Network access using secure tunnel
First Claim
1. A method for accessing a network comprising:
- routing a message from a client application on a client to an adapter installed as a kernel space component on the client;
routing the message from the adapter to a server-proxy installed as a user space component on the client;
encapsulating the message for transportation to a remote server on a private network;
routing the encapsulated message from the server-proxy to an IP stack, for transmission to the remote server.
1 Assignment
0 Petitions
Accused Products
Abstract
A security platform connected to a private network permits access to the private network from a public network (such as the Internet) through a variety of mechanisms. A reverse proxy system operating as part of the security platform provides access to web-enabled applications from a browser connected to the public network. The reverse proxy rewrites requests and responses so that the browser directs requests to the reverse proxy, from which the requests can be directed to the appropriate server on the public network or the private network. Responses come back to the reverse proxy, and are then forwarded to the browser. An SSL tunneling system permits fat clients to access the private network through an SSL connection. The SSL tunneling system employs a server component operating on the security platform and components downloaded to the client computer from the security platform. The client components include a control component operating in a browser window, a server-proxy component that sets up secure communications with the private network, and an adapter component between the server-proxy and the fat client. The adapter component operates in kernel space. Data is directed from the fat client to the adapter, and then forwarded to the server-proxy; data from the server-proxy is directed to the adapter, and then forwarded to the fat client. Security is provided through the use of multiple authentication realms, each of which provides a set of authentication stages for authenticating users and providing client integrity validation.
-
Citations
21 Claims
-
1. A method for accessing a network comprising:
-
routing a message from a client application on a client to an adapter installed as a kernel space component on the client;
routing the message from the adapter to a server-proxy installed as a user space component on the client;
encapsulating the message for transportation to a remote server on a private network;
routing the encapsulated message from the server-proxy to an IP stack, for transmission to the remote server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer program product, residing on a computer-readable medium, for use in accessing a network, the computer program product comprising instructions for causing a computer to:
-
install an adapter as a kernel space component on a client; and
install a server-proxy as a user space component on the client;
the adapter being programmed to receive a message from a client application on the client and to route the message to the server-proxy; and
the server-proxy being programmed to encapsulate a message received from the adapter for transportation to a remote server on a private network, and to route the encapsulated message to an EP stack for transmission to the remote server.
-
-
17. A method for accessing a network comprising:
-
receiving authentication information from a user at a client attempting to access a server on a private network;
if the user is authenticated;
sending to the client a set of subnets that the user can access;
sending to the client an IP address to be used by the client and an 1P address to be used by the server; and
configuring a firewall according to a set of firewall rules for the user. - View Dependent Claims (18, 19, 20, 21)
-
Specification