Content inspection in secure networks
First Claim
1. A secure access system connecting at least one client of an internal network with at least one remote server of an external network, said system comprising:
- an internal gateway communicating with said at least one client;
an external gateway communicating with said at least one remote server;
an internal encryption terminator establishing a secure connection with said at least one client and impersonating said at least one remote server, decrypting encrypted requests coming from said at least one client and encrypting clear replies going to said at least one client; and
an external encryption initiator aiding in establishing a secure connection with said at least one remote server, encrypting clear requests going to said at least one remote server and decrypting encrypted replies coming from said at least one remote server.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure access system is used to connect an internal network, such as a private LAN, to an external network, such as the Internet. The system is provided with internal and external gateways, for connecting to the respective networks, as well as an inspection evaluator, content inspector, internal certificate authority, internal SSL terminator and external SSL initiator. Packets routed through the access system are inspected before they are forwarded from one gateway to the other, except those packets of designated users of the internal network which are directly forwarded without inspection. Encrypted packets received by the access system are decrypted, inspected, and then re-encrypted before they are forwarded.
199 Citations
40 Claims
-
1. A secure access system connecting at least one client of an internal network with at least one remote server of an external network, said system comprising:
-
an internal gateway communicating with said at least one client;
an external gateway communicating with said at least one remote server;
an internal encryption terminator establishing a secure connection with said at least one client and impersonating said at least one remote server, decrypting encrypted requests coming from said at least one client and encrypting clear replies going to said at least one client; and
an external encryption initiator aiding in establishing a secure connection with said at least one remote server, encrypting clear requests going to said at least one remote server and decrypting encrypted replies coming from said at least one remote server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A secure access system connecting an internal network to an external network, said system comprising:
-
an internal gateway communicating with said at least one client;
an external gateway communicating with said at least one remote server;
an internal encryption terminator establishing a secure connection with said at least one client and impersonating said at least one remote server, decrypting encrypted requests coming from said at least one client and encrypting clear replies going to said at least one client;
an external encryption initiator aiding in establishing a secure connection with said at least one remote server, encrypting clear requests going to said at least one remote server and decrypting encrypted replies coming from said at least one remote server; and
an internal certificate authority that authorizes said impersonation without contacting an external certifying authority. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A secure access system connecting an internal network to an external network, said system comprising:
-
an internal gateway communicating with said at least one client;
an external gateway communicating with said at least one remote server;
an internal encryption terminator establishing a secure connection with said at least one client and impersonating said at least one remote server, decrypting encrypted requests coming from said at least one client and encrypting clear replies going to said at least one client;
an external encryption initiator aiding in establishing a secure connection with said at least one remote server, encrypting clear requests going to said at least one remote server and decrypting encrypted replies coming from said at least one remote server;
an internal certificate authority that authorizes said impersonation without contacting an external certifying authority; and
a content inspection unit inspecting clear requests and replies. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. An article of manufacture comprising a computer media product implementing content inspection in communication sessions between at least one client of an internal network and at least one remote server of an external network, said medium comprising:
-
a first module implementing an internal gateway communicating with said at least one client;
a second module implementing an external gateway communicating with said at least one remote server;
a third module implementing an internal encryption terminator aiding in establishing a secure connection with said at least one client and impersonating said at least one remote server, decrypting encrypted requests coming from said at least one client and encrypting clear replies going to said at least one client;
a fourth module implementing an external encryption initiator aiding in establishing a secure connection with said at least one remote server, encrypting clear requests going to said at least one remote server and decrypting encrypted replies coming from said at least one remote sever; and
a fifth module implementing an internal certificate authority that authorizes said impersonation. - View Dependent Claims (37, 38, 39, 40)
-
Specification