System and method for projecting content beyond firewalls

US 20070136480A1
Filed: 02/02/2007
Published: 06/14/2007
Est. Priority Date: 04/11/2000
Status: Active Grant

First Claim

Patent Images

1. A system for establishing communications across a firewall comprising:

a communications network;

a first server within said communications network;

a first computer separated from said communications network by a first firewall, said first computer sending information to said first server; and

, a second computer separated from said communications network by a second firewall, said second computer receiving information from said first server related to the information sent from said first computer, wherein said first computer transmits a hypertext transfer protocol (HTTP) message to said first server, said HTTP message comprising an encrypted identifier of said second computer and encrypted content, wherein the identifier is encrypted with a first encryption key associated with the first server and the content is encrypted with a second different encryption key associated with the second computer, wherein said first server decrypts said encrypted identifier to an unencrypted identification of said second computer and forwards said encrypted content to said second computer using said unencrypted identification, wherein said HTTP message is transmitted through a firewall port that is normally open to HTTP packets.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for exchanging information between clients separated by firewalls is disclosed. A server may receive the information as posted through a browser client from beyond a first firewall and relay it to another client beyond a second firewall without lowering the security levels of the firewalls.

Citations

40 Claims

1. A system for establishing communications across a firewall comprising:
- a communications network;
  
  a first server within said communications network;
  
  a first computer separated from said communications network by a first firewall, said first computer sending information to said first server; and
  
  , a second computer separated from said communications network by a second firewall, said second computer receiving information from said first server related to the information sent from said first computer, wherein said first computer transmits a hypertext transfer protocol (HTTP) message to said first server, said HTTP message comprising an encrypted identifier of said second computer and encrypted content, wherein the identifier is encrypted with a first encryption key associated with the first server and the content is encrypted with a second different encryption key associated with the second computer, wherein said first server decrypts said encrypted identifier to an unencrypted identification of said second computer and forwards said encrypted content to said second computer using said unencrypted identification, wherein said HTTP message is transmitted through a firewall port that is normally open to HTTP packets.
- View Dependent Claims (2, 3, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system according to claim 1, wherein said first computer transmits said message to said first server with encrypted message content and said first server transmits said encrypted message content to said second computer without decrypting said message in said first server.
  - 3. The system according to claim 1, wherein said first computer further includes a first client and said second computer includes a second client and wherein each of said first client and said second client use an open firewall port that is normally open to HTTP packets to access said communications network.
  - 5. The system according to claim 1, further comprising a second server that operates in the event of an error with said first server.
  - 6. The system according to claim 1, wherein the information received at said second computer has the same content as the information sent from said first computer.
  - 7. The system according to claim 1, wherein the information received at said second computer has different but related content as the information sent from said first computer.
  - 8. The system according to claim 1, further comprising a second server, said second server being connected to said network, wherein said second server replaces said first server when an error occurs between said first server and at least one of said first computer and said second computer.
  - 9. The system according to claim 1, further comprising a second server, said second server being connected to said network, wherein said second server replaces said first server when an error occurs with said first server.
  - 10. The system according to claim 1, further comprising:
    - at least a third computer, wherein at least said third computer receives information from said first server related to the information sent from said first computer, wherein at least said third computer is separated from said communication network by at least one of said first or at least a second firewall.
  - 11. The system according to claim 1, wherein a communication pathway between said first server and at least one of said first computer and said second computer is kept open by repeated transmissions from said first server.
  - 12. The system according to claim 1, wherein a communication pathway between said first server and at least one of said first computer and said second computer is kept open by repeated transmissions from at least one of said first computer and said second computer.
  - 13. The system according to claim 1, wherein said first computer transmits said message to said first server with a header, the header including at least one of an encrypted header, an encrypted identification, an encrypted IP address, an encrypted username of said second computer, an encrypted size, an encrypted CRC, an encrypted header length, an encrypted message length, an encrypted asset identifier, an encrypted name of at least one client, and an encrypted application ID, an encrypted time and date stamp, an encrypted location ID, an encrypted message types, an encrypted attachment identifier, an encrypted packet number, and an encrypted pre-compressed data size for an associated message.

