Transparent and secure network gateway
First Claim
1. A computer implemented method for communicating packets between a trusted computer and an untrusted computer connected by a gateway having a gateway address, each packet including a source address, a destination address and a payload, comprising the steps of:
- receiving in the gateway, a first packet having a source address of the trusted computer, the destination address, and a first payload and excluding the gateway address; and
in responsesending, from the gateway, a second packet having a source address of the gateway, a destination address of the untrusted computer and the first payload unchanged, if the first packet has the destination address of the untrusted computer to enable the trusted computer to securely communicate with the untrusted computer.
5 Assignments
0 Petitions
Accused Products
Abstract
In a computer implemented method, packets are transparently and securely communicated between a trusted computer and an untrusted computer connected by a gateway. Each packet including a source address, a destination address and a payload. The gateway, according to rules stored in a configuration database, intercepts a packet received in an Internet protocol layer of the gateway. The packet has a source address of the trusted computer, a destination address of the untrusted computer and a first payload. The intercepted packet is diverted to a proxy server operating in an application protocol layer of the gateway. The intercepted packet is consumed by the proxy server, and the proxy server generates a second packet having a source address of the gateway and the destination address of the untrusted computer and the first payload. The second packet is sent to the untrusted computer to enable the trusted computer to communicate with the untrusted computer securely.
-
Citations
15 Claims
-
1. A computer implemented method for communicating packets between a trusted computer and an untrusted computer connected by a gateway having a gateway address, each packet including a source address, a destination address and a payload, comprising the steps of:
-
receiving in the gateway, a first packet having a source address of the trusted computer, the destination address, and a first payload and excluding the gateway address; and
in responsesending, from the gateway, a second packet having a source address of the gateway, a destination address of the untrusted computer and the first payload unchanged, if the first packet has the destination address of the untrusted computer to enable the trusted computer to securely communicate with the untrusted computer. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer implemented method for communicating packets between a trusted computer and an untrusted computer connected by a gateway having a gateway address, each packet including a source address, a destination address and a payload, comprising the steps of:
-
receiving, in the gateway, a first packet having a source address of the trusted computer, the destination address, and a first payload and excluding the gateway address; sending, from the gateway, a second packet having a source address of the gateway, a destination address of the untrusted computer and the first payload if the first packet has the destination address of the untrusted computer to enable the trusted computer to securely communicate with the untrusted computer and further; receiving, in the gateway, a third packet responsive to the second packet, the third packet having the source address of the untrusted computer, the destination address, and a second payload; and
in responsesending, from the gateway, a fourth packet having the source address of the untrusted computer, a destination address of the trusted computer and the second payload if the third packet has a destination address of the gateway to enable the untrusted computer to communicate transparently with the trusted computer.
-
-
8. An apparatus for communicating packets between a trusted computer and an untrusted computer connected by a gateway, each packet including a source address, a destination address and a payload, comprising:
-
a data link layer of a protocol stack, the data link layer to receive a first packet having a source address of the trusted computer, a destination address, and a first payload; an Internet layer of the protocol stack, the Internet layer to intercept the first packet from the data link layer if the first packet has a destination address of the untrusted computer; a transport layer of the protocol stack, the transport layer to divert the intercepted first packet to a proxy server; an application layer executing the proxy server, the proxy server to generate a second packet having a source address of the gateway and the destination address of the untrusted computer and the first payload; means for sending the second packet to the untrusted computer to enable the trusted computer to securely communicate with the untrusted computer; means for receiving, in the gateway, a third packet responsive to the second packet, the third packet having the source address of the untrusted computer, the destination address, and a second payload; and
in responsesending, from the gateway, a fourth packet having the source address of the untrusted computer, a destination address of the trusted computer and the second payload if the third packet has a destination address of the gateway to enable the untrusted computer to communicate transparently with the trusted computer.
-
-
9. A computer implemented method for communicating packets between a trusted computer and an untrusted computer connected by a gateway, each packet including a source address, a destination address and a payload, comprising the steps of:
-
receiving, in the gateway, a first packet having a source address of the trusted computer, the destination address, and a first payload; and
in responsesending, from the gateway, a second packet having a source address of the gateway, a destination address of the untrusted computer and the first payload if the first packet has the destination address of the untrusted computer to enable the trusted computer to securely communicate with the untrusted computer; and upon receipt of packets in said gateway from said untrusted computer forwarding said packets to said trusted computer by replacing the destination address in said packet from said gateway address to said trusted computer address.
-
-
10. An apparatus for communicating packets between a trusted computer and an untrusted computer connected by a gateway, each packet including a source address, a destination address and a payload, comprising:
-
a data link layer of a protocol stack, the data link layer to receive a first packet having a source address of the trusted computer, a destination address, and a first payload; an Internet layer of the protocol stack, the Internet layer to intercept the first packet from the data link layer if the first packet has a destination address of the untrusted computer; a transport layer of the protocol stack, the transport layer to divert the intercepted first packet to a proxy server; an application layer executing the proxy server, the proxy server to generate a second packet having a source address of the gateway and the destination address of the untrusted computer and an unchanged first payload; means for sending the second packet to the untrusted computer to enable the trusted computer to securely communicate with the untrusted computer.
-
-
11. A computer implemented method for communicating packets between a trusted computer and an untrusted computer connected by a gateway having a session control table with a first entry, the first entry including a local address field and a remote address field, each packet including a source address, a destination address and a payload, the method comprising the steps of:
-
receiving, in the gateway, a first packet having a source address of the trusted computer, the destination address, and a first payload; storing the address of the untrusted computer in the local address field; and sending, from the gateway, a second packet having a source address of the gateway, a destination address of the untrusted computer and the first payload unchanged, if the first packet has the destination address of the untrusted computer to enable the trusted computer to securely communicate with the untrusted computer. - View Dependent Claims (12, 13, 14, 15)
-
Specification