Secured gateway interface

US 5,826,029 A
Filed: 10/31/1995
Issued: 10/20/1998
Est. Priority Date: 10/31/1995
Status: Expired due to Term

First Claim

Patent Images

1. A method for directing an internal computer system to allow an external computer system to initiate a transaction request using internal resources without violating a security firewall between the internal computer system and the external computer system, comprising the steps of:

authenticating a connection initiated by the internal computer system between the internal computer system and the external computer system, thereby establishing an authenticated connection;

calling by the external computer system a transaction request received by the external computer system;

in response to calling the transaction request, creating by the external computer system an original process environment containing process environment variables, and creating a string comprising the transaction request and the process environment variables for executing the transaction request;

transmitting by the external computer system the string to the internal computer system through the authenticated connection;

verifying by the internal computer system the transaction request;

recreating by the internal computer system the original process environment; and

executing by the internal computer system the transaction request, thereby generating an output.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Accordingly, a computer implemented method, uniquely programmed computer system, and article of manufacture embodying computer readable program means all allow a customer on an external network to initiate an authorized business transaction utilizing internal business resources on an internal network without violating security firewalls. Specifically, the method directs an internal computer system to allow an external computer system to initiate a transaction request using internal resources without violating a security firewall between the internal computer system and the external computer system. The method includes a first step of authenticating a connection initiated by the internal computer system between the internal computer system and the external computer system, thereby establishing an authenticated connection. The second step includes calling by the external computer system a transaction request received by the external computer system. In response to calling the transaction request, the third step includes creating by the external computer system a string comprising the transaction request, arguments, and process environment variables for executing the transaction request. The fourth step includes transmitting by the external computer system the string to the internal computer system through the authenticated connection. The fifth step includes verifying by the internal computer system the transaction request. The sixth step includes recreating by the internal computer system the original process environment. The final step includes executing by the internal computer system the transaction request, thereby generating an output.

251 Citations

12 Claims

1. A method for directing an internal computer system to allow an external computer system to initiate a transaction request using internal resources without violating a security firewall between the internal computer system and the external computer system, comprising the steps of:
- authenticating a connection initiated by the internal computer system between the internal computer system and the external computer system, thereby establishing an authenticated connection;
  
  calling by the external computer system a transaction request received by the external computer system;
  
  in response to calling the transaction request, creating by the external computer system an original process environment containing process environment variables, and creating a string comprising the transaction request and the process environment variables for executing the transaction request;
  
  transmitting by the external computer system the string to the internal computer system through the authenticated connection;
  
  verifying by the internal computer system the transaction request;
  
  recreating by the internal computer system the original process environment; and
  
  executing by the internal computer system the transaction request, thereby generating an output.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1 further comprising the steps of:
    - (a) reading by the external computer system a first password and first communication port;
      
      (b) creating by the external computer system a first socket at the first communication port and listening at the first socket for a connect call from the internal computer system;
      
      (c) reading by the internal computer system a second password and a second communication port; and
      
      (d) creating by the internal computer system a second socket at the second communication port and sending a connect call to the external computer system through the second socket, thereby establishing a connection.
  - 3. The method according to claim 2 wherein the authenticating step comprises the steps of:
    - (e) sending a unique timestamp by the internal computer system to the external system through the second socket;
      
      (f) mangling by the external computer system the first password with the unique timestamp;
      
      (g) encrypting the mangled first password with an encryption algorithm, thereby creating a first password string;
      
      (h) transmitting by the external computer system to the internal computer system the first password string;
      
      (i) repeating steps (f) through (g) by the internal computer system using the second password, thereby creating a second password string; and
      
