Establishing a secure connection with a private corporate network over a public network

US 20020099957A1
Filed: 01/24/2001
Published: 07/25/2002
Est. Priority Date: 01/24/2001
Status: Active Grant

First Claim

Patent Images

1. In a network environment that includes a public network such as the Internet and a private corporate network contained in the public network, the public network including a client external to the private corporate network, a method of a communications device of the external client establishing a secure connection over a public network to the private corporate network without restricting the communications device to working through the private corporate network, the method comprising the following;

a specific act of the external client establishing a connection with the private corporate network over the public network using the communication device;

a specific act of the external client providing security to the connection;

a specific act of the external client maintaining a session that uses the secure connection to communicate with the private corporate network; and

during at least a portion of the specific act of the external client maintaining a session that uses the secure connection, a specific act of the communication device retaining the ability to establish a separate and distinct connection with another resource outside of the private corporate network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An external client securely accesses a private corporate network using a communications device, but without the communications device being required to communicate through the private corporate network when communicating with resources external to the private corporate network. The external client establishes a connection with the private corporate network over the public network such as the Internet using, for example, Transmission Control Protocol (TCP). The external client then provides security to the connection by running, for example, the Secure Socket Layer (SSL) protocol over the TCP protocol. During the ensuing session with the private corporate network, the communications device establishes a subsequent connection(s) with the external resource.

Citations

26 Claims

1. In a network environment that includes a public network such as the Internet and a private corporate network contained in the public network, the public network including a client external to the private corporate network, a method of a communications device of the external client establishing a secure connection over a public network to the private corporate network without restricting the communications device to working through the private corporate network, the method comprising the following;
- a specific act of the external client establishing a connection with the private corporate network over the public network using the communication device;
  
  a specific act of the external client providing security to the connection;
  
  a specific act of the external client maintaining a session that uses the secure connection to communicate with the private corporate network; and
  
  during at least a portion of the specific act of the external client maintaining a session that uses the secure connection, a specific act of the communication device retaining the ability to establish a separate and distinct connection with another resource outside of the private corporate network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 20, 21)
- - 2. A method in accordance with claim 1, further comprising:
    - during at least a portion of the specific act of the external client maintaining a session that uses the secure connection, a specific act of establish a connection with the resource outside of the private corporate network.
  - 3. A method in accordance with claim 1, wherein the specific act of the external client establishing a connection with the private corporate network comprises:
    - a specific act of using Transmission Control Protocol (TCP) to establish a connection with the private corporate network.
  - 4. A method in accordance with claim 3, wherein the specific act of the external client providing security to the connection comprises:
    - a specific act of the external client using a Secure Socket Layer (SSL) protocol to provide security to the connection.
  - 5. A method in accordance with claim 1, wherein the specific act of the external client providing security to the connection comprises:
    - a specific act of implementing a security protocol that resides at or above a socket layer in the protocol stack used to communicate data from the external client to the private corporate network.
  - 6. A method in accordance with claim 5, wherein the specific act of the external client providing security to the connection comprises:
    - a specific act of the external client using a Secure Socket Layer (SSL) protocol to provide security to the connection.
  - 7. A method in accordance with claim 5, wherein the specific act of the external client providing security to the connection comprises:
    - a specific act of the external client using a Wireless Transport Layer Security (WTLS) to provide security to the connection.
  - 8. A method in accordance with claim 1, wherein the specific act of the external client establishing a connection with the private corporate network comprises:
    - a specific act of the external client establishing a connection with a Virtual Privacy Network (VPN) access server in the private corporate network.
  - 9. A method in accordance with claim 8, wherein the VPN access server is implemented on the same server machine as a proxy server that serves the private corporate network.
  - 10. A method in accordance with claim 8, wherein the VPN access server is implemented on a different server machine than a proxy server that serves the private corporate network.
  - 11. A method in accordance with claim 1, wherein the public network comprises portions of the Internet.
  - 13. A computer program product in accordance with claim 12, wherein the computer-readable media comprises a tangible computer readable medium.
  - 14. A computer program product in accordance with claim 12, wherein the computer-executable instructions for performing the specific act of the external client establishing a connection with the private corporate network comprises a Transmission Control Protocol (TCP) module.
  - 15. A computer program product in accordance with claim 14, wherein the computer-executable instructions for performing a specific act of the external client providing security to the connection comprises a Secure Socket Layer (SSL) module.
  - 16. A computer program product in accordance with claim 12, wherein the computer-executable instructions for performing a specific act of the external client providing security to the connection comprises a Secure Socket Layer (SSL) module.
  - 17. A computer program product in accordance with claim 12, wherein the computer-executable instructions for performing a specific act of the external client providing security to the connection comprises a Wireless Transport Layer Security (WTLS) module.
  - 18. A computer program product in accordance with claim 12, wherein the computer-executable instructions for performing a specific act of the external client providing security to the connection comprises a module that reside at or above the socket layer in a protocol stack.
  - 20. A method in accordance with claim 19, wherein the step for securely connecting to the private corporate network comprises the following:
    - a specific act of the external client establishing a connection with the private corporate network over the public network using the communication device;
      
