Method and apparatus for lightweight secure communication tunneling over the internet
First Claim
1. A packet switched network communications system comprising:
- a first network including at least one server running a server application;
a second network including at least one client running a client application;
a first firewall guarding computer resources of one of the first and second networks and including a software application that enables the first firewall to make connections from inside to outside the first firewall;
a server end proxy and a server application that are mutually addressable;
a client end proxy and a client application that are mutually addressable; and
a middle proxy outside the first firewall and in an untrusted network, the server end proxy making connection to the middle proxy through a first firewall, the client end proxy making connection to the middle proxy and the middle proxy connecting the connections from the server end proxy and the client end proxy to establish a pass through communication tunnel between the client and the server.
1 Assignment
0 Petitions
Accused Products
Abstract
A lightweight secure tunneling protocol or LSTP permits communicating across one or more firewalls by using a middle server or proxy. Three proxies are used to establish an end-to-end connection that navigates through the firewalls. In a typical configuration, a server is behind a first firewall and a client behind a second firewall are interconnected by an untrusted network (e.g., the Internet) between the firewalls. A first inside firewall SOCKS-aware server-side end proxy connects to the server inside the first firewall. A second inside firewall SOCKS-aware client-side end proxy is connected to by the client inside the second firewall. Both server-side and client-side end proxies can address a third proxy (called a middle proxy) outside the two firewalls. The middle proxy is usually started first, as the other two end proxies (server and client) will initiate the connection to the middle proxy some time after they are started. Since the middle proxy is mutually addressable by both inside proxies, a complete end-to-end connection between the server and client is established. It is the use of one or more middle proxies together with the LSTP that establishes the secure communications link or tunnel across multiple firewalls.
478 Citations
9 Claims
-
1. A packet switched network communications system comprising:
-
a first network including at least one server running a server application; a second network including at least one client running a client application; a first firewall guarding computer resources of one of the first and second networks and including a software application that enables the first firewall to make connections from inside to outside the first firewall; a server end proxy and a server application that are mutually addressable; a client end proxy and a client application that are mutually addressable; and a middle proxy outside the first firewall and in an untrusted network, the server end proxy making connection to the middle proxy through a first firewall, the client end proxy making connection to the middle proxy and the middle proxy connecting the connections from the server end proxy and the client end proxy to establish a pass through communication tunnel between the client and the server. - View Dependent Claims (2, 3, 7, 8, 9)
-
-
4. In packet switched network communications system including a first network including at least one server running a server application, a second network including at least one client running a client application, a first firewall guarding computer resources of one of the first and second networks and including a software application that enables the first firewall to make connections from inside to outside the first firewall, a server end proxy addressable by the server application, a client end proxy addressable by the server client application, and a middle proxy outside the first firewall and in an untrusted network between the first and second networks, a method of connecting the server end proxy and the client end proxy to the middle proxy through the first firewall and the middle proxy connecting the connections from the server end proxy and the client end proxy to establish a pass through communication tunnel between the client an the server comprising the steps of:
-
starting the middle proxy and waiting for a first connection from an end proxy; starting the client end proxy and opening a connection to the middle proxy by sending client setup information to the middle proxy; storing by the middle proxy the end proxy setup information and then waiting for a second connection; starting the server end proxy and opening a connection to the middle proxy by sending end proxy setup information to the middle proxy; pairing by the middle proxy the connections of the client end proxy and the server end proxy and transmitting server and middle proxy setup information to the client end proxy and client and middle proxy setup information to the server end proxy; and the middle proxy thereafter acting as a pass through between the client end and server end proxies. - View Dependent Claims (5, 6)
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsCrichton, Joseph M., Staten, Jeffrey W., Wright, Waiki L., Garvin, Peter F.
-
Primary Examiner(s)Martin-Wallace, Valencia
-
Assistant Examiner(s)Nguyen, Kim T.
-
Application NumberUS08/828,449Time in Patent Office1,236 DaysField of Search370/401, 370/402, 370/403, 370/404, 370/405, 395/200.01, 395/200.33, 395/200.49, 395/200.56, 395/200.54, 395/187.01, 395/200.55US Class Current370/401CPC Class CodesH04L 63/0281 ProxiesH04L 9/40 Network security protocols
