CA2461418A1 - Method and device for implementing a firewall application for communication data - Google Patents
Method and device for implementing a firewall application for communication data Download PDFInfo
- Publication number
- CA2461418A1 CA2461418A1 CA002461418A CA2461418A CA2461418A1 CA 2461418 A1 CA2461418 A1 CA 2461418A1 CA 002461418 A CA002461418 A CA 002461418A CA 2461418 A CA2461418 A CA 2461418A CA 2461418 A1 CA2461418 A1 CA 2461418A1
- Authority
- CA
- Canada
- Prior art keywords
- terminal device
- firewall
- disposed
- communication network
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract 12
- 230000000977 initiatory effect Effects 0.000 claims abstract 2
- 230000011664 signaling Effects 0.000 claims 3
- 230000003213 activating effect Effects 0.000 claims 2
- 230000004913 activation Effects 0.000 claims 2
- 238000012790 confirmation Methods 0.000 claims 1
- 230000007704 transition Effects 0.000 claims 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1069—Session establishment or de-establishment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1101—Session protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1101—Session protocols
- H04L65/1104—Session initiation protocol [SIP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1101—Session protocols
- H04L65/1106—Call signalling protocols; H.323 and related
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
Abstract
A method for implementation of a firewall application is disclosed, whereby, in one step (S1, S2, S3) of the initiation of a connection from the first to the second terminal (1, 2), authentication data for authentication of the first terminal is transmitted and, after successful authentication a selected address is communicated to the firewall device (9). An arrangement for carrying out the method is given.
Claims (10)
1. A method for implementing a firewall application for communication data transmitted between a first and second terminal device (1, 2) by means of a firewall device (9) disposed between a first and second communication network (3, 4), in particular for Internet telephony or for Internet multimedia connections, the first terminal device (1) being disposed in the first communication network (3) and the second terminal device (2) being disposed in the second communication network (9), wherein in a first step (S1, S2, S3) for the purpose of initiating a connection from the first to the second terminal device (1, 2), authentication data for authenticating the first terminal device (1) is sent via a first to a second network interworking device (6, 7) with a known address, and in a second step (S4) the second network interworking device (7), following successful authentication of the first terminal device (1), communicates to the firewall device (9) a selected further address of the first terminal device (1) or a first gatekeeper (5) connected to it, in order to activate the firewall device (9) for signaling data to be sent by the first terminal device (1).
2. The method according to claim 1, characterized by the further step of the sending (S3) of a message containing the further address from the second network interworking device (7) to the first network interworking device (6).
3. The method according to claim 2, wherein the further address is composed of an IP address and a port number.
4. The method according to claim 2 or 3, characterized by the step (S5) of the call setup from the first to the second terminal device (1, 2) via the first gatekeeper (5), the firewall device (9), the second network interworking device (7) and a second gatekeeper (8).
5. The method according to claim 4, wherein the call setup is performed by the sending (S5) of a SETUP
message or an SIP INVITE message.
message or an SIP INVITE message.
6. The method according to claim 4 or 5, wherein a confirmation message, in particular an ALERT message to confirm the acceptance of the call setup, is sent (S6) by means of the selected further address from the second terminal device (2) to the first terminal device (1).
7. The method according to one of the preceding claims, characterized by the further step of the sending of an activation message to activate the firewall device (9) for user data from the second network interworking device (7) to the firewall device (9).
8. The method according to one of the preceding claims, wherein the authentication data is transmitted by means of PKI
(Private/Public Key Interface).
(Private/Public Key Interface).
9. An arrangement for performing the method according to one of the preceding claims, having a firewall device (9) disposed at the point of transition from a first to a second communication network (3, 4), a first terminal device (1) disposed in the first communication network (3) and a second terminal device (2) disposed in the second communication network (4), and a first network interworking device (6) disposed in the first communication network, characterized by a second network interworking device (7) with a known address for performing an authentication on the basis of authentication data transmitted by the first terminal device (1) and for sending a selected further address of the second terminal device (2) to the firewall device (9) for activating said firewall device (9) for the signaling data to be sent from the first to the second terminal device (1, 2).