      a specific act of the external client providing security to the connection;
      
      a specific act of the external client maintaining a session that uses the secure connection to communicate with the private corporate network; and
      
      during at least a portion of the specific act of the external client maintaining a session that uses the secure connection, a specific act of the communication device retaining the ability to establish a separate and distinct connection with another resource outside of the private corporate network.
  - 21. A method in accordance with claim 11, wherein the public network comprises portions of the Internet.

12. In a computer program product for use in a network environment that includes a public network such as the Internet and a private corporate network contained in the public network, the public network including a client external to the private corporate network, the computer program product for implementing a method of a communications device of the external client establishing a secure connection over a public network to the private corporate network without restricting the communications device to working through the private corporate network, the computer program product including a computer-readable medium having stored thereon computer-executable instructions for performing the following;
- a specific act of the external client establishing a connection with the private corporate network over the public network using the communication device;
  
  a specific act of the external client providing security to the connection;
  
  a specific act of the external client maintaining a session that uses the secure connection to communicate with the private corporate network; and
  
  during at least a portion of the specific act of the external client maintaining a session that uses the secure connection, a specific act of the communication device retaining the ability to establish a separate and distinct connection with another resource outside of the private corporate network.

19. In a network environment that includes a public network such as the Internet and a private corporate network contained in the public network, the public network including a client external to the private corporate network, a method of a communications device of the external client establishing a secure connection over a public network to the private corporate network without restricting the communications device to working through the private corporate network, the method comprising the following;
- a step for securely connecting to the private corporate network while retaining the ability to establish a separate and distinct connection with a resource outside of the private corporate network; and
  
  during at least a portion of the step for security connecting, a specific act of establishing a connection with the resource outside of the private corporate network.

22. In a network environment that includes a public network such as the Internet and a private corporate network contained in the public network, the public network including a client external to the private corporate network, a method of a server computer system within a private corporate network establishing a secure connection with a communications device of the external client without restricting the communications device to working through the private corporate network, the method comprising the following;
- a specific act of the server computer system facilitating the establishment of a connection with the external client over the public network;
  
  a specific act of the server computer system facilitating the providing of security to the connection, wherein the secure connection is established while allowing the external client to maintain the ability to establish a separate and distinct connection.
- View Dependent Claims (23, 24, 25, 26)
- - 23. A method in accordance with claim 22, wherein the server computer system comprises a Virtual Private Network (VPN) server in the private corporate network.
  - 24. A method in accordance with claim 22, wherein the specific act of the server computer system facilitating the establishment of a connection with the external client comprises:
    - a specific act of using Transmission Control Protocol (TCP), to facilitate the establishment of a connection with the external client.
  - 25. A method in accordance with claim 22, wherein the specific act of the server computer system facilitating the providing of security to the connection comprises:
    - a specific act of using Secure Socket Layer (SSL), to facilitate the providing of security to the connection.
  - 26. A method in accordance with claim 22, wherein the specific act of the server computer system facilitating the providing of security to the connection comprises:
    - a specific act of using Wireless Transport Layer Security (WTLS), to facilitate the providing of security to the connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Fishman, Neil S., Kramer, Michael, Kadyk, Donald J.

Granted Patent

US 7,127,742 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/15
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/166   at the transport layer

Establishing a secure connection with a private corporate network over a public network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Establishing a secure connection with a private corporate network over a public network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links