Firewall security apparatus for high-speed circuit switched networks - 6141755

A network firewall security apparatus that enables a very high degree of traffic selectability yet avoids the usual performance penalty associated with firewalls. This approach is specific to high-speed circuit switched networks, Asynchronous Transfer Mode (ATM) networks in particular. Security management is achieved through active connection management with authentication, better suited to the cell-based environment of high-speed circuit switched networks and to the mix of circuit switched traffic, where Internet Protocol (IP) datagrams comprise a fraction of the total traffic. The information in the signaling cells is used to determine which flows, rather than which individual cells, are allowed to pass through the firewall. A hierarchical method has been devised, in which the physical location of the interrelated components may be decoupled. Active connection management is applied in determining the approval of a connection based on signaling information and network state information. Once a flow has been validated, the cells associated with that flow are allowed to proceed through the firewall at line-speed with limited intervention and no performance degradation.Firewall security apparatus for high-speed circuit switched networks614175531/10/200013/04/19982000932Dowd; Patrick W.Mchenry; John ThomasUS Patent and Trademark OfficeGoogle Patent security apparatusactive connection managementhigh-speed circuitfirewallactive connectionnetwork firewall securitynetwork state informationasynchronous transfer modeusual performance penalty