Secure Network Communication System and Method

US 20090106830A1
Filed: 02/20/2006
Published: 04/23/2009
Est. Priority Date: 06/03/2005
Status: Abandoned Application

First Claim

Patent Images

1. A data transmission system for secure data exchange using transmission control protocol between a client and a server, the system comprising an agent and a broker connected to exchange data over an unsecured network link, in which:

upon receipt of a TCP control packet from the client over a secure network, the broker is operative to forward a modified TCP control packet to the agent using a secure protocol;

the agent is operative to inspect a modified control packet received from the broker and to forward it to the server;

upon receipt of a TCP response packet from the server, the agent is operative to forward the response packet to the broker using a secure protocol; and

upon receipt of a TCP response packet from the agent, the broker is operative to modify the response packet and to forward it to the client;

wherein in the case that an exchange of TCP control packets indicates establishment of a TCP session, the broker and the agent are operative to establish a data channel between themselves to create a transparent TCP channel between the client and the server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure network communication system and method for secure data exchange using transmission control protocol are disclosed. The system provides for data exchange using between a client and a server, by way of an agent and a broker interconnected to exchange data over an unsecured network link. Upon receipt of a control packet from the client, the broker forwards a modified control packet to the agent using a secure protocol. The agent then inspects the modified control packet and forwards it to the server. Upon receipt of a response packet from the server, the agent forwards the response packet to the broker using a secure protocol and upon receipt of the response packet, the agent modifies the response packet and forwards it to the client. In the case that the exchange of control packets indicates establishment of a TCP session, the agent and the broker establish a data channel between themselves to create a transparent TCP channel between the client and the server.

85 Citations

View as Search Results

30 Claims

1. A data transmission system for secure data exchange using transmission control protocol between a client and a server, the system comprising an agent and a broker connected to exchange data over an unsecured network link, in which:
- upon receipt of a TCP control packet from the client over a secure network, the broker is operative to forward a modified TCP control packet to the agent using a secure protocol;
  
  the agent is operative to inspect a modified control packet received from the broker and to forward it to the server;
  
  upon receipt of a TCP response packet from the server, the agent is operative to forward the response packet to the broker using a secure protocol; and
  
  upon receipt of a TCP response packet from the agent, the broker is operative to modify the response packet and to forward it to the client;
  
  wherein in the case that an exchange of TCP control packets indicates establishment of a TCP session, the broker and the agent are operative to establish a data channel between themselves to create a transparent TCP channel between the client and the server.
- View Dependent Claims (2, 3, 4, 6, 7, 8, 10, 11, 12, 13, 15)
- - 2. A data transmission system according to claim 1 in which the client is connected to the broker for exchange of data over a secured network.
  - 3. A data transmission system according to claim 2 in which the secured network is connected to the unsecured network by one or more of a firewall, a proxy or a network address translation (NAT) device.
  - 4. A data transmission system according to claim 1 in which the secure protocol is a transport layer security (TLS) protocol having a connection made over the TCP port 443.
  - 6. A data transmission system according to claim 4 in which the TLS connection is made over a local proxy.
  - 7. A data transmission system according to claim 6 in which the local proxy uses the HTTP CONNECT protocol.
  - 8. A data transmission system according to claim 1 in which the control packet is a TCP SYN packet or a TCP ACK packet and the response packet is a TCP SYN ACK or a TCP RST ACK packet.
  - 10. A data transmission system according to claim 1 in which the control packet and the response packet are Internet control message protocol packets.
  - 11. A data transmission system according to claim 1 in which the broker is operative to apply rules to determine whether or not a TCP control packet is forwarded to the agent.
  - 12. A data transmission system according to claim 11 in which the rules specify whether a TCP control packet should be forwarded based upon one or more of the originator of the packet, the target address of the packet, and the target port number of the packet.
  - 13. A data transmission system according to claim 1 operative to service multiple virtual networks through a client access network that is responsible for managing client access.
  - 15. A data transmission system according to claim 13 in which the client access network uses one or both of standard AAA (Authorisation, Authentication and Accounting) and VPN services.

5. (canceled)

9. (canceled)

14. (canceled)

16. A data transmission method for secure data exchange using transmission control protocol between a client and a server, using a broker and an agent connected to exchange data over an unsecured network link, in which:
- upon receipt of a TCP control packet from the client, the broker forwards a modified control packet to the agent using a secure protocol;
  
  the agent inspects the modified TCP control packet and forwards it to the server;
  
  upon receipt of a TCP response packet from the server, the agent forwards the TCP response packet to the broker using a secure protocol; and
  
  upon receipt of the TCP response packet, the broker modifies the TCP response packet and forwards it to the client;
  
  wherein in the case that the exchange of TCP control packets indicates establishment of a TCP session, the agent and the broker establish a data channel between themselves to create a transparent TCP channel between the client and the server.
- View Dependent Claims (17, 18, 19, 21, 22, 23, 25, 26, 27, 28, 29, 30)
- - 17. A data transmission method according to claim 16 in which the client is connected to the broker for exchange of data over a secured network.
  - 18. A data transmission method according to claim 17 in which the secured network is connected to the unsecured network by one or more of a firewall, a proxy or a network address translation (NAT) device.
  - 19. A data transmission method according to claim 16 in which the secure protocol is a transport layer security (TLS) protocol having a connection made over the TCP port 443.
  - 21. A data transmission method according to claim 19 in which the TLS connection is made over a local proxy.
  - 22. A data transmission method according to claim 21 in which the local proxy uses the HTTP CONNECT protocol.
  - 23. A data transmission method according to claim 16 in which the TCP control packet is a TCP SYN packet or a TCP ACK packet and the TCP response packet is a TCP SYN ACK or a TCP RST ACK packet.
  - 25. A data transmission method according to claim 16 in which the TCP control packet and the response packet are Internet control message protocol packets.
  - 26. A data transmission method according to claim 16 in which the broker applies rules to determine whether or not the TCP control packet is forwarded to the agent.
  - 27. A data transmission method according to claim 26 in which the rules specify whether a the TCP control packet should be forwarded based upon one or more of the originator of the packet, the target address of the packet, and the target port number of the packet.
  - 28. A data transmission method according to claim 16 operative to service multiple virtual networks through a client access network.
  - 29. A data transmission method according to claim 28 in which the client access network is responsible for managing client access.
  - 30. A data transmission method according to claim 29 in which the client access network uses one or both of standard AAA (Authorisation, Authentication and Accounting) and VPN (virtual private networking) services.

20. (canceled)

24. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Asavie R&D Limited
Original Assignee
Asavie R&D Limited
Inventors
Maher, Thomas

Application Number

US11/920,903
Publication Number

US 20090106830A1
Time in Patent Office

Days
Field of Search
US Class Current

726/12
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/166   at the transport layer

H04L 67/01   Protocols

Secure Network Communication System and Method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

85 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Network Communication System and Method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links