System and method for connecting to a device on a protected network

US 6,742,039 B1
Filed: 12/20/1999
Issued: 05/25/2004
Est. Priority Date: 12/20/1999
Status: Expired due to Term

First Claim

Patent Images

1. A system, comprising:

a local area network, said local area network including a local entity, a connection entity coupled to the local entity, and an access control mechanism coupled to the connection entity;

a trusted arbitrator coupled to the access control mechanism via a wide area network; and

a remote entity coupled to the trusted arbitrator via the wide area network, wherein the trusted arbitrator receives a first request, the first request being sent by the remote entity across the wide area network to the trusted arbitrator and being directed at least in part to the local entity on the local area network, wherein the trusted arbitrator authenticates the remote entity as a valid requestor before the first request is transmitted to the local entity, and is an intermediary between the remote entity and the local entity across the wide area network, wherein the connection entity continuously polls the trusted arbitrator via the access control mechanism across the wide area network to determine whether any requests directed to devices on the local area network are pending in the trusted arbitrator, wherein the trusted arbitrator sends a first response via the wide area network to the connection entity on the local area network, the first response including the first request from the remote entity and being in response to polling by the connection entity, and wherein the connection entity forwards at least a portion of the first request to the local entity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A novel system and method for connecting to an entity behind a firewall or proxy enhances network security and eliminates the costs and risks associated with modifying the firewall or proxy. The invention uses a trusted arbitrator as an intermediary between (1) a local area network protected by an access control mechanism such as a firewall or proxy and (2) external entities seeking to connect with an entity within the network. Requests from external entities are routed to the trusted arbitrator, which communicates with a connection entity located behind the firewall or proxy.

57 Citations

View as Search Results

16 Claims

1. A system, comprising:
- a local area network, said local area network including a local entity, a connection entity coupled to the local entity, and an access control mechanism coupled to the connection entity;
  
  a trusted arbitrator coupled to the access control mechanism via a wide area network; and
  
  a remote entity coupled to the trusted arbitrator via the wide area network, wherein the trusted arbitrator receives a first request, the first request being sent by the remote entity across the wide area network to the trusted arbitrator and being directed at least in part to the local entity on the local area network, wherein the trusted arbitrator authenticates the remote entity as a valid requestor before the first request is transmitted to the local entity, and is an intermediary between the remote entity and the local entity across the wide area network, wherein the connection entity continuously polls the trusted arbitrator via the access control mechanism across the wide area network to determine whether any requests directed to devices on the local area network are pending in the trusted arbitrator, wherein the trusted arbitrator sends a first response via the wide area network to the connection entity on the local area network, the first response including the first request from the remote entity and being in response to polling by the connection entity, and wherein the connection entity forwards at least a portion of the first request to the local entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system according to claim 1, wherein the first request is a query that conforms at least substantially to a Hypertext Transfer Protocol.
  - 3. The system according to claim 1, wherein the first response is a response that conforms at least substantially to a Hypertext Transfer Protocol.
  - 4. The system according to claim 1, wherein the access control mechanism is a firewall.
  - 5. The system according to claim 1, wherein the access control mechanism is a proxy server.
  - 6. The system according to claim 1, wherein the access control mechanism is coupled to the trusted arbitrator at least in part through the Internet.
  - 7. The system according to claim 1, wherein the remote entity is coupled to the trusted arbitrator at least in part through the Internet.
  - 8. The system according to claim 1, wherein if the connection entity does not receive the first response within a predetermined period of a time of the sending of the first request, the sending of the first request is repeated.

9. A method, comprising:
- transmitting a first request, directed to a local entity from a remote entity to a trusted arbitrator, storing the first request on a trusted arbitrator, the first request being sent by a remote entity across a wide area network to the trusted arbitrator and being directed at least in part to a local entity on a local area network;
  
  authenticating the remote entity as a valid requestor by the trusted arbitrator before the first request is transmitted to the local entity;
  
  polling continuously, by a connection entity on the local area network to determine whether any requests directed to devices on the local area network are pending in the trusted arbitrator;
  
  sending a first response from the trusted arbitrator across the wide area network to the connection entity on the local area network, the first response including a first request from the remote entity and being in response to polling of the connection entity; and
  
  forwarding at least a portion of the first request from the connection entity to the local entity, wherein the trusted arbitrator is an intermediary between the remote entity and the local entity across the wide area network.
- View Dependent Claims (10, 11, 12)
- - 10. The method according to claim 9, the method further comprising certifying the first request, said certifying being completed prior to a time of sending the first response.
  - 11. The method according to claim 9, wherein the first request is stored in an area associated with the connection entity.
  - 12. The method according to claim 9, wherein sending a first response from the trusted arbitrator to a connection entity comprises passing the first response through an access control mechanism.

13. A data storage medium having machine-readable code stored thereon, the machine-readable code comprising instructions executable by logic elements, the instructions defining a method comprising:
- storing a first request on a trusted arbitrator, the first request being sent by a remote entity across a wide area network to the trusted arbitrator and being directed at least in part to a local entity on a local area network;
  
  authenticating the remote entity as a valid requestor by the trusted arbitrator before transmitting the first request to the local entity;
  
  receiving continuous polling by a connection entity on the local area network to determine whether any requests directed to devices on the local area network are pending in the trusted arbitrator; and
  
  sending a first response from the trusted arbitrator across the wide area network to the connection entity on the local area network, the first response including the first request from the remote entity and being in response to polling by the connection entity, wherein at least a portion of the first request is forwarded from the connection entity to the local entity, and the trusted arbitrator is an intermediary between the remote entity and the local entity across the wide area network.
- View Dependent Claims (14, 15, 16)
- - 14. The medium according to claim 13, the method further comprising certifying the first request, said certifying being completed prior to a time of sending the first response.
  - 15. The medium according to claim 13, wherein the first request is stored in an area associated with the connection entity.
  - 16. The medium according to claim 13, wherein sending a first response from the trusted arbitrator to a connection entity comprises passing the first response through an access control mechanism.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
King, David A., Remer, Eric B., Remer, David L.
Primary Examiner(s)
Harvey, Jack B.
Assistant Examiner(s)
Nguyen, Hai V.

Application Number

US09/466,812
Time in Patent Office

1,618 Days
Field of Search

709/229, 709/201, 370/466, 713/201, 708/54, 710/44, 710/220
US Class Current

709/229
CPC Class Codes

H04L 63/02 for separating internal fro...

Y10S 707/99939 Privileged access

System and method for connecting to a device on a protected network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

57 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for connecting to a device on a protected network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links