SYSTEM AND METHOD FOR AUTOMATICALLY INITIATING AND DYNAMICALLY ESTABLISHING SECURE INTERNET CONNECTIONS BETWEEN A FIRE-WALLED SERVER AND A FIRE-WALLED CLIENT

US 20110066739A1
Filed: 07/21/2010
Published: 03/17/2011
Est. Priority Date: 04/12/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for automatically initiating and dynamically establishing secure connections over an untrusted network between a client and a server which does not accept explicit connection requests or packets from any client, using a third party computer trusted by both said server and said client, each of said client and said server being connected to said untrusted network via a firewall or network address translator (NAT) router, the method comprising the steps of:

automatically transmitting a connection request to said third party computer by said client upon one single action by a user of said client at power-on, upon connection to said untrusted network or upon any change in said client'"'"'s network parameter, said connection request comprising a request to be connected to said server; and

exchanging connection parameters over said untrusted network between said server and said client using said third party computer, said connection parameters comprising a unique connection identifier to establish a secure connection between said server and said client through a NAT router associated with said client, thereby providing said user of said client with one single action access to said server.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for automatically and dynamically initiating and establishing secure connections between a Server and a Client using a session control server (SCS). Both the Server and the Client are connected to an untrusted network (such as the Internet) through a Network Address Translator or Translation (NAT) router or a firewall. The SCS, independently trusted by both the Server and the Client, brokers the required connection parameters to establish a secure connection between the Server and the Client. The system and method does not require any user configuration on the Client and eliminates the need for the Server to accept explicit connection requests or packets from the Client, thereby allowing the Server firewall to always remain closed to all inbound traffic.

68 Citations

View as Search Results

31 Claims

1. A method for automatically initiating and dynamically establishing secure connections over an untrusted network between a client and a server which does not accept explicit connection requests or packets from any client, using a third party computer trusted by both said server and said client, each of said client and said server being connected to said untrusted network via a firewall or network address translator (NAT) router, the method comprising the steps of:
- automatically transmitting a connection request to said third party computer by said client upon one single action by a user of said client at power-on, upon connection to said untrusted network or upon any change in said client'"'"'s network parameter, said connection request comprising a request to be connected to said server; and
  
  exchanging connection parameters over said untrusted network between said server and said client using said third party computer, said connection parameters comprising a unique connection identifier to establish a secure connection between said server and said client through a NAT router associated with said client, thereby providing said user of said client with one single action access to said server.
- View Dependent Claims (2, 3, 4, 5, 6, 16, 17, 18)
- - 2. The method of claim 1, further comprising steps of:
    - receiving an unsolicited packet comprising said unique connection identifier from said client by a firewall associated with said server to dynamically establish a transient mapping between said client and said server; and
      
      transmitting a response packet to said client using said dynamically established transient mapping over said untrusted network by said server if it is determined that said unique connection identifier in said unsolicited packet matches a stored unique connection identifier.
  - 3. The method of claim 1, further comprising the steps of:
    - receiving by said server a destination inbound port of said client and a public address of said NAT router associated with said client from said third party computer; and
      
      transmitting by said server a destination port of said server and IP address of said firewall associated with said server and said unique connection identifier for said client to said third party computer.
  - 4. The method of claim 3, further comprising the steps of:
    - receiving by said client an instruction to send said unsolicited packet to said server using said destination port of said server and said IP address of said firewall associated with said server from said third party computer; and
      
      transmitting by said server said response packet to said client if it is determined that said unsolicited packet is received on said destination port of said server from said public address of said NAT router associated with said client.
  - 5. The method of claim 3, further comprising the step of initiating by said server said secure connection to said client using said destination inbound port of said client received from said third party computer.
  - 6. The method of claim 2, wherein the step of receiving comprises the step of receiving an unsolicited UDP or TCP packet comprising said unique connection identifier from said client by said firewall associated with said server.
  - 16. The system of claim 14, wherein said server is operable to receive method of claim 1, further comprising the steps of:
    - receiving by said server a destination inbound port of said client and a public address of said NAT router associated with said client from said third party computer; and
      
