SYSTEM AND METHOD FOR AUTOMATICALLY INITIATING AND DYNAMICALLY ESTABLISHING SECURE INTERNET CONNECTIONS BETWEEN A FIRE-WALLED SERVER AND A FIRE-WALLED CLIENT
First Claim
1. A method for automatically initiating and dynamically establishing secure connections over an untrusted network between a client and a server which does not accept explicit connection requests or packets from any client, using a third party computer trusted by both said server and said client, each of said client and said server being connected to said untrusted network via a firewall or network address translator (NAT) router, the method comprising the steps of:
- automatically transmitting a connection request to said third party computer by said client upon one single action by a user of said client at power-on, upon connection to said untrusted network or upon any change in said client'"'"'s network parameter, said connection request comprising a request to be connected to said server; and
exchanging connection parameters over said untrusted network between said server and said client using said third party computer, said connection parameters comprising a unique connection identifier to establish a secure connection between said server and said client through a NAT router associated with said client, thereby providing said user of said client with one single action access to said server.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for automatically and dynamically initiating and establishing secure connections between a Server and a Client using a session control server (SCS). Both the Server and the Client are connected to an untrusted network (such as the Internet) through a Network Address Translator or Translation (NAT) router or a firewall. The SCS, independently trusted by both the Server and the Client, brokers the required connection parameters to establish a secure connection between the Server and the Client. The system and method does not require any user configuration on the Client and eliminates the need for the Server to accept explicit connection requests or packets from the Client, thereby allowing the Server firewall to always remain closed to all inbound traffic.
68 Citations
31 Claims
-
1. A method for automatically initiating and dynamically establishing secure connections over an untrusted network between a client and a server which does not accept explicit connection requests or packets from any client, using a third party computer trusted by both said server and said client, each of said client and said server being connected to said untrusted network via a firewall or network address translator (NAT) router, the method comprising the steps of:
-
automatically transmitting a connection request to said third party computer by said client upon one single action by a user of said client at power-on, upon connection to said untrusted network or upon any change in said client'"'"'s network parameter, said connection request comprising a request to be connected to said server; and exchanging connection parameters over said untrusted network between said server and said client using said third party computer, said connection parameters comprising a unique connection identifier to establish a secure connection between said server and said client through a NAT router associated with said client, thereby providing said user of said client with one single action access to said server. - View Dependent Claims (2, 3, 4, 5, 6, 16, 17, 18)
-
-
7. A method for automatically initiating and dynamically establishing secure connections over an untrusted network between a client and a server which does not accept explicit connection requests or packets from any client, using a third party computer trusted by both said server and said client, each of said client and said server being connected to said untrusted network via a firewall or network address translator (NAT), the method comprising the steps of:
-
exchanging connection parameters over said untrusted network between said server and said client using said third party computer, said connection parameters comprising a unique connection identifier; receiving an unsolicited packet comprising said unique connection identifier from said client by a firewall associated with said server to dynamically establish a transient mapping between said client and said server; and transmitting a response packet to said client using said dynamically established transient mapping over said untrusted network by said server if it is determined that said unique connection identifier in said unsolicited packet matches a stored unique connection identifier, thereby establishing a secure connection between said server and said client through a NAT router associated with said client. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A system for automatically initiating and dynamically establishing secure connections over an untrusted network between a client and a server which does not accept explicit connection requests or packets from any client using a third party computer trusted by both said server and said client;
- wherein each of said client and said server being connected to said untrusted network via a firewall or network address translator (NAT);
wherein said client is operable to automatically transmit a connection request to said third party computer upon one single action by a user of said client at power-on, upon connection to said untrusted network or upon any change in said client'"'"'s network parameter, said connection request comprising a request to be connected to said server; and
wherein said server and said client are operable to exchange connection parameters over said untrusted network using said third party computer, said connection parameters comprising a unique connection identifier to establish a secure connection between said server and said client through a NAT router associated with said client, thereby providing said user of said client with one single action access to said server. - View Dependent Claims (15, 19, 20, 21, 22)
- wherein each of said client and said server being connected to said untrusted network via a firewall or network address translator (NAT);
-
23. A system for automatically initiating and dynamically establishing secure connections over an untrusted network between a client and a server which does not accept explicit connection requests or packets from any client using a third party computer trusted by both said server and said client;
- wherein each of said client and said server being connected to said untrusted network via a firewall or network address translator (NAT);
wherein said server and said client are operable to exchange connection parameters over said untrusted network using said third party computer, said connection parameters comprising a unique connection identifier;
wherein said firewall associated with said server is operable to receive an unsolicited packet comprising said unique connection identifier from said client to dynamically establish a transient mapping between said client and said server; and
wherein said sever is operable to transmit a response packet to said client using said dynamically established transient mapping over said untrusted network if it is determined that said unique connection identifier in said unsolicited packet matches a stored unique connection identifier, thereby establishing a secure connection between said server and said client through said NAT router associated with said client. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
- wherein each of said client and said server being connected to said untrusted network via a firewall or network address translator (NAT);
Specification