CA2461418A1 - Method and device for implementing a firewall application for communication data - Google Patents

Method and device for implementing a firewall application for communication data Download PDF

Info

Publication number
CA2461418A1
CA2461418A1 CA002461418A CA2461418A CA2461418A1 CA 2461418 A1 CA2461418 A1 CA 2461418A1 CA 002461418 A CA002461418 A CA 002461418A CA 2461418 A CA2461418 A CA 2461418A CA 2461418 A1 CA2461418 A1 CA 2461418A1
Authority
CA
Canada
Prior art keywords
terminal device
firewall
disposed
communication network
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CA002461418A
Other languages
French (fr)
Other versions
CA2461418C (en
Inventor
Gerald Volkmann
Juergen Totzke
Harald Mueller
Karl Klaghofer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of CA2461418A1 publication Critical patent/CA2461418A1/en
Application granted granted Critical
Publication of CA2461418C publication Critical patent/CA2461418C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1069Session establishment or de-establishment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1101Session protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1101Session protocols
    • H04L65/1104Session initiation protocol [SIP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1101Session protocols
    • H04L65/1106Call signalling protocols; H.323 and related
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption

Abstract

A method for implementation of a firewall application is disclosed, whereby, in one step (S1, S2, S3) of the initiation of a connection from the first to the second terminal (1, 2), authentication data for authentication of the first terminal is transmitted and, after successful authentication a selected address is communicated to the firewall device (9). An arrangement for carrying out the method is given.

Claims (10)

1. A method for implementing a firewall application for communication data transmitted between a first and second terminal device (1, 2) by means of a firewall device (9) disposed between a first and second communication network (3, 4), in particular for Internet telephony or for Internet multimedia connections, the first terminal device (1) being disposed in the first communication network (3) and the second terminal device (2) being disposed in the second communication network (9), wherein in a first step (S1, S2, S3) for the purpose of initiating a connection from the first to the second terminal device (1, 2), authentication data for authenticating the first terminal device (1) is sent via a first to a second network interworking device (6, 7) with a known address, and in a second step (S4) the second network interworking device (7), following successful authentication of the first terminal device (1), communicates to the firewall device (9) a selected further address of the first terminal device (1) or a first gatekeeper (5) connected to it, in order to activate the firewall device (9) for signaling data to be sent by the first terminal device (1).
2. The method according to claim 1, characterized by the further step of the sending (S3) of a message containing the further address from the second network interworking device (7) to the first network interworking device (6).
3. The method according to claim 2, wherein the further address is composed of an IP address and a port number.
4. The method according to claim 2 or 3, characterized by the step (S5) of the call setup from the first to the second terminal device (1, 2) via the first gatekeeper (5), the firewall device (9), the second network interworking device (7) and a second gatekeeper (8).
5. The method according to claim 4, wherein the call setup is performed by the sending (S5) of a SETUP
message or an SIP INVITE message.
6. The method according to claim 4 or 5, wherein a confirmation message, in particular an ALERT message to confirm the acceptance of the call setup, is sent (S6) by means of the selected further address from the second terminal device (2) to the first terminal device (1).
7. The method according to one of the preceding claims, characterized by the further step of the sending of an activation message to activate the firewall device (9) for user data from the second network interworking device (7) to the firewall device (9).
8. The method according to one of the preceding claims, wherein the authentication data is transmitted by means of PKI
(Private/Public Key Interface).
9. An arrangement for performing the method according to one of the preceding claims, having a firewall device (9) disposed at the point of transition from a first to a second communication network (3, 4), a first terminal device (1) disposed in the first communication network (3) and a second terminal device (2) disposed in the second communication network (4), and a first network interworking device (6) disposed in the first communication network, characterized by a second network interworking device (7) with a known address for performing an authentication on the basis of authentication data transmitted by the first terminal device (1) and for sending a selected further address of the second terminal device (2) to the firewall device (9) for activating said firewall device (9) for the signaling data to be sent from the first to the second terminal device (1, 2).
10. The arrangement according to claim 9, characterized by an activation device for activating the firewall device (9) for signaling data and/or user data.
CA2461418A 2001-09-25 2002-09-10 Method and device for implementing a firewall application for communication data Expired - Fee Related CA2461418C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE10147147A DE10147147A1 (en) 2001-09-25 2001-09-25 Method and device for implementing a firewall application for communication data
DE10147147.5 2001-09-25
PCT/DE2002/003351 WO2003028334A2 (en) 2001-09-25 2002-09-10 Method and device for implementation of a firewall application for communication data

Publications (2)

Publication Number Publication Date
CA2461418A1 true CA2461418A1 (en) 2003-04-03
CA2461418C CA2461418C (en) 2010-10-26

Family

ID=7700159

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2461418A Expired - Fee Related CA2461418C (en) 2001-09-25 2002-09-10 Method and device for implementing a firewall application for communication data

Country Status (6)

Country Link
US (1) US7752319B2 (en)
EP (1) EP1430693B1 (en)
CN (1) CN100521680C (en)
CA (1) CA2461418C (en)
DE (2) DE10147147A1 (en)
WO (1) WO2003028334A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2865337A1 (en) * 2004-01-15 2005-07-22 Thomson Licensing Sa Firewall securing system, has reference parameter generation unit for generating reference parameter, and module that controls automatic distribution of reference parameter to authorized users list
CN100382552C (en) * 2003-10-17 2008-04-16 西安大唐电信有限公司 Method for establishing VOIP communication penetrating fire wall

