Systems and methods for protecting network devices by a firewall
First Claim
Patent Images
1. A computer-implemented method comprising:
- receiving, by a computer system implementing a gateway to a private network, a request from a client device for a network tunnel between the client device and a network device in the private network;
sharing, by the computer system, a signature key between the gateway and an authentication server;
authenticating the client device by the computer system by at least verifying a digital signature via the signature key;
receiving, from the authentication server in communication with the computer system, a client access list that includes a list of network devices the client device is allowed to communicate with;
verifying, by the computer system, that the network device in the private network is part of the list of network devices the client device is allowed to communicate with; and
establishing, by the computer system, the network tunnel between the client device and the network device in the private network through the gateway.
7 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure help protect network devices from unauthorized access. Among other things, embodiments of the disclosure allow full access to application servers and other network devices that a client is allowed to access, while preventing all access (or even knowledge) of network devices the client is not allowed to access.
-
Citations
19 Claims
-
1. A computer-implemented method comprising:
-
receiving, by a computer system implementing a gateway to a private network, a request from a client device for a network tunnel between the client device and a network device in the private network; sharing, by the computer system, a signature key between the gateway and an authentication server; authenticating the client device by the computer system by at least verifying a digital signature via the signature key; receiving, from the authentication server in communication with the computer system, a client access list that includes a list of network devices the client device is allowed to communicate with; verifying, by the computer system, that the network device in the private network is part of the list of network devices the client device is allowed to communicate with; and establishing, by the computer system, the network tunnel between the client device and the network device in the private network through the gateway. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory, computer-readable medium storing instructions that, when executed, cause a computer system implementing a gateway to a private network to:
-
receive a request from a client device for a network tunnel between the client device and a network device in the private network; share a signature key between the gateway and an authentication server; authenticate the client device by at least verifying a digital signature via the signature key; receive, from the authentication server in communication with the computer system, a client access list that includes a list of network devices the client device is allowed to communicate with; verify that the network device in the private network is part of the list of network devices the client device is allowed to communicate with; and establish the network tunnel between the client device and the network device in the private network through the gateway.
-
-
19. A computer system implementing a gateway, the computer system comprising:
-
a processor; and a non-transitory memory in communication with the processor and storing instructions that, when executed by the processor, cause the computer system to; receive a request from a client device for a network tunnel between the client device and a network device in the private network; share a signature key between the gateway and an authentication server; authenticate the client device by at least verifying a digital signature via the signature key; receive, from the authentication server in communication with the computer system, a client access list that includes a list of network devices the client device is allowed to communicate with; verify that the network device in the private network is part of the list of network devices the client device is allowed to communicate with; and establish the network tunnel between the client device and the network device in the private network through the gateway.
-
Specification