Providing A Generic Gateway For Accessing Protected Resources
First Claim
1. A method for exposing to an external entity at least one resource of a plurality of resources of a private network, wherein the plurality of resources is protected by a physical or logical barrier, the method comprising:
- receiving a request to access the at least one protected resource of the private network from an external entity comprising a computing device residing on a network external to the private network, wherein the request is received by an external gateway appearing to the external entity to be the at least one protected resource;
forwarding the access request from the external gateway to an internal gateway, the internal gateway applying a resource-specific, user-specified security policy over a persistent communication channel between the internal gateway and the external gateway, wherein the internal gateway establishes the persistent communication channel via ports and protocols to which access is not prohibited by the physical or logical barrier;
in response to determining that the request is valid and is authorized, forwarding the request to the at least one protected resource and forwarding the response to the request to the external gateway over the persistent communication channel
1 Assignment
0 Petitions
Accused Products
Abstract
An internal gateway establishes persistent connections to an external gateway through permitted ports and protocols of a firewall. Software on the external gateway and the internal gateway collaborate in order to make available internal, firewall-protected resources to external clients securely and without having to modify network or firewall configurations. Any computing resource such as a web service, web application, or any other network addressable resource residing behind a firewall can be securely exposed in a generic fashion to clients on the external network. No special software is required by clients.
-
Citations
20 Claims
-
1. A method for exposing to an external entity at least one resource of a plurality of resources of a private network, wherein the plurality of resources is protected by a physical or logical barrier, the method comprising:
-
receiving a request to access the at least one protected resource of the private network from an external entity comprising a computing device residing on a network external to the private network, wherein the request is received by an external gateway appearing to the external entity to be the at least one protected resource; forwarding the access request from the external gateway to an internal gateway, the internal gateway applying a resource-specific, user-specified security policy over a persistent communication channel between the internal gateway and the external gateway, wherein the internal gateway establishes the persistent communication channel via ports and protocols to which access is not prohibited by the physical or logical barrier; in response to determining that the request is valid and is authorized, forwarding the request to the at least one protected resource and forwarding the response to the request to the external gateway over the persistent communication channel - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for exposing a protected resource of a private network to an external entity comprising:
an external gateway positioned external to a firewall between an entity of a protected network and an entity of an external network, wherein the external gateway presents an interface accessible to the entity of the external network, wherein the interface exposed to the entity of the external network is identical to an actual interface presented by a resource of the protected network, the actual interface not accessible to the entity of the external network, the exposed interface appearing to the external entity to be the actual interface, wherein an internal gateway establishes a persistent connection between the internal gateway and the external gateway. - View Dependent Claims (10, 11, 12, 13, 14)
-
15. A tangible computer-readable medium comprising computer-executable instructions for:
-
receiving a request to access a protected resource of a plurality of protected resources of a private network protected by a firewall from an external entity comprising a computing device residing on a network external to the private network, wherein the request is received by an external gateway appearing to the external entity to be the protected resource; forwarding the request from the external gateway to an internal gateway over a persistent communication channel established by the internal gateway to the external gateway. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification