Secured session sequencing proxy system and method therefor
First Claim
1. A system for communicating data between a user terminal and a host, said user terminal being coupled to a first network and said host being coupled to a second network, said system comprising:
- a first server coupled to said first network, said first server receiving a data communication session establishment request from said user terminal requesting a data communication session between said user terminal and said host;
a second server coupled to said second network;
a main proxy control connection between said first and second servers, said main proxy control connection being established by said second server sending a communication control session establishment request to said first server, wherein said first server is unable to initiate communications between said first and second servers; and
a data communication connection established between said first and second servers in response to said data communication session establishment request only if said main proxy control connection has already been established between said first and second servers, wherein said data communication connection is different from said main proxy control connection.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method are provided for securing a service providers hosts such that unauthorized access to the hosts is prevented. The system allows the service provider'"'"'s hosts to be logically and physically located at convenient spots within the service provider'"'"'s private network. User'"'"'s can be located anywhere within a global public network such as the Internet. The system uses a first server coupled to the first network in which the first server receives a session establishment request from the user terminal and generates a connection request in response to the session establishment request. A second server coupled to the first server and the second network receives the connection request and establishes communications with the host in accordance with the connection request. The second server initiates communications by establishing a communication control session with the first server before the first server will send the connection request to the second server.
-
Citations
26 Claims
-
1. A system for communicating data between a user terminal and a host, said user terminal being coupled to a first network and said host being coupled to a second network, said system comprising:
-
a first server coupled to said first network, said first server receiving a data communication session establishment request from said user terminal requesting a data communication session between said user terminal and said host;
a second server coupled to said second network;
a main proxy control connection between said first and second servers, said main proxy control connection being established by said second server sending a communication control session establishment request to said first server, wherein said first server is unable to initiate communications between said first and second servers; and
a data communication connection established between said first and second servers in response to said data communication session establishment request only if said main proxy control connection has already been established between said first and second servers, wherein said data communication connection is different from said main proxy control connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
a first socket established in said first server, said first socket providing data communication between said first server and said user terminal;
a second socket established in said second server, said second socket providing data communication between said second server and said host;
a third socket established in said second server, said third socket providing data communication between said first server and said second socket; and
a fourth socket established in said first server, said forth socket providing data communication between said first socket and said third socket, wherein said data communication connection between said user terminal and said host is provided through said first socket, said fourth socket;
said third socket, and said second socket.
-
-
12. A method for communicating data between a user terminal and a host, said user terminal being coupled to a first network and said host being coupled to a second network, said method comprising:
-
establishing a main proxy control connection between a first server and a second server, said second server initiating said main proxy control connection, wherein said first server is unable to initiate communications between said first and second servers;
establishing a first data session between said first server and said user terminal based on a user connection request, said first data session transferring data between said user terminal and said first server;
establishing a second data session between said second server and said host and a third data session between said first server and said second server, said second data session transferring data between said second server and said host and said third data session transferring data between said first server and said second server wherein said third data session does not occur on said main proxy control connection. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
invoking a first computing thread in said first server, said first computing thread transferring data between said first data session and said third data session; and
invoking a second computing thread in said second server, said second computing thread transferring data between said second data session and said third data session.
-
-
14. The method for communicating data between a user terminal and a host according to claim 13, wherein data transfer in each of said first data session, said second data session, said third data session, said first computing thread and said second computing thread is bidirectional.
-
15. The method for communicating data between a user terminal and a host-according to claim 12, further comprising sending a connection notification request from said first server to said second server, wherein said second data session and said third data session are established in accordance with said connection notification request.
-
16. The method for communicating data between a user terminal and a host according to claim 12, wherein a firewall blocks said establishment of said main proxy control connection unless a request for said control connection originates from said second server and is destined for said first server.
-
17. The method for communicating data between a user terminal and a host according to claim 15, further comprising sending a port to session map from said first server to said second server using said main proxy control connection.
-
18. The method for communicating data between a user terminal and a host according to claim 17, wherein said connection notification request includes a port derived from said port to session map.
-
19. The method for communicating data between a user terminal and a host according to claim 18, wherein said connection notification request is denied by said second server if said port does not further map to a host in accordance with a host map in said second server.
-
20. The method for communicating data between a user terminal and a host according to claim 12, wherein said first server supports multiple data communication sessions between one or more user terminals and one or more hosts.
-
21. The method for communicating data over between a user terminal and a host according to claim 12, wherein said second server supports multiple data communication sessions between one or more user terminals and one or more hosts.
-
22. The method for communicating data according to claim 12, further comprising:
-
establishing a first socket in said first server after receiving said user connection request, said first socket providing said first data session between said first server and said user terminal;
establishing a second socket in said second server, said second socket providing said second data session between said second server and said host. establishing a third socket in said second server a , said third socket providing a data communication connection between said first server and said second socket; and
establishing a fourth socket in said first server, said fourth socket providing a data communication connection between said first socket and said third socket, wherein said third data session is provided by said third and fourth sockets.
-
-
23. A method for communicating data between a user terminal and a host, said user terminal being coupled to a first network and said host being coupled to a second network, said method comprising:
-
initiating communications by establishing a communication control session between a first server and a second server, said second server sending a communication control session initiation request to said first servers initiate communications between said first and second servers;
receiving, in said first server, a data session establishment request from said user terminal and generating a data connection request in response to said data session establishment request; and
receiving, in said second server, said data connection request and establishing data communications with said host in accordance with said data connection request wherein said data communications session is separate from said communication control session. - View Dependent Claims (24, 25, 26)
-
Specification