4. The system according to claim 4, wherein said open port is at least one of port 80 and port 8080.

14. A method for transmitting information across a network comprising the steps of:
- receiving at a server an encrypted identifier of a second computer from a first computer, the identifier encrypted with a first encryption key associated with the server;
  
  receiving at the server an encrypted message from said first computer, the message encrypted with a second encryption key associated with the second computer;
  
  decrypting said encrypted identifier into an unencrypted identification of said second computer; and
  
  , transmitting said encrypted message to said second computer without decrypting said encrypted message, wherein at least one of said receiving steps and said transmitting step includes receiving or transmitting through a firewall port that is normally open by default to Internet traffic.
- View Dependent Claims (15)
- - 15. The method according to claim 14, wherein said encrypted message is also compressed.

16. A computer-readable medium storing a program for transmitting information across a network, said program comprising the steps of:
- receiving at a server an encrypted identifier of a second computer from a first computer, the identifier encrypted with a first encryption key associated with the server;
  
  receiving at the server an encrypted message from said first computer, the message encrypted with a second encryption key associated with the second computer;
  
  decrypting said encrypted identifier into an unencrypted identification of said second computer; and
  
  transmitting said encrypted message to said second computer without decrypting said encrypted message, wherein at least one of said receiving steps and said transmitting step includes receiving or transmitting through a firewall port that is normally open by default to Internet traffic.
- View Dependent Claims (17)
- - 17. The computer readable medium according to claim 16, wherein said encrypted message is also compressed.

18. A method for transmitting information across a network comprising the steps of:
- encrypting an identifier of a second computer at a first computer with a first encryption key associated with a server;
  
  encrypting a message such that said message can only be decrypted by said second computer; and
  
  transmitting to the server said encrypted identifier and said encrypted message, wherein said server later decrypts said encrypted identifier and transmits said encrypted message to said second computer, wherein at least one of said first computer and said second computer are separated from the server by a firewall and wherein said encrypted message is transmitted through a port on the firewall that is normally open by default to Internet traffic.

19. A computer readable medium storing a program for transmitting information across a network, said program comprising the steps of:
- encrypting an identifier of a second computer at a first computer with a first encryption key associated with a server;
  
  encrypting a message such that said message can only be decrypted by said second computer; and
  
  transmitting to the server said encrypted identifier and said encrypted message, wherein said server later decrypts said encrypted identifier and transmits said encrypted message to said second computer, wherein at least one of said first computer and said second computer are separated from said server by a firewall and wherein said encrypted message is transmitted through a port on the firewall that is normally open by default to Internet traffic.

20. A system for transmitting information between a first computer and a second computer comprising:
- a first application; and
  
  a first computer hosting a first client, said first client receiving data from said first application, said first computer transmitting said data to a server, said server forwarding said data to a second client residing on said second computer, said second client forwarding said data to at least a second application, wherein at least one of said first computer and said second computer are separated from said server by a firewall, wherein said first computer transmits a message to said server with an encrypted identifier of said second computer, said message being encrypted for decryption at said second client and the identifier being encrypted for decryption at said server, and wherein said server decrypts said encrypted identifier to an unencrypted identification of said second computer and forwards said encrypted message to said second computer using said unencrypted identification, and wherein at least one of said encrypted message transmitted from said first computer and said encrypted message forwarded to said second computer are transmitted through a firewall port that is normally open by default to Internet traffic.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 21. The system according to claim 20, wherein said first application is hosted by a third computer that communicates with said first computer.
  - 22. The system according to claim 20, wherein said first application is hosted by said first computer.
  - 23. The system according to claim 20, wherein said second application is hosted by a third computer that communicates with said second computer.
  - 24. The system according to claim 20, wherein said second application is hosted by said second computer.
  - 25. The system according to claim 20, wherein said first computer transmits said data as encrypted data and said server transmits said encrypted data to said second computer.
  - 26. The system according to claim 20, wherein said first computer and said second computer each use an open port to access to said communications network.
  - 27. The system according to claim 26, wherein said open port is at least one of port 80 and port 8080.
  - 28. The system according to claim 20, wherein said first client communicates with said first application by an application programming interface.
  - 29. The system according to claim 20, wherein said first client communicates with said first application by a proxy.
  - 30. The system according to claim 20, wherein said first client communicates with said first application by sockets.