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5095922B2 (en) 2004-05-04 2012-12-12 ハイデルベルガー ドルツクマシーネン アクチエンゲゼルシヤフト Remote diagnosis system for printing press
DE102005016784B4 (en) * 2004-05-04 2013-07-25 Heidelberger Druckmaschinen Ag Remote diagnostics system for printing machines
US8737381B1 (en) * 2005-10-19 2014-05-27 At&T Intellectual Property Ii, L.P. Method and apparatus for enabling the receipt of phone calls behind a network address translation device
CN101192917B (en) * 2006-11-24 2010-05-12 凹凸科技(中国)有限公司 Method and system for network access control based on NAT
DE102009044525A1 (en) * 2009-11-13 2011-05-19 Vodafone Holding Gmbh Releasing a connection through a firewall of a network access device

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5826014A (en) * 1996-02-06 1998-10-20 Network Engineering Software Firewall system for protecting network elements connected to a public network
US6708221B1 (en) * 1996-12-13 2004-03-16 Visto Corporation System and method for globally and securely accessing unified information in a computer network
US6212192B1 (en) * 1997-03-14 2001-04-03 Itxc, Inc. Method and apparatus for synchronizing information browsing among multiple systems
JP3354433B2 (en) * 1997-04-25 2002-12-09 株式会社日立製作所 Network communication system
US6421339B1 (en) 1998-06-12 2002-07-16 Nortel Networks Limited Methods and systems for call forwarding
US6606660B1 (en) * 1999-08-31 2003-08-12 Accenture Llp Stream-based communication in a communication services patterns environment
US6332163B1 (en) * 1999-09-01 2001-12-18 Accenture, Llp Method for providing communication services over a computer network system
NO995081D0 (en) 1999-10-18 1999-10-18 Ericsson Telefon Ab L M Device for H.323 proxy
US7120692B2 (en) * 1999-12-02 2006-10-10 Senvid, Inc. Access and control system for network-enabled devices
US20050125532A1 (en) * 2000-05-26 2005-06-09 Gur Kimchi Traversing firewalls and nats
GB2365256A (en) * 2000-07-28 2002-02-13 Ridgeway Systems & Software Lt Audio-video telephony with port address translation
US20020133716A1 (en) * 2000-09-05 2002-09-19 Shlomi Harif Rule-based operation and service provider authentication for a keyed system
US7254833B1 (en) * 2000-11-09 2007-08-07 Accenture Llp Electronic security system and scheme for a communications network
US20020120755A1 (en) * 2001-02-28 2002-08-29 Gomes John Isaac Chandan Method and apparatus for applying information through a firewall remotely via a mobile device
US7769838B2 (en) * 2001-08-23 2010-08-03 The Directv Group, Inc. Single-modem multi-user virtual private network

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100382552C (en) * 2003-10-17 2008-04-16 西安大唐电信有限公司 Method for establishing VOIP communication penetrating fire wall
FR2865337A1 (en) * 2004-01-15 2005-07-22 Thomson Licensing Sa Firewall securing system, has reference parameter generation unit for generating reference parameter, and module that controls automatic distribution of reference parameter to authorized users list

Also Published As

Publication number Publication date
WO2003028334A2 (en) 2003-04-03
EP1430693A2 (en) 2004-06-23
US7752319B2 (en) 2010-07-06
DE10147147A1 (en) 2003-04-24
WO2003028334A3 (en) 2003-07-10
EP1430693B1 (en) 2005-12-21
CN1631019A (en) 2005-06-22
DE50205374D1 (en) 2006-01-26
CA2461418C (en) 2010-10-26
CN100521680C (en) 2009-07-29
US20040255035A1 (en) 2004-12-16

Similar Documents

Publication Publication Date Title
US6757823B1 (en) System and method for enabling secure connections for H.323 VoIP calls
CN101151864B (en) Calling completion device and method
CA2556863C (en) Method and apparatus for selection of special-purpose gateways
US7464267B2 (en) System and method for secure transmission of RTP packets
US6567399B1 (en) Hi-fidelity line card
US7230945B2 (en) Method for sending dual-tone multi-frequency signal using voice over internet protocol
MXPA02001026A (en) Address definition for ip telephony services.
JP2001358778A (en) Communication system, communication gateway and communicating method
EP1989831A2 (en) System and method for consolidating media signaling to facilitate internet protocol (ip) telephony
US7443834B1 (en) Combining multimedia services with traditional telephony
US20050047423A1 (en) Protocol interworking framework
WO2007068201A1 (en) A method, a control terminal and a system for realizing click calling service
CA2461418A1 (en) Method and device for implementing a firewall application for communication data
US8780888B2 (en) Facilitating non-SIP users calling SIP users
US8249238B2 (en) Dynamic key exchange for call forking scenarios
CN101330542A (en) Method and terminal for video communication during voice communication process
Cisco Session Initiation Protocol (SIP) for VoIP
US7302495B2 (en) Method for transmitting signaling messages using alternate path
JP4329596B2 (en) Call hold method in VoIP network
CN102301675A (en) A method for sharing a same user device by multi-users by using sip and a user device thereof
JP4017592B2 (en) VoIP system and VoIP telephone
KR100479268B1 (en) Method for setting bearer in VoIP network
WO2005043878A1 (en) SIP TELEPHONE AND VoIP SYSTEM USING THE SAME
JP2005252939A (en) Interworking apparatus
US7313232B1 (en) Monitoring for operator services

Legal Events

Date Code Title Description
EEER Examination request
MKLA Lapsed

Effective date: 20190910