Firewall providing enhanced network security and user transparency
US6804783B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Apr 18, 2000 |
| Grant date | Oct 12, 2004 |
| Priority date | — |
| Expiry date | Apr 18, 2020 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2101/677
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
The present invention, generally speaking, provides a firewall that achieves maximum network security and maximum user convenience. The firewall employs “envoys” that exhibit the security robustness of prior-art proxies and the transparency and ease-of-use of prior-art packet filters, combining the best of both worlds. No traffic can pass through the firewall unless the firewall has established an envoy for that traffic. Both connection-oriented (e.g., TCP) and connectionless (e.g., UDP-based) services may be handled using envoys. Establishment of an envoy may be subjected to a myriad of tests to “qualify” the user, the requested communication, or both. Therefore, a high level of security may be achieved. The usual added burden of prior-art proxy systems is avoided in such a way as to achieve full transparency—the user can use standard applications and need not even know of the existence of the firewall. To achieve full transparency, the firewall is configured as two or more sets of virtual hosts. The firewall is, therefore, “multi-homed,” each home being independently configurable. One set of hosts responds to addresses on a first network …
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.