31. A computer-readable medium storing a program for transmitting information across a network between a first computer and a second computer, said network including a server that has received and decrypted an encrypted identification of said second computer, said server having transmitted an encrypted message to said second computer using said decrypted identification, said encrypted message having been encrypted at said first computer for decrypting at said second computer, said program comprising the steps of:
- receiving at said second computer from said server said encrypted message and a header with encrypted information;
  
  decrypting said encrypted information with a first encryption key associated with the server; and
  
  decrypting said encrypted message with a second different encryption key associated with the first computer, wherein at least one of said first computer and said second computer are separated from said server by a firewall and said encrypted message is transmitted through a firewall port that is normally open by default to Internet traffic.
- View Dependent Claims (32)
- - 32. The computer readable medium according to claim 31, wherein said header includes at least one of an encrypted identification, an encrypted IP address, an encrypted username of said second computer, an encrypted size, an encrypted CRC, an encrypted header length, an encrypted message length, an encrypted asset identifier, an encrypted name of at least one client, and an encrypted application ID, an encrypted time and date stamp, an encrypted location ID, an encrypted message types, an encrypted attachment identifier, an encrypted packet number, and an encrypted pre-compressed data size for an associated message.

33. A method of transferring data between a first computer and a second computer coupled over a network, comprising the steps of:
- (1) receiving a first hypertext transfer protocol (HTTP) message containing information intended for delivery to the second computer, wherein the first message is received through a first firewall associated with the first computer through a port that is normally open by default to Internet traffic;
  
  (2) receiving a second hypertext transfer protocol (HTTP) message from the second computer, wherein the second message causes a return path to be established to the second computer and is received through a second firewall associated with the second computer through a port that is normally open by default to Internet traffic; and
  
  (3) transmitting to the second computer via the return path contents of the first message received from the first computer.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
- - 34. The method of claim 33, wherein the first and second HTTP messages each comprise an HTTP POST message.
  - 35. The method of claim 33, wherein steps (1) through (3) are performed on an intermediate server computer that is separate from the first computer and the second computer and located between the first and second firewalls.
  - 36. The method of claim 35, wherein in step (1), the first message received from the first computer is encrypted by the first computer, and wherein in step (3), the third computer transmits encrypted message content received from the first computer to the second computer via the return path.
  - 37. The method of claim 36, wherein the intermediate server computer decrypts at least a portion of the first message using a first encryption key common between the first and third computers to create an unencrypted portion, and then re-encrypts the unencrypted portion using a second encryption key common between the second and third computers, wherein the first and second encryption keys are different.
  - 38. The method of claim 33, further comprising the steps of:
    - (4) receiving a third HTTP message containing information intended for delivery to the first computer, wherein the third message is received through the firewall associated with the second computer through the port that is normally open by default to Internet traffic; and
      
      (5) transmitting contents of the third message to the first computer over a return path previously established between the first computer and the third computer.
  - 39. The method of claim 33, further comprising the step of, when no message has been received from the first computer for delivery to the second computer, periodically transmitting to the second computer via the return path a message to avoid a time-out condition on the second computer.
  - 40. The method of claim 33, further comprising the step of authenticating that the first computer is authorized to communicate with the second computer prior to step (3).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Leidos, Inc. (Leidos Holdings, Inc.)
Original Assignee
Science Applications International Corporation
Inventors
Stephenson, Mark, Walters, Steven

Granted Patent

US 8,407,350 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/227
CPC Class Codes

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/083   using passwords cryptograph...

System and method for projecting content beyond firewalls

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for projecting content beyond firewalls

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links