Providing security for external access to a protected computer network

US 20050091515A1
Filed: 10/26/2004
Published: 04/28/2005
Est. Priority Date: 03/12/2002
Status: Active Grant

First Claim

Patent Images

1. A method for providing controlled access via an external network to a resource residing on an internal network, comprising:

receiving at a mediating firewall associated with the internal network an external request received via the external network and addressed to the mediating firewall, the external request comprising a request from a requesting party for response data associated with an internal computer system associated with the internal network;

analyzing at the mediating firewall at least part of the content of the external request to determine whether the request is authorized; and

if it is determined that the request is authorized, sending from the mediating firewall to the internal computer system an internal request, generated by the mediating firewall, comprising a request for said response data.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are disclosed for providing controlled access via an external network to a resource residing on an internal network. An external request addressed to a first computer system associated with the internal network is received at the first computer system via the external network. The external request comprises a request from a requesting party for response data from a second computer system associated with the internal network. At least part of the content of the external request is analyzed at the first computer system to determine whether the request is authorized. If it is determined that the request is authorized, the request is processed.

Citations

21 Claims

1. A method for providing controlled access via an external network to a resource residing on an internal network, comprising:
- receiving at a mediating firewall associated with the internal network an external request received via the external network and addressed to the mediating firewall, the external request comprising a request from a requesting party for response data associated with an internal computer system associated with the internal network;
  
  analyzing at the mediating firewall at least part of the content of the external request to determine whether the request is authorized; and
  
  if it is determined that the request is authorized, sending from the mediating firewall to the internal computer system an internal request, generated by the mediating firewall, comprising a request for said response data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, further comprising authenticating the request at the mediating firewall.
  - 3. The method of claim 1, further comprising checking the integrity of the request at the mediating firewall.
  - 4. The method of claim 1, wherein the processing comprises decrypting at least part of the request at the mediating firewall.
  - 5. The method of claim 1, wherein the requesting party comprises a process running on an external computer system, the external computer system not being associated with the internal computer network.
  - 6. The method of claim 1, wherein the internal request is sent using a protocol that is different than the protocol used by the requesting party to send the external request.
  - 7. The method of claim 1, wherein the internal request comprises an authentication as having originated from the mediating firewall.
  - 8. The method of claim 1, wherein at least part of the internal request is encrypted.
  - 9. The method of claim 8, wherein the external request sent by the requesting party is encrypted and the encryption method used to encrypt the internal request is different than the encryption method used by the requesting party to encrypt the external request.
  - 10. The method of claim 1, further comprising:
    - receiving at the mediating firewall an internal response from the internal computer system.
  - 11. The method of claim 10, wherein the internal response comprises the response data.
  - 12. The method of claim 10, further comprising processing the internal response.
  - 13. The method of claim 12, wherein processing the internal response comprises decrypting the internal response.
  - 14. The method of claim 10, further comprising preparing an external response to be sent to the requesting party.
  - 15. The method of claim 14, wherein the external response comprises the response data.
  - 16. The method of claim 14, further comprising sending the external response to the requesting party.
  - 17. The method of claim 14, wherein the data format used in the external response is different from that used in the internal response.
  - 18. The method of claim 14, wherein the protocol used to send the external response is different than the protocol used to send the internal response.
  - 19. The method of claim 1, wherein whether the external request is authorized is based at least in part on the identity of the requesting party.

20. A system for providing controlled access via an external network to an internal network, comprising:
- an external network connection configured to receive an external request sent via the external network;
  
  a processor associated with a mediating firewall associated with the internal network, the processor being configured to;
  
  analyze at least part of the content of the external request to determine whether the request is authorized; and
  
  process the request in the event it is determined that the request is authorized; and
  
  an internal network connection configured to enable an internal request to be sent via the internal network to an internal computer system associated with the internal network;
  
  wherein the external request is addressed to the mediating firewall and comprises a request for response data from the internal computer system and wherein said processor is configured to send from the mediating firewall to the internal computer system an internal request comprising a request for said response data.

21. A computer program product for providing controlled access via an external network to an internal network, the computer program product being embodied in a computer readable medium and comprising computer instructions for:
- receiving at a mediating firewall associated with the internal network an external request sent via the external network and addressed to the mediating firewall, the external request comprising a request from a requesting party for response data from a second an internal computer system associated with the internal network;
  
  analyzing at the mediating firewall at least part of the content of the external request to determine whether the request is authorized; and
  
  if it is determined that the request is authorized, sending from the mediating firewall to the internal computer system an internal request comprising a request for said response data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Reactivity, Inc. (Cisco Systems, Inc.)
Inventors
Lilly, Jhon O. III, Hanson, Michael, Roddy, Brian J.

Granted Patent

US 7,043,753 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/188
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0218   Distributed architectures, ...

H04L 63/0236   Filtering by address, proto...

H04L 63/0245   Filtering by information in...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Providing security for external access to a protected computer network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Providing security for external access to a protected computer network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links