      transmitting by said server a destination port of said server and IP address of said firewall associated with said server and said unique connection identifier for said client to said third party computer.
  - 17. The system of claim 16, wherein said client is operable to receive an instruction to send said unsolicited packet to said server using said destination port of said server and said IP address of said firewall associated with said server from said third party computer;
    - and wherein said server is operable to transmit said response packet to said client if it is determined that said unsolicited packet is received on said destination port of said server from said public address of said NAT router associated with said client.
  - 18. The system of claim 16, wherein said server is operable to initiate said secure connection to said client using said destination inbound port of said client received from said third party computer.

7. A method for automatically initiating and dynamically establishing secure connections over an untrusted network between a client and a server which does not accept explicit connection requests or packets from any client, using a third party computer trusted by both said server and said client, each of said client and said server being connected to said untrusted network via a firewall or network address translator (NAT), the method comprising the steps of:
- exchanging connection parameters over said untrusted network between said server and said client using said third party computer, said connection parameters comprising a unique connection identifier;
  
  receiving an unsolicited packet comprising said unique connection identifier from said client by a firewall associated with said server to dynamically establish a transient mapping between said client and said server; and
  
  transmitting a response packet to said client using said dynamically established transient mapping over said untrusted network by said server if it is determined that said unique connection identifier in said unsolicited packet matches a stored unique connection identifier, thereby establishing a secure connection between said server and said client through a NAT router associated with said client.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, further comprising the steps of:
    - receiving by said server a destination inbound port of said client and a public address of said NAT router associated with said client from said third party computer; and
      
      transmitting by said server a destination port of said server and IP address of said firewall associated with said server and said unique connection identifier for said client to said third party computer.
  - 9. The method of claim 8, further comprising the steps of:
    - receiving by said client an instruction to send said unsolicited packet to said server using said destination port of said server and said IP address of said firewall associated with said server from said third party computer; and
      
      transmitting by said server said response packet to said client if it is determined that said unsolicited packet is received on said destination port of said server from said public address of said NAT router associated with said client.
  - 10. The method of claim 8, further comprising the step of initiating by said server said secure connection to said client using said destination inbound port of said client received from said third party computer.
  - 11. The method of claim 7, wherein the step of receiving comprises the step of receiving by said firewall associated with said server an unsolicited UDP or TCP packet comprising said unique connection identifier from said client.
  - 12. The method of claim 7, further comprising the step of transmitting by said client a connection request to said third party computer, said connection request comprising a request to be connected to said server.
  - 13. The method of claim 12, further comprising the step of automatically transmitting said connection request to said third party computer by said client upon one single action by a user of said client at power-on, upon connection to said untrusted network or upon any change in said client'"'"'s network parameter, thereby providing said user of said client with one single action access to said server.

14. A system for automatically initiating and dynamically establishing secure connections over an untrusted network between a client and a server which does not accept explicit connection requests or packets from any client using a third party computer trusted by both said server and said client;
- wherein each of said client and said server being connected to said untrusted network via a firewall or network address translator (NAT);
  
  wherein said client is operable to automatically transmit a connection request to said third party computer upon one single action by a user of said client at power-on, upon connection to said untrusted network or upon any change in said client'"'"'s network parameter, said connection request comprising a request to be connected to said server; and
  
