Tunnel mechanis for providing selective external access to firewall protected devices

US 20020069366A1
Filed: 12/01/2000
Published: 06/06/2002
Est. Priority Date: 12/01/2000
Status: Abandoned Application

First Claim

Patent Images

1. A method for providing an external client with selective access to a computer device protected behind a firewall and a host, comprising:

providing a tunnel mechanism between the host and the computer device, wherein the tunnel mechanism is in communication with the host and the computer device;

receiving with the tunnel mechanism an access request to the computer device from the external client;

verifying the external client currently has authorized access to the host; and

after successful completion of the verifying, routing the access request to the computer device with the tunnel mechanism.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing an external client access to a device that is protected by a firewall. The method includes providing a tunnel mechanism and then operating the tunnel mechanism to receive an access request to the device from the external client. The tunnel mechanism verifies the external client is currently authorized to access a host device. If authorized, the method continues with routing the access request to the device. The verifying step may include determining a level of authorization and then the routing step is performed based on the determined level of authorization. The routing step includes modifying the access request to include an address of an interface of the internal device. The method continues with receiving a response to the modified access request from the internal device and then modifying the response to remove any identification information for the internal device included in the response.

Citations

22 Claims

1. A method for providing an external client with selective access to a computer device protected behind a firewall and a host, comprising:
- providing a tunnel mechanism between the host and the computer device, wherein the tunnel mechanism is in communication with the host and the computer device;
  
  receiving with the tunnel mechanism an access request to the computer device from the external client;
  
  verifying the external client currently has authorized access to the host; and
  
  after successful completion of the verifying, routing the access request to the computer device with the tunnel mechanism.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further including prior to the routing, determining a destination interface from the access request and wherein the routing includes modifying the access request to include an address for the destination interface.
  - 3. The method of claim 2, wherein the providing includes establishing a communicative link between the tunnel mechanism and the destination interface.
  - 4. The method of claim 1, further including receiving a response to the access request from the computer device and modifying the response prior to transmitting the response to the external client to remove identification information for the computer device.
  - 5. The method of claim 4, wherein the modifying includes adding identification information for the tunnel mechanism to the response.
  - 6. The method of claim 5, wherein the response includes URL information and the added identification information includes URL information for the tunnel mechanism.
  - 7. The method of claim 4, further including examining the response for an error message, translating the error message, and including the error message in the response transmitted to the external client.
  - 8. The method of claim 7, further including operating the tunnel mechanism to take corrective actions to remove the error message from the response from the computer device.
  - 9. The method of claim 1, wherein the verifying includes determining a level of the authorized access and, further wherein the routing includes limiting the access request to the computer device to the determined level of the authorized access.

10. A method for controlling access to a device on an internal network by a client device on an external data communications network, a firewall being installed between the internal network and the external data communications network, the method comprising:
- receiving with a tunnel mechanism an access request from the external client device to the internal network device, the tunnel mechanism being communicatively linked to the firewall and an interface of the internal device;
  
  modifying the access request to include an address of the interface of the internal device;
  
  operating the tunnel mechanism to route the modified access request to the interface of the internal device;
  
  receiving a response to the modified access request from the internal device at the tunnel mechanism, the response including identification information for the internal device; and
  
  modifying the response with the tunnel mechanism to remove the identification information prior to transmittal of the modified response to the external client device.
- View Dependent Claims (11, 12, 13, 14, 15, 17, 18, 20, 21, 22)
- - 11. The method of claim 10, wherein the access request includes URL information and the access request modifying includes modifying the URL information to include URL information for the internal device.
  - 12. The method of claim 10, wherein the identification information includes URL information for the internal device and the response modifying includes replacing the internal device URL information with URL information for the tunnel mechanism.
  - 13. The method of claim 10, wherein the internal network includes a plurality of the internal devices, and the access request modifying includes determining a destination interface for a one of the internal devices corresponding to the access request from the external device.
  - 14. The method of claim 10, further including prior to the routing, verifying the external device is currently authenticated as an authorized user of a host device communicatively linked to the firewall and the tunnel mechanism.
  - 15. The method of claim 14, wherein the host device is a HTTP Web server configured to support Java™
    - and the tunnel mechanism comprises a Java™
      
      servlet.
  - 17. The system of claim 16, wherein the host server is a HTTP Web server configured to support Java™
    - and the tunnel mechanism is a Java™
      
      servlet installed on the host server.
  - 18. The system of claim 16, wherein the tunnel mechanism is further adapted for verifying, prior to the routing of the modified request, that the client device was authorized to access the host server when the request was received.
  - 20. The computer program of claim 19, wherein the routing includes determining the interface for routing the request and the routing of the request includes modifying the request to include an address for the determined interface.
  - 21. The computer program of claim 19, further including fourth computer code devices configured to cause a computer to receive a response from the interior device comprising identification information corresponding to the interior device and fifth computer code devices configured for causing a computer to generate a modified response based on the received response including removing the identification information.
  - 22. The computer program of claim 21, further including sixth computer code devices configured to cause a computer to translate error messages in the received response, to take response actions to the error messages, and to include unresolved ones of the translated error messages in the modified response.

16. A network access system for controlling access to a computer device protected by a firewall, comprising:
- a host server on an interior side of the firewall, the host server being linked to the firewall and configured for receiving a request from a client device located exterior to the firewall; and
  
  a tunnel mechanism linked to the computer device adapted for;
  
  modifying the request to include an address of an interface of the computer device;
  
  routing the modified request to the computer device;
  
  receiving a response from the computer device including identification information; and
  
  modifying the response to remove the identification information.

19. A computer program for providing a device on an exterior side of a firewall selective access to a device on the interior side of the firewall, a host being positioned between the firewall and the interior device, comprising:
- first computer code devices configured to cause a computer to receive a request from the exterior device to access the interior device;
  
  second computer code devices configured to cause a computer to verify the that the exterior device is presently authorized to access the host; and
  
  third computer code devices configured to cause a computer to route the request to an interface of the interior device based on the verified authorization.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Schoettger, Chad

Application Number

US09/728,257
Publication Number

US 20020069366A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 12/4633 Interconnection of networks...

H04L 63/029 Firewall traversal, e.g. tu...

Tunnel mechanis for providing selective external access to firewall protected devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Tunnel mechanis for providing selective external access to firewall protected devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links