SECURITY GATEWAY UTILIZING SSL PROTOCOL PROTECTION AND RELATED METHOD
First Claim
1. A security gateway for use in a network system for linking at least a client end and a server end, comprising:
- a user interface for generating a web image via a web browser stored in the client end of the network system, the web image providing a remote auto-set access mechanism for being manipulated by the client end;
an SSL VPN driver for establishing a SSL VPN tunnel between the server end and the client end over a network system as the remote auto-set access mechanism is activated, so that a certification data of the client end is capable of safely being transmitted to the SSL VPN driver through the SSL VPN tunnel;
a connection interface for transmitting the certification data from the SSL VPN driver; and
an IPSEC VPN driver for generating a security association (SA) based on the certification data transmitted from the connection interface, and for generating and sending information with the security association to the client end via the SSL VPN tunnel, so as to establish an IPSEC VPN tunnel.
1 Assignment
0 Petitions
Accused Products
Abstract
A security gateway, for use in a network system for linking at least a client end and a server end, includes a user interface, a SSL VPN driver, a connection interface and an IPSEC VPN driver. The security gateway supports IPSEC and SSL protocols. Before establishing an IPSEC VPN between a client end and a server end, the security gateway will perform ID authentication for the user of the client end with a widely-used SSL protocol, so as to establish a SSL VPN between a server end and a client end. When the ID of the client end is authorized, a configuration file comprising the SA is generated and then safely sent to the client end through the SSL VPN tunnel. After the client end receives and executes the configuration file having the SA, an IPSEC VPN tunnel between the server end and the client end is established.
99 Citations
20 Claims
-
1. A security gateway for use in a network system for linking at least a client end and a server end, comprising:
-
a user interface for generating a web image via a web browser stored in the client end of the network system, the web image providing a remote auto-set access mechanism for being manipulated by the client end;
an SSL VPN driver for establishing a SSL VPN tunnel between the server end and the client end over a network system as the remote auto-set access mechanism is activated, so that a certification data of the client end is capable of safely being transmitted to the SSL VPN driver through the SSL VPN tunnel;
a connection interface for transmitting the certification data from the SSL VPN driver; and
an IPSEC VPN driver for generating a security association (SA) based on the certification data transmitted from the connection interface, and for generating and sending information with the security association to the client end via the SSL VPN tunnel, so as to establish an IPSEC VPN tunnel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of SSL protocol protection for use in a security gateway, for use in a network system for linking at least client end and a server end, wherein the security gateway is at the server end, the method comprising:
-
generating a web image using a web browser of the client end through a user interface of the security gateway, the web image comprising a remote auto-set access mechanism;
activating the remote auto-set access mechanism of the web image showed by the web browser of the client end to drive a SSL VPN driver of the security gateway to establish a SSL VPN tunnel between the server end and the client end;
sending a certification data of the client end to the SSL VPN driver of the security gateway through the SSL VPN tunnel;
the SSL VPN driver sending the certification data to an IPSEC VPN driver of the security gateway;
the IPSEC VPN driver generating a security association (SA) based on the certification data, and then the SSL VPN generating information including the SA and sending the information to the client end via SSL VPN tunnel; and
establishing an IPSEC VPN tunnel between client end and the server end based on the SA set by the client end. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method of SSL protocol protection for use in a security gateway, for use in a network system for linking at least client end and a server end, wherein the security gateway is at the server end, the method comprising:
-
generating a web image using a web browser of the client end through a user interface of the security gateway, the web image comprising a remote auto-set access mechanism for receiving an ID authentication data inputted by means of the web browser of the client end;
activating the remote auto-set access mechanism of the web image showed by the web browser of the client end to drive the SSL VPN driver of the security gateway;
establishing a SSL VPN tunnel between the server end and the client end, so that the ID authentication data of the client end is sent to the SSL VPN driver of the security gateway through the SSL VPN tunnel;
the SSL VPN driver determining if the received ID authentication data is authorized to establish an IPSEC VPN tunnel between the client end and the server end;
if the ID authentication data is authorized, requesting the client end to send a certification data to the IPSEC VPN driver of the security gateway via the SSL VPN tunnel, for establishing the IPSEC VPN tunnel;
the IPSEC VPN driver generating a security association (SA) based on the certification data, and sending the SA back to the client end via SSL VPN tunnel; and
the client end setting the SA and establishing an IPSEC VPN tunnel between client end and the server end.
-
Specification