10201627A1 (en) * 2002-01-16 2003-07-31 Orga Kartensysteme Gmbh Process and digital network component for protection against unwanted data
WO2004034672A1 (en) * 2002-10-09 2004-04-22 Tycho Technologies Oy Management of a distributed firewall
US7616597B2 (en) 2002-12-19 2009-11-10 Intel Corporation System and method for integrating mobile networking with security-based VPNs
WO2004057822A2 (en) * 2002-12-19 2004-07-08 Intel Corporation System and method for integrating mobile ip with virtual private networks (vpn)
WO2004057822A3 (en) * 2002-12-19 2004-09-10 Intel Corp System and method for integrating mobile ip with virtual private networks (vpn)
KR100814988B1 (en) * 2002-12-19 2008-03-18 인텔 코오퍼레이션 System and method for integrating mobile networking with security-based vpns
GB2411092B (en) * 2002-12-19 2007-01-10 Intel Corp System and method for integrating mobile networking with security-based VPNs
GB2411092A (en) * 2002-12-19 2005-08-17 Intel Corp System and method for integrating mobile IP with virtual private networks (VPN)
DE10336108B3 (en) * 2003-08-06 2005-05-25 Siemens Ag Method and device for preventing packet attacks on mobile subscribers
CN101040497B (en) * 2004-10-12 2010-05-12 松下电器产业株式会社 Firewall system and firewall control method
EP1686755A1 (en) * 2005-01-27 2006-08-02 NEC Corporation Filtering method and firewall system

Also Published As

Publication number Publication date
JPH1070576A (en) 1998-03-10
JP3662080B2 (en) 2005-06-22
GB9718374D0 (en) 1997-11-05
GB2316841B (en) 2001-03-28

Similar Documents

Publication Publication Date Title
GB2316841A (en) Method for controlling a firewall
USRE46459E1 (en) User specific automatic data redirection system
US6603758B1 (en) System for supporting multiple internet service providers on a single network
EP1340337B1 (en) Location-independent packet routing and secure access in a short-range wireless networking environment
US7139818B1 (en) Techniques for dynamic host configuration without direct communications between client and server
US7616615B2 (en) Packet forwarding apparatus for connecting mobile terminal to ISP network
JP4034729B2 (en) Mobile internet communication apparatus and method
EP1156626B1 (en) Mobile communication network, terminal equipment and packet communication control method
JP4819953B2 (en) Control tunnel and direct tunnel setting method in IPv4 network-based IPv6 service providing system
US20060056420A1 (en) Communication apparatus selecting a source address
EP0944209A2 (en) Quality of service allocation on a network
EP1089580A2 (en) Mobile communications service system, mobile communications service method, authentication apparatus, and home agent apparatus
WO2006083414A2 (en) Method and apparatus for l2tp dialout and tunnel switching
KR20050092405A (en) Service in wlan inter-working, address management system, and method
EP1700430B1 (en) Method and system for maintaining a secure tunnel in a packet-based communication system
JP2000138976A (en) Mobile tcp and method for setting and maintaining mobile tcp connection
GB2412272A (en) Communication between internal networks through gateways over an external network
EP1317112B1 (en) Handling connections moving between firewalls
EP1422909B1 (en) Service control network system
EP1593230B1 (en) Terminating a session in a network
WO1998038817A2 (en) Method and apparatus for assigning personality information to roaming mobile radios
EP2020783A1 (en) Mobile communication control system
US20040117473A1 (en) Proxy network control apparatus
JP4003634B2 (en) Information processing device
JP3616571B2 (en) Address resolution method for Internet relay connection

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20060829