10. The arrangement according to claim 9, characterized by an activation device for activating the firewall device (9) for signaling data and/or user data.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE10147147A DE10147147A1 (en) | 2001-09-25 | 2001-09-25 | Method and device for implementing a firewall application for communication data |
DE10147147.5 | 2001-09-25 | ||
PCT/DE2002/003351 WO2003028334A2 (en) | 2001-09-25 | 2002-09-10 | Method and device for implementation of a firewall application for communication data |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2461418A1 true CA2461418A1 (en) | 2003-04-03 |
CA2461418C CA2461418C (en) | 2010-10-26 |
Family
ID=7700159
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA2461418A Expired - Fee Related CA2461418C (en) | 2001-09-25 | 2002-09-10 | Method and device for implementing a firewall application for communication data |
Country Status (6)
Country | Link |
---|---|
US (1) | US7752319B2 (en) |
EP (1) | EP1430693B1 (en) |
CN (1) | CN100521680C (en) |
CA (1) | CA2461418C (en) |
DE (2) | DE10147147A1 (en) |
WO (1) | WO2003028334A2 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2865337A1 (en) * | 2004-01-15 | 2005-07-22 | Thomson Licensing Sa | Firewall securing system, has reference parameter generation unit for generating reference parameter, and module that controls automatic distribution of reference parameter to authorized users list |
CN100382552C (en) * | 2003-10-17 | 2008-04-16 | 西安大唐电信有限公司 | Method for establishing VOIP communication penetrating fire wall |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5095922B2 (en) | 2004-05-04 | 2012-12-12 | ハイデルベルガー ドルツクマシーネン アクチエンゲゼルシヤフト | Remote diagnosis system for printing press |
DE102005016784B4 (en) * | 2004-05-04 | 2013-07-25 | Heidelberger Druckmaschinen Ag | Remote diagnostics system for printing machines |
US8737381B1 (en) * | 2005-10-19 | 2014-05-27 | At&T Intellectual Property Ii, L.P. | Method and apparatus for enabling the receipt of phone calls behind a network address translation device |
CN101192917B (en) * | 2006-11-24 | 2010-05-12 | 凹凸科技(中国)有限公司 | Method and system for network access control based on NAT |
DE102009044525A1 (en) * | 2009-11-13 | 2011-05-19 | Vodafone Holding Gmbh | Releasing a connection through a firewall of a network access device |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5826014A (en) * | 1996-02-06 | 1998-10-20 | Network Engineering Software | Firewall system for protecting network elements connected to a public network |
US6708221B1 (en) * | 1996-12-13 | 2004-03-16 | Visto Corporation | System and method for globally and securely accessing unified information in a computer network |
US6212192B1 (en) * | 1997-03-14 | 2001-04-03 | Itxc, Inc. | Method and apparatus for synchronizing information browsing among multiple systems |
JP3354433B2 (en) * | 1997-04-25 | 2002-12-09 | 株式会社日立製作所 | Network communication system |
US6421339B1 (en) | 1998-06-12 | 2002-07-16 | Nortel Networks Limited | Methods and systems for call forwarding |
US6606660B1 (en) * | 1999-08-31 | 2003-08-12 | Accenture Llp | Stream-based communication in a communication services patterns environment |
US6332163B1 (en) * | 1999-09-01 | 2001-12-18 | Accenture, Llp | Method for providing communication services over a computer network system |
NO995081D0 (en) | 1999-10-18 | 1999-10-18 | Ericsson Telefon Ab L M | Device for H.323 proxy |
US7120692B2 (en) * | 1999-12-02 | 2006-10-10 | Senvid, Inc. | Access and control system for network-enabled devices |
US20050125532A1 (en) * | 2000-05-26 | 2005-06-09 | Gur Kimchi | Traversing firewalls and nats |
GB2365256A (en) * | 2000-07-28 | 2002-02-13 | Ridgeway Systems & Software Lt | Audio-video telephony with port address translation |
US20020133716A1 (en) * | 2000-09-05 | 2002-09-19 | Shlomi Harif | Rule-based operation and service provider authentication for a keyed system |