      (j) comparing by the internal computer system the first password string with the second password string.
  - 4. The method according to claim 3 wherein the mangling step comprises the steps of:
    - logically ANDing the timestamp with a hexadecimal number 0177 to produce a unique result; and
      
      logically exclusive ORing the unique result with each character of the first password, thereby producing the mangled first password.
  - 5. The method according to claim 4 wherein the encrpytion step comprises the step of:
    - encrypting each character of the mangled second password with a key, thereby creating the password string.
  - 6. The method according to claim 5 wherein the calling step comprises the steps of:
    - sending by an external network the transaction request to the external computer system, wherein the transaction request contains input data, arguments, and a command for executing a transaction program; and
      
      in response to receiving the transaction request by the external computer system, defining by a first daemon a process environment containing the process environment variables.
  - 7. The method according to claim 6 further comprising the step of:
    - in response to calling the transaction request by the external computer system, calling the command;
      
      in response to calling the command, executing a script, transmitting thereto the user input data, arguments, and transaction request; and
      
      creating by the script the string, wherein the string comprises the command, arguments, and the process environment variables for executing the transaction request.
  - 8. The method according to claim 7 further comprising the step of:
    - calling by the script a client routine residing in the external computer system, passing thereto the user input data, a third communication port for connecting to a second daemon residing on the external computer system, and identifier that identifies the type of transaction request, and the string.
  - 9. The method according to claim 8 further comprising the step of:
    - in response to receiving a call by the script, authenticating by the second daemon the client routine;
      
      forking by the second daemon, passing the third socket connection to a child process, whereby a parent process listens at the first socket connection for calls from the internal computer system; and
      
      in response to authenticating the client routine, transmitting by the child process the type of transaction request to a third daemon residing on the internal computer system.
  - 10. The method according to claim 9, wherein the verifying step comprises the step of:
    - reading by the third daemon a valid services table stored in memory on the internal computer system; and
      
      comparing the type of transaction request received from the child process with the valid service table, wherein if the type is found in the valid service table, the transaction request is verified.

11. A uniquely programmed system for directing an internal computer system to allow an external computer system to initiate a transaction request using internal resources without violating a security firewall between the internal computer system and the external computer system, comprising:
- means for authenticating a connection initiated by the internal computer system between the internal computer system and the external computer system, thereby establishing an authenticated connection;
  
  means for calling by the external computer system a transaction request received by the external computer system;
  
  in response to calling the transaction request, means for creating by the external computer system an original process environment containing process environment variables, and means for creating a string comprising the transaction request, the arguments, and the process environment variables for executing the transaction request;
  
  means for transmitting by the external computer system the string to the internal computer system through the authenticated connection;
  
  means for verifying by the internal computer system the transaction request;
  
  means for recreating by the internal computer system the original process environment; and
  
  means for executing by the internal computer system the transaction request, thereby generating an output.

12. An article of manufacture, comprising:
- a computer usable medium having computer readable program code means embodied therein for causing an internal computer system to allow an external computer system to initiate a transaction request using internal resources without violating a security firewall between the internal computer system and the external computer system, the computer readable program code means in said article of manufacture comprising;
  
  computer readable program means for authenticating a connection initiated by the internal computer system between the internal computer system and the external computer system, thereby establishing an authenticated connection;
  
  computer readable program means for calling by the external computer system a transaction request received by the external computer system;
  
  in response to calling the transaction request, computer readable program means for creating by the external computer system an original process environment containing process environment variables, and computer readable program means for creating a string comprising the transaction request and, the process environment variables for executing the transaction request;
  
  computer readable program means for transmitting by the external computer system the string to the internal computer system through the authenticated connection;
  
  computer readable program means for verifying by the internal computer system the transaction request;
  
  computer readable program means for recreating by the internal computer system the original process environment; and
  
  computer readable program means for executing by the internal computer system the transaction request, thereby generating an output.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
International Business Machines Corporation
Inventors
Gore, Jr., Robert Cecil, Haugh, II, John Frederick
Primary Examiner(s)
Swann, Tod R.
Assistant Examiner(s)
KING, CONLEY BURRELL

Application Number

US08/551,260
Time in Patent Office

1,085 Days
Field of Search

395/200.01, 395/200.02, 395/200.05, 395/200.06, 395/200.09, 395/200.12, 395/200.3, 395/200.47, 395/200.49, 395/200.55, 395/200.57, 395/200.59, 395/200.33
US Class Current

709/227
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/083   using passwords cryptograph...

H04L 9/40   Network security protocols

Secured gateway interface

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

251 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

Secured gateway interface

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

251 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others