SECURITY GATEWAY UTILIZING SSL PROTOCOL PROTECTION AND RELATED METHOD

US 20060005008A1
Filed: 11/11/2004
Published: 01/05/2006
Est. Priority Date: 07/02/2004
Status: Abandoned Application

First Claim

Patent Images

1. A security gateway for use in a network system for linking at least a client end and a server end, comprising:

a user interface for generating a web image via a web browser stored in the client end of the network system, the web image providing a remote auto-set access mechanism for being manipulated by the client end;

an SSL VPN driver for establishing a SSL VPN tunnel between the server end and the client end over a network system as the remote auto-set access mechanism is activated, so that a certification data of the client end is capable of safely being transmitted to the SSL VPN driver through the SSL VPN tunnel;

a connection interface for transmitting the certification data from the SSL VPN driver; and

an IPSEC VPN driver for generating a security association (SA) based on the certification data transmitted from the connection interface, and for generating and sending information with the security association to the client end via the SSL VPN tunnel, so as to establish an IPSEC VPN tunnel.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security gateway, for use in a network system for linking at least a client end and a server end, includes a user interface, a SSL VPN driver, a connection interface and an IPSEC VPN driver. The security gateway supports IPSEC and SSL protocols. Before establishing an IPSEC VPN between a client end and a server end, the security gateway will perform ID authentication for the user of the client end with a widely-used SSL protocol, so as to establish a SSL VPN between a server end and a client end. When the ID of the client end is authorized, a configuration file comprising the SA is generated and then safely sent to the client end through the SSL VPN tunnel. After the client end receives and executes the configuration file having the SA, an IPSEC VPN tunnel between the server end and the client end is established.

99 Citations

View as Search Results

20 Claims

1. A security gateway for use in a network system for linking at least a client end and a server end, comprising:
- a user interface for generating a web image via a web browser stored in the client end of the network system, the web image providing a remote auto-set access mechanism for being manipulated by the client end;
  
  an SSL VPN driver for establishing a SSL VPN tunnel between the server end and the client end over a network system as the remote auto-set access mechanism is activated, so that a certification data of the client end is capable of safely being transmitted to the SSL VPN driver through the SSL VPN tunnel;
  
  a connection interface for transmitting the certification data from the SSL VPN driver; and
  
  an IPSEC VPN driver for generating a security association (SA) based on the certification data transmitted from the connection interface, and for generating and sending information with the security association to the client end via the SSL VPN tunnel, so as to establish an IPSEC VPN tunnel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The security gateway of claim 1, wherein the client end further comprises an IPSEC VPN gateway or an IPSEC VPN appliance program corresponding to the IPSEC VPN driver of the security gateway disposed at the server end.
  - 3. The security gateway of claim 2, wherein the web browser of the client end supports the SSL protocol so as to correspond to the SSL VPN driver of the security gateway.
  - 4. The security gateway of claim 3, wherein the remote auto-set access mechanism requests the client end to input an ID authentication data by means of the web browser when activated, and sends the ID authentication data to the SSL VPN driver of the security gateway, wherein the ID authentication data comprises a password.
  - 5. The security gateway of claim 4, wherein ID authentication data of the client end is sent by means of the SSL VPN to the SSL VPN driver of the security gateway.
  - 6. The security gateway of claim 5, wherein the SSL VPN driver determines if the received ID authentication data is authorized so as to allow establishing an IPSEC VPN tunnel between the client end and the server end.
  - 7. The security gateway of claim 6, wherein if the ID authentication data is authorized, the SSL VPN driver requests the client end to send the certification data to the SSL VPN driver via the SSL VPN tunnel.
  - 8. The security gateway of claim 7, wherein the certification data comprises the Internet Protocol (IP) address of the client end, gold key or credential.
  - 9. The security gateway of claim 1, wherein the IPSEC VPN driver is a VPN driving firmware supporting IPSEC protocol for protecting data transmission over the IP layer.

