Method for transparently forming a connection to an element of a private network over an IP-compliant network

US 20050235346A1
Filed: 03/02/2005
Published: 10/20/2005
Est. Priority Date: 02/06/1996
Status: Abandoned Application

First Claim

Patent Images

1. A method for transparently forming a connection to an element of a private network over an IP-compliant network comprising:

receiving an access request from an external user over the IP-compliant network to access the private network element;

assigning a proxy agent operable within said firewall to process said access request;

determining, by said proxy agent, whether said external user is authorized to access said private network element;

if said user is authorized to access said private network element, then forming, by said proxy agent, a connection to said private network element on behalf of said external user; and

wherein said firewall appears as the source of the connection to said external user.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for transparently forming a connection to an element of a private network over an IP-compliant network are disclosed. In disclosed embodiments, network devices such as firewalls are disclosed that are configured to receive an access request from an external user over the IP-compliant network to access the private network element and assign a proxy agent process said access request. The proxy agent then determines whether the external user is authorized to access the private network element. If the user is authorized, then the proxy agent forms a connection to the private network element on behalf of the external user such that the network device appears as the source of the connection to the external user.

82 Citations

View as Search Results

20 Claims

1. A method for transparently forming a connection to an element of a private network over an IP-compliant network comprising:
- receiving an access request from an external user over the IP-compliant network to access the private network element;
  
  assigning a proxy agent operable within said firewall to process said access request;
  
  determining, by said proxy agent, whether said external user is authorized to access said private network element;
  
  if said user is authorized to access said private network element, then forming, by said proxy agent, a connection to said private network element on behalf of said external user; and
  
  wherein said firewall appears as the source of the connection to said external user.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein said act of determining whether said external user is authorized to access said private network element further comprises comparing the source address of said access request against a list of addresses.
  - 3. The method of claim 2, further comprising the act of performing additional verification checks on suspect addresses.
  - 4. The method of claim 3, further comprising the act of performing additional verification based on the suspect addresses'"'"' port designation.
  - 5. The method of claim 1, further comprising the act of maintaining a transaction log containing information regarding incoming requests.

6. A network device for transparently forming a connection to an element of a private network over an IP-compliant network comprising:
- a network device disposed between the IP-compliant network and the element of the private network, said network device configured to;
  
  receive an access request from an external user to access the private network element;
  
  assign a proxy agent to process said access request; and
  
  the proxy agent being configured to determine whether said external user is authorized to access said private network element and form a connection to said private network element on behalf of said external user if said user is authorized to access said private network element; and
  
  wherein said device appears as the source of the connection to said external user.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The device of claim 6, wherein said device is further configured to compare the source address of said access request against a list of addresses.
  - 8. The device of claim 7, wherein said device is further configured to perform additional verification checks on suspect addresses.
  - 9. The device of claim 8, wherein said device is further configured to perform additional verification based on the suspect addresses'"'"' port designation.
  - 10. The device of claim 6, wherein said device is further configured to maintain a transaction log containing information regarding incoming requests.

11. An apparatus for transparently forming a connection to an element of a private network over an IP-compliant network comprising:
- means for receiving an access request from an external user over the IP-compliant network to access the private network element;
  
  means for assigning a proxy agent operable within said apparatus to process said access request;
  
  means for determining, by said proxy agent, whether said external user is authorized to access said private network element;
  
  means for forming a connection to said private network element on behalf of said external user if said user is authorized to access said private network element; and
  
  wherein said apparatus appears as the source of the connection to said external user.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, further comprising means for determining whether said external user is authorized to access said private network element further comprises comparing the source address of said access request against a list of addresses.
  - 13. The method of claim 12, further comprising means for performing additional verification checks on suspect addresses.
  - 14. The method of claim 13, further comprising means for performing additional verification based on the suspect addresses'"'"' port designation.
  - 15. The method of claim 11, further comprising means for maintaining a transaction log containing information regarding incoming requests.

16. A computer-readable device containing a set of computer instructions to perform a method for transparently forming a connection to an element of a private network over an IP-compliant network, the method comprising:
- receiving an access request from an external user over the IP-compliant network to access the private network element;
  
  assigning a proxy agent operable within said firewall to process said access request;
  
  determining, by said proxy agent, whether said external user is authorized to access said private network element;
  
  if said user is authorized to access said private network element, then forming, by said proxy agent, a connection to said private network element on behalf of said external user; and
  
  wherein said firewall appears as the source of the connection to said external user.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The device of claim 16, wherein said act of determining whether said external user is authorized to access said private network element further comprises comparing the source address of said access request against a list of addresses.
  - 18. The device of claim 17, said method further comprising the act of performing additional verification checks on suspect addresses.
  - 19. The device of claim 18, said method further comprising the act of performing additional verification based on the suspect addresses'"'"' port designation.
  - 20. The device of claim 16, said method further comprising the act of maintaining a transaction log containing information regarding incoming requests.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Christopher D. Coley, Ralph E. Wesinger Jr
Original Assignee
Christopher D. Coley, Ralph E. Wesinger Jr
Inventors
Coley, Christopher D., Wesinger, Ralph E. Jr.

Application Number

US11/071,869
Publication Number

US 20050235346A1
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

G06Q 20/027   involving a payment switch ...

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/0281   Proxies

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/1458   Denial of Service

H04L 63/18   using different networks or...

H04L 69/16   Implementation or adaptatio...

H04L 9/40   Network security protocols

Method for transparently forming a connection to an element of a private network over an IP-compliant network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

82 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method for transparently forming a connection to an element of a private network over an IP-compliant network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links