  wherein said server and said client are operable to exchange connection parameters over said untrusted network using said third party computer, said connection parameters comprising a unique connection identifier to establish a secure connection between said server and said client through a NAT router associated with said client, thereby providing said user of said client with one single action access to said server.
- View Dependent Claims (15, 19, 20, 21, 22)
- - 15. The system of claim 14, wherein a firewall associated with said server is operable to receive an unsolicited packet comprising said unique connection identifier from said client to dynamically establish a transient mapping between said client and said server;
    - and wherein said server is operable to transmit a response packet to said client using said dynamically established transient mapping over said untrusted network if it is determined that said unique connection identifier in said unsolicited packet matches a stored unique connection identifier.
  - 19. The system of claim 15, wherein said server is operable to receive an unsolicited UDP or TCP packet comprising said unique connection identifier from said client.
  - 20. The system of claim 14, wherein said client is a stateless client which does not perform any user functionality or contain any user data.
  - 21. The system of claim 14, wherein said client is a single function network-aware consumer device.
  - 22. The system of claim 21, wherein said single function network-aware consumer device is one of the following:
    - a cellular phone, a music player/recorder, a video player/recorder, a game player, or a portable email device.

23. A system for automatically initiating and dynamically establishing secure connections over an untrusted network between a client and a server which does not accept explicit connection requests or packets from any client using a third party computer trusted by both said server and said client;
- wherein each of said client and said server being connected to said untrusted network via a firewall or network address translator (NAT);
  
  wherein said server and said client are operable to exchange connection parameters over said untrusted network using said third party computer, said connection parameters comprising a unique connection identifier;
  
  wherein said firewall associated with said server is operable to receive an unsolicited packet comprising said unique connection identifier from said client to dynamically establish a transient mapping between said client and said server; and
  
  wherein said sever is operable to transmit a response packet to said client using said dynamically established transient mapping over said untrusted network if it is determined that said unique connection identifier in said unsolicited packet matches a stored unique connection identifier, thereby establishing a secure connection between said server and said client through said NAT router associated with said client.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
- - 24. The system of claim 23, wherein said server is operable to receive a destination inbound port of said client and a public address of said NAT router associated with said client from said third party computer;
    - and wherein said client is operable to receive a destination port and IP address of said server and said unique connection identifier from said third party computer.
  - 25. The system of claim 24, wherein said client is operable to receive an instruction to send said unsolicited packet to said server from said third party computer;
    - and wherein said server is operable to transmit a response packet to said client if it is determined that said unsolicited packet is received on said destination port of said sever from said public address of said NAT router associated with said client.
  - 26. The system of claim 23, wherein said server is operable to initiate said secure connection to said client using said destination inbound port of said client received from said third party computer.
  - 27. The system of claim 23, wherein said client is a stateless client which does not perform any user functionality or contain any user data.
  - 28. The system of claim 23, wherein said client is a single function network-aware consumer device.
  - 29. The system of claim 28, wherein said single function network-aware consumer device is one of the following:
    - a cellular phone, a music player/recorder, a video player/recorder, a game player, or a portable email device.
  - 30. The system of claim 23, wherein said client is operable to transmit a connection request to said third party computer, said connection request comprising a request to be connected to said server.
  - 31. The system of claim 30, wherein said client is operable to automatically transmit said connection request upon one single action by a user of said client at power-on, upon connection to said untrusted network or upon any change in said client'"'"'s network parameter to said third party computer, thereby providing said user of said client with one single action access to said server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Simtone Corporation
Original Assignee
Simtone Corporation
Inventors
Gillespie, Brian, Tracey, David, Salmen, Helmut

Application Number

US12/840,356
Publication Number

US 20110066739A1
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

H04L 61/2567   for reachability, e.g. inqu...

H04L 63/0236   Filtering by address, proto...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/10   for controlling access to d...

H04L 63/166   at the transport layer

H04L 67/14   Session management for real...

SYSTEM AND METHOD FOR AUTOMATICALLY INITIATING AND DYNAMICALLY ESTABLISHING SECURE INTERNET CONNECTIONS BETWEEN A FIRE-WALLED SERVER AND A FIRE-WALLED CLIENT

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

68 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR AUTOMATICALLY INITIATING AND DYNAMICALLY ESTABLISHING SECURE INTERNET CONNECTIONS BETWEEN A FIRE-WALLED SERVER AND A FIRE-WALLED CLIENT

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links