Secure intranet access
First Claim
1. A distributed computing system allowing secure external access to a secure network, the system comprising:
- a target server within the secure network;
a border server within the secure network, the border server connectable to the target server by a first communications link;
a client outside the secure network, the client connectable to the border server by a second communications link, the client and the border server configured to support secure sockets layer communication over the second communications link;
a user authentication system located at least partially within the secure network, the secure network configured to allow direct access to the target server by a user only after the user is authenticated by the user authentication system; and
a uniform resource locator transformer which modifies non-secure uniform resource locators in data being sent from the target server to the client by replacing them with corresponding secure uniform resource locators to promote continued use of secure sockets layer communication.
8 Assignments
0 Petitions
Accused Products
Abstract
Methods, signals, devices, and systems are provided for secure access to a network from an external client. Requests for access to confidential data may be redirected from a target server to a border server, after which a secure sockets layer connection between the border server and the external client carries user authentication information. After the user is authenticated to the network, requests may be redirected back to the original target server. Web pages sent from the target server to the external client are scanned for non-secure URLs such as those containing “http.//” and modified to make them secure. The target server and the border server utilize various combinations of secure and non-secure caches. Although tunneling, may be used, the extensive configuration management burdens imposed by virtual private networks are not required.
-
Citations
33 Claims
-
1. A distributed computing system allowing secure external access to a secure network, the system comprising:
-
a target server within the secure network;
a border server within the secure network, the border server connectable to the target server by a first communications link;
a client outside the secure network, the client connectable to the border server by a second communications link, the client and the border server configured to support secure sockets layer communication over the second communications link;
a user authentication system located at least partially within the secure network, the secure network configured to allow direct access to the target server by a user only after the user is authenticated by the user authentication system; and
a uniform resource locator transformer which modifies non-secure uniform resource locators in data being sent from the target server to the client by replacing them with corresponding secure uniform resource locators to promote continued use of secure sockets layer communication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for providing access to a secure network, the method comprising the steps of
receiving a request for access to a target server which is within the secure network, the access request having been made by a user outside the secure network; -
forming a secure sockets layer connection between the user and a border server which is within the secure network;
using the secure sockets layer connection and a user authentication system of the secure network to authenticate the user to the secure network;
modifying data by replacing non-secure uniform resource locators in the data with corresponding secure uniform resource locators which promote continued use of secure sockets layer communication; and
transmitting the modified data to the user over a secure sockets layer connection. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
-
- 25. A signal embodied in a computer system, the signal comprising a delimited non-secure uniform resource locator adjoined to a secure uniform resource locator, the non-secure uniform resource locator identifying a target server in a secure network the secure uniform resource locator identifying a border server in the secure network.
-
28. A computer storage medium having a configuration that represents data and instructions which will cause performance of method steps for providing access to a secure network, the method comprising the steps of:
-
receiving at a target server which is within the secure network a request for access to the target server, the access request having been made by a user outside the secure network;
redirecting the request to a border server which is within the secure network;
forming a secure connection between the user and the border server, the secure connection utilizing at least a transport layer protocol and lower level protocols, security in the connection being provided at least by encryption performed above the transport layer protocol;
using the secure connection and a user authentication system of the secure network to authenticate the user to the secure network;
modifying data by replacing non-secure uniform resource locators in the data with corresponding secure uniform resource locators which promote continued use of secure communication; and
transmitting the modified data to the user over a secure connection. - View Dependent Claims (29, 30, 31, 32, 33)
-
Specification