Access control for networks

Assignee

• Cisco Technology, Inc. · US

Inventors

• Serene H. Fan · Palo Alto, US
• Steve Truong · Saratoga, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0254
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

An access control system (a firewall) controls traffic to and from a local network. The system is implemented on a dedicated network device such as a router positioned between a local network and an external network, usually the Internet, or between one or more local networks. In this procedure, access control items are dynamically generated and removed based upon the context of an application conversation. Specifically, the system dynamically allocates channels through the firewall based upon its knowledge of the type of applications and protocol (context) employed in the conversation involving a node on the local network. Further, the system may selectively examine packet payloads to determine when new channels are about to be opened. In one example, the firewall employs different rules for handling SMTP (e-mail using a single channel having a well-known port number) sessions, FTP sessions (file transfer using a single control channel having a well known port number and using one or more data channels having arbitrary port numbers), and H.323 (video conferencing using multiple control channels and multiple data channels, which use arbitrary port numbers) sessions.