Secure network gateway

US 20060053290A1
Filed: 06/15/2005
Published: 03/09/2006
Est. Priority Date: 05/25/2000
Status: Active Grant

First Claim

Patent Images

1. A method for facilitating secure communication between a first node on a first network and a second node on a second network, the method comprising the steps of:

(a) authorizing the first node to access a service provided by the second node;

(b) transmitting from the first node a message indicating that the first node desires to access the service;

(c) confirming the identity of the first node;

(d) confirming the identity of the second node;

(e) establishing an encrypted peer to peer connection between the first node and the second node following the successful confirmation of the identity of the first node and the identity of the second node;

(f) transmitting a request for a service from the first node to the second node; and

(g) controlling the encrypted peer to peer connection to provide access to authorized services and prevent access to unauthorized services.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure gateway is disclosed which facilitates communication between a first network and a second network through an intermediate network. The secure gateway, when operated in conjunction with at least one other secure gateway, supports secure peer to peer connectivity with integral security features such as mutual authentication, authorization specific access, and end to end auditing. An authorized service can be served securely through this gateway, across the open network, to a known requester, without fear of compromising the security or privacy of the server'"'"'s or requesters networks.

Citations

57 Claims

1. A method for facilitating secure communication between a first node on a first network and a second node on a second network, the method comprising the steps of:
- (a) authorizing the first node to access a service provided by the second node;
  
  (b) transmitting from the first node a message indicating that the first node desires to access the service;
  
  (c) confirming the identity of the first node;
  
  (d) confirming the identity of the second node;
  
  (e) establishing an encrypted peer to peer connection between the first node and the second node following the successful confirmation of the identity of the first node and the identity of the second node;
  
  (f) transmitting a request for a service from the first node to the second node; and
  
  (g) controlling the encrypted peer to peer connection to provide access to authorized services and prevent access to unauthorized services.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, further comprising the step of:
    - (h) logging the activities of the first node and the second node.
  - 3. The method of claim 2 wherein the logging step occurs at the second node.
  - 4. The method of claim 2 wherein the logging step occurs at a third node, wherein the third node is not located on the first network or the second network.
  - 5. The method of claim 1 wherein the steps of confirming the identity of the first node and confirming the identity of the second node are performed at a third node, wherein the third node is not located on the first network or on the second network.
  - 6. The method of claim 1 wherein the controlling step is performed on the second network.
  - 7. The method of claim 1 wherein the controlling step is performed by a third node, wherein the third node is not located on the first network or on the second network.
  - 8. The method of claim 1 wherein the controlling step is performed on the second network and by a third node, wherein the third node is not located on the first network or on the second network.
  - 9. The method of claim 1 wherein the step of confirming the identity of the first node comprises the step of confirming the identity of a user at the first node.
  - 10. The method of claim 1 wherein the step of confirming the identity of the first node comprises the step of confirming the identity of a device at the first node.
  - 11. The method of claim 1 wherein the step of confirming the identity of the second node comprises the step of confirming the identity of a user at the second node.
  - 12. The method of claim 1 wherein the step of confirming the identity of the second node comprises the step of confirming the identity of a device at the second node.
  - 13. The method of claim 1 wherein the step of transmitting a request for a service from the first node to the second node comprises the steps of:
    - (h) receiving at the first node a location for the transmission of the request for a service; and
      
      (i) transmitting the request for a service to the received location.
  - 14. The method of claim 13 wherein the location is transmitted from the first node.
  - 15. The method of claim 13 wherein the location is transmitted from a third node, wherein the third node is not located on the first or second networks.
  - 16. The method of claim 1 further comprising the step of:
    - (h) terminating the encrypted peer to peer connection between the first node and the second node following the conclusion of the access to the authorized service.
  - 17. The method of claim 1 wherein the first node and the second node exchange information sufficient to allow a subsequent confirmation of the identities of the first node and the second node.
  - 18. The method of claim 1 further comprising the step of:
    - (h) maintaining a directory of available services provided by the second node at a third node, wherein the third node is not located on the first or second networks.
  - 19. The method of claim 1 further comprising the step of determining a level of risk associated with the request for a service.
  - 20. The method of claim 19 further comprising the step of:
    - (i) responding to a request for service with a specific service based upon the determined level of risk.
  - 21. The method of claim 1, further comprising the step of:
    - (h) logging the activities of the first node and the second node;
      
      (i) receiving at the first node a location for the transmission of the request for a service;
      
      (j) transmitting the request for a service to the received location; and
      
      (k) terminating the encrypted peer to peer connection between the first node and the second node following the conclusion of the access to the authorized service.

22. A system for facilitating secure communication between a first node on a first network and a second node on a second network that is not the first network, through a plurality of secure gateways, the system comprising:
- a provider gateway on the second network configured to (a) control access to the second node and (b) facilitate communications from the second node;
  
  a requester gateway on the first network configured to (a) control access to the first node (b) facilitate communications from the first node, (c) transmit a message requesting access to an authorized service;
  
  a first processor that confirms the identity of the first node;
  