10. A method of SSL protocol protection for use in a security gateway, for use in a network system for linking at least client end and a server end, wherein the security gateway is at the server end, the method comprising:
- generating a web image using a web browser of the client end through a user interface of the security gateway, the web image comprising a remote auto-set access mechanism;
  
  activating the remote auto-set access mechanism of the web image showed by the web browser of the client end to drive a SSL VPN driver of the security gateway to establish a SSL VPN tunnel between the server end and the client end;
  
  sending a certification data of the client end to the SSL VPN driver of the security gateway through the SSL VPN tunnel;
  
  the SSL VPN driver sending the certification data to an IPSEC VPN driver of the security gateway;
  
  the IPSEC VPN driver generating a security association (SA) based on the certification data, and then the SSL VPN generating information including the SA and sending the information to the client end via SSL VPN tunnel; and
  
  establishing an IPSEC VPN tunnel between client end and the server end based on the SA set by the client end.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The method of claim 10, wherein the client end further comprises an IPSEC VPN gateway or an IPSEC VPN appliance program corresponding to the IPSEC VPN driver of the security gateway disposed at the server end.
  - 12. The method of claim 11, wherein the web browser of the client end supports the SSL protocol so as to correspond to the SSL VPN driver of the security gateway.
  - 13. The method of claim 12 further comprising:
    - the remote auto-set access mechanism requesting the client end to input an ID authentication data by means of the web browser when activated, and sending the ID authentication data to the SSL VPN driver of the security gateway, wherein the ID authentication data comprises a password.
  - 14. The method of claim 13, wherein ID authentication data of the client end is sent by means of the SSL VPN tunnel to the SSL VPN driver of the security gateway.
  - 15. The method of claim 14, wherein the SSL VPN driver determines if the received ID authentication data is authorized so as to allow establishing an IPSEC VPN tunnel between the client end and the server end.
  - 16. The method of claim 15, wherein if the ID authentication data is authorized, the SSL VPN driver requests the client end to send the certification data to the SSL VPN driver via the SSL VPN tunnel.
  - 17. The method of claim 16, wherein the certification data comprises the Internet Protocol (IP) address of the client end, gold key or credential.
  - 18. The method of claim 10, wherein the SSL VPN driver is a VPN driving firmware supporting the SSL protocol for protecting data-transmission over the application layer.
  - 19. The method of claim 18, wherein the certification data from the SSL VPN driver is sent to the IPSEC VPN driver of the security gateway via a connection interface for protecting data transmission over the IP layer.

20. A method of SSL protocol protection for use in a security gateway, for use in a network system for linking at least client end and a server end, wherein the security gateway is at the server end, the method comprising:
- generating a web image using a web browser of the client end through a user interface of the security gateway, the web image comprising a remote auto-set access mechanism for receiving an ID authentication data inputted by means of the web browser of the client end;
  
  activating the remote auto-set access mechanism of the web image showed by the web browser of the client end to drive the SSL VPN driver of the security gateway;
  
  establishing a SSL VPN tunnel between the server end and the client end, so that the ID authentication data of the client end is sent to the SSL VPN driver of the security gateway through the SSL VPN tunnel;
  
  the SSL VPN driver determining if the received ID authentication data is authorized to establish an IPSEC VPN tunnel between the client end and the server end;
  
  if the ID authentication data is authorized, requesting the client end to send a certification data to the IPSEC VPN driver of the security gateway via the SSL VPN tunnel, for establishing the IPSEC VPN tunnel;
  
  the IPSEC VPN driver generating a security association (SA) based on the certification data, and sending the SA back to the client end via SSL VPN tunnel; and
  
  the client end setting the SA and establishing an IPSEC VPN tunnel between client end and the server end.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IEI Integration Corp.
Original Assignee
IEI Integration Corp.
Inventors
Kao, Wen-Hung

Application Number

US10/904,470
Publication Number

US 20060005008A1
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04L 63/18   using different networks or...

SECURITY GATEWAY UTILIZING SSL PROTOCOL PROTECTION AND RELATED METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

99 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY GATEWAY UTILIZING SSL PROTOCOL PROTECTION AND RELATED METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

99 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links