US7254833B1 (en) * | 2000-11-09 | 2007-08-07 | Accenture Llp | Electronic security system and scheme for a communications network |
US20020120755A1 (en) * | 2001-02-28 | 2002-08-29 | Gomes John Isaac Chandan | Method and apparatus for applying information through a firewall remotely via a mobile device |
US7769838B2 (en) * | 2001-08-23 | 2010-08-03 | The Directv Group, Inc. | Single-modem multi-user virtual private network |
-
2001
- 2001-09-25 DE DE10147147A patent/DE10147147A1/en not_active Withdrawn
-
2002
- 2002-09-10 CA CA2461418A patent/CA2461418C/en not_active Expired - Fee Related
- 2002-09-10 WO PCT/DE2002/003351 patent/WO2003028334A2/en active IP Right Grant
- 2002-09-10 US US10/490,574 patent/US7752319B2/en not_active Expired - Fee Related
- 2002-09-10 CN CNB028187148A patent/CN100521680C/en not_active Expired - Fee Related
- 2002-09-10 DE DE50205374T patent/DE50205374D1/en not_active Expired - Lifetime
- 2002-09-10 EP EP02799391A patent/EP1430693B1/en not_active Expired - Fee Related
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100382552C (en) * | 2003-10-17 | 2008-04-16 | 西安大唐电信有限公司 | Method for establishing VOIP communication penetrating fire wall |
FR2865337A1 (en) * | 2004-01-15 | 2005-07-22 | Thomson Licensing Sa | Firewall securing system, has reference parameter generation unit for generating reference parameter, and module that controls automatic distribution of reference parameter to authorized users list |
Also Published As
Publication number | Publication date |
---|---|
WO2003028334A2 (en) | 2003-04-03 |
EP1430693A2 (en) | 2004-06-23 |
US7752319B2 (en) | 2010-07-06 |
DE10147147A1 (en) | 2003-04-24 |
WO2003028334A3 (en) | 2003-07-10 |
EP1430693B1 (en) | 2005-12-21 |
CN1631019A (en) | 2005-06-22 |
DE50205374D1 (en) | 2006-01-26 |
CA2461418C (en) | 2010-10-26 |
CN100521680C (en) | 2009-07-29 |
US20040255035A1 (en) | 2004-12-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6757823B1 (en) | System and method for enabling secure connections for H.323 VoIP calls | |
CN101151864B (en) | Calling completion device and method | |
CA2556863C (en) | Method and apparatus for selection of special-purpose gateways | |
US7464267B2 (en) | System and method for secure transmission of RTP packets | |
US6567399B1 (en) | Hi-fidelity line card | |
US7230945B2 (en) | Method for sending dual-tone multi-frequency signal using voice over internet protocol | |
MXPA02001026A (en) | Address definition for ip telephony services. | |
JP2001358778A (en) | Communication system, communication gateway and communicating method | |
EP1989831A2 (en) | System and method for consolidating media signaling to facilitate internet protocol (ip) telephony | |
US7443834B1 (en) | Combining multimedia services with traditional telephony | |
US20050047423A1 (en) | Protocol interworking framework | |
WO2007068201A1 (en) | A method, a control terminal and a system for realizing click calling service | |
CA2461418A1 (en) | Method and device for implementing a firewall application for communication data | |
US8780888B2 (en) | Facilitating non-SIP users calling SIP users | |
US8249238B2 (en) | Dynamic key exchange for call forking scenarios | |
CN101330542A (en) | Method and terminal for video communication during voice communication process | |
Cisco | Session Initiation Protocol (SIP) for VoIP | |
US7302495B2 (en) | Method for transmitting signaling messages using alternate path | |
JP4329596B2 (en) | Call hold method in VoIP network | |
CN102301675A (en) | A method for sharing a same user device by multi-users by using sip and a user device thereof | |
JP4017592B2 (en) | VoIP system and VoIP telephone | |
KR100479268B1 (en) | Method for setting bearer in VoIP network | |
WO2005043878A1 (en) | SIP TELEPHONE AND VoIP SYSTEM USING THE SAME | |
JP2005252939A (en) | Interworking apparatus | |
US7313232B1 (en) | Monitoring for operator services |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKLA | Lapsed |
Effective date: 20190910 |