  a second processor that confirms the identity of the second node, a third processor that prevents the first node from accessing an unauthorized service at the second node, wherein an encrypted peer to peer connection between the requester gateway and the provider gateway is established upon the confirmation of the identity of the first node and the confirmation of the identity of the second node in response to a request for the service from the first network, and wherein the third processor prevents the first node from accessing an unauthorized service at the second node by controlling the encrypted peer to peer connection.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
- - 23. The system of claim 22 further comprising a memory that stores a log of activities of the first node and the second node.
  - 24. The system of claim 23 wherein the memory is located on the second network.
  - 25. The system of claim 23 wherein the memory is located at a third node, wherein the third node is not located on the first network or the second network.
  - 26. The system of claim 22 wherein the first processor is located at a third node, wherein the third node is not located on the first network or the second network.
  - 27. The system of claim 22 wherein the second processor is located at a third node, wherein the third node is not located on the first network or the second network.
  - 28. The system of claim 22 wherein the first processor and the second processor are located at a third node, wherein the third node is not located on the first network or the second network.
  - 29. The system of claim 22 wherein the third processor is located on the second network.
  - 30. The system of claim 22 wherein the third processor is located on a third node, wherein the third node is not located on the first network or the second network.
  - 31. The system of claim 22 wherein the third processor is located on the second network and wherein the system also has a fourth processor located on a third node, wherein the fourth processor shares control over the encrypted peer to peer connection with the third processor, and wherein the third node is not located on the first network or the second network.
  - 32. The system of claim 22 wherein the first processor confirms the identity of a user at the first node.
  - 33. The system of claim 22 wherein the first processor confirms the identity of a device at the first node.
  - 34. The system of claim 22 wherein the second processor confirms the identity of a user at the second node.
  - 35. The system of claim 22 wherein the second processor confirms the identity of a device at the second node.
  - 36. The system of claim 22 wherein the request for a service is outputted to a location based upon a location message that is received in response to the message requesting access to the authorized service.
  - 37. The system of claim 36 wherein the location message is transmitted from the first node.
  - 38. The system of claim 36 wherein the location message is transmitted from a third node, wherein the third node is not located on the first network or the second network.
  - 39. The system of claim 22 wherein the encrypted peer to peer connection between the first node and the second node is terminated following a provision of the requested service to the first node.
  - 40. The system of claim 22 further comprising a memory at a third node for storing a directory of available services provided by the second node, wherein the third node is not located on the first network or the second network.
  - 41. The system of claim 22 further comprising a risk processor that determines a level of risk associated with the request for a service.
  - 42. The system of claim 41 wherein the second node responds to the request for a service with a specific service based upon the determined level of risk.
  - 43. The system of claim 22 wherein the first node or the second node is implemented in software.
  - 44. The system of claim 43 wherein the first node or the second node is implemented as a plug-in to a browser.
  - 45. The system of claim 22 wherein the first node or the second node is implemented in a circuit board card for a personal computer.
  - 46. The system of claim 22 wherein the first node or the second node is implemented in a circuit board card for a server.
  - 47. The system of claim 22 wherein the first node or the second node is implemented in a single chip.
  - 48. The system of claim 22 wherein the first node or the second node is implemented as stand-alone hardware.
  - 49. The system of claim 22 wherein the first node or the second node is further comprised of an out of band output to support an out of band communication.
  - 50. The system of claim 31 wherein the out of band output is one of a USB output Firewire output, Ethernet output, Gigabit Ethernet output, or a wireless output.

51. A secure requester gateway on a first network for facilitating secure communication from a first node on the first network to a second node on a second network that is not the first network, the secure requester gateway comprising:
- a transceiver for supporting secure communications with an authorized service at the second node, wherein the transceiver supports secure communications through an encrypted peer to peer connection that is established after the confirmation of the identity of the first node and the confirmation of the identity of the second node, wherein the encrypted peer to peer connection is controlled to provide access to authorized services and prevent access to unauthorized services.
- View Dependent Claims (52)
- - 52. The secure requester gateway of claim 51 wherein a memory stores a log of activities occurring on the encrypted peer to peer connection.

53. A computer readable medium, upon which program for facilitating secure communication with a server that serves an authorized service is stored, the program comprising of the steps of:
- (a) transmitting a message indicating that access to the service is desired;
  
  (b) participating in a mutual authentication process;
  
  (c) transmitting a request for the service; and
  
  (d) interacting with the service through an encrypted peer to peer connection that is established after the mutual authentication process is successfully concluded, wherein the encrypted peer to peer connection is controlled to allow access to authorized services and prevent access to unauthorized services.

54. A system comprising a first network that serves an authorized service to a second network through gateways that are connected by an encrypted peer to peer connection, wherein the connection is established after confirming the identities of the first and second nodes, and the connection is controlled to allow access to authorized services and prevent access to unauthorized services.

55. A secure provider gateway on a first network for facilitating the secure communication from a first node on the first network to a second node on a second network that is not the first network, the secure provider gateway comprising:
- a transceiver for supporting the secure communication of an authorized service to the second node through an encrypted peer to peer connection that is established after the confirmation of the identity of the first node and the confirmation of the identity of the second node, wherein the encrypted peer to peer connection is controlled to allow access to authorized services and prevent access to unauthorized services.
- View Dependent Claims (56)
- - 56. The secure provider gateway of claim 55 wherein a memory stores a log of activities occurring on the encrypted peer to peer connection.

57. A computer readable medium, wherein the computer readable medium contains a program for facilitating the secure provision of an authorized service to a requester, the program comprising of the steps of:
- (a) providing the authorized service to the requester through an encrypted peer to peer connection that is established after a mutual authentication process has been successfully concluded, wherein the encrypted peer to peer connection is controlled to allow access to authorized services and prevent access to unauthorized services.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Randall E. Orkis, William M. Randle
Original Assignee
Randall E. Orkis, William M. Randle
Inventors
Orkis, Randall E., Randle, William M.

Granted Patent

US 7,769,996 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

G06Q 20/027   involving a payment switch ...

G06Q 20/04   Payment circuits

G06Q 20/388   using mutual authentication...

G06Q 30/04   Billing or invoicing

G06Q 40/02   Banking, e.g. interest calc...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 9/3268   using certificate validatio...

H04L 9/3273   for mutual authentication n...

Secure network gateway

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

57 Claims

Specification

Solutions

Use Cases

Quick Links

Secure network gateway

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

57 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links