US 12,149,503 B2
Gateway device
Shuhei Kaneko, Hitachinaka (JP); Hiroki Yamazaki, Hitachinaka (JP); and Teruaki Nomura, Hitachinaka (JP)
Assigned to HITACHI ASTEMO, LTD., Hitachinaka (JP)
Appl. No. 17/609,140
Filed by HITACHI ASTEMO, LTD., Hitachinaka (JP)
PCT Filed Jul. 7, 2020, PCT No. PCT/JP2020/026519
§ 371(c)(1), (2) Date Nov. 5, 2021,
PCT Pub. No. WO2021/010223, PCT Pub. Date Jan. 21, 2021.
Claims priority of application No. 2019-129921 (JP), filed on Jul. 12, 2019.
Prior Publication US 2022/0224672 A1, Jul. 14, 2022
Int. Cl. H04L 9/40 (2022.01); H04L 12/66 (2006.01)
CPC H04L 63/0227 (2013.01) [H04L 12/66 (2013.01); H04L 63/1408 (2013.01)] 5 Claims
OG exemplary drawing
 
1. A gateway device that performs communication connection between an internal network of a device and an external network, the gateway device comprising:
at least one central processing unit (CPU) comprising:
an external-network-side transfer processor configured to transfer a communication frame received from the external network to the internal network;
an internal-network-side transfer processor configured to transfer the communication frame transferred from the external network via the external-network-side transfer processor to the internal network, wherein the communication frame is temporarily stored in a shared memory on the internal network in response to the transfer of the communication frame from the external network via the external-network-side transfer processor to the shared memory;
a transfer notifier configured to provide a transfer notification to notify the shared memory of the transfer of the communication frame from the external-network-side transfer processor to the shared memory, wherein the communication frame is stored in the shared memory prior to the transfer of the communication frame to the internal-network-side transfer processor processing unit;
an external-network-side firewall configured to filter the communication frame received from the external network and to be transferred to the external-network-side transfer processor, wherein the external-network-side firewall performs filtering based on identification information of the communication frame and a first transfer table;
an internal-network-side firewall configured to determine whether to transfer the communication frame received from the external-network-side transfer processor to the internal-network-side transfer processor, wherein the internal network-side firewall performs filtering based on the identification information of the communication frame and a second transfer table; and
a monitor configured to determine whether to transfer the communication frame from external-network-side transfer processor to the internal-network-side transfer processor via the shared memory based on at least one of a frequency of the transfer notification from the transfer notifier to the shared memory and a transfer data amount of communication frames transferred between the external-network-side transfer processor and the shared memory,
wherein only for a communication frame of a predetermined type among a plurality of communication frames transferred from the external-network-side transfer processor to the shared memory, the monitor determines whether to transfer the communication frame, and wherein the communication frame of the predetermined type has identification information determined in advance to correspond to a monitoring target.